NAME
    Dancer::Plugin::EncodeID - Encode/Decode (or obfuscate) IDs in URLs

VERSION
    version 0.01

SYNOPSIS
            use Dancer;
            use Dancer::Plugin::EncodeID;

            set show_errors => true;

            # Set the secret key (better yet: put this in your config.yml)
            setting plugins => { EncodeID => { secret => 'my_secret_key' } };

            # Generate an encoded/obfuscaed ID in URL
            #
            # When the user visits this page, she will see URLs such as:
            #   http://myserver.com/item/c98ea08a8e8ad715
            # instead of
            #   http://myserver.com/item/42
            #
            get '/' => sub {

                    # Any ID (numeric or alpha-numeric) you want to obfuscate
                    my $clear_text_id = int(rand(42)+1);

                    # Encode the ID, generate the URL
                    my $encoded_id = encode_id($clear_text_id);
                    my $url = request->uri_for("/item/$encoded_id");

                    return "Link for Item $clear_text_id: <a href=\"$url\">$url</a>";
            };

            #
            # Decode a given ID, show the requested item
            #
            get '/item/:encoded_id' => sub {
                    # Decode the ID back to clear-text
                    my $clear_text_id = decode_id( params->{encoded_id} ) ;

                    return "Showing item '$clear_text_id'";
            };

            dance;

DESCRIPTION
    This module aims to make it as easy as possible to obfuscate internal
    IDs when using them in a URL given to users. Instead of seeing
    http://myserver.com/item/42 users will see
    http://myserver.com/item/c98ea08a8e8ad715 . This will prevent nosy users
    from trying to iterate all items based on a simple ID in the URL.

CONFIGURATION
    Configuration requires a secret key at a minimum.

    Either put this in your config.yml file:

        plugins:
          EncodeID:
            secret: 'my_secret_password'

    Or set the secret key at run time, with:

        setting plugins => { EncodeID => { secret => 'my_secret_code' } };

AUTHOR
    Assaf Gordon, `<gordon at cshl.edu>'

BUGS
    THIS MODULE IS NOT SECURE. The encoded ID are not strongly encrypted in
    any way. The goal is obfuscation, not security.
    A possible improvement would be to use Crypt::CBC on top of
    Crypt::Blowfish, but that would generate IDs that are at least 48
    characters long.
    The secret key can not be changed once loaded.

    Please report any bugs or feature requests to
    https://github.com/agordon/Dancer-Plugin-EncodeID/issues

SEE ALSO
    Dancer, Dancer::Plugin

SUPPORT
    You can find documentation for this module with the perldoc command.

        perldoc Dancer::Plugin::EncodeID

ACKNOWLEDGEMENTS
    Idea and implementation for this module were greatly influenced by
    similar mechanism used in the Galaxy project (http://usegalaxy.org).

LICENSE AND COPYRIGHT
    Copyright 2011 Assaf Gordon.

    This program is free software; you can redistribute it and/or modify it
    under the terms of either: the GNU General Public License as published
    by the Free Software Foundation; or the Artistic License.

    See http://dev.perl.org/licenses/ for more information.