evo-mark/laravel-id-obfuscator
Composer 安装命令:
composer require evo-mark/laravel-id-obfuscator
包简介
Obfuscate your IDs when sending them to the frontend
README 文档
README
Laravel ID Obfuscator
Incrementing primary keys may reveal more than you wish in a public-facing application. Order IDs can reveal your sales volume to competitors and User IDs can invite enumeration attacks.
This package implements a two-way hashing on Obfuscatable models and converts an ID of, say, 7 into an ID of fh38aj2e when it travels to the frontend and converts it back on return.
Warning: This package only obfuscates IDs and should not be used if secure encryption of identifiers is required
Installation
composer require evo-mark/laravel-id-obfuscator
Models
Usage
use EvoMark\LaravelIdObfuscator\Traits\Obfuscatable; class User extends Authenticatable { use Obfuscatable; }
Using the Obfuscatable trait provides automatic route model binding with decoding and then automatic encoding when the primary key is sent to the frontend
Route::get('/users/{user}', [SomeController::class, 'index']); // SomeController public function index(User $user) { // $user will now have the decoded ID ready for internal use // If you need to access the obfuscated ID internally, you can use $obfuscatedId = $user->obfuscatedId; }
Obfuscatable models will also feature automatic decoding when using the model's find-style functions: e.g. find, findOrFail, findMany, findOrNew, findOr
// SomeController /** * @param string $id The obfuscated order ID */ public function index($id) { $order = Order::find($id); }
Validation
Laravel ID Obfuscator comes with a built-in rule extension for validating incoming obfuscated ids, simply:
public function store($request) { $validated = $request->validate([ 'id' => ['required','id_exists:users'] ]); }
Facade
You can access the encoding and decoding features anytime via the provided facade.
use EvoMark\LaravelIdObfuscator\Facades\Obfuscate; $encoded = Obfuscate::encode(5); $decoded = Obfuscate::decode($encoded);
toArray
Primary keys on Obfuscated models will automatically be obfuscated when sending models to the frontend.
If you want to encode foreign keys on the model as well, enable the encodeForeign setting in your obfuscator config.
Config
You can publish the package config by running the following Artisan command:
php artisan v:p --provider="EvoMark\LaravelIdObfuscator\Provider"
| Setting | Type | Default | Description |
|---|---|---|---|
| seed | string | laravel-id-obfuscator | A seed string for the encoder |
| length | int | 8 | The amount of chars to pad the output to |
| alphabet. | string | [a-zA-Z0-9] (as string) | The alphabet to use when encoding IDs |
| encodeForeign | bool | false | Encode obfuscated foreign keys too. |
Q & A
- Why not use UUIDs?
- UUIDs can be Bad for database performance, whereas this obfuscation only runs when data bridges between the backend and the frontend of your application.
Limitations
- Laravel ID Obfuscator can only be used on incrementing primary keys
- Since this package overrides the
newEloquentBuildermethod on obfuscated models, it is incompatible with any other packages that also do the same. Some examples might include:
Support Open-Source Software
We're providing this community adapter free-of-charge without any paywalled features. However, all development and maintenance costs time, energy and money. So please help fund this project if you can.
evo-mark/laravel-id-obfuscator 适用场景与选型建议
evo-mark/laravel-id-obfuscator 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 6.75k 次下载、GitHub Stars 达 4, 最近一次更新时间为 2023 年 09 月 24 日, 在 PHP 生态内属于活跃度较高的组件。
我们在过去多个企业项目中使用过 evo-mark/laravel-id-obfuscator 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。
基于 evo-mark/laravel-id-obfuscator 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。
线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。
承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。
统计信息
- 总下载量: 6.75k
- 月度下载量: 0
- 日度下载量: 0
- 收藏数: 4
- 点击次数: 33
- 依赖项目数: 1
- 推荐数: 0
其他信息
- 授权协议: MIT
- 更新时间: 2023-09-24