README

Laravel ID Obfuscator

Laravel 10 Compatible

Warning: This package only obfuscates IDs and should not be used if secure encryption of identifiers is required

Installation

composer require evo-mark/laravel-id-obfuscator

Models

Usage

use EvoMark\LaravelIdObfuscator\Traits\Obfuscatable;

class User extends Authenticatable
{
    use Obfuscatable;
}

Using the Obfuscatable trait provides automatic route model binding with decoding and then automatic encoding when the primary key is sent to the frontend

Route::get('/users/{user}', [SomeController::class, 'index']);

// SomeController

public function index(User $user)
{
    // $user will now have the decoded ID ready for internal use

    // If you need to access the obfuscated ID internally, you can use
    $obfuscatedId = $user->obfuscatedId;
}

Obfuscatable models will also feature automatic decoding when using the model's find-style functions: e.g. find, findOrFail, findMany, findOrNew, findOr

// SomeController

/**
 * @param string $id The obfuscated order ID
 */
public function index($id)
{
    $order = Order::find($id);
}

Validation

Laravel ID Obfuscator comes with a built-in rule extension for validating incoming obfuscated ids, simply:

public function store($request)
{
    $validated = $request->validate([
        'id' => ['required','id_exists:users']
    ]);
}

Facade

You can access the encoding and decoding features anytime via the provided facade.

use EvoMark\LaravelIdObfuscator\Facades\Obfuscate;

$encoded = Obfuscate::encode(5);
$decoded = Obfuscate::decode($encoded);

Config

You can publish the package config by running the following Artisan command:

php artisan v:p --provider="EvoMark\LaravelIdObfuscator\Provider"

Limitations

Laravel ID Obfuscator can only be used on incrementing primary keys

evo-mark / laravel-id-obfuscator

Maintainers

Details