Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Encode/Obfuscate IDs used in URLs

branch: master

Fetching latest commit…

Octocat-spinner-32-eaf2f5

Cannot retrieve the latest commit at this time

Octocat-spinner-32 eg
Octocat-spinner-32 lib
Octocat-spinner-32 t
Octocat-spinner-32 Changes
Octocat-spinner-32 MANIFEST
Octocat-spinner-32 Makefile.PL
Octocat-spinner-32 README
Octocat-spinner-32 ignore.txt
README
NAME
    Dancer::Plugin::EncodeID - Encode/Decode (or obfuscate) IDs in URLs

VERSION
    version 0.02

SYNOPSIS
            use Dancer;
            use Dancer::Plugin::EncodeID;

            set show_errors => true;

            # Set the secret key (better yet: put this in your config.yml)
            setting plugins => { EncodeID => { secret => 'my_secret_key' } };

            # Generate an encoded/obfuscaed ID in URL
            #
            # When the user visits this page, she will see URLs such as:
            #   http://myserver.com/item/c98ea08a8e8ad715
            # instead of
            #   http://myserver.com/item/42
            #
            get '/' => sub {

                    # Any ID (numeric or alpha-numeric) you want to obfuscate
                    my $clear_text_id = int(rand(42)+1);

                    # Encode the ID, generate the URL
                    my $encoded_id = encode_id($clear_text_id);
                    my $url = request->uri_for("/item/$encoded_id");

                    return "Link for Item $clear_text_id: <a href=\"$url\">$url</a>";
            };

            #
            # Decode a given ID, show the requested item
            #
            get '/item/:encoded_id' => sub {
                    # Decode the ID back to clear-text
                    my $clear_text_id = decode_id( params->{encoded_id} ) ;

                    return "Showing item '$clear_text_id'";
            };

            dance;

FUNCTIONS
    `encode_id(ID [,PREFIX])' - Encodes the given ID, returns the encoded
    hash value. If "PREFIX" is given, it will be added to the ID before
    encoding. It can be used when decoding to verify the decoded value is
    valid.

    `decode_id(ID [,PREFIX])' - Decodes the given ID, returns the original
    (cleartext) ID value. If "PREFIX" is given, it will be used to verify
    the validity of the ID.

DESCRIPTION
    This module aims to make it as easy as possible to obfuscate internal
    IDs when using them in a URL given to users. Instead of seeing
    http://myserver.com/item/42 users will see
    http://myserver.com/item/c98ea08a8e8ad715 . This will prevent nosy users
    from trying to iterate all items based on a simple ID in the URL.

CONFIGURATION
    Configuration requires a secret key at a minimum.

    Either put this in your config.yml file:

        plugins:
          EncodeID:
            secret: 'my_secret_password'

    Or set the secret key at run time, with:

        setting plugins => { EncodeID => { secret => 'my_secret_code' } };

AUTHOR
    Assaf Gordon, `<gordon at cshl.edu>'

BUGS
    THIS MODULE IS NOT SECURE. The encoded ID are not strongly encrypted in
    any way. The goal is obfuscation, not security.
    A possible improvement would be to use Crypt::CBC on top of
    Crypt::Blowfish, but that would generate IDs that are at least 48
    characters long.
    The secret key can not be changed once loaded.

    Please report any bugs or feature requests to
    https://github.com/agordon/Dancer-Plugin-EncodeID/issues

SEE ALSO
    A fully functional command-line tool to encode/decode IDs is available
    in the `./eg/' folder.

    Dancer, Dancer::Plugin

SUPPORT
    You can find documentation for this module with the perldoc command.

        perldoc Dancer::Plugin::EncodeID

ACKNOWLEDGEMENTS
    Idea and implementation for this module were greatly influenced by
    similar mechanism used in the Galaxy project (http://usegalaxy.org).

LICENSE AND COPYRIGHT
    Copyright 2011 Assaf Gordon.

    This program is free software; you can redistribute it and/or modify it
    under the terms of either: the GNU General Public License as published
    by the Free Software Foundation; or the Artistic License.

    See http://dev.perl.org/licenses/ for more information.

Something went wrong with that request. Please try again.