A python port of the JavaScript hashids implementation. It generates YouTube-like hashes from one or many numbers. Use hashids when you do not want to expose your database ids to the user. Website: http://www.hashids.org/
hashids is tested with python 2.7 and 3.5–3.8. PyPy and PyPy 3 work as well.
hashids/JavaScript | hashids/Python |
---|---|
v0.1.x | v0.8.x |
v0.3.x+ | v1.0.2+ |
The JavaScript implementation produces different hashes in versions 0.1.x and 0.3.x. For compatibility with the older 0.1.x version install hashids 0.8.4 from pip, otherwise the newest hashids.
Install the module from PyPI, e. g. with pip:
pip install hashids
pip install hashids==0.8.4 # for compatibility with hashids.js 0.1.x
The tests are written with pytest. The pytest module has to be installed.
python -m pytest
Import the constructor from the hashids
module:
from hashids import Hashids
hashids = Hashids()
Encode a single integer:
hashid = hashids.encode(123) # 'Mj3'
Decode a hash:
ints = hashids.decode('xoz') # (456,)
To encode several integers, pass them all at once:
hashid = hashids.encode(123, 456, 789) # 'El3fkRIo3'
Decoding is done the same way:
ints = hashids.decode('1B8UvJfXm') # (517, 729, 185)
Hashids supports salting hashes by accepting a salt value. If you don’t want others to decode your hashes, provide a unique string to the constructor.
hashids = Hashids(salt='this is my salt 1')
hashid = hashids.encode(123) # 'nVB'
The generated hash changes whenever the salt is changed:
hashids = Hashids(salt='this is my salt 2')
hashid = hashids.encode(123) # 'ojK'
A salt string between 6 and 32 characters provides decent randomization.
By default, hashes are going to be the shortest possible. One reason you might want to increase the hash length is to obfuscate how large the integer behind the hash is.
This is done by passing the minimum hash length to the constructor. Hashes are padded with extra characters to make them seem longer.
hashids = Hashids(min_length=16)
hashid = hashids.encode(1) # '4q2VolejRejNmGQB'
It’s possible to set a custom alphabet for your hashes. The default alphabet is 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890'
.
To have only lowercase letters in your hashes, pass in the following custom alphabet:
hashids = Hashids(alphabet='abcdefghijklmnopqrstuvwxyz')
hashid = hashids.encode(123456789) # 'kekmyzyk'
A custom alphabet must contain at least 16 characters.
The primary purpose of hashids is to obfuscate ids. It's not meant or tested to be used for security purposes or compression. Having said that, this algorithm does try to make these hashes unguessable and unpredictable:
There are no repeating patterns that might show that there are 4 identical numbers in the hash:
hashids = Hashids("this is my salt")
hashids.encode(5, 5, 5, 5) # '1Wc8cwcE'
The same is valid for incremented numbers:
hashids.encode(1, 2, 3, 4, 5, 6, 7, 8, 9, 10) # 'kRHnurhptKcjIDTWC3sx'
hashids.encode(1) # 'NV'
hashids.encode(2) # '6m'
hashids.encode(3) # 'yD'
hashids.encode(4) # '2l'
hashids.encode(5) # 'rD'
This code was written with the intent of placing generated hashes in visible places – like the URL. Which makes it unfortunate if generated hashes accidentally formed a bad word.
Therefore, the algorithm tries to avoid generating most common English curse words by never placing the following letters next to each other: c, C, s, S, f, F, h, H, u, U, i, I, t, T.
MIT license, see the LICENSE file. You can use hashids in open source projects and commercial products.