soved/laravel-gdpr 问题修复 & 功能扩展

解决BUG、新增功能、兼容多环境部署,快速响应你的开发需求

邮箱:yvsm@zunyunkeji.com | QQ:316430983 | 微信:yvsm316

soved/laravel-gdpr

Composer 安装命令:

composer require soved/laravel-gdpr

包简介

GDPR compliance with ease

README 文档

README

Scrutinizer Code Quality Latest Stable Version Monthly Downloads License

This package exposes an endpoint where authenticated users can download their data as required by GDPR article 20. This package also provides you with a trait to easily encrypt personal data and a strategy to clean up inactive users as required by GDPR article 5e.

Buy me a coffee ☕️

Requirements

  • PHP 7.0 or higher
  • Laravel 5.5+ (6.0, 7.0, 8.0)

Installation

First, install the package via the Composer package manager:

$ composer require soved/laravel-gdpr

After installing the package, you should publish the configuration file:

$ php artisan vendor:publish --tag=gdpr-config

Finally, add the Soved\Laravel\Gdpr\Portable trait to the App\User model and implement the Soved\Laravel\Gdpr\Contracts\Portable contract:

<?php

namespace App;

use Soved\Laravel\Gdpr\Portable;
use Illuminate\Notifications\Notifiable;
use Illuminate\Foundation\Auth\User as Authenticatable;
use Soved\Laravel\Gdpr\Contracts\Portable as PortableContract;

class User extends Authenticatable implements PortableContract
{
    use Portable, Notifiable;
}

Configuration

Configuring Portable Data

By default, the entire toArray form of the App\User model will be made available for download. If you would like to customize the downloadable data, you may override the toPortableArray() method on the model:

<?php

namespace App;

use Soved\Laravel\Gdpr\Portable;
use Illuminate\Notifications\Notifiable;
use Illuminate\Foundation\Auth\User as Authenticatable;

class User extends Authenticatable
{
    use Portable, Notifiable;

    /**
     * Get the GDPR compliant data portability array for the model.
     *
     * @return array
     */
    public function toPortableArray()
    {
        $array = $this->toArray();

        // Customize array...

        return $array;
    }
}

Lazy Eager Loading Relationships

You may need to include a relationship in the data that will be made available for download. To do so, add a $gdprWith property to your App\User model:

<?php

namespace App;

use Soved\Laravel\Gdpr\Portable;
use Illuminate\Notifications\Notifiable;
use Illuminate\Foundation\Auth\User as Authenticatable;

class User extends Authenticatable
{
    use Portable, Notifiable;

    /**
     * The relations to include in the downloadable data.
     *
     * @var array
     */
    protected $gdprWith = ['posts'];
}

Hiding Attributes

You may wish to limit the attributes, such as passwords, that are included in the downloadable data. To do so, add a $gdprHidden property to your App\User model:

<?php

namespace App;

use Soved\Laravel\Gdpr\Portable;
use Illuminate\Notifications\Notifiable;
use Illuminate\Foundation\Auth\User as Authenticatable;

class User extends Authenticatable
{
    use Portable, Notifiable;

    /**
     * The attributes that should be hidden for the downloadable data.
     *
     * @var array
     */
    protected $gdprHidden = ['password'];
}

Alternatively, you may use the $gdprVisible property to define a white-list of attributes that should be included in the data that will be made available for download. All other attributes will be hidden when the model is converted:

<?php

namespace App;

use Soved\Laravel\Gdpr\Portable;
use Illuminate\Notifications\Notifiable;
use Illuminate\Foundation\Auth\User as Authenticatable;

class User extends Authenticatable
{
    use Portable, Notifiable;

    /**
     * The attributes that should be visible in the downloadable data.
     *
     * @var array
     */
    protected $gdprVisible = ['name', 'email'];
}

Usage

This package exposes an endpoint at /gdpr/download. Only authenticated users should be able to access the routes. Your application should make a POST call, containing the currently authenticated user's password, to this endpoint. The re-authentication is needed to prevent information leakage.

You may listen for the Soved\Laravel\Gdpr\Events\GdprDownloaded event, which will be dispatched upon successful re-authentication and data conversion.

Encryption

Before using encryption, you must set a key option in your config/app.php configuration file. If this value is not properly set, all encrypted values will be insecure.

You may encrypt/decrypt attributes on the fly using the Soved\Laravel\Gdpr\EncryptsAttributes trait on any model. The trait expects the $encrypted property to be filled with attribute keys:

<?php

namespace App;

use Soved\Laravel\Gdpr\Portable;
use Illuminate\Notifications\Notifiable;
use Soved\Laravel\Gdpr\EncryptsAttributes;
use Illuminate\Foundation\Auth\User as Authenticatable;

class User extends Authenticatable
{
    use EncryptsAttributes, Portable, Notifiable;

    /**
     * The attributes that should be encrypted and decrypted on the fly.
     *
     * @var array
     */
    protected $encrypted = ['ssnumber'];
}

Data Retention

You may clean up inactive users using the gdpr:cleanup command. Schedule the command to run every day at midnight, or run it yourself. In order for this to work, add the Soved\Laravel\Gdpr\Retentionable trait to the App\User model:

<?php

namespace App;

use Soved\Laravel\Gdpr\Portable;
use Soved\Laravel\Gdpr\Retentionable;
use Illuminate\Notifications\Notifiable;
use Illuminate\Foundation\Auth\User as Authenticatable;

class User extends Authenticatable
{
    use Retentionable, Portable, Notifiable;
}

You may listen for the Soved\Laravel\Gdpr\Events\GdprInactiveUser event to notify your users about their inactivity, which will be dispatched two weeks before deletion. The Soved\Laravel\Gdpr\Events\GdprInactiveUserDeleted event will be dispatched upon deletion.

Feel free to customize what happens to inactive users by creating your own cleanup strategy.

Roadmap

  • Tests

Security Vulnerabilities

If you discover a security vulnerability within this project, please send an e-mail to Sander de Vos via sander@tutanota.de. All security vulnerabilities will be promptly addressed.

License

This package is open-source software licensed under the MIT license.

soved/laravel-gdpr 适用场景与选型建议

soved/laravel-gdpr 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 136.91k 次下载、GitHub Stars 达 296, 最近一次更新时间为 2018 年 05 月 04 日, 在 PHP 生态内属于活跃度较高的组件。

它主要适用于以下技术方向: 「encryption」 「laravel」 「gdpr」 「soved」 「data-portability」 「data-retention」 等业务场景。在实际项目中,围绕这些方向常见需要落地的问题包括:接口对接、性能调优、并发安全、与既有框架(Laravel / ThinkPHP / Yii / Webman 等)的兼容适配,以及生产环境的日志埋点与稳定性保障。

我们在过去多个企业项目中使用过 soved/laravel-gdpr 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。

围绕 soved/laravel-gdpr 我们能提供哪些服务?
定制开发 / 二次开发

基于 soved/laravel-gdpr 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。

BUG 修复 & 性能优化

线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。

项目外包 & 长期维护

承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。

yvsm@zunyunkeji.com QQ:316430983 微信:yvsm316 西安尊云信息科技 · 专注 PHP / Go / 分布式系统研发

统计信息

  • 总下载量: 136.91k
  • 月度下载量: 0
  • 日度下载量: 0
  • 收藏数: 299
  • 点击次数: 36
  • 依赖项目数: 2
  • 推荐数: 0

GitHub 信息

  • Stars: 296
  • Watchers: 10
  • Forks: 24
  • 开发语言: PHP

其他信息

  • 授权协议: MIT
  • 更新时间: 2018-05-04