Obscure your Laravel 5 applications IDs from URLs and requests. It's based on the popuplar Hashids package
// http://exampleapplication.com/user/ALnLzW
Route::get('/user/{id}', function ($id) {
return "ID: " . $id; //returns a number
})->middleware('obscure');
In order to add obscure to your project, just add
"sschlein/obscure": "dev-develop"
to your composer.json. Then run composer install
or composer update
.
Or run composer require sschlein/obscure
if you prefer that.
In your config\app.php
file, add the obscure service provider to providers
array.
// ...
Sschlein\Obscure\ObscureServiceProvider::class,
// ...
Set a salt hash in your .env
file to generate unique hashs.
OBSCURE_SALT=your-unique-phrase
In your app\Http\Kernel.php
file, add the obscure middleware to the $routeMiddleware
array.
protected $routeMiddleware = [
// ...
'obscure' => \Sschlein\Obscure\Middleware\Obscure::class,
// ...
];
By default, Obscure looks for routes or request parameters with a parameter named id
.
To modify this parameter, add it as a middleware parameter like this:
Route::get('/obscure/{user_id}', function ($user_id) {
return "ID: " . $id; // returns a number
})->middleware('obscure:user_id');
If this parameter is present, it gets decoded to the id and can be used without applications changes.
// http://exampleapplication.com/obscure/ALnLzW
// hashed with salt "salt"
Route::get('/obscure/{id}', function ($id) {
return "ID: " . $id; // returns a number
})->middleware('obscure');
To generate routes or request parameters, you can use the blade extension. In a blade template, just use
<a href="/users/@obscure(1245)">View User</a>
<input type="hidden" name="id" value="@obscure(1234)">
If you need to obscure the id within a controller, use the facade
public function store(...)
{
return redirect('users/' . Obscure::encode(1234));
}
That's it.
## Optional ConfigurationObscure uses some defaults that can be configured. To change the default configuration, publish the config.
php artisan vendor:publish
You can now configure the salt
hash, the length
of the hash and the used alphabet
of the hash in the config/obscure.php
.
Obscure is free software distributed under the terms of the MIT license.