I need to encrypt routes in this URL? Because I do not want user to access URL by changing the item id. For example, user can change /items/1234 to /item/5678. Although item 1234 and 5678 belong to the same user, I still want to restrict the behavior. What I am trying to do is encrypting the routes but I am not sure whether this is a proper way or not. Any suggestions?

You can encrypt your url parameter and decrypt it in your controller. You can try this:

In your view: Suppose your parameter is id or more parameter you can encrypt.

<?php
        $parameter =[
            'id' =>1,
        ];
    $parameter= Crypt::encrypt($parameter);
?>
<a href="{{url('/url/',$parameter)}}" target="_blank">a link</a>

Your route will be:

Route::get('/url/{parameter}', 'YourController@methodName');

In your controller, You can decrypt your parameter:

public function methodName($id){
    $data = Crypt::decrypt($id);
  }

You must be yous Crypt namespace in your top of controller

use Illuminate\Support\Facades\Crypt;

Note: You can encrypt url parameter with Crypt::encrypt($parameter) and decrypt with Crypt::decrypt($parameter)

One way you could mitigate this issue would be to use Universally Unique ID's (UUID).

You will no longer have the issue of auto-increment database crawling and a user cannot alter URL's to get different data.

You can quite easily change your database to support this in your migrations by changing your id column from

this:

$table->increments('id');

to this:

$table->uuid('id')->primary();

Your model can then be edited to support the non incrementing primary key by adding the following to your class:

protected $incrementing = false;

You can encrypt the route in your controller while redirecting, using

\Crypt::encrypt(product_id)

and on the product page you can decrypt the product ID from the URL using

$product_id = \Crypt::decrypt($url_parameter)

that's the best possible way.

But there will be some chances of exception if the user Edit's the Product ID parameter from the URL which you will need to handle.

You require encrypt URL ID/Any URL param and this is called id obfuscation. You can do it with hashids library. it converts an integer like 347 to yr8 and back again.

Include this library:

composer require hashids/hashids

You can get all other easy stuff from Easy id obfuscation with Laravel 5

This will help you to encrypt URL id:

http://example.com/users/123

TO

http://example.com/users/Mj3

Hope this will help you well!

You don't want to encrypt all routes, it's bad practice. You can use encrypt() helper to encrypt parameter and decrypt() to decrypt it.

$encryptedId = encrypt($id);

https://laravel.com/docs/5.3/encryption#using-the-encrypter

It sounds like you want to encrypt the whole route. It may not be good practice but here's how to do it. You will have one controller that receives all requests. All business logic will need to be placed in your services.

1. In route file have a route that points to "/{encrypted}" and to a controller@method (name is up to you).

2. In controller method, decrypt the encrypted param. Maybe the decrypted string is "item/100". Then you'll need to $routeParams = explode('/', $decrypted); and send it to a service to process it. e.g.

if($routeParams[0] == 'item') { return ItemService::get($routeParams[1]); }

That's the basic idea. But in practice, you would a have handler class that manages the routing your encrypted URL. In this handler class, you'll need to have a config array that functions similarly to Laravel's route file.