onramplab/laravel-security-model 问题修复 & 功能扩展

解决BUG、新增功能、兼容多环境部署,快速响应你的开发需求

邮箱:yvsm@zunyunkeji.com | QQ:316430983 | 微信:yvsm316

onramplab/laravel-security-model

Composer 安装命令:

composer require onramplab/laravel-security-model

包简介

A Laravel package providing security for Eloquent model

README 文档

README

Software License CircleCI Total Downloads

A Laravel package providing security for Eloquent model

Requirements

  • PHP >= 7.4;
  • composer.

Features

  • Encryption
    • Easy to use with Laravel Eloquent model
    • Support multiple types of key management service
      • AWS KMS

Installation

Install the package via composer

composer require onramplab/laravel-security-model

Publish migration files and run command to build tables needed in package

php artisan vendor:publish --tag="security-model-migrations"
php artisan migrate

Also, you can choose to publish the configuration file

php artisan vendor:publish --tag="security-model-config"

Usage

Encryption

  1. Set up credentials for key provider you want to use for encryption

  2. Run command to generate a encryption key and a hash key

    php artisan security-model:generate-key
  3. Use the Securable trait in a model

  4. Implement the Securable interface in a model

  5. Set up $encryptable attribute in a model to define encryptable fields. You can check out the section below for more info about field parameters

<?php

namespace App\Models;

use Illuminate\Database\Eloquent\Model;
use OnrampLab\SecurityModel\Concerns\Securable;
use OnrampLab\SecurityModel\Contracts\Securable as SecurableContract;

class User extends Model implements SecurableContract
{
    use Securable;

    /**
     * The attributes that are mass assignable.
     */
    protected array $fillable = [
        'phone',
        'email',
    ];

    /**
     * The attributes that are needed to be encrypted.
     */
    protected array $encryptable = [
        'phone' => ['type' => 'string'],
        'email' => ['type' => 'string', 'searchable' => true],
    ];
}

Encryptable Field Parameters

  • type

    • Type

      string

    • Required

      yes

    • Description

      Determinate content type of the encryptable field. Here are available types:

      • string
      • json
      • integer
      • float
      • boolean
  • searchable

    • Type

      boolean

    • Required

      no

    • Description

      Determinate whether the encryptable field is searchable. If the field is searchable, you should make a migration to create a new column to store blind index value for searching.

Searchable Encrypted Field

To achieve searching on encrypted fields, we use a strategy called blind indexing. Its idea is to store a hash value of the plaintext in a separate column and would it will be used for searching.

That means if you define a encryptable field to be searchable, you should postfix the original column name with _bidx to create a new column. For example, if you define a email column to be searchable, then you need to create a email_bidx column in your table.

Conditional Encryption

Sometimes you may need to determinate whether a model should be encrypted under certain conditions. To accomplish this, you may define a shouldBeEncryptable method on your model:

/**
 * Determine if the model should be encrytable.
 */
public function shouldBeEncryptable(): bool
{
    return $this->isClassified();
}

Redaction

  1. Use the Securable trait in a model
  2. Implement the Securable interface in a model
  3. Set up $redactable attribute in a model to define redactable fields with redactor classes you want to apply for each fields
<?php

namespace App\Models;

use Illuminate\Database\Eloquent\Model;
use OnrampLab\SecurityModel\Concerns\Securable;
use OnrampLab\SecurityModel\Contracts\Securable as SecurableContract;
use OnrampLab\SecurityModel\Redactors\E164PhoneNumberRedactor;
use OnrampLab\SecurityModel\Redactors\EmailRedactor;

class User extends Model implements SecurableContract
{
    use Securable;

    /**
     * The attributes that are mass assignable.
     */
    protected array $fillable = [
        'phone',
        'email',
    ];

    /**
     * The attributes that are needed to be redacted.
     */
    protected array $redactable = [
        'phone' => E164PhoneNumberRedactor::class,
        'email' => EmailRedactor::class,
    ];
}

There are some built-in redactors available for different kinds of model field:

  • E164PhoneNumberRedactor
  • EmailRedactor
  • NameRedactor
  • PhoneNumberRedactor
  • SecretRedactor
  • ZipCodeRedactor

Custom Redactor

Besides those built-in redactors mentioned above, you may wish to specify ones with custom logic. Thus, you are free to create your own redactor class. Just simply implement the class with Redactor interface, then use it in your securable model.

<?php

namespace App\Redactors;

use Illuminate\Database\Eloquent\Model;
use Illuminate\Support\Str;
use OnrampLab\SecurityModel\Contracts\Redactor;

class FirstCharacterRedactor implements Redactor
{

    /**
     * @param mixed $value
     * @param Model $model
     * @return mixed
     */
    public function redact($value, $model)
    {
        return Str::mask((string) $value, '*', 0, 1);
    }
}

Running Tests

composer test

Changelog

To keep track, please refer to CHANGELOG.md.

Contributing

  1. Fork it.
  2. Create your feature branch (git checkout -b my-new-feature).
  3. Make your changes.
  4. Run the tests, adding new ones for your own code if necessary (phpunit).
  5. Commit your changes (git commit -am 'Added some feature').
  6. Push to the branch (git push origin my-new-feature).
  7. Create new pull request.

Also please refer to CONTRIBUTION.md.

License

Please refer to LICENSE.

onramplab/laravel-security-model 适用场景与选型建议

onramplab/laravel-security-model 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 14.07k 次下载、GitHub Stars 达 0, 最近一次更新时间为 2023 年 02 月 21 日, 在 PHP 生态内属于活跃度较高的组件。

它主要适用于以下技术方向: 「security」 「model」 「encryption」 「laravel」 「eloquent」 等业务场景。在实际项目中,围绕这些方向常见需要落地的问题包括:接口对接、性能调优、并发安全、与既有框架(Laravel / ThinkPHP / Yii / Webman 等)的兼容适配,以及生产环境的日志埋点与稳定性保障。

我们在过去多个企业项目中使用过 onramplab/laravel-security-model 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。

围绕 onramplab/laravel-security-model 我们能提供哪些服务?
定制开发 / 二次开发

基于 onramplab/laravel-security-model 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。

BUG 修复 & 性能优化

线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。

项目外包 & 长期维护

承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。

yvsm@zunyunkeji.com QQ:316430983 微信:yvsm316 西安尊云信息科技 · 专注 PHP / Go / 分布式系统研发

统计信息

  • 总下载量: 14.07k
  • 月度下载量: 0
  • 日度下载量: 0
  • 收藏数: 0
  • 点击次数: 7
  • 依赖项目数: 0
  • 推荐数: 0

GitHub 信息

  • Stars: 0
  • Watchers: 2
  • Forks: 0
  • 开发语言: PHP

其他信息

  • 授权协议: MIT
  • 更新时间: 2023-02-21