laravel-encrypted-route maintained by intelfric

PACKAGE
VERSIONS

Description

A Laravel package that encrypts full route URLs for enhanced security and obfuscation

Author

Dr Msigwa

Last update

2025/07/24 04:39 (dev-main)

License

MIT

Links

Homepage - GitHub - Packagist

Downloads

Tags

php - security - routes - encryption - laravel - obfuscation - laravel-package - url-encryption

dev-main

Last update

2025/07/24 04:39

License

MIT

Require

php ^8.1
illuminate/support ^9.0|^10.0|^11.0|^12.0
illuminate/routing ^9.0|^10.0|^11.0|^12.0
illuminate/encryption ^9.0|^10.0|^11.0|^12.0
illuminate/http ^9.0|^10.0|^11.0|^12.0

1.2.0

Last update

2025/07/24 04:39

License

MIT

Require

php ^8.1
illuminate/support ^9.0|^10.0|^11.0|^12.0
illuminate/routing ^9.0|^10.0|^11.0|^12.0
illuminate/encryption ^9.0|^10.0|^11.0|^12.0
illuminate/http ^9.0|^10.0|^11.0|^12.0

1.1.0

Last update

2025/07/24 04:31

License

MIT

Require

php ^8.0
illuminate/support ^9.0|^10.0|^11.0
illuminate/routing ^9.0|^10.0|^11.0
illuminate/encryption ^9.0|^10.0|^11.0
illuminate/http ^9.0|^10.0|^11.0

1.0.0

Last update

2025/07/24 01:45

License

MIT

Require

php ^8.0
illuminate/support ^9.0|^10.0|^11.0
illuminate/routing ^9.0|^10.0|^11.0
illuminate/encryption ^9.0|^10.0|^11.0

Comments

comments powered by Disqus

Laravel Encrypted Route

A Laravel package that encrypts full route URLs for enhanced security and obfuscation. Transform your readable URLs into encrypted, random-looking paths that maintain full functionality while hiding your application's structure.

Features

🔐 Full URL Encryption: Encrypt route names and parameters into unreadable strings
⏰ Time-based Expiry: Optional URL expiration with configurable TTL
🔄 Flexible Routing: Choose between redirects or internal dispatch
🎯 Route Validation: Ensure only valid routes can be encrypted
🚀 Performance: Optional caching for decrypted routes
🛡️ Security: Built on Laravel's encryption system
📦 Easy Integration: Simple helper functions and Facade support

Example

Transform this:

https://myapp.com/user/dashboard/123

Into this:

https://myapp.com/encrypted/eyJpdiI6InNxQVJzOUg4...

Installation

Install the package via Composer:

composer require intelfric/laravel-encrypted-route

Laravel Auto-Discovery

Laravel 5.5+ automatically discovers the package. For older versions, add the service provider:

// config/app.php
'providers' => [
    // ...
    Intelfric\EncryptedRoute\EncryptedRouteServiceProvider::class,
],

'aliases' => [
    // ...
    'EncryptedUrl' => Intelfric\EncryptedRoute\Facades\EncryptedUrl::class,
],

Publish Configuration

php artisan vendor:publish --tag=encrypted-route-config

Configuration

The configuration file config/encryptedroute.php provides several options:

return [
    // Route prefix for encrypted URLs
    'route_prefix' => 'encrypted',
    
    // Whether to redirect to original URL or dispatch internally
    'redirect_to_original' => false,
    
    // Default expiry time in minutes (null = no expiry)
    'default_expiry_minutes' => null,
    
    // Middleware applied to encrypted routes
    'middleware' => ['web'],
    
    // Cache decrypted routes for performance
    'cache_decrypted_routes' => false,
    
    // Cache TTL in seconds
    'cache_ttl' => 300,
    
    // Allowed routes (empty = all allowed)
    'allowed_routes' => [],
    
    // Routes that cannot be encrypted
    'excluded_routes' => [
        'login', 'logout', 'register'
    ],
];

Usage

Basic Usage

Using Helper Function

// Generate encrypted URL
$encryptedUrl = encrypted_url('user.dashboard', ['id' => 123]);

// In Blade templates
<a href="{{ encrypted_url('user.profile', ['user' => $user->id]) }}">
    View Profile
</a>

Using Facade

use Intelfric\EncryptedRoute\Facades\EncryptedUrl;

$url = EncryptedUrl::generate('admin.settings', ['tab' => 'security']);

Using Route Macro

// In your routes or controllers
$url = Route::encryptedUrl('api.data', ['format' => 'json']);

Advanced Usage

Temporary URLs with Expiry

// URL expires in 60 minutes
$temporaryUrl = encrypted_url_with_expiry('download.file', 60, ['file' => 'document.pdf']);

// URL expires at specific time
$expiry = now()->addHours(2);
$temporaryUrl = temporary_encrypted_url('admin.report', $expiry, ['type' => 'sales']);

URL Validation

// Check if encrypted path is valid
if (is_valid_encrypted_url($encryptedPath)) {
    // URL is valid and not expired
    echo "Valid URL";
}

Using the Facade for Complex Operations

use Intelfric\EncryptedRoute\Facades\EncryptedUrl;

// Generate with custom expiry
$url = EncryptedUrl::generateWithExpiry('user.dashboard', ['id' => 1], 30);

// Generate temporary URL
$expiry = now()->addDay();
$url = EncryptedUrl::temporary('download.report', $expiry, ['format' => 'pdf']);

// Validate encrypted path
$isValid = EncryptedUrl::isValid($encryptedPath);

How It Works

URL Generation: When you call encrypted_url(), the package:
- Validates the route exists
- Encrypts the route name and parameters using Laravel's encryption
- Generates a URL with the encrypted data
URL Resolution: When a user visits an encrypted URL:
- The package decrypts the path
- Validates the route and checks expiry
- Either redirects to the original route or dispatches it internally
Security: All encryption uses Laravel's built-in encryption system, ensuring your URLs are secure and tamper-proof.

Configuration Options

Route Behavior

Control how encrypted routes are handled:

// Redirect to original URL (user sees original URL)
'redirect_to_original' => true,

// Dispatch internally (user stays on encrypted URL)
'redirect_to_original' => false,

URL Expiry

Set default expiry for all encrypted URLs:

// URLs expire after 1 hour by default
'default_expiry_minutes' => 60,

// No default expiry
'default_expiry_minutes' => null,

Route Restrictions

Control which routes can be encrypted:

// Only allow specific routes
'allowed_routes' => [
    'user.dashboard',
    'admin.panel',
],

// Prevent specific routes from being encrypted
'excluded_routes' => [
    'login',
    'register',
    'password.reset',
],

Performance

Enable caching for better performance:

'cache_decrypted_routes' => true,
'cache_ttl' => 300, // 5 minutes

Environment Variables

You can configure the package using environment variables:

ENCRYPTED_ROUTE_PREFIX=secure
ENCRYPTED_ROUTE_REDIRECT=false
ENCRYPTED_ROUTE_EXPIRY=60
ENCRYPTED_ROUTE_CACHE=true
ENCRYPTED_ROUTE_CACHE_TTL=300

Use Cases

1. Admin Panel Security

Hide admin routes from being easily discovered:

$adminUrl = encrypted_url('admin.users.index');
// Generates: /encrypted/eyJpdiI6... instead of /admin/users

2. Temporary File Downloads

Create expiring download links:

$downloadUrl = encrypted_url_with_expiry('file.download', 30, ['file' => 'secret.pdf']);

3. Email Links

Generate secure links for emails:

$emailVerifyUrl = temporary_encrypted_url(
    'email.verify', 
    now()->addDay(), 
    ['token' => $token]
);

4. API Endpoints

Obfuscate API endpoint structures:

$apiUrl = encrypted_url('api.user.data', ['user' => $userId, 'format' => 'json']);

Error Handling

The package handles various error scenarios:

Invalid encrypted data: Returns 404
Non-existent routes: Returns 404
Expired URLs: Returns 404
Excluded routes: Throws InvalidArgumentException

Requirements

PHP 8.1+
Laravel 9.0+

Testing

The package includes comprehensive tests. To run them:

composer test

Contributing

Contributions are welcome! Please feel free to submit a Pull Request.

Security

If you discover any security vulnerabilities, please email constantinomsigwa@intelfric.com instead of using the issue tracker.

License

The MIT License (MIT). Please see License File for more information.

Credits

Dr Msigwa - constantinomsigwa@intelfric.com
Intelfric Tech - intelfric.com

Changelog

Please see CHANGELOG for more information about what has changed recently.

Made with ❤️ by Intelfric Tech