How to obscure the id in a url (ruby on rails) [du

2020-08-01 05:36发布

站内问答 / 后端开发
538 2 4

I have a web app made with Ruby On Rails. For now when I want to display an object I have to access the following page: http://mywebapp.com/object/1234 with 1234 the id of the object.

I would like to encode that object id and have the following result: http://mywebapp.com/object/5k (it is just an example).

How can it be done?

Many thanks,
Martin

2条回答
一纸荒年 Trace。
2楼-- · 2020-08-01 06:17

You could probably do this with Base64 encoding (although if you're really trying to keep the internal id secret someone could probably guess you're using Base64 encoding and easily determine the id).

Your controller would need to look a bit like this

class ThingsController < ApplicationController
  require 'base64'

  def show
    @thing = Thing.find Base64.urlsafe_decode64(params[:id])
  end

  def edit
    @thing = Thing.find Base64.urlsafe_decode64(params[:id])
  end

  #These are just a couple of very simple example actions

end

Now actually encoding your URLs is going to be a little bit trickier - I'll look into it as it seems like an interesting problem (but I'm not making any promises).

  • Edit -

A bit of reading reveals that ActionView uses the to_param method in url_for to get the id of an object. We can override this in the model itself to encode the id like so

class Thing < ActiveRecord::Base

  def to_param
    Base64.urlsafe_encode64 self.id.to_s
  end

end

Everything I've written here is conjectural. I haven't done this before or tested the code so I can't give any guarantee as to whether it will work or whether it will introduce unforeseen problems. I'd be very interested to hear how you go.

查看更多
0人赞 添加讨论(0) 举报
贼婆χ
3楼-- · 2020-08-01 06:20

All these converting methods are reversible, so IMHO if your object has some name or title or whatever, then the best way is adding a slug. In such case add a new attribute :slug to your object, let automatically generate it's value from object name (or something else) on the model:

class MyObject

  validates_format_of :slug, :with => /\A[a-z\-0-9]*\Z/
  before_validation :generate_slug, :on => :create    

  def generate_slug
    if self.slug.blank?
      slug = self.name.mb_chars.downcase.normalize(:kd).to_s.gsub(/-/, " ").squeeze(" ")
      slug = slug.gsub(/\s/, "-").gsub(/[^a-z\-0-9]/, "")

      current = 1
      self.slug = slug
      while true
        conflicts = MyObject.where("slug = ?", self.slug).count
        if conflicts != 0
          self.slug = "#{slug}-#{current}"
          current += 1
        else
          break
        end
      end
    end
  end
end

then the URL can be http://mywebapp.com/object/my_object_slug, because in action you find the object via this slug:

class MyObjectController

  def some_action
    my_object = MyObject.find_by_slug(params[:slug])

    ...

  end
end

Don't forget modify routes.rb:

match "object/:slug", :to => "my_objects#some_action"
查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(4)