Initialer Laravel Commit für BetiX
This commit is contained in:
75
app/Casts/EncryptedDecimal.php
Normal file
75
app/Casts/EncryptedDecimal.php
Normal file
@@ -0,0 +1,75 @@
|
||||
<?php
|
||||
|
||||
namespace App\Casts;
|
||||
|
||||
use Illuminate\Contracts\Database\Eloquent\CastsAttributes;
|
||||
use Illuminate\Support\Facades\Crypt;
|
||||
use InvalidArgumentException;
|
||||
|
||||
/**
|
||||
* Encrypted decimal stored as ciphertext (string) with fixed scale.
|
||||
* Works with string or numeric inputs. Always returns string with fixed scale.
|
||||
*/
|
||||
class EncryptedDecimal implements CastsAttributes
|
||||
{
|
||||
private int $scale;
|
||||
|
||||
public function __construct(int $scale = 4)
|
||||
{
|
||||
if ($scale < 0 || $scale > 18) {
|
||||
throw new InvalidArgumentException('Invalid scale for EncryptedDecimal.');
|
||||
}
|
||||
$this->scale = $scale;
|
||||
}
|
||||
|
||||
public function get($model, string $key, $value, array $attributes)
|
||||
{
|
||||
if ($value === null || $value === '') {
|
||||
// Treat null as zero but do not mutate DB implicitly
|
||||
return number_format(0, $this->scale, '.', '');
|
||||
}
|
||||
try {
|
||||
$plain = Crypt::decryptString((string) $value);
|
||||
} catch (\Throwable $e) {
|
||||
// If value is not decryptable (legacy/plain), try to normalize as plain string
|
||||
$plain = (string) $value;
|
||||
}
|
||||
return $this->normalize($plain);
|
||||
}
|
||||
|
||||
public function set($model, string $key, $value, array $attributes)
|
||||
{
|
||||
if ($value === null || $value === '') {
|
||||
return [$key => null];
|
||||
}
|
||||
$normalized = $this->normalize($value);
|
||||
return [$key => Crypt::encryptString($normalized)];
|
||||
}
|
||||
|
||||
private function normalize($value): string
|
||||
{
|
||||
// Accept numeric, string with comma/dot; normalize to string with fixed scale
|
||||
$s = is_string($value) ? trim($value) : (string) $value;
|
||||
$s = str_replace([',', ' '], ['', ''], $s);
|
||||
if (!preg_match('/^-?\d*(?:\.\d+)?$/', $s)) {
|
||||
throw new InvalidArgumentException('Invalid decimal value.');
|
||||
}
|
||||
if ($s === '' || $s === '-') {
|
||||
$s = '0';
|
||||
}
|
||||
// Use integer math on scaled value to avoid float precision
|
||||
$scale = $this->scale;
|
||||
// Split integer and fractional part
|
||||
$neg = str_starts_with($s, '-') ? '-' : '';
|
||||
if ($neg) $s = substr($s, 1);
|
||||
[$int, $frac] = array_pad(explode('.', $s, 2), 2, '');
|
||||
$frac = substr($frac . str_repeat('0', $scale), 0, $scale);
|
||||
$intPart = ltrim($int === '' ? '0' : $int, '0');
|
||||
if ($intPart === '') { $intPart = '0'; }
|
||||
$out = ($neg ? '-' : '') . $intPart;
|
||||
if ($scale > 0) {
|
||||
$out .= '.' . $frac;
|
||||
}
|
||||
return $out;
|
||||
}
|
||||
}
|
||||
88
app/Casts/SafeEncryptedString.php
Normal file
88
app/Casts/SafeEncryptedString.php
Normal file
@@ -0,0 +1,88 @@
|
||||
<?php
|
||||
|
||||
namespace App\Casts;
|
||||
|
||||
use Illuminate\Contracts\Database\Eloquent\CastsAttributes;
|
||||
use Illuminate\Support\Facades\Crypt;
|
||||
|
||||
/**
|
||||
* A tolerant encrypt/decrypt cast for string columns where the database
|
||||
* may contain a mix of plaintext and Laravel-encrypted payloads.
|
||||
*
|
||||
* - On get: tries to decrypt; if it fails, returns the original value.
|
||||
* - On set: encrypts plaintext; if already encrypted, stores as-is.
|
||||
*/
|
||||
class SafeEncryptedString implements CastsAttributes
|
||||
{
|
||||
/**
|
||||
* Transform the attribute from the underlying model values.
|
||||
*
|
||||
* @param mixed $model
|
||||
* @param string $key
|
||||
* @param mixed $value
|
||||
* @param array<string,mixed> $attributes
|
||||
*/
|
||||
public function get($model, string $key, $value, array $attributes)
|
||||
{
|
||||
if ($value === null || $value === '') {
|
||||
return $value;
|
||||
}
|
||||
|
||||
try {
|
||||
return Crypt::decryptString($value);
|
||||
} catch (\Throwable $e) {
|
||||
// Not an encrypted payload (or bad key) — return as-is.
|
||||
return $value;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Prepare the given value for storage.
|
||||
*
|
||||
* @param mixed $model
|
||||
* @param string $key
|
||||
* @param mixed $value
|
||||
* @param array<string,mixed> $attributes
|
||||
* @return mixed
|
||||
*/
|
||||
public function set($model, string $key, $value, array $attributes)
|
||||
{
|
||||
if ($value === null || $value === '') {
|
||||
return $value;
|
||||
}
|
||||
|
||||
$stringValue = (string) $value;
|
||||
|
||||
// Ziel: Immer Klartext in der DB speichern.
|
||||
// Wenn ein verschlüsselter Laravel-Payload übergeben wurde, entschlüsseln und im Klartext ablegen.
|
||||
if (self::looksEncrypted($stringValue)) {
|
||||
try {
|
||||
return Crypt::decryptString($stringValue);
|
||||
} catch (\Throwable $e) {
|
||||
// Falls Entschlüsselung (noch) nicht möglich: als Fallback unverändert ablegen,
|
||||
// aber bevorzugt sollte der Aufrufer bereits Klartext liefern.
|
||||
return $stringValue;
|
||||
}
|
||||
}
|
||||
|
||||
// Bereits Klartext → so speichern
|
||||
return $stringValue;
|
||||
}
|
||||
|
||||
private static function looksEncrypted(string $value): bool
|
||||
{
|
||||
// Laravel's Crypt::encryptString returns base64-encoded JSON string
|
||||
// with keys like iv/value/mac and sometimes tag.
|
||||
$decoded = base64_decode($value, true);
|
||||
if ($decoded === false) {
|
||||
return false;
|
||||
}
|
||||
$json = json_decode($decoded, true);
|
||||
if (!is_array($json)) {
|
||||
return false;
|
||||
}
|
||||
$hasCoreKeys = isset($json['iv'], $json['value'], $json['mac']);
|
||||
// 'tag' may or may not exist depending on cipher/version
|
||||
return $hasCoreKeys;
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user