Initialer Laravel Commit für BetiX
This commit is contained in:
88
app/Casts/SafeEncryptedString.php
Normal file
88
app/Casts/SafeEncryptedString.php
Normal file
@@ -0,0 +1,88 @@
|
||||
<?php
|
||||
|
||||
namespace App\Casts;
|
||||
|
||||
use Illuminate\Contracts\Database\Eloquent\CastsAttributes;
|
||||
use Illuminate\Support\Facades\Crypt;
|
||||
|
||||
/**
|
||||
* A tolerant encrypt/decrypt cast for string columns where the database
|
||||
* may contain a mix of plaintext and Laravel-encrypted payloads.
|
||||
*
|
||||
* - On get: tries to decrypt; if it fails, returns the original value.
|
||||
* - On set: encrypts plaintext; if already encrypted, stores as-is.
|
||||
*/
|
||||
class SafeEncryptedString implements CastsAttributes
|
||||
{
|
||||
/**
|
||||
* Transform the attribute from the underlying model values.
|
||||
*
|
||||
* @param mixed $model
|
||||
* @param string $key
|
||||
* @param mixed $value
|
||||
* @param array<string,mixed> $attributes
|
||||
*/
|
||||
public function get($model, string $key, $value, array $attributes)
|
||||
{
|
||||
if ($value === null || $value === '') {
|
||||
return $value;
|
||||
}
|
||||
|
||||
try {
|
||||
return Crypt::decryptString($value);
|
||||
} catch (\Throwable $e) {
|
||||
// Not an encrypted payload (or bad key) — return as-is.
|
||||
return $value;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Prepare the given value for storage.
|
||||
*
|
||||
* @param mixed $model
|
||||
* @param string $key
|
||||
* @param mixed $value
|
||||
* @param array<string,mixed> $attributes
|
||||
* @return mixed
|
||||
*/
|
||||
public function set($model, string $key, $value, array $attributes)
|
||||
{
|
||||
if ($value === null || $value === '') {
|
||||
return $value;
|
||||
}
|
||||
|
||||
$stringValue = (string) $value;
|
||||
|
||||
// Ziel: Immer Klartext in der DB speichern.
|
||||
// Wenn ein verschlüsselter Laravel-Payload übergeben wurde, entschlüsseln und im Klartext ablegen.
|
||||
if (self::looksEncrypted($stringValue)) {
|
||||
try {
|
||||
return Crypt::decryptString($stringValue);
|
||||
} catch (\Throwable $e) {
|
||||
// Falls Entschlüsselung (noch) nicht möglich: als Fallback unverändert ablegen,
|
||||
// aber bevorzugt sollte der Aufrufer bereits Klartext liefern.
|
||||
return $stringValue;
|
||||
}
|
||||
}
|
||||
|
||||
// Bereits Klartext → so speichern
|
||||
return $stringValue;
|
||||
}
|
||||
|
||||
private static function looksEncrypted(string $value): bool
|
||||
{
|
||||
// Laravel's Crypt::encryptString returns base64-encoded JSON string
|
||||
// with keys like iv/value/mac and sometimes tag.
|
||||
$decoded = base64_decode($value, true);
|
||||
if ($decoded === false) {
|
||||
return false;
|
||||
}
|
||||
$json = json_decode($decoded, true);
|
||||
if (!is_array($json)) {
|
||||
return false;
|
||||
}
|
||||
$hasCoreKeys = isset($json['iv'], $json['value'], $json['mac']);
|
||||
// 'tag' may or may not exist depending on cipher/version
|
||||
return $hasCoreKeys;
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user