dialect/laravel-gdpr-compliance
Composer 安装命令:
composer require dialect/laravel-gdpr-compliance
包简介
GDPR compliant data portability and anonymization
README 文档
README
GDPR compliant data handling with ease
This package helps you get compliant with GDPR;
Article 7: Conditions for consent
Article 17: Right to be forgotten
Article 20: Right to data portability
Table of contents
- Table of contents
- Dependencies
- Installation
- Configuration
- Usage
- Tests
- Security Vulnerabilities
- Credit
- License
Dependencies
- PHP >= 7.0.0
- Laravel >= 5.5
Installation
First, install the package via the Composer package manager:
$ composer require dialect/laravel-gdpr-compliance
After installing the package, you should publish the configuration file:
$ php artisan vendor:publish --provider="Dialect\Gdpr\GdprServiceProvider" --tag=gdpr-config
Configuration
GDPR Consent
The package includes a way for users to sign a GDPR-agreement. This will redirect the user to the agreement on the specified routes until the user has agreed to the new terms.
To add the agreement functionality:
- Publish the middleware:
php artisan vendor:publish --provider="Dialect\Gdpr\GdprServiceProvider" - Add
'gdpr.terms' => \App\Http\Middleware\RedirectIfUnansweredTerms::class
to the$routeMiddlewaremiddlewaregroup inapp/Http/Kernellike so:
protected $routeMiddleware = [ 'gdpr.terms' => \App\Http\Middleware\RedirectIfUnansweredTerms::class, ];
- Add the middleware to the routes that you want to check (normally the routes where auth is used):
Route::group(['middleware' => ['auth', 'gdpr.terms']], function () { Route::get('/', 'HomeController@index'); });
- Add the fields to
$fillablein the User model:protected $fillable = [ 'last_activity', 'accepted_gdpr', 'isAnonymized' ];
- Change the Agreement text to your particular needs in
resources/views/gdpr/message.blade.php
Portability
Add the Portable trait to the model model you want to be able to port:
namespace App; use Dialect\Gdpr\Portable; class User extends Model { use Portable; }
Anonymizability
Add the Anonymizable trait to the model you want to be able to anonymize:
namespace App; use Dialect\Gdpr\Anonymizable; class User extends Model { use Anonymizable; }
Automatic Anonymization of inactive users
The package adds a scheduled job intended to anonymize the User model automatically when the user has been inactive for a specific time.
To specify the time, edit the ttl setting in the published config.
To activate this feature:
-
Add the command to the schedule function in
app/Console/Kernel.phplike so:protected function schedule(Schedule $schedule) { $schedule->command('gdpr:anonymizeInactiveUsers')->daily(); }
-
Add the class to the
$commandsarray in the same file like so:
```php
protected $commands = [
\Dialect\Gdpr\Commands\AnonymizeInactiveUsers::class,
];
```
Configuring Anonymizable Data
On the model, set gdprAnonymizableFields by adding the fields you want to anonymize on the model,
you can also set up attribute-like functions on your model to supply replacement data.
If you have a unique-constraint on your model, you should use this.
If no value is supplied,
a default string from settings will be used.
/** * Using the default string from config. */ protected $gdprAnonymizableFields = [ 'name', 'email' ];
/** * Using replacement strings. */ protected $gdprAnonymizableFields = [ 'name' => 'Anonymized User', 'email' => 'anonymous@mail.com' ];
namespace App; use Dialect\Gdpr\Anonymizable; class User extends Model { use Anonymizable; protected $gdprAnonymizableFields = [ 'email' ]; /** * Using getAnonymized{column} to return anonymizable data */ public function getAnonymizedEmail() { return random_bytes(10); } }
Recursive Anonymization
If the model has related models with fields that needs to be anonymized at the same time,
add the related models to $gdprWith. On the related models. add the Anonymizable trait and specify the fields with $gdprAnonymizableFields like so:
class Order extends Model { use Anonymizable; protected $guarded = []; protected $table = 'orders'; protected $gdprWith = ['product']; protected $gdprAnonymizableFields = ['buyer' => 'Anonymized Buyer']; public function product() { return $this->belongsTo(Product::class); } public function customer() { return $this->belongsTo(Customer::class); } }
class Customer extends Model { use Anonymizable; protected $guarded = []; protected $table = 'customers'; protected $gdprWith = ['orders']; protected $gdprAnonymizableFields = ['name' => 'Anonymized User']; public function orders() { return $this->hasMany(Order::class); } }
Calling $customer->anonymize(); will also change the buyer-field on the related orders.
Configuring Portable Data
By default, the entire toArray form of the App\User model will be made available for download. If you would like to customize the downloadable data, you may override the toPortableArray() method on the model:
use Dialect\Gdpr\Portable; class User extends Model { use Portable; /** * Get the GDPR compliant data portability array for the model. * * @return array */ public function toPortableArray() { $array = $this->toArray(); // Customize array... return $array; } }
Lazy Eager Loading Relationships
You may need to include a relationship in the data that will be made available for download. To do so, add a $gdprWith property to your App\User model:
use Dialect\Gdpr\Portable; class User extends Model { use Portable; /** * The relations to include in the downloadable data. * * @var array */ protected $gdprWith = ['posts']; }
Hiding Attributes
You may wish to limit the attributes, such as passwords, that are included in the downloadable data. To do so, add a $gdprHidden property to your App\User model:
use Dialect\Gdpr\Portable; class User extends Model { use Portable; /** * The attributes that should be hidden for the downloadable data. * * @var array */ protected $gdprHidden = ['password']; }
Alternatively, you may use the $gdprVisible property to define a white-list of attributes that should be included in the data that will be made available for download. All other attributes will be hidden when the model is converted:
use Dialect\Gdpr\Portable; class User extends Moeld { use Portable; /** * The attributes that should be visible in the downloadable data. * * @var array */ protected $gdprVisible = ['name', 'email']; }
Usage
This package exposes an endpoint at /gdpr/download. Only authenticated users should be able to access the routes. Your application should make a POST call, containing the currently authenticated user's password, to this endpoint. The re-authentication is needed to prevent information leakage.
Encryption
Before using encryption, you must set a
keyoption in yourconfig/app.phpconfiguration file. If this value is not properly set, all encrypted values will be insecure.
You may encrypt/decrypt attributes on the fly using the EncryptsAttributes trait on any model.
The trait expects the $encrypted property to be filled with attribute keys:
use Dialect\Gdpr\EncryptsAttributes; class User extends Model { use EncryptsAttributes; /** * The attributes that should be encrypted and decrypted on the fly. * * @var array */ protected $encrypted = ['ssnumber']; }
If all fields are encrypted, the model can be returned in decrypted state as an array or collection:
$decryptedArray = $this->decryptToArray(); $decryptedCollection = $this->customer->decryptToCollection();
Anonymization
To anonymize a model you call anonymize() on it:
class SomeController extends Controller { public function anonymizeAGroupOfUsers() { $users = User::where('last_activity', '<=', carbon::now()->submonths(config('gdpr.settings.ttl')))->get(); foreach ($users as $user) { $user->anonymize(); } } }
Tests
After installation you can run the package tests from your laravel-root folder with phpunit vendor/Dialect/gdpr
Security Vulnerabilities
If you discover a security vulnerability within this project, please send an e-mail to Dialect via katrineholm@dialect.se. All security vulnerabilities will be promptly addressed.
Credit
sander3: Author of the original package used as a startingpoint
License
This package is open-source software licensed under the MIT license.
dialect/laravel-gdpr-compliance 适用场景与选型建议
dialect/laravel-gdpr-compliance 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 120.43k 次下载、GitHub Stars 达 56, 最近一次更新时间为 2018 年 05 月 18 日, 在 PHP 生态内属于活跃度较高的组件。
它主要适用于以下技术方向: 「laravel」 「gdpr」 「article 20」 「data portability」 「user anonymization」 等业务场景。在实际项目中,围绕这些方向常见需要落地的问题包括:接口对接、性能调优、并发安全、与既有框架(Laravel / ThinkPHP / Yii / Webman 等)的兼容适配,以及生产环境的日志埋点与稳定性保障。
我们在过去多个企业项目中使用过 dialect/laravel-gdpr-compliance 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。
基于 dialect/laravel-gdpr-compliance 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。
线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。
承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。
与 dialect/laravel-gdpr-compliance 相关的其它包
同方向 / 同关键字的高下载量 PHP Composer 包推荐,方便对比选型:
Backend Optimizing Bundle
Article CSS-ID Frontend Output Optimization
This bundle contains functionality concerning privacy and the European Union's "General Data Protection Regulation" (GDPR, in German: "Datenschutz-Grundverordnung", DSGVO).
Article management bundle
Yii2-article is a module offering basic CMS-functionality
Erlaubt das Erstellen von eigenen Layouts für Artikel
统计信息
- 总下载量: 120.43k
- 月度下载量: 0
- 日度下载量: 0
- 收藏数: 57
- 点击次数: 42
- 依赖项目数: 0
- 推荐数: 0
其他信息
- 授权协议: MIT
- 更新时间: 2018-05-18