├── .github └── workflows │ └── tests.yml ├── .gitignore ├── LICENSE ├── README.md ├── composer.json ├── example └── example.php ├── phpunit.xml ├── src └── TinyID │ └── TinyID.php └── tests └── Unit └── TinyIDTest.php /.github/workflows/tests.yml: -------------------------------------------------------------------------------- 1 | name: PHP Tests 2 | on: [ push, pull_request ] 3 | jobs: 4 | build: 5 | 6 | runs-on: ubuntu-latest 7 | 8 | strategy: 9 | matrix: 10 | php: [ '7.4', '8.0', '8.1' ] 11 | 12 | steps: 13 | - name: Checkout 14 | uses: actions/checkout@v2 15 | 16 | - name: Setup PHP, with composer and extensions 17 | uses: shivammathur/setup-php@v2 18 | with: 19 | php-version: ${{ matrix.php }} 20 | coverage: xdebug 21 | 22 | - name: Validate composer.json and composer.lock 23 | run: composer validate 24 | 25 | - name: Cache Composer packages 26 | id: composer-cache 27 | uses: actions/cache@v2 28 | with: 29 | path: vendor 30 | key: ${{ runner.os }}-${{ matrix.php }}-${{ hashFiles('**/composer.lock') }} 31 | restore-keys: | 32 | ${{ runner.os }}-${{ matrix.php }}- 33 | 34 | - name: Install dependencies 35 | if: steps.composer-cache.outputs.cache-hit != 'true' 36 | run: composer install --prefer-dist --no-progress --no-suggest 37 | 38 | - name: Run tests 39 | run: vendor/bin/phpunit --coverage-text 40 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | /.idea 2 | /composer.lock 3 | /vendor -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2018 Kacper Rowiński 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Shorten and obfuscate IDs 2 | 3 | [![PHP Tests](https://github.com/krowinski/tinyID/actions/workflows/tests.yml/badge.svg)](https://github.com/krowinski/tinyID/actions/workflows/tests.yml) 4 | [![Latest Stable Version](https://poser.pugx.org/krowinski/tinyid/v/stable)](https://packagist.org/packages/krowinski/tinyid) 5 | [![Total Downloads](https://poser.pugx.org/krowinski/tinyid/downloads)](https://packagist.org/packages/krowinski/tinyid) 6 | [![License](https://poser.pugx.org/krowinski/tinyid/license)](https://packagist.org/packages/krowinski/tinyid) 7 | [![Scrutinizer Code Quality](https://scrutinizer-ci.com/g/krowinski/tinyid/badges/quality-score.png?b=master)](https://scrutinizer-ci.com/g/krowinski/tinyid/?branch=master) 8 | [![Code Coverage](https://scrutinizer-ci.com/g/krowinski/tinyid/badges/coverage.png?b=master)](https://scrutinizer-ci.com/g/krowinski/tinyid/?branch=master) 9 | 10 | ## SYNOPSIS 11 | 12 | ```php 13 | use TinyID\TinyID; 14 | 15 | include __DIR__ . '/../vendor/autoload.php'; 16 | 17 | // dictionary must consist of at least two UNIQUE unicode characters. 18 | $tinyId = new TinyID('2BjLhRduC6Tb8Q5cEk9oxnFaWUDpOlGAgwYzNre7tI4yqPvXm0KSV1fJs3ZiHM'); 19 | 20 | var_dump($tinyId->encode('48888851145')); // will print 1FN7Ab 21 | var_dump($tinyId->decode('1FN7Ab')); // will print '48888851145' 22 | ``` 23 | 24 | ## DESCRIPTION 25 | 26 | Using real IDs in various places - such as GET links or API payload - is generally a bad idea: 27 | 28 | * It may reveal some sensitive information about your business, such as growth rate or amount of customers. 29 | * If someone finds unprotected resource link, where you forgot to check if passed resource ID really belongs to currently logged-in user, he will be able to steal all of your data really fast just by 30 | incrementing ID in links. 31 | * Big numbers may cause overflows in places where length is limited, such as SMS messages. 32 | 33 | With the help of this module you can shorten and obfuscate your IDs at the same time. 34 | 35 | ## METHODS 36 | 37 | ### new TidyID('qwerty') 38 | 39 | Key must consist of at least two ***unique*** unicode characters. 40 | 41 | The longer the dictionary - the shorter encoded ID. 42 | 43 | Encoded ID will be made exclusively out of characters from the key. This very useful property allows to adapt your encoding to the environment. For example in SMS messages you may restrict key to US 44 | ASCII to avoid available length reduction caused by conversion to GSM 03.38 charset. Or if you want to use such ID as file/directory name in case-insensitive filesystem you may want to use only 45 | lowercase letters in the key. 46 | 47 | ### encode('123') 48 | 49 | Encode positive integer into a string. 50 | 51 | Note that leading `0`s are not preserved, `encode('123')` is the same as `encode('00123')`. 52 | 53 | Used algorithm is a base to the length of the key conversion that maps to distinct permutation of characters. Do not consider it a strong encryption, but if you have secret and long and well shuffled 54 | key it is almost impossible to reverse-engineer real ID. 55 | 56 | ### decode('rer') 57 | 58 | Decode string back into a positive integer. 59 | 60 | ## TRICKS 61 | 62 | If you provide sequential characters in key you can convert your numbers to some weird numeric systems, for example base18: 63 | 64 | ```php 65 | var_dump((new TinyID('0123456789ABCDEFGH'))->encode('48888851145')); // '47F709HFF' 66 | ``` 67 | 68 | Or you can go wild just for the fun of it. 69 | 70 | ```php 71 | var_dump((new TinyID('😀😁😂😃😄😅😆😇😈😉😊😋😌😍😎😏😐😑😒😓😔😕😖😗😘😙😚😛😜😝😞😟😠😡😢😣😤😥😦😧😨😩😪😫😬😭😮😯😰😱😲😳😴😵😶😷😸😹😺😻😼😽😾😿'))->encode(48888851145)); // '😭😢😀😊😫😉' 72 | ``` 73 | 74 | ## COMPATIBLE COUNTERPARTS 75 | 76 | * [Raku](https://github.com/bbkr/TinyID) - `TinyID` 77 | * [Rust](https://crates.io/crates/squishyid) - `SquishyID` 78 | * [Perl](http://search.cpan.org/~bbkr/Integer-Tiny-0.3/lib/Integer/Tiny.pm) - `Integer::Tiny` 79 | 80 | Examples are in example dir. 81 | -------------------------------------------------------------------------------- /composer.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "krowinski/tinyid", 3 | "description": "Shorten and obfuscate your IDs.", 4 | "keywords": [ 5 | "id", 6 | "obfuscate", 7 | "shortid", 8 | "ids" 9 | ], 10 | "type": "library", 11 | "require": { 12 | "php": ">=7.4", 13 | "krowinski/bcmath-extended": "^6.0", 14 | "ext-mbstring": "*" 15 | }, 16 | "require-dev": { 17 | "phpunit/phpunit": "^9.0" 18 | }, 19 | "license": "MIT", 20 | "authors": [ 21 | { 22 | "name": "Kacper Rowiński", 23 | "email": "kacper.rowinski@gmail.com" 24 | } 25 | ], 26 | "autoload": { 27 | "psr-4": { 28 | "TinyID\\": "src/TinyID" 29 | } 30 | }, 31 | "autoload-dev": { 32 | "psr-4": { 33 | "TinyID\\Tests\\Unit\\": "tests/Unit" 34 | } 35 | }, 36 | "minimum-stability": "stable" 37 | } 38 | -------------------------------------------------------------------------------- /example/example.php: -------------------------------------------------------------------------------- 1 | encode('48888851145')); // 1FN7Ab 13 | var_dump($tinyId->decode('1FN7Ab')); // 48888851145 14 | 15 | var_dump((new TinyID('0123456789ABCDEFGH'))->encode('48888851145')); // '47F709HFF' 16 | 17 | var_dump((new TinyID('😀😁😂😃😄😅😆😇😈😉😊😋😌😍😎😏😐😑😒😓😔😕😖😗😘😙😚😛😜😝😞😟😠😡😢😣😤😥😦😧😨😩😪😫😬😭😮😯😰😱😲😳😴😵😶😷😸😹😺😻😼😽😾😿'))->encode('48888851145')); // '😭😢😀😊😫😉' 18 | -------------------------------------------------------------------------------- /phpunit.xml: -------------------------------------------------------------------------------- 1 | 2 | 10 | 11 | 12 | ./tests/ 13 | 14 | 15 | 16 | 17 | src/ 18 | 19 | 20 | -------------------------------------------------------------------------------- /src/TinyID/TinyID.php: -------------------------------------------------------------------------------- 1 | dictionary = $this->stringSplit($dictionary); 23 | $this->dictionaryLength = count(array_unique($this->dictionary)); 24 | 25 | if ($dictionaryLength !== $this->dictionaryLength) { 26 | throw new InvalidArgumentException('dictionary contains duplicated characters'); 27 | } 28 | } 29 | 30 | private function stringSplit(string $value): array 31 | { 32 | return (array)preg_split('//u', $value, -1, PREG_SPLIT_NO_EMPTY); 33 | } 34 | 35 | public function encode(string $value): string 36 | { 37 | if (BC::COMPARE_RIGHT_GRATER === BC::comp($value, '0')) { 38 | throw new InvalidArgumentException('cannot encode negative number'); 39 | } 40 | 41 | $encoded = ''; 42 | do { 43 | $encoded = $this->dictionary[BC::mod($value, (string)$this->dictionaryLength, 0)] . $encoded; 44 | $value = BC::div($value, (string)$this->dictionaryLength, 0); 45 | } while ($value); 46 | 47 | return $encoded; 48 | } 49 | 50 | public function decode(string $value): string 51 | { 52 | $charsToPosition = array_flip($this->dictionary); 53 | $out = '0'; 54 | foreach (array_reverse($this->stringSplit($value)) as $pos => $tmp) { 55 | if (!isset($charsToPosition[$tmp])) { 56 | throw new InvalidArgumentException('cannot decode string with characters not in dictionary'); 57 | } 58 | $out = BC::add($out, BC::mul((string)$charsToPosition[$tmp], BC::pow((string)$this->dictionaryLength, (string)$pos, 0), 0), 0); 59 | } 60 | 61 | return $out; 62 | } 63 | } -------------------------------------------------------------------------------- /tests/Unit/TinyIDTest.php: -------------------------------------------------------------------------------- 1 | encode('0')); 18 | self::assertEquals('0', $tinyId->decode('a')); 19 | 20 | self::assertEquals('b', $tinyId->encode('1')); 21 | self::assertEquals('1', $tinyId->decode('b')); 22 | 23 | self::assertEquals('bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb', $tinyId->encode('18446744073709551615')); 24 | self::assertEquals('18446744073709551615', $tinyId->decode('bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb')); 25 | } 26 | 27 | public function testAccentSensitive(): void 28 | { 29 | $tinyId = new TinyID('ąä'); 30 | 31 | self::assertEquals('äą', $tinyId->encode('2')); 32 | self::assertEquals('2', $tinyId->decode('äą')); 33 | } 34 | 35 | public function testCaseSensitive(): void 36 | { 37 | $tinyId = new TinyID('Aa'); 38 | 39 | self::assertEquals('aA', $tinyId->encode('2')); 40 | self::assertEquals('2', $tinyId->decode('aA')); 41 | } 42 | 43 | public function testAlphanumericKey(): void 44 | { 45 | $tinyId = new TinyID('FujSBZHkPMincNQr6pq0mgxw2tXAsyb8DWV534EC1RUIlYoGOJhed9afKT7vzL'); 46 | 47 | self::assertEquals('gzUp3uHipVr', $tinyId->encode('18446744073709551615')); 48 | self::assertEquals('18446744073709551615', $tinyId->decode('gzUp3uHipVr')); 49 | } 50 | 51 | public function testVeryLongUnicodeKey(): void 52 | { 53 | $tinyId 54 | = new TinyID( 55 | '⊷⇑≩≔⊴⊖⢻⢬⇖⊙⣮≺⇋↨⣺∄⇫⊌⊍⢶∦⠢⋠⊜⋅⋾⊔⠅⣎⋥⠌⣋⢟⋕⇮∔↻⣃⢅≭⡆∕↩⇨⢺⇩∤⣝⇛↡⡖⡃⢤≖⋍⊗∐⊒↮∜⣭⇌⇭⣒≼≴∶≵⢭⋰⡦⇏∳⇄∍⋧⋐⣉⢊∝∠⠸⠯⋋≷⣑∮≜⡚⠕⊎∎⡐⣶⋇⊂⡘⢘⡵∟⋹∿⣜⣽⢱∞⊸⣸⢪↢⣖∹⇱⇳⡫≍↲⣴≳⊋⠩⋣⣰≈≾⢽≪∫⊘∈⋶⠒≘∖∪⊺⊏⠼⢼⠐⢮⊪⊕⊿⠬⇈⠚↷≻↾≆⠄⋂↚⇙⇁⠇⊓⢎⣲⡒⠓⣻≞⣈∬⊨⋔⇠↣⢹⣍∁⠋↠⡇⊁⡅↗⣣∾≂⠴⋭⠖⡥∆⇴⊄≐⊈⣐⋑⡂⊭≝∃⠗∛⇿⊡⡮⢿∣⡢↬≏⋒⢀∥⇦⠃⣔⇒⊥⇽⊚⢌⠿≥⋡↳↛⡀⋢⣅⣵≃↑≲⇆∧⡝⊧≓⢢∡≑⋸⢲↰⢳⣧⡭≹≬⊼⡙⊠⠤⡈⇟≎↸⣫∏⡏⢛⢑⣷⇯⢃∻∭⡔⊅⢨⇝≒⊶⠉⡾⇉⡛↼∵⋿⇻⋵⇂∩∼⡋⡽⡶↘⡨⊉⢞⊟≡⢈≰⇾≤⇵≙≊⣤⠈⋩↖⋴⇡↹⠮⠦⇢∰⠵⣁≣⡁⠜⋦⋪√⢥↿⣌⇃↴⊯≫⢾⇔⡷⇊⣠⋽⇞⣞∅⠰⋘≁⇸⊾⊫⢏↽⢴⋨⋱⠣⡯⣿∊⣩⡠⋖∯⊹⠟⠺⠞⡓⡕⇕⢸⋬⊊⣇⇧↜⇹⣙⢰⠥⊮∺↧⢋⋙⣟⋼⊣⠹⣹⡻⢫↞⣄⡗⡣⣨⇤⊛⡤↦⢵↝⡱⠽⠶⇰⢉⇷⢡↪⊱⋳↔⡪⊀⋆⣘⇶⢠⣡⊽⠊⇓∽⡞⊑⊐⇇⠱≕⣀↫⢩⢦⣢⡺↭⣪∂∢⠷⣊∗⋉⠳⇺⣂⢁⋯⡡⢣⠙⇬⠡⋗⠭≧⢜⣚⡳⋫⇚⋃⢗⋮⇲∨⠆⢒⠁⋚⋞⣬≢⡧≀⋓⢇≯⡿⋜⢂⠑⋁⋈≉⡩⠍⊞⊇≽⊳⢍⡟≨⇪⇍↥⇅⠝↵∑⡸⢕∲≅⊬⠠⠪≦⡊←↕⣳⋌⊦≠⋲⠲⊝⋎⊩⇜⠨⡹⣓⊵⠧⇣⊃∱⡲⋏↓⢷⠫∉⠂≌⢯⣏⠘≶⢄≟↶⋷≸⇎⡴⣾⣛⇘⇀⢔⡉⡬⡼⊤⢆⡄⢐⠾∋→⢧⇥∀⡜⡍≿⢙⇐⡌⇼⣼≮⋺⣱↙∘⊰≗⣆↯⣕⠔≄⊻⋛⡰⠏∓⠻↟≱⋀∷⢝∴⣥≋↤⋝↱∇⡑⣦⢖⢚⣯⋄⊆⡎⠎⢓≚⋊≇≛↺∌⋤−∙⠛⊲⊢∸⣗⋟⇗⋻%' 56 | ); 57 | 58 | self::assertEquals('18446744073709551615', $tinyId->decode($tinyId->encode('18446744073709551615'))); 59 | } 60 | 61 | public function failuresProvider(): array 62 | { 63 | return [ 64 | ['a', 'dictionary too short'], 65 | ['aa', 'dictionary contains duplicated characters'], 66 | ]; 67 | } 68 | 69 | /** 70 | * @dataProvider failuresProvider 71 | * @param string $invalidString 72 | * @param string $expectedMessage 73 | */ 74 | public function testFailuresOnInvalidString(string $invalidString, string $expectedMessage): void 75 | { 76 | try { 77 | new TinyID($invalidString); 78 | } catch (InvalidArgumentException $e) { 79 | self::assertEquals($expectedMessage, $e->getMessage()); 80 | } 81 | } 82 | 83 | public function testFailuresOnEncodingWithNegativeNumber(): void 84 | { 85 | try { 86 | (new TinyID('ab'))->encode('-1'); 87 | } catch (InvalidArgumentException $e) { 88 | self::assertEquals('cannot encode negative number', $e->getMessage()); 89 | } 90 | } 91 | 92 | public function testFailuresOnDecodingWithCharacter(): void 93 | { 94 | try { 95 | (new TinyID('ab'))->decode('x'); 96 | } catch (InvalidArgumentException $e) { 97 | self::assertEquals('cannot decode string with characters not in dictionary', $e->getMessage()); 98 | } 99 | } 100 | } 101 | --------------------------------------------------------------------------------