Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/dereuromark/cakephp-expose
CakePHP Expose plugin to expose entities through additional UUIDs instead of their AIID primary keys
https://github.com/dereuromark/cakephp-expose
Last synced: about 2 months ago
JSON representation
CakePHP Expose plugin to expose entities through additional UUIDs instead of their AIID primary keys
- Host: GitHub
- URL: https://github.com/dereuromark/cakephp-expose
- Owner: dereuromark
- License: mit
- Created: 2020-03-02T21:27:25.000Z (almost 5 years ago)
- Default Branch: master
- Last Pushed: 2024-09-16T12:57:25.000Z (3 months ago)
- Last Synced: 2024-10-11T06:32:43.587Z (2 months ago)
- Language: PHP
- Homepage:
- Size: 187 KB
- Stars: 8
- Watchers: 5
- Forks: 2
- Open Issues: 3
-
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md
- License: LICENSE
Awesome Lists containing this project
- awesome-cakephp - Expose plugin - Expose entities through additional UUIDs instead of their AIID primary keys to obfuscate those IDs and data associated with these numerically ordered values. (Security)
README
# CakePHP Expose plugin
[![CI](https://github.com/dereuromark/cakephp-expose/actions/workflows/ci.yml/badge.svg?branch=master)](https://github.com/dereuromark/cakephp-expose/actions/workflows/ci.yml?query=branch%3Amaster)
[![Codecov](https://img.shields.io/codecov/c/github/dereuromark/cakephp-expose/master.svg)](https://codecov.io/gh/dereuromark/cakephp-expose)
[![Latest Stable Version](https://poser.pugx.org/dereuromark/cakephp-expose/v/stable.svg)](https://packagist.org/packages/dereuromark/cakephp-expose)
[![Minimum PHP Version](https://img.shields.io/badge/php-%3E%3D%208.1-8892BF.svg)](https://php.net/)
[![License](https://poser.pugx.org/dereuromark/cakephp-expose/license.svg)](LICENSE)
[![Total Downloads](https://poser.pugx.org/dereuromark/cakephp-expose/d/total.svg)](https://packagist.org/packages/dereuromark/cakephp-expose)
[![Coding Standards](https://img.shields.io/badge/cs-PSR--2--R-yellow.svg)](https://github.com/php-fig-rectified/fig-rectified-standards)Exposes UUIDs as public identifiers for your entities instead of numeric AIID (Auto Increment ID) primary keys.
This branch is for use with **CakePHP 5.0+**. For details see [version map](https://github.com/dereuromark/cakephp-expose/wiki#cakephp-version-map).
## Key Goals
Cloaking/Obfuscation
- True randomness, so you cannot determine order or count of records per time-frame.Security
- Mass assignment and marshalling does not allow setting this exposed field - it are hidden by default just as the primary key.Robustness
- Must work with also more complex queries and use cases, including the atomic `updateAll()`, `deleteAll()`.
- Speed should be similar to default approach.Simplicity
- Code changes from AIID exposure to UUID lookup should be minimal for all public endpoints.
- The default shortener provided makes the UUIDs also only 22 chars long concise strings.## Why AIID and UUID as combination?
See [Motivation](docs/Motivation.md) for details.## Demo
See [sandbox](https://sandbox4.dereuromark.de/sandbox/expose-examples) examples.## Installation
You can install this plugin into your CakePHP application using [Composer](https://getcomposer.org/).
The recommended way to install is:
```
composer require dereuromark/cakephp-expose
```Then load the plugin with the following command:
```
bin/cake plugin load Expose
```## Usage
See [Docs](/docs) for details.
### Quick Start for adding to existing records
Faster than the speed of light:
- Add the behavior and run `bin/cake add_exposed_field PluginName.ModelName {MigrationName}` to generate a migration for adding the field.
- Execute the migration and then populate existing records using `bin/cake populate_exposed_field PluginName.ModelName`
- Re-run `bin/cake add_exposed_field PluginName.ModelName {MigrationName}` to get a non-nullable field migration for your new field.
- After also executing that migration all new records will automatically have their exposed field stored as well.You are done and can now adjust your public actions to query by exposed field only and hide the primary key completely.
Using `Superimpose` behavior on top of `Expose` means that you actually might not even have to modify any code.
Should work out of the box.More migration tips in [Migrating](docs/Migrating.md) section.