onramplab/laravel-security-model
Composer 安装命令:
composer require onramplab/laravel-security-model
包简介
A Laravel package providing security for Eloquent model
README 文档
README
A Laravel package providing security for Eloquent model
Requirements
- PHP >= 7.4;
- composer.
Features
- Encryption
- Easy to use with Laravel Eloquent model
- Support multiple types of key management service
- AWS KMS
Installation
Install the package via composer
composer require onramplab/laravel-security-model
Publish migration files and run command to build tables needed in package
php artisan vendor:publish --tag="security-model-migrations"
php artisan migrate
Also, you can choose to publish the configuration file
php artisan vendor:publish --tag="security-model-config"
Usage
Encryption
-
Set up credentials for key provider you want to use for encryption
-
Run command to generate a encryption key and a hash key
php artisan security-model:generate-key
-
Use the
Securabletrait in a model -
Implement the
Securableinterface in a model -
Set up
$encryptableattribute in a model to define encryptable fields. You can check out the section below for more info about field parameters
<?php namespace App\Models; use Illuminate\Database\Eloquent\Model; use OnrampLab\SecurityModel\Concerns\Securable; use OnrampLab\SecurityModel\Contracts\Securable as SecurableContract; class User extends Model implements SecurableContract { use Securable; /** * The attributes that are mass assignable. */ protected array $fillable = [ 'phone', 'email', ]; /** * The attributes that are needed to be encrypted. */ protected array $encryptable = [ 'phone' => ['type' => 'string'], 'email' => ['type' => 'string', 'searchable' => true], ]; }
Encryptable Field Parameters
-
type
-
Type
string
-
Required
yes
-
Description
Determinate content type of the encryptable field. Here are available types:
stringjsonintegerfloatboolean
-
-
searchable
-
Type
boolean
-
Required
no
-
Description
Determinate whether the encryptable field is searchable. If the field is searchable, you should make a migration to create a new column to store blind index value for searching.
-
Searchable Encrypted Field
To achieve searching on encrypted fields, we use a strategy called blind indexing. Its idea is to store a hash value of the plaintext in a separate column and would it will be used for searching.
That means if you define a encryptable field to be searchable, you should postfix the original column name with _bidx to create a new column. For example, if you define a email column to be searchable, then you need to create a email_bidx column in your table.
Conditional Encryption
Sometimes you may need to determinate whether a model should be encrypted under certain conditions. To accomplish this, you may define a shouldBeEncryptable method on your model:
/** * Determine if the model should be encrytable. */ public function shouldBeEncryptable(): bool { return $this->isClassified(); }
Redaction
- Use the
Securabletrait in a model - Implement the
Securableinterface in a model - Set up
$redactableattribute in a model to define redactable fields with redactor classes you want to apply for each fields
<?php namespace App\Models; use Illuminate\Database\Eloquent\Model; use OnrampLab\SecurityModel\Concerns\Securable; use OnrampLab\SecurityModel\Contracts\Securable as SecurableContract; use OnrampLab\SecurityModel\Redactors\E164PhoneNumberRedactor; use OnrampLab\SecurityModel\Redactors\EmailRedactor; class User extends Model implements SecurableContract { use Securable; /** * The attributes that are mass assignable. */ protected array $fillable = [ 'phone', 'email', ]; /** * The attributes that are needed to be redacted. */ protected array $redactable = [ 'phone' => E164PhoneNumberRedactor::class, 'email' => EmailRedactor::class, ]; }
There are some built-in redactors available for different kinds of model field:
- E164PhoneNumberRedactor
- EmailRedactor
- NameRedactor
- PhoneNumberRedactor
- SecretRedactor
- ZipCodeRedactor
Custom Redactor
Besides those built-in redactors mentioned above, you may wish to specify ones with custom logic. Thus, you are free to create your own redactor class. Just simply implement the class with Redactor interface, then use it in your securable model.
<?php namespace App\Redactors; use Illuminate\Database\Eloquent\Model; use Illuminate\Support\Str; use OnrampLab\SecurityModel\Contracts\Redactor; class FirstCharacterRedactor implements Redactor { /** * @param mixed $value * @param Model $model * @return mixed */ public function redact($value, $model) { return Str::mask((string) $value, '*', 0, 1); } }
Running Tests
composer test
Changelog
To keep track, please refer to CHANGELOG.md.
Contributing
- Fork it.
- Create your feature branch (git checkout -b my-new-feature).
- Make your changes.
- Run the tests, adding new ones for your own code if necessary (phpunit).
- Commit your changes (git commit -am 'Added some feature').
- Push to the branch (git push origin my-new-feature).
- Create new pull request.
Also please refer to CONTRIBUTION.md.
License
Please refer to LICENSE.
onramplab/laravel-security-model 适用场景与选型建议
onramplab/laravel-security-model 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 14.07k 次下载、GitHub Stars 达 0, 最近一次更新时间为 2023 年 02 月 21 日, 在 PHP 生态内属于活跃度较高的组件。
它主要适用于以下技术方向: 「security」 「model」 「encryption」 「laravel」 「eloquent」 等业务场景。在实际项目中,围绕这些方向常见需要落地的问题包括:接口对接、性能调优、并发安全、与既有框架(Laravel / ThinkPHP / Yii / Webman 等)的兼容适配,以及生产环境的日志埋点与稳定性保障。
我们在过去多个企业项目中使用过 onramplab/laravel-security-model 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。
基于 onramplab/laravel-security-model 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。
线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。
承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。
与 onramplab/laravel-security-model 相关的其它包
同方向 / 同关键字的高下载量 PHP Composer 包推荐,方便对比选型:
A simple PHP class to encrypt a string and decrypt an encrypted string
A package for automatically encrypting and decrypting Eloquent attributes in Laravel 5.5+, based on configuration settings.
Provide a way to secure accesses to all routes of an symfony application.
Encryption with AES-256 and HMAC-SHA256
Interfaces for web resource models and services to retrieve and create them
Allows installation of Laravel where the PHP Mcrypt extension is not available. Provides encryption using OpenSSL, or by disabling encryption entierly.
统计信息
- 总下载量: 14.07k
- 月度下载量: 0
- 日度下载量: 0
- 收藏数: 0
- 点击次数: 7
- 依赖项目数: 0
- 推荐数: 0
其他信息
- 授权协议: MIT
- 更新时间: 2023-02-21