I do implement some payment stuff in my application where an order is created, the user is sent to Paypal and then returns to a specific route with the paypal details. So far so good. Now there is also the option to cancel an order which is another route and even though chances are slim, I don’t want malicious users to cancel other people’s orders by guessing the order ID and calling the cancel route.
So instead of using an integer for the order ID I want to use https://hashids.org/ for keeping the ID unguessable in the URL. I can implement this completely in the controller of course. But I was wondering if I could use a Middleware for that. I can always call
hashids.decode() on any passed parameter called
order in a middleware.
But is there a way to always call
hashids.encode() when a parameter called
order is passed to