NAME

Dancer::Plugin::EncodeID - Encode/Decode (or obfuscate) IDs in URLs

VERSION

version 0.02

SYNOPSIS

use Dancer;
use Dancer::Plugin::EncodeID;

set show_errors => true;

# Set the secret key (better yet: put this in your config.yml)
setting plugins => { EncodeID => { secret => 'my_secret_key' } };

# Generate an encoded/obfuscaed ID in URL
#
# When the user visits this page, she will see URLs such as:
#   http://myserver.com/item/c98ea08a8e8ad715
# instead of
#   http://myserver.com/item/42
#
get '/' => sub {

	# Any ID (numeric or alpha-numeric) you want to obfuscate
	my $clear_text_id = int(rand(42)+1);

	# Encode the ID, generate the URL
	my $encoded_id = encode_id($clear_text_id);
	my $url = request->uri_for("/item/$encoded_id");

	return "Link for Item $clear_text_id: <a href=\"$url\">$url</a>";
};

#
# Decode a given ID, show the requested item
#
get '/item/:encoded_id' => sub {
	# Decode the ID back to clear-text
	my $clear_text_id = decode_id( params->{encoded_id} ) ;

	return "Showing item '$clear_text_id'";
};

dance;

FUNCTIONS

encode_id(ID [,PREFIX]) - Encodes the given ID, returns the encoded hash value. If "PREFIX" is given, it will be added to the ID before encoding. It can be used when decoding to verify the decoded value is valid.

decode_id(ID [,PREFIX]) - Decodes the given ID, returns the original (cleartext) ID value. If "PREFIX" is given, it will be used to verify the validity of the ID.

DESCRIPTION

This module aims to make it as easy as possible to obfuscate internal IDs when using them in a URL given to users. Instead of seeing http://myserver.com/item/42 users will see http://myserver.com/item/c98ea08a8e8ad715 . This will prevent nosy users from trying to iterate all items based on a simple ID in the URL.

CONFIGURATION

Configuration requires a secret key at a minimum.

Either put this in your config.yml file:

plugins:
  EncodeID:
    secret: 'my_secret_password'

Or set the secret key at run time, with:

setting plugins => { EncodeID => { secret => 'my_secret_code' } };

AUTHOR

Assaf Gordon, <gordon at cshl.edu>

BUGS

THIS MODULE IS NOT SECURE. The encoded ID are not strongly encrypted in any way. The goal is obfuscation, not security.
A possible improvement would be to use Crypt::CBC on top of Crypt::Blowfish, but that would generate IDs that are at least 48 characters long.
The secret key can not be changed once loaded.

Please report any bugs or feature requests to https://github.com/agordon/Dancer-Plugin-EncodeID/issues

SUPPORT

You can find documentation for this module with the perldoc command.

perldoc Dancer::Plugin::EncodeID

ACKNOWLEDGEMENTS

Idea and implementation for this module were greatly influenced by similar mechanism used in the Galaxy project (http://usegalaxy.org).

LICENSE AND COPYRIGHT

This program is free software; you can redistribute it and/or modify it under the terms of either: the GNU General Public License as published by the Free Software Foundation; or the Artistic License.

See http://dev.perl.org/licenses/ for more information.

To install Dancer::Plugin::EncodeID, copy and paste the appropriate command in to your terminal.

cpanm

cpanm Dancer::Plugin::EncodeID

CPAN shell

perl -MCPAN -e shell
install Dancer::Plugin::EncodeID

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	go to github issues (only if github is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

	Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)