LNA-512: Added teh ability to remove an encryption property from the table if it it set to null

Author: wazzac

src/Helper/Encryptor.php

@@ -22,7 +22,7 @@ final class Encryptor
     private static function getKey(?string $manualKey = null): string
     {
         // get the key from the config or .env
-        $baseKey = config('wazza-db-encrypt.key');
+        $baseKey = config('db-encrypt.key');
         if (empty($baseKey)) {
             throw new RuntimeException('Encryption key is not set in config or .env.');
         }

…Http/Controllers/DnEncryptController.php …Http/Controllers/DbEncryptController.phpsrc/Http/Controllers/DnEncryptController.php renamed to src/Http/Controllers/DbEncryptController.php src/Http/Controllers/DnEncryptController.php renamed to src/Http/Controllers/DbEncryptController.php

@@ -13,15 +13,13 @@
 use Exception;
 
 /**
- * Sync Class CrmController
- * Example: (new CrmController())->setModel($user)->execute();
+ * DB Encrypt / Decrypt Controller
  *
  * @package Wazza\DbEncrypt\Http\Controllers
  * @version 1.0.0
- * @todo convert the log class to be injected into the controller instead of using the facade
  */
 
-class DnEncryptController extends BaseController
+class DbEncryptController extends BaseController
 {
     /**
      * The model to sync
@@ -93,6 +91,16 @@ public function setModel(?Model $model = null)
      */
     public function setEncryptedProperties(array $propertyMapping = []): self
     {
+        // Check for conflicts: encrypted property must not exist as a column in the model's table
+        $table = $this->model ? $this->model->getTable() : null;
+        $schema = $this->model ? $this->model->getConnection()->getSchemaBuilder() : null;
+        if ($table && $schema) {
+            foreach ($propertyMapping as $prop) {
+                if ($schema->hasColumn($table, $prop)) {
+                    throw new Exception("Cannot specify encrypted property '{$prop}' because it already exists as a column in the model's table '{$table}'.");
+                }
+            }
+        }
         // set the property mappings
         $this->encryptedProperties = $propertyMapping;
         $this->logger->infoLow('DB Encrypt Mapping: `' . json_encode($this->encryptedProperties) . '`');
@@ -133,42 +141,82 @@ public function isModelDefined(): bool
     }
 
     /**
-     * Encrypt all of the model defined ($this->encryptedProperties) properties.
-     * If $property is provided, only that property will be encrypted.
+     * Encrypt all properties of the model.
+     * This method will encrypt all properties defined in the model's encrypted properties.
      *
-     * @param mixed $property The property to encrypt. If null, all properties will be encrypted.
      * @return void
      * @throws Exception
      */
-    public function encrypt($property = null)
+    public function encryptAll()
     {
         // check if the model is set
         if (!$this->isModelDefined()) {
             throw new Exception('Model is not set. Please set the model using the `setModel` method.');
         }
 
-        // check if the property is set
-        if ($property !== null && !in_array($property, $this->encryptedProperties)) {
-            throw new Exception('Property `' . $property . '` is not defined in the encrypted properties.');
+        // encrypt all properties
+        $this->encrypt();
+    }
+
+    /**
+     * Encrypt a specific property of the model.
+     * This method will only encrypt the property if it is defined in the model's encrypted properties.
+     *
+     * @param string $property
+     * @return void
+     * @throws Exception
+     */
+    public function encryptProperty(string $property)
+    {
+        // check if the model is set
+        if (!$this->isModelDefined()) {
+            throw new Exception('Model is not set. Please set the model using the `setModel` method.');
         }
 
-        // encrypt the properties
-        $this->logger->infoLow('Encrypting properties for model: ' . get_class($this->model) . ', property: ' . ($property ?? 'all'));
+        // encrypt the property
+        $this->encrypt($property);
+    }
 
-        // loop through the encrypted properties
+    /**
+     * Encrypt all of the model defined ($this->encryptedProperties) properties.
+     * If $property is provided, only that property will be encrypted.
+     *
+     * @param mixed $property The property to encrypt. If null, all properties will be encrypted.
+     * @return void
+     * @throws Exception
+     */
+    public function encrypt(
+        $property = null
+    ) {
+        if (!$this->isModelDefined()) {
+            throw new Exception('Model is not set. Please set the model using the `setModel` method.');
+        }
+        if ($property !== null && !in_array($property, $this->encryptedProperties, true)) {
+            throw new Exception('Property `' . $property . '` is not defined in the encrypted properties.');
+        }
+        $this->logger->infoLow('Encrypting properties for model: ' . $this->model->getTable() . ', property: ' . ($property ?? 'all'));
         foreach ($this->encryptedProperties as $prop) {
-            // making sure the provided property to encrypt (if any) is defined in the model encrypted properties list
             if ($property === null || $prop === $property) {
-                // check if the property exists in the model
-                if (property_exists($this->model, $prop)) {
-                    // encrypt the property
+                if (array_key_exists($prop, $this->model->getAttributes())) {
+                    // Use Eloquent attribute check
                     $value = $this->model->{$prop};
-                    $encryptedValue = Encryptor::encrypt($value);
+                    if ($value === null || $value === '') {
+                        // if the value was encrypted, hard delete it form the encrypted_attributes table
+                        EncryptedAttributes::where([
+                            'object_type' => $this->model->getTable(),
+                            'object_id' => $this->model->getKey(),
+                            'attribute' => $prop,
+                        ])->delete();
 
-                    // save the encrypted value in the EncryptedAttributes model
+                        // done
+                        continue;
+                    }
+
+                    // Encrypt the value and store it in the encrypted_attributes table
+                    $encryptedValue = Encryptor::encrypt($value);
                     EncryptedAttributes::updateOrCreate(
                         [
-                            'object_type' => get_class($this->model),
+                            'object_type' => $this->model->getTable(),
                             'object_id' => $this->model->getKey(),
                             'attribute' => $prop,
                         ],
@@ -178,15 +226,50 @@ public function encrypt($property = null)
                         ]
                     );
 
-                    // log the encryption
-                    $this->logger->infoLow('Encrypted property: ' . $prop . ', value: ' . $value);
+                    // Do NOT log the actual value
+                    $this->logger->infoLow('Encrypted property: ' . $prop . ' [value hidden for security]');
                 } else {
-                    throw new Exception('Property `' . $prop . '` does not exist in the model.');
+                    continue;
                 }
             }
         }
+        $this->logger->infoLow('Encryption completed for model: ' . $this->model->getTable() . ', properties: ' . json_encode($this->encryptedProperties));
+    }
 
-        // log the encryption
-        $this->logger->infoLow('Encryption completed for model: ' . get_class($this->model) . ', properties: ' . json_encode($this->encryptedProperties));
+    /**
+     * Decrypt all of the model defined ($this->encryptedProperties) properties.
+     * If $property is provided, only that property will be decrypted.
+     *
+     * @param mixed $property The property to decrypt. If null, all properties will be decrypted.
+     * @return void
+     * @throws Exception
+     */
+    public function decrypt($property = null)
+    {
+        if (!$this->isModelDefined()) {
+            throw new Exception('Model is not set. Please set the model using the `setModel` method.');
+        }
+        if ($property !== null && !in_array($property, $this->encryptedProperties, true)) {
+            throw new Exception('Property `' . $property . '` is not defined in the encrypted properties.');
+        }
+        $this->logger->infoLow('Decrypting properties for model: ' . $this->model->getTable() . ', property: ' . ($property ?? 'all'));
+        foreach ($this->encryptedProperties as $prop) {
+            if ($property === null || $prop === $property) {
+                $encryptedAttribute = EncryptedAttributes::where([
+                    'object_type' => $this->model->getTable(),
+                    'object_id' => $this->model->getKey(),
+                    'attribute' => $prop,
+                ])->first();
+                if ($encryptedAttribute && $encryptedAttribute->encrypted_value) {
+                    $decryptedValue = Encryptor::decrypt($encryptedAttribute->encrypted_value);
+                    $this->model->{$prop} = $decryptedValue;
+                    $this->logger->infoLow('Decrypted property: ' . $prop . ' - success.');
+                } else {
+                    $this->model->{$prop} = null;
+                    $this->logger->infoLow('Decrypted property: ' . $prop . ' - not found, set to null.');
+                }
+            }
+        }
+        $this->logger->infoLow('Decryption completed for model: ' . $this->model->getTable() . ', properties: ' . json_encode($this->encryptedProperties));
     }
 }

src/Providers/DbEncryptServiceProvider.php

@@ -3,7 +3,7 @@
 namespace Wazza\DbEncrypt\Providers;
 
 use Illuminate\Support\ServiceProvider as BaseServiceProvider;
-use Wazza\DbEncrypt\Http\Controllers\DnEncryptController;
+use Wazza\DbEncrypt\Http\Controllers\DbEncryptController;
 
 class DbEncryptServiceProvider extends BaseServiceProvider
 {
@@ -39,23 +39,23 @@ public function register(): void
         );
 
         // Register the singleton service the package provides.
-        $this->app->singleton(DnEncryptController::class, function () {
-            return new DnEncryptController();
+        $this->app->singleton(DbEncryptController::class, function () {
+            return new DbEncryptController();
         });
 
         /*
         You can use the above registered singleton service in your application like this:
-        $dnEncryptController = app(DnEncryptController::class);
+        $dnEncryptController = app(DbEncryptController::class);
         $dnEncryptController->someMethod();
 
         You can also use dependency injection in your controllers or other services.
         For example:
-        public function __construct(DnEncryptController $dnEncryptController)
+        public function __construct(DbEncryptController $dnEncryptController)
         {
             $this->dnEncryptController = $dnEncryptController;
         }
 
-        This allows you to access the methods of DnEncryptController within your class.
+        This allows you to access the methods of DbEncryptController within your class.
         You can also register other services or bindings as needed.
         $this->app->bind('some.service', function ($app) {
             return new SomeService();