Rohan Sakhale

Secure your primary id in your Laravel Project

10/20/2021 phppluginslibrarieslaravel

Laravel often have easy way to resolve the Models from route bindings that are often shared as your primary id.

Ever wondered, if you don't want to expose the primary index of your entities to end-users in your route URL or response JSON, this package provides an amazing out-of-the-box solution with the help of HashId's package.

# Example

Your API or WEB url that often you shared let's say for User whose id is 1 would be

https://{host}/api/users/1

or

https://{host}/users/1/update
1
2
3
4
5

With this package the id would be updated to

https://{host}/api/users/aE41jhk41

or

https://{host}/users/aE41jhk41/update
1
2
3
4
5

Here aE41jhk41 is a hash generated for id 1.

# How it works

  1. Secure Ids package makes use of Laravel-Hashids (opens new window) for generating the secure hashes for your models
  2. It identifies all your Model classes that would be present either within app or app/Models directory or you can specify the directory
  3. For each model class it maintains a unique connection for generation of the id, this way the hash for 1 would be different for App\Models\User and similary hash for 1 in App\Models\Role would be totally different.
  4. Additionally, it generates a unique salt with the help of app.key so as to keep generation of hash, unique for each project.

# How to use

# Installation

Install this package in your project with composer

composer require saiashirwadinformatia/secure-ids
1

Publish the config file used by this package

php artisan vendor:publish --provider="SaiAshirwadInformatia\SecureIds\SecureIdsServiceProvider"
1

Update the config file as required, often it auto identifies the basic structure of Laravel, change if you are using a separate structure.

return [
    'models_directory' => 'Models',
    'model_namespace'  => 'App\\Models\\',
    'length'           => 13,
];
1
2
3
4
5

# Usage

Load the configs of SecureIds by calling in your AppServiceProvider boot method

use SaiAshirwadInformatia\SecureIds\Facades\SecureIds;

class AppServiceProvider extends ServiceProvider
{
    /**
     * Register any application services.
     *
     * @return void
     */
    public function register()
    {
        SecureIds::load();
    }
1
2
3
4
5
6
7
8
9
10
11
12
13

Use trait HasSecureIds for the models you want to enable securing the id.

use SaiAshirwadInformatia\SecureIds\Models\Traits\HasSecureIds;

class User extends Authenticatable
{
    use HasApiTokens, HasFactory, Notifiable;
    // Add below Trait to enable securing id's
    use HasSecureIds;
    // ...
1
2
3
4
5
6
7
8

That's it done!

# What it does

  1. With the above configuration you have enabled JSON response for API to include id with the HashId
  2. If it's not API, the property to reference HashId is available as $user->secure_id
  3. Ensure when passing in URL secure_id is passed so it auto-resolves the bindings

More Examples coming soon!

# Read More

https://packagist.org/packages/saiashirwadinformatia/secure-ids (opens new window)

Share your feedback or suggestions!