89 lines
2.7 KiB
PHP
89 lines
2.7 KiB
PHP
<?php
|
|
|
|
namespace App\Casts;
|
|
|
|
use Illuminate\Contracts\Database\Eloquent\CastsAttributes;
|
|
use Illuminate\Support\Facades\Crypt;
|
|
|
|
/**
|
|
* A tolerant encrypt/decrypt cast for string columns where the database
|
|
* may contain a mix of plaintext and Laravel-encrypted payloads.
|
|
*
|
|
* - On get: tries to decrypt; if it fails, returns the original value.
|
|
* - On set: encrypts plaintext; if already encrypted, stores as-is.
|
|
*/
|
|
class SafeEncryptedString implements CastsAttributes
|
|
{
|
|
/**
|
|
* Transform the attribute from the underlying model values.
|
|
*
|
|
* @param mixed $model
|
|
* @param string $key
|
|
* @param mixed $value
|
|
* @param array<string,mixed> $attributes
|
|
*/
|
|
public function get($model, string $key, $value, array $attributes)
|
|
{
|
|
if ($value === null || $value === '') {
|
|
return $value;
|
|
}
|
|
|
|
try {
|
|
return Crypt::decryptString($value);
|
|
} catch (\Throwable $e) {
|
|
// Not an encrypted payload (or bad key) — return as-is.
|
|
return $value;
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Prepare the given value for storage.
|
|
*
|
|
* @param mixed $model
|
|
* @param string $key
|
|
* @param mixed $value
|
|
* @param array<string,mixed> $attributes
|
|
* @return mixed
|
|
*/
|
|
public function set($model, string $key, $value, array $attributes)
|
|
{
|
|
if ($value === null || $value === '') {
|
|
return $value;
|
|
}
|
|
|
|
$stringValue = (string) $value;
|
|
|
|
// Ziel: Immer Klartext in der DB speichern.
|
|
// Wenn ein verschlüsselter Laravel-Payload übergeben wurde, entschlüsseln und im Klartext ablegen.
|
|
if (self::looksEncrypted($stringValue)) {
|
|
try {
|
|
return Crypt::decryptString($stringValue);
|
|
} catch (\Throwable $e) {
|
|
// Falls Entschlüsselung (noch) nicht möglich: als Fallback unverändert ablegen,
|
|
// aber bevorzugt sollte der Aufrufer bereits Klartext liefern.
|
|
return $stringValue;
|
|
}
|
|
}
|
|
|
|
// Bereits Klartext → so speichern
|
|
return $stringValue;
|
|
}
|
|
|
|
private static function looksEncrypted(string $value): bool
|
|
{
|
|
// Laravel's Crypt::encryptString returns base64-encoded JSON string
|
|
// with keys like iv/value/mac and sometimes tag.
|
|
$decoded = base64_decode($value, true);
|
|
if ($decoded === false) {
|
|
return false;
|
|
}
|
|
$json = json_decode($decoded, true);
|
|
if (!is_array($json)) {
|
|
return false;
|
|
}
|
|
$hasCoreKeys = isset($json['iv'], $json['value'], $json['mac']);
|
|
// 'tag' may or may not exist depending on cipher/version
|
|
return $hasCoreKeys;
|
|
}
|
|
}
|