Exposure of MongoDB ID in Invoice URL

[imashish22]

Bug Report

Describe the bug
The MongoDB ID of invoices is exposed in the URL, which could potentially lead to security issues such as unauthorized access or information leakage.

To Reproduce
Steps to reproduce the behavior:

1. Go to the URL of an invoice, for example: https://cloud.idurarapp.com/invoice/read/66b1ba0168bee6aeb74f7dca
2. Observe that the MongoDB ID is visible in the URL.

Expected behavior
The URL should not expose sensitive information such as the MongoDB ID. Instead, it should use a more secure identifier or encryption to mask the actual ID.

Screenshots

Additional context
To prevent the exposure of sensitive IDs, consider implementing one of the following solutions:

1. ID Encryption: Encrypt the MongoDB ID before including it in the URL and decrypt it server-side when the request is processed.
2. UUIDs: Use UUIDs (Universally Unique Identifiers) instead of MongoDB IDs for URLs.
3. Token-based Access: Generate a secure, random token for each invoice and use it in the URL. Validate this token server-side to retrieve the actual MongoDB ID.

Implementing these measures will enhance the security of the application and protect sensitive data from being exposed.

[amasoft]

@imashish22 good day,
I will like to work on this can you assign it to me

[ShravastiSiddharth]

I would like to fix this bug, can you assign it to me so that I can start working