intelfric/laravel-encrypted-route

A Laravel package that encrypts full route URLs for enhanced security and obfuscation

Maintainers

Details

github.com/INTELFRIC/laravel-encrypted-route

Homepage

Source

Issues

Documentation

Installs: 1

Dependents: 0

Suggesters: 0

Security: 0

Stars: 0

Watchers: 0

Forks: 0

1.2.0 2025-07-24 02:39 UTC

Requires

Requires (Dev)

MIT ef6f1d4279a7380841be33d47acfa591034ab695

  • Dr Msigwa <constantinomsigwa.woop@intelfric.com>

phpsecurityroutesencryptionlaravelobfuscationlaravel-packageurl-encryption

This package is not auto-updated.

Last update: 2025-07-24 21:57:43 UTC

README

Latest Version on Packagist Total Downloads

A Laravel package that encrypts full route URLs for enhanced security and obfuscation. Transform your readable URLs into encrypted, random-looking paths that maintain full functionality while hiding your application's structure.

Features

  • 🔐 Full URL Encryption: Encrypt route names and parameters into unreadable strings
  • Time-based Expiry: Optional URL expiration with configurable TTL
  • 🔄 Flexible Routing: Choose between redirects or internal dispatch
  • 🎯 Route Validation: Ensure only valid routes can be encrypted
  • 🚀 Performance: Optional caching for decrypted routes
  • 🛡️ Security: Built on Laravel's encryption system
  • 📦 Easy Integration: Simple helper functions and Facade support

Example

Transform this:

https://myapp.com/user/dashboard/123

Into this:

https://myapp.com/encrypted/eyJpdiI6InNxQVJzOUg4...

Installation

Install the package via Composer:

composer require intelfric/laravel-encrypted-route

Laravel Auto-Discovery

Laravel 5.5+ automatically discovers the package. For older versions, add the service provider:

// config/app.php
'providers' => [
    // ...
    Intelfric\EncryptedRoute\EncryptedRouteServiceProvider::class,
],

'aliases' => [
    // ...
    'EncryptedUrl' => Intelfric\EncryptedRoute\Facades\EncryptedUrl::class,
],

Publish Configuration

php artisan vendor:publish --tag=encrypted-route-config

Configuration

The configuration file config/encryptedroute.php provides several options:

return [
    // Route prefix for encrypted URLs
    'route_prefix' => 'encrypted',
    
    // Whether to redirect to original URL or dispatch internally
    'redirect_to_original' => false,
    
    // Default expiry time in minutes (null = no expiry)
    'default_expiry_minutes' => null,
    
    // Middleware applied to encrypted routes
    'middleware' => ['web'],
    
    // Cache decrypted routes for performance
    'cache_decrypted_routes' => false,
    
    // Cache TTL in seconds
    'cache_ttl' => 300,
    
    // Allowed routes (empty = all allowed)
    'allowed_routes' => [],
    
    // Routes that cannot be encrypted
    'excluded_routes' => [
        'login', 'logout', 'register'
    ],
];

Usage

Basic Usage

Using Helper Function

// Generate encrypted URL
$encryptedUrl = encrypted_url('user.dashboard', ['id' => 123]);

// In Blade templates
<a href="{{ encrypted_url('user.profile', ['user' => $user->id]) }}">
    View Profile
</a>

Using Facade

use Intelfric\EncryptedRoute\Facades\EncryptedUrl;

$url = EncryptedUrl::generate('admin.settings', ['tab' => 'security']);

Using Route Macro

// In your routes or controllers
$url = Route::encryptedUrl('api.data', ['format' => 'json']);

Advanced Usage

Temporary URLs with Expiry

// URL expires in 60 minutes
$temporaryUrl = encrypted_url_with_expiry('download.file', 60, ['file' => 'document.pdf']);

// URL expires at specific time
$expiry = now()->addHours(2);
$temporaryUrl = temporary_encrypted_url('admin.report', $expiry, ['type' => 'sales']);

URL Validation

// Check if encrypted path is valid
if (is_valid_encrypted_url($encryptedPath)) {
    // URL is valid and not expired
    echo "Valid URL";
}

Using the Facade for Complex Operations

use Intelfric\EncryptedRoute\Facades\EncryptedUrl;

// Generate with custom expiry
$url = EncryptedUrl::generateWithExpiry('user.dashboard', ['id' => 1], 30);

// Generate temporary URL
$expiry = now()->addDay();
$url = EncryptedUrl::temporary('download.report', $expiry, ['format' => 'pdf']);

// Validate encrypted path
$isValid = EncryptedUrl::isValid($encryptedPath);

How It Works

  1. URL Generation: When you call encrypted_url(), the package:

    • Validates the route exists
    • Encrypts the route name and parameters using Laravel's encryption
    • Generates a URL with the encrypted data

  2. URL Resolution: When a user visits an encrypted URL:

    • The package decrypts the path
    • Validates the route and checks expiry
    • Either redirects to the original route or dispatches it internally

  3. Security: All encryption uses Laravel's built-in encryption system, ensuring your URLs are secure and tamper-proof.

Configuration Options

Route Behavior

Control how encrypted routes are handled:

// Redirect to original URL (user sees original URL)
'redirect_to_original' => true,

// Dispatch internally (user stays on encrypted URL)
'redirect_to_original' => false,

URL Expiry

Set default expiry for all encrypted URLs:

// URLs expire after 1 hour by default
'default_expiry_minutes' => 60,

// No default expiry
'default_expiry_minutes' => null,

Route Restrictions

Control which routes can be encrypted:

// Only allow specific routes
'allowed_routes' => [
    'user.dashboard',
    'admin.panel',
],

// Prevent specific routes from being encrypted
'excluded_routes' => [
    'login',
    'register',
    'password.reset',
],

Performance

Enable caching for better performance:

'cache_decrypted_routes' => true,
'cache_ttl' => 300, // 5 minutes

Environment Variables

You can configure the package using environment variables:

ENCRYPTED_ROUTE_PREFIX=secure
ENCRYPTED_ROUTE_REDIRECT=false
ENCRYPTED_ROUTE_EXPIRY=60
ENCRYPTED_ROUTE_CACHE=true
ENCRYPTED_ROUTE_CACHE_TTL=300

Use Cases

1. Admin Panel Security

Hide admin routes from being easily discovered:

$adminUrl = encrypted_url('admin.users.index');
// Generates: /encrypted/eyJpdiI6... instead of /admin/users

2. Temporary File Downloads

Create expiring download links:

$downloadUrl = encrypted_url_with_expiry('file.download', 30, ['file' => 'secret.pdf']);

3. Email Links

Generate secure links for emails:

$emailVerifyUrl = temporary_encrypted_url(
    'email.verify', 
    now()->addDay(), 
    ['token' => $token]
);

4. API Endpoints

Obfuscate API endpoint structures:

$apiUrl = encrypted_url('api.user.data', ['user' => $userId, 'format' => 'json']);

Error Handling

The package handles various error scenarios:

  • Invalid encrypted data: Returns 404
  • Non-existent routes: Returns 404
  • Expired URLs: Returns 404
  • Excluded routes: Throws InvalidArgumentException

Requirements

  • PHP 8.1+
  • Laravel 9.0+

Testing

The package includes comprehensive tests. To run them:

composer test

Contributing

Contributions are welcome! Please feel free to submit a Pull Request.

Security

If you discover any security vulnerabilities, please email constantinomsigwa@intelfric.com instead of using the issue tracker.

License

The MIT License (MIT). Please see License File for more information.

Credits

Changelog

Please see CHANGELOG for more information about what has changed recently.

Made with ❤️ by Intelfric Tech