laravel 如何加密laravel 5.2 URL 或路由?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/41276128/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How to encrypt laravel 5.2 URL or Routes?
提问by sandip kakade
I need to encrypt routes in this URL? Because I do not want user to access URL by changing the item id. For example, user can change /items/1234 to /item/5678. Although item 1234 and 5678 belong to the same user, I still want to restrict the behavior. What I am trying to do is encrypting the routes but I am not sure whether this is a proper way or not. Any suggestions?
我需要加密这个 URL 中的路由吗?因为我不希望用户通过更改项目 ID 来访问 URL。例如,用户可以将 /items/1234 更改为 /item/5678。虽然 item 1234 和 5678 属于同一个用户,但我还是想限制这种行为。我想要做的是加密路由,但我不确定这是否是正确的方法。有什么建议?
回答by Nazmul Hasan
You can encrypt your url parameter and decrypt it in your controller. You can try this:
您可以加密您的 url 参数并在您的控制器中解密它。你可以试试这个:
In your view: Suppose your parameter is id or more parameter you can encrypt.
在您看来:假设您的参数是可以加密的 id 或更多参数。
<?php
$parameter =[
'id' =>1,
];
$parameter= Crypt::encrypt($parameter);
?>
<a href="{{url('/url/',$parameter)}}" target="_blank">a link</a>
Your route will be:
您的路线将是:
Route::get('/url/{parameter}', 'YourController@methodName');
In your controller, You can decrypt your parameter:
在您的控制器中,您可以解密您的参数:
public function methodName($id){
$data = Crypt::decrypt($id);
}
You must be yous Crypt namespace in your top of controller
您必须是控制器顶部的 Crypt 命名空间
use Illuminate\Support\Facades\Crypt;
Note: You can encrypt url parameter with Crypt::encrypt($parameter)and decrypt with Crypt::decrypt($parameter)
注意:您可以使用加密 url 参数Crypt::encrypt($parameter)和解密 Crypt::decrypt($parameter)
回答by Josh Bolton
One way you could mitigate this issue would be to use Universally Unique ID's (UUID).
缓解此问题的一种方法是使用通用唯一 ID (UUID)。
You will no longer have the issue of auto-increment database crawling and a user cannot alter URL's to get different data.
您将不再遇到自动增量数据库爬行的问题,并且用户无法更改 URL 以获取不同的数据。
You can quite easily change your database to support this in your migrations by changing your id column from
您可以通过将 id 列从
this:
这个:
$table->increments('id');
to this:
对此:
$table->uuid('id')->primary();
Your model can then be edited to support the non incrementing primary key by adding the following to your class:
然后可以通过将以下内容添加到您的类中来编辑您的模型以支持非递增主键:
protected $incrementing = false;
回答by Akshay Khale
You can encrypt the route in your controller while redirecting, using
您可以在重定向时加密控制器中的路由,使用
\Crypt::encrypt(product_id)
\Crypt::encrypt(product_id)
and on the product page you can decrypt the product ID from the URL using
并在产品页面上,您可以使用 URL 从 URL 解密产品 ID
$product_id = \Crypt::decrypt($url_parameter)
$product_id = \Crypt::decrypt($url_parameter)
that's the best possible way.
这是最好的办法。
But there will be some chances of exception if the user Edit's the Product ID parameter from the URL which you will need to handle.
但是,如果用户编辑来自您需要处理的 URL 的产品 ID 参数,则会有一些异常的机会。
回答by AddWeb Solution Pvt Ltd
You require encrypt URL ID/Any URL param and this is called id obfuscation. You can do it with hashids library. it converts an integer like 347to yr8and back again.
您需要加密 URL ID/Any URL 参数,这称为 id 混淆。您可以使用hashids 库来实现。它将像347这样的整数转换为yr8并再次返回。
Include this library:
包括这个库:
composer require hashids/hashids
You can get all other easy stuff from Easy id obfuscation with Laravel 5
你可以从使用 Laravel 5 的 Easy id 混淆中获得所有其他简单的东西
This will help you to encrypt URL id:
这将帮助您加密 URL id:
http://example.com/users/123
TO
到
http://example.com/users/Mj3
Hope this will help you well!
希望这对你有帮助!
回答by Alexey Mezenin
You don't want to encrypt all routes, it's bad practice. You can use encrypt()helper to encrypt parameter and decrypt()to decrypt it.
您不想加密所有路由,这是不好的做法。您可以使用encrypt()助手来加密参数并对其decrypt()进行解密。
$encryptedId = encrypt($id);
回答by JC Lee
It sounds like you want to encrypt the whole route. It may not be good practice but here's how to do it. You will have one controller that receives all requests. All business logic will need to be placed in your services.
听起来您想加密整个路由。这可能不是一个好习惯,但这是如何做到的。您将拥有一个接收所有请求的控制器。所有业务逻辑都需要放在您的服务中。
In route file have a route that points to "/{encrypted}" and to a controller@method (name is up to you).
In controller method, decrypt the encrypted param. Maybe the decrypted string is "item/100". Then you'll need to
$routeParams = explode('/', $decrypted);and send it to a service to process it. e.g.
在路由文件中有一个指向“/{encrypted}”和一个 controller@method 的路由(名称由你决定)。
在控制器方法中,解密加密的参数。也许解密后的字符串是“item/100”。然后,您需要
$routeParams = explode('/', $decrypted);将其发送到服务进行处理。例如
if($routeParams[0] == 'item') {
return ItemService::get($routeParams[1]);
}
if($routeParams[0] == 'item') {
return ItemService::get($routeParams[1]);
}
That's the basic idea. But in practice, you would a have handler class that manages the routing your encrypted URL. In this handler class, you'll need to have a config array that functions similarly to Laravel's route file.
这就是基本的想法。但在实践中,您将有一个处理程序类来管理您的加密 URL 的路由。在这个处理程序类中,你需要有一个配置数组,它的功能类似于 Laravel 的路由文件。
