定制 thetalabs/laravel-database-encryption 二次开发

按需修改功能、优化性能、对接业务系统,提供一站式技术支持

邮箱:yvsm@zunyunkeji.com | QQ:316430983 | 微信:yvsm316

thetalabs/laravel-database-encryption

Composer 安装命令:

composer require thetalabs/laravel-database-encryption

包简介

A no fuss Laravel model trait to add encrypted model attributes with the option of blind indexes.

README 文档

README

pipeline status coverage report

A no fuss Laravel model trait to add encrypted model attributes with the option of blind indexes.

Model attributes that are marked as encrypted will be encrypted via Laravel's default encryption.

The library also supports blind indexing on encrypted attributes. Blind indexing hashes the value before encryption and stores it in a separate field. This hash can then be queried using whereEncrypted() and orWhereEncrypted()

Lastly, you can disable blind indexes on a per field basis as well as change the hashing algorithm to your liking.

Note - this trait does not create DB columns for you. You must create your own migrations

Features

  • Encrypts - designated attributes are encrypted when set.
  • Decrypts - automatically decrypts attributes on access.
  • Performant - automatically caches decrypted values once accessed to increase performance.
  • Searching (optional) - hashes original input to support exact searching. Supports fuzzy-ish searching. See section below.
  • Customizable - customizable hash algorithm and field naming.
  • Secure - automatically hides hashes to prevent brute forcing and data leaks.

Requirements

This package requires Laravel 5.6. Earlier versions of Laravel have a different model implementation that is not compatible with this package.

Installation

composer require thetalabs/laravel-database-encryption

Usage

Add the trait to your model

You'll also need to configure the columns you want to encrypt.

This example will encrypt the ssn attribute without hashing it in anyway. In this case, it would not be searchable.

use ThetaLabs\DbEncryption\HasEncryptedAttributes;
use Illuminate\Database\Eloquent\Model;

class User extends Model
{
    use HasEncryptedAttributes;
    
    // Encrypt the following attributes
    protected static $encrypted = [
        'ssn',
    ];
}

Note that if you would like to enable blind indexing for searching, you can do so like this. These indexes are entirely optional and no hashed data will be stored if the option is disabled.

protected static $encrypted = [
    'ssn' => 'bi'
    // or with a custom bi field...
    'ssn' => 'bi:custom_bi_field'
];

By default, blind indexes are hashed with sha256. You can change this per attribute.

protected static $encrypted = [
    'ssn' => 'bi,hash:sha1',
    // or with custom bi field...
    'ssn' => 'bi:custom_bi_field,hash:sha1'
];

See hash_hmac documentation for supported hashing algorithms.

Add Encrypted Database Columns

Create a migration to update the length and types of your columns.

Note: length is depending on the hashing algorithm you decide to use (if any) for blind indexes. By default sha256 has a length of 64.

    // in your migration...
    $table->string('ssn', 9);
    $table->string('ssn_bi', 64);

Searching

A local scope has been added that allows you to query encrypted fields using the blind index columns.

// searches all users where ssn_bi (or custom bi field)
// is 000-00-0000
$user = User::whereEncrypted('ssn', '000-00-0000')
    ->first();
     
// or...

// Search by name or where ssn is 000-00-0000
$users = User::where('name', 'Thomas Krause')
    ->orWhereEncrypted('ssn', '000-00-0000')
    ->get();

Hiding Encrypted Fields

Typically you'll want to limit decrypting values when they aren't needed.

You should use Laravel the built-in $hidden and $visible attributes for this.

class User extends Model
{
    use HasEncryptedAttributes;
    
    // Encrypt the following attributes
    protected static $encrypted = [
        'ssn',
    ];
    
    // Hide the encrypted attributes
    // will prevent them showing in toArray() and JSON
    protected $hidden = [
        'ssn'
    ];
}

Fuzzy-ish Searching

We also support field splitting in models which are stored along with the original value in the blind index. Note that all values are hashed with the configured hash.

This enables you to define how your data should be split and allows searching on the split pieces as well as the original.

Define a function with the following naming convention to enable the feature. You must return an array with each of the values you want to be searchable. The values returned be in plain text we'll handle the rest.

Naming convention for fields is explodeAttributeToSearchables. Where attribute is the field name. Example for field ssn function should be explodeSsnToSearchables.

Similarly and field named buy_me_a_beer would have a explode function named explodeBuyMeABeerToSearchables.

class User extends Model
{
    use HasEncryptedAttributes;
    
    // Encrypt the following attributes
    protected static $encrypted = [
        'ssn' => 'bi,
    ];
    
    // Can be anything you want here
    // name must match convention
    // you must return an array
    protected function explodeSsnToSearchables($ssn)
    {
        return explode('-', $ssn);
    }
}

Gotcha's

For searching, blind indexes are computed at the time the attribute is set. If you want to search on a column after it's encrypted, you'll need to make a migration to re-encrypt all the values to compute the hashes.

// Something like...
$users = User::all();

foreach ($users as $user) {
    // Will force re-encryption and set ssn as dirty.
    // will also update the hash for the field if it's been set
    $user->ssn = $user->ssn;
}

thetalabs/laravel-database-encryption 适用场景与选型建议

thetalabs/laravel-database-encryption 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 16.6k 次下载、GitHub Stars 达 2, 最近一次更新时间为 2019 年 03 月 15 日, 在 PHP 生态内属于活跃度较高的组件。

我们在过去多个企业项目中使用过 thetalabs/laravel-database-encryption 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。

围绕 thetalabs/laravel-database-encryption 我们能提供哪些服务?
定制开发 / 二次开发

基于 thetalabs/laravel-database-encryption 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。

BUG 修复 & 性能优化

线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。

项目外包 & 长期维护

承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。

yvsm@zunyunkeji.com QQ:316430983 微信:yvsm316 西安尊云信息科技 · 专注 PHP / Go / 分布式系统研发

统计信息

  • 总下载量: 16.6k
  • 月度下载量: 0
  • 日度下载量: 0
  • 收藏数: 2
  • 点击次数: 29
  • 依赖项目数: 0
  • 推荐数: 0

GitHub 信息

  • Stars: 2
  • Watchers: 0
  • Forks: 1
  • 开发语言: PHP

其他信息

  • 授权协议: Unknown
  • 更新时间: 2019-03-15