Awesome
CakePHP Expose plugin
Exposes UUIDs as public identifiers for your entities instead of numeric AIID (Auto Increment ID) primary keys.
This branch is for use with CakePHP 5.0+. For details see version map.
Key Goals
Cloaking/Obfuscation
- True randomness, so you cannot determine order or count of records per time-frame.
Security
- Mass assignment and marshalling does not allow setting this exposed field - it are hidden by default just as the primary key.
Robustness
- Must work with also more complex queries and use cases, including the atomic
updateAll()
,deleteAll()
. - Speed should be similar to default approach.
Simplicity
- Code changes from AIID exposure to UUID lookup should be minimal for all public endpoints.
- The default shortener provided makes the UUIDs also only 22 chars long concise strings.
Why AIID and UUID as combination?
See Motivation for details.
Demo
See sandbox examples.
Installation
You can install this plugin into your CakePHP application using Composer.
The recommended way to install is:
composer require dereuromark/cakephp-expose
Then load the plugin with the following command:
bin/cake plugin load Expose
Usage
See Docs for details.
Quick Start for adding to existing records
Faster than the speed of light:
- Add the behavior and run
bin/cake add_exposed_field PluginName.ModelName {MigrationName}
to generate a migration for adding the field. - Execute the migration and then populate existing records using
bin/cake populate_exposed_field PluginName.ModelName
- Re-run
bin/cake add_exposed_field PluginName.ModelName {MigrationName}
to get a non-nullable field migration for your new field. - After also executing that migration all new records will automatically have their exposed field stored as well.
You are done and can now adjust your public actions to query by exposed field only and hide the primary key completely.
Using Superimpose
behavior on top of Expose
means that you actually might not even have to modify any code.
Should work out of the box.
More migration tips in Migrating section.