Initialer Laravel Commit für BetiX

app/Http/Middleware/DetectCiphertextInJson.php

@@ -0,0 +1,43 @@
+<?php
+
+namespace App\Http\Middleware;
+
+use Closure;
+use Illuminate\Http\Request;
+
+class DetectCiphertextInJson
+{
+    public function handle(Request $request, Closure $next)
+    {
+        $response = $next($request);
+
+        // Only act in non-production environments
+        if (app()->environment(['local', 'development', 'staging'])) {
+            $contentType = (string) $response->headers->get('Content-Type', '');
+            if (str_contains($contentType, 'application/json')) {
+                $body = (string) $response->getContent();
+                if ($this->containsLaravelCiphertext($body)) {
+                    // Log minimal info without PII values
+                    logger()->warning('Ciphertext detected in JSON response', [
+                        'path' => $request->path(),
+                        'method' => $request->getMethod(),
+                    ]);
+
+                    // If you prefer to hard-block in dev/stage, uncomment:
+                    // return response()->json(['error' => 'Ciphertext detected in response'], 422);
+                }
+            }
+        }
+
+        return $response;
+    }
+
+    private function containsLaravelCiphertext(string $json): bool
+    {
+        // Heuristic: look for base64-encoded JSON blobs and typical Laravel keys iv/value/mac
+        if (!str_contains($json, 'eyJ')) {
+            return false;
+        }
+        return (str_contains($json, '"iv"') && str_contains($json, '"value"') && str_contains($json, '"mac"'));
+    }
+}