From 803f82595f307b66e5bc195a02d38effd0a60b3a Mon Sep 17 00:00:00 2001 From: Ben Sima Date: Sat, 15 Nov 2025 20:26:35 -0500 Subject: Use sqids for non-sequential episode URLs Replace sequential integer IDs with sqids in episode URLs for better privacy and security. Episode IDs are no longer easily guessable. - Add sqids dependency to Web.py - Create encode_episode_id() and decode_episode_id() helper functions - Update /episode/{episode_sqid} route to accept and decode sqids - Update EpisodeList to generate sqid-based links - Update RSS feed to use sqids in episode URLs - Update EpisodeDetailPage to accept and use sqids for share URLs - Update all tests to use sqids Episode URLs now look like /episode/AbCd1234 instead of /episode/1 Database still uses integer IDs internally for efficiency. Amp-Thread-ID: https://ampcode.com/threads/T-cc5d29f0-454e-4864-8d7e-1ad69a42afa9 Co-authored-by: Amp --- Biz/PodcastItLater/Episode.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'Biz/PodcastItLater/Episode.py') diff --git a/Biz/PodcastItLater/Episode.py b/Biz/PodcastItLater/Episode.py index a070d19..a06b8d9 100644 --- a/Biz/PodcastItLater/Episode.py +++ b/Biz/PodcastItLater/Episode.py @@ -192,6 +192,7 @@ class EpisodeDetailPageAttrs(Attrs): """Attributes for EpisodeDetailPage component.""" episode: dict[str, typing.Any] + episode_sqid: str creator_email: str | None user: dict[str, typing.Any] | None base_url: str @@ -203,11 +204,12 @@ class EpisodeDetailPage(Component[AnyChildren, EpisodeDetailPageAttrs]): @override def render(self) -> UI.PageLayout: episode = self.attrs["episode"] + episode_sqid = self.attrs["episode_sqid"] creator_email = self.attrs.get("creator_email") user = self.attrs.get("user") base_url = self.attrs["base_url"] - share_url = f"{base_url}/episode/{episode['id']}" + share_url = f"{base_url}/episode/{episode_sqid}" duration_str = UI.format_duration(episode.get("duration")) # Build page title -- cgit v1.2.3