PHP-Quickie 01 | Use encrypted IDs in your Laravel URLs

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
have you noticed how youtube uses some fancy ideas for their videos in their urls and how bitly follows a similar approach with their shortened links it's very easy for you to add such ids to your next laravel project i'll show you why and how to use them all you have to do is follow along this short video and you have it up and running in no time [Music] what's up guys and welcome to the codex cantina my name is mike and i'm your host tonight if this is your first time in dakota's canteen and you want to learn how to code web apps with laravel and vue chairs start now by subscribing and hitting the bell so you don't miss anything so how is it done there is a small open source project called hash ids which is implemented in nearly every programming language you can think of it generates short unique and non-sequential ids out of numbers it can convert something like this into that or even an array of numbers like this into that and the good thing about it it can be decoded back into numbers so it's an ideal candidate to obfuscate the primary keys of your models and there are two reasons and only two reasons to do so first hiding the primary keys discourages an easy enumeration over your models and second it looks more professional so it can hide the number of records in your database which might indicate how popular your application is i have prepared a small demo project in the latest laravel version if we take a look into our routes api file you can see i've implemented two endpoints to access user profiles in a restful manner switching over to the profile controller there are two corresponding methods an index method which returns a list of user profiles and the show method returns a detailed user profile having a quick look into our profile list resource reveals that we're returning an id which is retrieved through the getroutkey method and the full name of the user hitting our index route in the browser shows that we are returning the user and exposing the internal primary key of our model to access a detailed profile we simply add the id of one of the results to the url and hitting the end point and we get a detailed user profile to get started we use the package calendra hashidabel i put the link into the description down below head over to phpstorm fire up a terminal and type composer require candra hash ideable which will add the package to our application then we have to publish their configuration file with php artisan when the publish and selecting their config tag this will generate a hash idle file in our app config folder as you can see with various variables we can influence to generate hids first off we have the salt the salt is used in the algorithm and should be unique for every application i also prefer to store it in an environment variable so i can change it depending on the environment i deployed this application to let's call it hash id able salt and give it a reasonable default coders cantina then we have the minimal length of the resulting hash ids which is 16 and finally we have the charset which is used as alphabet for the resulting hash ids so if it's a requirement for application to leave certain characters out like lowercase l and uppercase i which looks similar you can do this here if you change one of these variables the resulting hash ids will change dramatically so please keep that in mind as it could break your application if you change them later in production as we have now finished the installation and setup we can now use it in our route model binding what is route model binding i hear you ask with route model binding layer will automatically injects models into your routes instead of injecting the id laravel fetches the entire model that matches the given id and injects that instance into your controller method as you can see in our profile controller we already make use of it heading to our user model we can now add use hash id able to make our model ready to be accessed via hash ids this trait converts incoming hash ids into their corresponding integer ids and now they can be retrieved by the primary key on the other hand they override the getroutkey method which we use in our api resources to return encoded hash ids hitting the endpoint in our browser we can see the integer ids are gone and we are using hash ids also hitting a detailed profile returns in a 404 because integer ids won't work anymore so using one of the returned hash ids and voila we're ready to use hash ids in our project i can't emphasize enough on this topic using hash ids will not add any form of security to your application it will only obfuscate primary keys of your models that's it keep that in mind and always use api rate limiting as otherwise it's still possible to enumerate through your models as you allow unlimited tries to guess other ids even if you're using hash ids if you need any sort of protection use signed urls subscribe to the channel there's a video on this topic in the pipeline i've put the link to the demo repository on github in the description down below let me know if this prime on hash ids was useful for you and if you plan to use hash ids in your next level project also if you have any questions leave me a comment down below thank you so much for watching and i will see you the next time in the coldest container
Info
Channel: The Coder's Cantina
Views: 277
Rating: undefined out of 5
Keywords: #Laravel, #WebDevelopment, #Programming, #Tutorial
Id: gzON4epUCHw
Channel Id: undefined
Length: 6min 24sec (384 seconds)
Published: Mon Jun 28 2021
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.