|
1 | 1 | # Laravel HashSlug |
2 | 2 |
|
| 3 | +This package is useful to hide real model ids in urls using [Hashids](https://github.com/ivanakimov/hashids.php). A hashid (slug) is deterministically generated given an application, a model class and an id. Also, given a hashid (slug), the real id can be decoded. Thus no extra field needs to be stored in the database, ids are decoded on each request. |
| 4 | + |
| 5 | +Generates urls on the fly |
| 6 | +``` |
| 7 | +database -> id (1) -> hashslug (K4Nkd) -> url (http://localhost/posts/K4Nkd) |
| 8 | +``` |
| 9 | + |
| 10 | +Decodes hashids and finds models on the fly |
| 11 | +``` |
| 12 | +url (http://localhost/posts/K4Nkd) -> hashslug (K4Nkd) -> id (1) -> database -> model |
| 13 | +``` |
| 14 | + |
| 15 | +Hashslugs have the following properties: |
| 16 | + |
| 17 | +1. It is guaranteed that hashslugs are unique per id |
| 18 | +2. It is guaranteed that for different models, different series of hashslugs are generated (a post of id 1 will have a different hashslug as a comment with id 1) |
| 19 | +3. It is guaranteed that for different installations, different series of hashslugs are generated (depending on app key in the `.env` file) |
| 20 | + |
| 21 | +It is important to note that hashids are __not random, nor unpredictable__. Do not use this package if that's a concern. Quoting from [hashids.org](http://hashids.org/#decoding): |
| 22 | + |
| 23 | +> Do you have a question or comment that involves "security" and "hashids" in the same sentence? Don't use Hashids. |
| 24 | +
|
| 25 | +However, although hashslug encoding depends on the app key, it cannot be exposed by an attacker, since it's [sha256 hashed](https://github.com/balping/laravel-hashslug/blob/master/src/HasHashSlug.php#L56) before passing it to Hashids. Your app key is safe. |
| 26 | + |
| 27 | +## Installation |
| 28 | + |
| 29 | +```bash |
| 30 | +composer require balping/laravel-hashslug |
| 31 | +``` |
| 32 | + |
| 33 | +## Usage |
| 34 | + |
| 35 | +Include trait on a model that you wish to have hashid slugs to hide numeric incremental ids. |
| 36 | + |
| 37 | +```php |
| 38 | + |
| 39 | +use Illuminate\Database\Eloquent\Model; |
| 40 | +use Balping\HashSlug\HasHashSlug; |
| 41 | + |
| 42 | +class Post extends Model { |
| 43 | + use HasHashSlug; |
| 44 | +} |
| 45 | +``` |
| 46 | + |
| 47 | +After this, functions `slug()`, `findBySlug($slug)` and `findBySlugOrFail($slug)` are added to your model. |
| 48 | + |
| 49 | +Every time you generate a url using Laravel's helpers, instead of numeric ids, hashids are used (with the default length of 5 characters): |
| 50 | + |
| 51 | + |
| 52 | +```php |
| 53 | +// routes/web.php |
| 54 | +Route::resource('/posts', 'PostController'); |
| 55 | + |
| 56 | +// somewhere else |
| 57 | +$post = Post::first(); |
| 58 | +echo action('PostController@show', $post); |
| 59 | +// prints http://localhost/posts/K4Nkd |
| 60 | +``` |
| 61 | + |
| 62 | +Then you can resolve the model by the slug. |
| 63 | + |
| 64 | + |
| 65 | +```php |
| 66 | +// app/Http/Controllers/PostController.php |
| 67 | + |
| 68 | +public function show($slug){ |
| 69 | + $post = Post:findBySlugOrFail($slug); |
| 70 | + |
| 71 | + return view('post.show', compact('post')); |
| 72 | +} |
| 73 | +``` |
| 74 | + |
| 75 | +You can use [explicit model binding](https://laravel.com/docs/master/routing#explicit-binding) too. |
| 76 | + |
| 77 | +Just add this code to `RouteServiceProvider@boot` |
| 78 | + |
| 79 | +```php |
| 80 | +Route::bind('post', function ($slug) { |
| 81 | + return Post::findBySlugOrFail($slug); |
| 82 | +}); |
| 83 | +``` |
| 84 | + |
| 85 | +After that typehinted models are automatically resolved: |
| 86 | + |
| 87 | +```php |
| 88 | +// app/Http/Controllers/PostController.php |
| 89 | + |
| 90 | +public function show(Post $post){ |
| 91 | + return view('post.show', compact('post')); |
| 92 | +} |
| 93 | +``` |
| 94 | + |
| 95 | +## Customisation |
| 96 | + |
| 97 | +### Padding |
| 98 | + |
| 99 | +Change the minimum length of a slug (default: 5) |
| 100 | + |
| 101 | +```php |
| 102 | +class Post extends Model { |
| 103 | + use HasHashSlug; |
| 104 | + |
| 105 | + protected static $minSlugLength = 10; |
| 106 | +} |
| 107 | +``` |
| 108 | + |
| 109 | +### Salts |
| 110 | + |
| 111 | +The uniqueness of hashslug series per model and app installation depends on having unique salts. |
| 112 | + |
| 113 | +By default, the salt passed to Hashids depends on the app key defined in `.env` and the class name of the model. |
| 114 | + |
| 115 | +#### Application salt |
| 116 | + |
| 117 | +To change the 'application salt', create file `config/hashslug.php` then add the following code: |
| 118 | + |
| 119 | +```php |
| 120 | +<?php |
| 121 | + |
| 122 | +return [ |
| 123 | + 'appsalt' => 'your-application-salt' |
| 124 | +]; |
| 125 | +``` |
| 126 | + |
| 127 | +Keep in mind that you don't have to configure this, but unless you do and your app key is changed, every url having hashslugs in it will change. This might be a problem for example if a user bookmarked such a url. |
| 128 | + |
| 129 | +#### Model salt |
| 130 | + |
| 131 | +To use a custom model salt instead of the classname: |
| 132 | + |
| 133 | +```php |
| 134 | +class Post extends Model { |
| 135 | + use HasHashSlug; |
| 136 | + |
| 137 | + protected static $modelSalt = "posts"; |
| 138 | +} |
| 139 | +``` |
| 140 | + |
| 141 | +This might be a good idea to do, if you have several extended classes of the same model and you need hashslugs to be consistent. |
| 142 | + |
| 143 | + |
| 144 | +#### Alphabet |
| 145 | + |
| 146 | +The default alphabet is `abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890` |
| 147 | + |
| 148 | +This can be changed: |
| 149 | + |
| 150 | +```php |
| 151 | +class Post extends Model { |
| 152 | + use HasHashSlug; |
| 153 | + |
| 154 | + protected static $alphabet = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'; |
| 155 | +} |
| 156 | +``` |
| 157 | + |
| 158 | + |
3 | 159 |
|
4 | 160 | ## License |
5 | 161 |
|
6 | | -This package is licensed under GPLv3. |
| 162 | +This package (the trait and the test file) is licensed under GPLv3. |
0 commit comments