NAME

Dancer::Plugin::EncodeID - Encode/Decode (or obfuscate) IDs in URLs

VERSION

version 0.01

SYNOPSIS

use Dancer;
use Dancer::Plugin::EncodeID;

set show_errors => true;

# Set the secret key (better yet: put this in your config.yml)
setting plugins => { EncodeID => { secret => 'my_secret_key' } };

# Generate an encoded/obfuscaed ID in URL
#
# When the user visits this page, she will see URLs such as:
#   http://myserver.com/item/c98ea08a8e8ad715
# instead of
#   http://myserver.com/item/42
#
get '/' => sub {

	# Any ID (numeric or alpha-numeric) you want to obfuscate
	my $clear_text_id = int(rand(42)+1);

	# Encode the ID, generate the URL
	my $encoded_id = encode_id($clear_text_id);
	my $url = request->uri_for("/item/$encoded_id");

	return "Link for Item $clear_text_id: <a href=\"$url\">$url</a>";
};

#
# Decode a given ID, show the requested item
#
get '/item/:encoded_id' => sub {
	# Decode the ID back to clear-text
	my $clear_text_id = decode_id( params->{encoded_id} ) ;

	return "Showing item '$clear_text_id'";
};

dance;

DESCRIPTION

This module aims to make it as easy as possible to obfuscate internal IDs when using them in a URL given to users. Instead of seeing http://myserver.com/item/42 users will see http://myserver.com/item/c98ea08a8e8ad715 . This will prevent nosy users from trying to iterate all items based on a simple ID in the URL.

CONFIGURATION

Configuration requires a secret key at a minimum.

Either put this in your config.yml file:

plugins:
  EncodeID:
    secret: 'my_secret_password'

Or set the secret key at run time, with:

setting plugins => { EncodeID => { secret => 'my_secret_code' } };

AUTHOR

Assaf Gordon, <gordon at cshl.edu>

BUGS

THIS MODULE IS NOT SECURE. The encoded ID are not strongly encrypted in any way. The goal is obfuscation, not security.
A possible improvement would be to use Crypt::CBC on top of Crypt::Blowfish, but that would generate IDs that are at least 48 characters long.
The secret key can not be changed once loaded.

Please report any bugs or feature requests to https://github.com/agordon/Dancer-Plugin-EncodeID/issues

SUPPORT

You can find documentation for this module with the perldoc command.

perldoc Dancer::Plugin::EncodeID

ACKNOWLEDGEMENTS

Idea and implementation for this module were greatly influenced by similar mechanism used in the Galaxy project (http://usegalaxy.org).

LICENSE AND COPYRIGHT

This program is free software; you can redistribute it and/or modify it under the terms of either: the GNU General Public License as published by the Free Software Foundation; or the Artistic License.

See http://dev.perl.org/licenses/ for more information.

To install Dancer::Plugin::EncodeID, copy and paste the appropriate command in to your terminal.

cpanm

cpanm Dancer::Plugin::EncodeID

CPAN shell

perl -MCPAN -e shell
install Dancer::Plugin::EncodeID

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	go to github issues (only if github is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

	Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)