In some applications, not exposing the ID can prevent others from easily knowing the number of models in your database.
Translator’s Note: Hiding the ID can also effectively prevent users from maliciously traversing the content of the website.
Hey, Imagine that in my Podcast application, I set a default id. In Laravel's Podcast model, it is an integer that is automatically incremented by one every time a row is inserted, Therefore, the id of the 47th Podcast in the table is 47. I then claimed within my website: "This Podcast app has millions of podcasts, so don't miss out!", which was easily debunked when seeing the latest podcast ID:
https://podcast.app/podcasts/47
Hide the ID without rewiring everything in the app and hope not to be seen through? OK, there is a way.
Some databases can be configured to set the UUID as the primary key when inserting new rows. You should check this on the RDBMS you are using, as each RDBMS implementation is different.
You can also tell the application to set the default UUID when creating new records using Eloqument events, but this will force you to use Eloqument in all cases. If you insert a record directly into the database you may get an error - this is one of the reasons why I prefer setting automatic UUIDs in the database rather than in the application, it shouldn't depend on anything as this is database behavior .
In summary, you should set up your database using Laravel like this:
<?php use Illuminate\Support\Facades\Schema; use Illuminate\Database\Schema\Blueprint; use Illuminate\Database\Migrations\Migration; class CreatePodcastTable extends Migration { /** * 运行数据库迁移 * * @return void */ public function up() { Schema::create('podcast', function (Blueprint $table) { $table->bigIncrements('id'); $table->uuid('uuid')->index(); $table->string('filename'); $table->string('path'); $table->string('service'); $table->string('format', 4); $table->unsginedTinyInteger('quality', 4); $table->timestamps(); $table->timestamps(); $table->softDeletes(); }); } /** * 回滚数据库迁移 * * @return void */ public function down() { Schema::dropIfExists('podcast'); } }
As you can see, we added $table->uuid('uuid')- >index()
. This code tells Laravel to use the UUID column (or use the string column if supported) and create an index on this column so that rows can be quickly retrieved by UUID, just like they would if someone visited this URL :
https://podcast.app/podcast/535c4cdf-70a0-4615-82f2-443e95c86aec
You could argue that another index would hinder insert operations, but that's a trade-off.
Now, the problem lies with the controller and the model.
You don’t need to do anything in the model except two things: hide the ID from serialization and allow the model to use the UUID for "URL routing" .
<?php namespace App; use Illuminate\Database\Eloquent\Model; class Podcast extends Model { /** * 数组中隐藏的属性 * * @var array */ protected $hidden = [ 'id' ]; /** * 获取模型的路由键 * * @return string */ public function getRouteKeyName() { return 'uuid'; } // ……其余的模型代码 }
To hide the ID, we can add the id
column to the hidden properties array. When the model is serialized, such as converted to an array or JSON string, the ID will not be displayed. Of course, you can also access the ID of the obtained property just like a property or array key.
The next step is to tell Laravel that when the URL contains the UUID of the model, get the model through the uuid
column. This will allow the model to be looked up by setting up a route such as:
Route::get({podcast}, 'PodcastController@show');
and then using it within our PodcastController
class.
/** * 通过 UUID 显示播客 * * @param \App\Podcast $podcast * @return \Illuminate\Http\Response /* public function show(Podcast $podcast) { return response()->view('response', [ 'podcast' => $podcast ]); }
You can also use the resolveRouteBinding() method in the model if you can programmatically set how to retrieve the model by a given value. You can even allow authenticated administrators to retrieve records based on their ID or UUID.
That's it, there's nothing more to do. This technology also allows the UUID to be set after the application is built.
For more Laravel related technical articles, please visit theLaravel Tutorial column to learn!
The above is the detailed content of Model provides UUID to the outside world while retaining ID.. For more information, please follow other related articles on the PHP Chinese website!