Download the PHP package imran/laravel-encrypted-route-params without Composer
On this page you can find all versions of the php package imran/laravel-encrypted-route-params. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Download imran/laravel-encrypted-route-params
More information about imran/laravel-encrypted-route-params
Files in imran/laravel-encrypted-route-params
Package laravel-encrypted-route-params
Short Description Encrypt sensitive Laravel route parameters with Crypt and decrypt them before implicit binding.
License MIT
Homepage https://github.com/grim-reapper/laravel-encrypted-route-params
FAQ
Example:
In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
- Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
- To use Composer is sometimes complicated. Especially for beginners.
- Composer needs much resources. Sometimes they are not available on a simple webspace.
- If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
- Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Informations about the package laravel-encrypted-route-params
Laravel Encrypted Route Params
π Stop ID Scraping & Leakage with Transparent URL Encryption
Are you still exposing raw database IDs in your URLs?
https://your-app.com/invoices/1024
The Problem
Exposing raw IDs is a major security and business intelligence risk:
- ID Scraping: Competitors can easily guess next/previous IDs to scrape your data.
- Business Intelligence Leakage: Anyone can see exactly how many orders, users, or invoices you have just by looking at the URL.
- Insecure Direct Object Reference (IDOR): While middleware should prevent unauthorized access, raw IDs make it tempting for attackers to probe for weaknesses.
- Ugly URLs: Raw IDs feel "naked" and less professional than modern, obfuscated identifiers.
The Solution
Laravel Encrypted Route Params provides a seamless, "drop-in" way to encrypt sensitive path parameters using Laravelβs native Crypt facade.
It handles everything automatically:
- Transparent Encryption: Use
route()as normal; it encrypts the parameters on the fly. - Automatic Decryption: Middleware decrypts values before implicit route model binding, so your controllers don't even know it happened.
- Shorter Tokens: Optional compact mode for cleaner, shorter URLs.
- JSON Support: Can also decrypt tokens inside JSON request payloads.
-
Model-Level Control: Use a Trait to automatically encrypt IDs in all URLs and JSON resources.
- PHP
^8.1 - Laravel
^10.0|^11.0|^12.0|^13.0 - A valid
APP_KEY
π Installation
The package is auto-discovered. If discovery is disabled, register the provider manually:
βοΈ Quick Start
1. Middleware Setup (Required)
Decryption must run before SubstituteBindings.
Laravel 11 / 12 / 13 (bootstrap/app.php)
2. Usage on Routes
Just add ->encrypted() to any route definition:
3. Generate URLs
Just use the standard route() helper! If transparent_url_generation is enabled (default), it just works:
ποΈ Model-Level Control (Automatic)
Instead of marking every route, you can enable encryption directly on your Eloquent models. This is useful for sensitive IDs that should always be encrypted in URLs and JSON responses.
1. Add the Trait
Add HasEncryptedAttributes to your model and define which attributes should be encrypted:
2. What this does:
- Automatic URLs:
route('invoices.show', $invoice)will now automatically produce an encrypted URL, even if the route is NOT marked with->encrypted(). - Automatic JSON: When you return the model from a controller, use it in a JsonResource, or call
$invoice->toArray(), the listed attributes will be encrypted automatically. - Transparent Decryption: The middleware automatically detects models using this trait and decrypts the route parameters before they reach your controller.
π οΈ Advanced Features
Selecting Specific Parameters
Shorter Tokens (cipher = compact)
Tired of long Base64 strings? Switch to compact mode in your .env:
This uses AES-256-GCM + HKDF to produce significantly shorter tokens while maintaining high security.
JSON API Support
Decrypt parameters sent inside JSON POST bodies automatically by adding the middleware. You can use the provided alias encrypted.json.request (once configured in config):
π§ͺ Helper Methods
The package provides several global helper methods for manual encryption/decryption:
encrypt_route_param(mixed $value)
Encrypt a scalar value using the package's configuration. Useful for manually building JSON responses or payloads.
decrypt_route_param(string $token)
Decrypt a token produced by the package.
encrypted_route(string $name, array $parameters = [], bool $absolute = true)
Explicitly generate an encrypted route URL. This is useful if you have transparent_url_generation set to false.
π Configuration
Publish the config file:
Options & Environment Variables
| Key | Environment Variable | Default | Description |
|---|---|---|---|
enabled |
ENCRYPTED_ROUTE_PARAMS_ENABLED |
true |
Master switch for the package. |
transparent_url_generation |
ENCRYPTED_ROUTE_PARAMS_TRANSPARENT_URL |
true |
If true, wraps Laravel's UrlGenerator so route() works automatically. |
cipher |
ENCRYPTED_ROUTE_PARAMS_CIPHER |
laravel |
laravel (standard) or compact (shorter tokens). |
failure |
ENCRYPTED_ROUTE_PARAMS_FAILURE |
404 |
Returns 404 or 400 on decryption failure. |
log_failures |
ENCRYPTED_ROUTE_PARAMS_LOG_FAILURES |
true |
Log decryption failures to your application logs. |
max_plaintext_length |
ENCRYPTED_ROUTE_PARAMS_MAX_PLAINTEXT_LENGTH |
4096 |
Max size of data before encryption. |
decrypt_json_strategy |
ENCRYPTED_ROUTE_PARAMS_JSON_STRATEGY |
keys |
keys (explicit keys) or all_strings (recursive search). |
decrypt_json_request_keys |
ENCRYPTED_ROUTE_PARAMS_JSON_KEYS |
'' |
Comma-separated list of keys to decrypt in JSON bodies. |
json_decrypt_strict |
ENCRYPTED_ROUTE_PARAMS_JSON_STRICT |
false |
If true, returns 400 on invalid JSON ciphertext. |
middleware |
ENCRYPTED_ROUTE_PARAMS_MIDDLEWARE |
encrypted.route.params |
Alias registered for route parameter decryption middleware. |
json_middleware |
ENCRYPTED_ROUTE_PARAMS_JSON_MIDDLEWARE |
'' |
Optional alias for JSON request decryption middleware. |
β€οΈ Support the Project
This package is free and open-source. If you find it useful, please consider:
- Starring the repo on GitHub.
- Reporting bugs or suggesting features via Issues.
- Contributing code via Pull Requests.
π Sponsors
If your company uses this package in production, please consider sponsoring development to ensure its long-term maintenance. Contact [email protected] for sponsorship opportunities.
π€ Contributing
Please see CONTRIBUTING for details.
π Security
If you discover any security-related issues, please email [email protected] instead of using the issue tracker.
π License
The MIT License (MIT). Please see License File for more information.
All versions of laravel-encrypted-route-params with dependencies
illuminate/contracts Version ^10.0|^11.0|^12.0|^13.0
illuminate/encryption Version ^10.0|^11.0|^12.0|^13.0
illuminate/http Version ^10.0|^11.0|^12.0|^13.0
illuminate/routing Version ^10.0|^11.0|^12.0|^13.0
illuminate/support Version ^10.0|^11.0|^12.0|^13.0