Skip to content

Instantly share code, notes, and snippets.

@icebob

icebob/README.md

Last active December 14, 2018 11:34
Show Gist options
  • Save icebob/5f71b4e7b38a06765c5912ba74c31857 to your computer and use it in GitHub Desktop.
Save icebob/5f71b4e7b38a06765c5912ba74c31857 to your computer and use it in GitHub Desktop.
Download ZIP
Secure IDs with `hashids`
Raw
README.md

Secure IDs

This mixin created two methods to encode & decode your IDs in order to be more secure. Read more about it in hashids.js readme. It generates a Youtube-like ID from Number IDs or Mongo ObjectID.

Usage

Please note, you should define a salt for HashID with HASHID_SALT environment variables.

const SecureID = require("../mixins/secure-id.mixin");

module.exports = {
    name: "posts",

    mixins: [
        DbService,
        SecureID()
    ],

    hooks: {
        before: {
            // Decode ID
            get(ctx) {
                ctx.params.id = this.decodeID(ctx.params.id);
            }
        },

        after: {
            find(ctx, res) {
                // Encode all IDs in the response
                return res.map(entity => {
                    entity.id = this.encodeID(entity.id);
                    return entity;
                })
            }
        }
    }
}
Raw
secure-id.mixin.js
"use strict";
const Hashids = require("hashids");
const hashids = new Hashids(process.env.HASHID_SALT || "my-secret");
module.exports = function(opts = {}) {
return {
methods: {
/**
* Encode ID of entity.
*
* @methods
* @param {any} id
* @returns {any}
*/
encodeID(id) {
if (id != null)
return hashids.encodeHex(id);
return id;
},
/**
* Decode ID of entity.
*
* @methods
* @param {any} id
* @returns {any}
*/
decodeID(id) {
if (id != null)
return hashids.decodeHex(id);
return id;
}
}
};
};
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment