Laravel easy sequential ID obfuscation

← back


When you use sequential IDs / auto-increment IDs in URLs, you are giving away some sensitive information about your application.

Which allows visitors to:

Read more Auto-Incrementing IDs: Giving your Data Away


Why this package

Yes, there are many solutions available. This package uses jenssegers/optimus for encoding and decoding and it is super fast. And the package provides everything you need:


Install via composer

$ composer require apichef/laravel-obfuscate

Usage

The only thing you have to do is using the the Obfuscatable trait in you model class.

namespace App;

use Illuminate\Database\Eloquent\Model;
use ApiChef\Obfuscate\Obfuscatable;

class Post extends Model
{
    use Obfuscatable;

    // ...
}

Route model bilding

Route::get('/posts/{post}', function (Post $post) {
    return $post;
})->name('post.show');

Generate the URL to a named route.

$post = Post::find(1);

echo(route('post.show', $post));

// https://my-app.test/api/posts/458047115

Validation

Sometimes you need to validate whether a record is available in the database for the given ID. For that package provides HashExists rule class.

namespace App\Http\Requests;

use ApiChef\Obfuscate\Rules\HashExists;
use Illuminate\Foundation\Http\FormRequest;

class PostStoreRequest extends FormRequest
{
    // ...
    public function rules()
    {
        return [
            'post_id' => [
                'required',
                new HashExists('posts', 'id')
            ],
        ];
    }
}

Facade

Sometime you might need to encode an auto-increment ID and vice versa. For that you can use Obfuscate facade.

use ApiChef\Obfuscate\Support\Facades\Obfuscate;

$result = Obfuscate::encode(1);
// 458047115

$result = Obfuscate::encode([1, 2]);
// [458047115, 2033899500]

$result = Obfuscate::decode('458047115');
// 1

$result = Obfuscate::decode([458047115, 2033899500]);
// [1, 2]


← back