develop/v0.1.0: Updated the model trait with improvements and also aded content to the readme.md

wazzac · wazzac · commit aab10a77d11e · 2025-06-13T17:11:41.000+08:00
diff --git a/README.md b/README.md
@@ -1,2 +1,87 @@
-# laravel-db-encryption
-A Laravel package that helps encrypt &amp; decrypt certain defined table columns ensuring the data is secure in the database but can be accessed by the models.
+# Laravel DB Encryptor
+
+A Laravel package for secure, transparent encryption and decryption of sensitive model attributes, storing them in a dedicated table while keeping your main tables clean and fast.
+
+## Features
+- Seamless encryption/decryption of model attributes via a simple trait
+- Encrypted data is stored in a separate `encrypted_attributes` table
+- Only non-table attributes can be encrypted (enforced at runtime)
+- Automatic loading and saving of encrypted attributes using Eloquent events
+- No sensitive values are ever logged
+- Easy integration: just add the trait and define `$encryptedProperties` in your model
+- Compatible with Laravel 9+
+
+## Requirements
+- PHP 8.1+
+- Laravel 9 or higher
+- OpenSSL PHP extension
+
+## How It Works
+1. Add the `HasEncryptedAttributes` trait to your Eloquent model.
+2. Define a public array property `$encryptedProperties` listing the attributes you want encrypted (these must NOT exist as columns in the model's table).
+3. When you load a model, encrypted attributes are automatically decrypted and available as normal properties.
+4. When you save a model, encrypted attributes are removed from the main table and securely stored in the `encrypted_attributes` table.
+
+**Example Model:**
+```php
+use Wazza\DbEncrypt\Traits\HasEncryptedAttributes;
+
+class User extends Model
+{
+    use HasEncryptedAttributes;
+
+    protected $fillable = ['name', 'email'];
+
+    // Only non-table attributes can be encrypted!
+    public array $encryptedProperties = [
+        'social_security_number',
+        'private_note',
+    ];
+}
+```
+
+## Usage
+- Use your model as normal:
+```php
+$user = User::find(1);
+$user->social_security_number = '123-45-6789';
+$user->private_note = 'Sensitive info';
+$user->save();
+
+// When you retrieve the user again, encrypted attributes are automatically decrypted:
+$user = User::find(1);
+echo $user->social_security_number; // '123-45-6789'
+```
+- If you try to add an attribute to `$encryptedProperties` that already exists as a column, an exception will be thrown.
+
+## Installation Steps
+1. Require the package in your Laravel project:
+   ```sh
+   composer require wazza/laravel-db-encryption
+   ```
+2. Publish the config and migration files (if needed):
+   ```sh
+   php artisan vendor:publish --provider="Wazza\DbEncrypt\DbEncryptServiceProvider"
+   ```
+3. Run the migration to create the `encrypted_attributes` table:
+   ```sh
+   php artisan migrate
+   ```
+4. Add the trait and `$encryptedProperties` to your models as shown above.
+
+## Monitoring & Logs
+- All encryption/decryption operations are logged (without sensitive values).
+- To monitor package logs:
+  ```sh
+  tail -f storage/logs/laravel.log | grep db-encrypt
+  ```
+
+## Testing
+- Run the test suite using Pest:
+  ```sh
+  ./vendor/bin/pest
+  ```
+- Ensure your models and encrypted attributes behave as expected.
+
+---
+For more details, see the source code and comments. Contributions and issues welcome!
diff --git a/src/Http/Controllers/DbEncryptController.php b/src/Http/Controllers/DbEncryptController.php
@@ -181,58 +181,66 @@ public function encryptProperty(string $property)
      * Encrypt all of the model defined ($this->encryptedProperties) properties.
      * If $property is provided, only that property will be encrypted.
      *
-     * @param mixed $property The property to encrypt. If null, all properties will be encrypted.
+     * @param string|null $property The property to encrypt. If null, all properties will be encrypted.
      * @return void
      * @throws Exception
      */
     public function encrypt(
-        $property = null
+        ?string $property = null
     ) {
+        // check if the model is set
         if (!$this->isModelDefined()) {
             throw new Exception('Model is not set. Please set the model using the `setModel` method.');
         }
+
+        // if property is defined, make sure it is in the encrypted properties
         if ($property !== null && !in_array($property, $this->encryptedProperties, true)) {
             throw new Exception('Property `' . $property . '` is not defined in the encrypted properties.');
         }
         $this->logger->infoLow('Encrypting properties for model: ' . $this->model->getTable() . ', property: ' . ($property ?? 'all'));
+
+        // loop through the defined encrypted properties
         foreach ($this->encryptedProperties as $prop) {
+            // check if the property is defined in the model's attributes
             if ($property === null || $prop === $property) {
-                if (array_key_exists($prop, $this->model->getAttributes())) {
-                    // Use Eloquent attribute check
-                    $value = $this->model->{$prop};
-                    if ($value === null || $value === '') {
-                        // if the value was encrypted, hard delete it form the encrypted_attributes table
-                        EncryptedAttributes::where([
-                            'object_type' => $this->model->getTable(),
-                            'object_id' => $this->model->getKey(),
-                            'attribute' => $prop,
-                        ])->delete();
-
-                        // done
-                        continue;
-                    }
-
-                    // Encrypt the value and store it in the encrypted_attributes table
-                    $encryptedValue = Encryptor::encrypt($value);
-                    EncryptedAttributes::updateOrCreate(
-                        [
-                            'object_type' => $this->model->getTable(),
-                            'object_id' => $this->model->getKey(),
-                            'attribute' => $prop,
-                        ],
-                        [
-                            'hash_index' => Encryptor::hash($value),
-                            'encrypted_value' => $encryptedValue,
-                        ]
-                    );
-
-                    // Do NOT log the actual value
-                    $this->logger->infoLow('Encrypted property: ' . $prop . ' [value hidden for security]');
-                } else {
+                if (!array_key_exists($prop, $this->model->getAttributes())) {
                     continue;
                 }
+
+                // Use Eloquent attribute check
+                $value = $this->model->{$prop};
+                if ($value === null || $value === '') {
+                    // if the value was encrypted, hard delete it form the encrypted_attributes table
+                    EncryptedAttributes::where([
+                        'object_type' => $this->model->getTable(),
+                        'object_id' => $this->model->getKey(),
+                        'attribute' => $prop,
+                    ])->delete();
+
+                    // done
+                    continue;
+                }
+
+                // Encrypt the value and store it in the encrypted_attributes table
+                $encryptedValue = Encryptor::encrypt($value);
+                EncryptedAttributes::updateOrCreate(
+                    [
+                        'object_type' => $this->model->getTable(),
+                        'object_id' => $this->model->getKey(),
+                        'attribute' => $prop,
+                    ],
+                    [
+                        'hash_index' => Encryptor::hash($value),
+                        'encrypted_value' => $encryptedValue,
+                    ]
+                );
+
+                // Do NOT log the actual value
+                $this->logger->infoLow('Encrypted property: ' . $prop . ' [value hidden for security]');
             }
         }
+
+        // done.
         $this->logger->infoLow('Encryption completed for model: ' . $this->model->getTable() . ', properties: ' . json_encode($this->encryptedProperties));
     }
 
@@ -246,30 +254,45 @@ public function encrypt(
      */
     public function decrypt($property = null)
     {
+        // check if the model is set
         if (!$this->isModelDefined()) {
             throw new Exception('Model is not set. Please set the model using the `setModel` method.');
         }
+
+        // if property is defined, make sure it is in the encrypted properties
         if ($property !== null && !in_array($property, $this->encryptedProperties, true)) {
             throw new Exception('Property `' . $property . '` is not defined in the encrypted properties.');
         }
         $this->logger->infoLow('Decrypting properties for model: ' . $this->model->getTable() . ', property: ' . ($property ?? 'all'));
+
+        // loop through the defined encrypted properties
         foreach ($this->encryptedProperties as $prop) {
+            // check if the property is defined in the model's attributes
             if ($property === null || $prop === $property) {
+                // get the encrypted attribute from the database
                 $encryptedAttribute = EncryptedAttributes::where([
                     'object_type' => $this->model->getTable(),
                     'object_id' => $this->model->getKey(),
                     'attribute' => $prop,
                 ])->first();
+
+                // if located, decrypt the value and set it to the model's property
                 if ($encryptedAttribute && $encryptedAttribute->encrypted_value) {
+                    // located, decrypt the value
                     $decryptedValue = Encryptor::decrypt($encryptedAttribute->encrypted_value);
                     $this->model->{$prop} = $decryptedValue;
                     $this->logger->infoLow('Decrypted property: ' . $prop . ' - success.');
                 } else {
+                    // not found, set the property to null
                     $this->model->{$prop} = null;
                     $this->logger->infoLow('Decrypted property: ' . $prop . ' - not found, set to null.');
                 }
+
+                // ..next
             }
         }
+
+        // done.
         $this->logger->infoLow('Decryption completed for model: ' . $this->model->getTable() . ', properties: ' . json_encode($this->encryptedProperties));
     }
 }
diff --git a/src/Traits/HasEncryptedAttributes.php b/src/Traits/HasEncryptedAttributes.php
@@ -10,6 +10,7 @@
  * Note: You do NOT need to override the save() method or manually call encryptAttributes().
  * Encryption and decryption are handled automatically via model events by this trait.
  * Be sure to add the `encryptedProperties` array to your model to specify which attributes should be encrypted.
+ * If `encryptedProperties` is not defined, no attributes will be encrypted.
  */
 trait HasEncryptedAttributes
 {
@@ -20,30 +21,12 @@ trait HasEncryptedAttributes
      */
     protected array $_encryptedAttributesBuffer = [];
 
-    /**
-     * Get the encryption status of the model's attributes.
-     *
-     * @return bool
-     */
-    public function isEncrypted(): bool
-    {
-        // Get the current model instance the trait is called from
-        $model = $this;
-
-        if (!$model instanceof \Illuminate\Database\Eloquent\Model) {
-            throw new \InvalidArgumentException('The isEncrypted method can only be called from an Eloquent model instance.');
-        }
-
-        // Check if the model's attributes are encrypted
-        $dnEncryptController = app(DbEncryptController::class);
-        return $dnEncryptController->isEncrypted($model);
-    }
-
     /**
      * Boot the HasEncryptedAttributes trait for a model.
-     * Automatically handles loading and saving encrypted attributes.
+     *
+     * @return void
      */
-    public static function bootHasEncryptedAttributes()
+    public static function bootHasEncryptedAttributes(): void
     {
         static::retrieved(function ($model) {
             $model->loadEncryptedAttributes();
@@ -58,27 +41,37 @@ public static function bootHasEncryptedAttributes()
 
     /**
      * Load and decrypt encrypted attributes from the encrypted_attributes table.
+     *
+     * @return void
      */
     public function loadEncryptedAttributes(): void
     {
-        if (!property_exists($this, 'encryptedProperties') || empty($this->encryptedProperties)) {
+        if (empty($this->encryptedProperties ?? [])) {
             return;
         }
-        $dnEncryptController = app(\Wazza\DbEncrypt\Http\Controllers\DbEncryptController::class);
-        $dnEncryptController->setModel($this);
-        $dnEncryptController->decrypt();
+
+        try {
+            $dnEncryptController = app(DbEncryptController::class);
+            $dnEncryptController->setModel($this);
+            $dnEncryptController->decrypt();
+        } catch (\Throwable $e) {
+            // Optionally log or handle decryption errors
+        }
     }
 
     /**
      * Remove encrypted attributes from the model's attributes before saving.
-     * Store them temporarily for later encryption.
+     *
+     * @return void
      */
     public function extractEncryptedAttributesForSave(): void
     {
-        if (!property_exists($this, 'encryptedProperties') || empty($this->encryptedProperties)) {
+        if (empty($this->encryptedProperties ?? [])) {
             return;
         }
+
         $this->_encryptedAttributesBuffer = [];
+
         foreach ($this->encryptedProperties as $prop) {
             if (array_key_exists($prop, $this->attributes)) {
                 $this->_encryptedAttributesBuffer[$prop] = $this->attributes[$prop];
@@ -88,23 +81,28 @@ public function extractEncryptedAttributesForSave(): void
     }
 
     /**
-     * Encrypt and save the encrypted attributes to the encrypted_attributes table after saving the model.
+     * Encrypt and save the encrypted attributes after saving the model.
+     *
+     * @return void
      */
     public function saveEncryptedAttributes(): void
     {
-        if (
-            !property_exists($this, 'encryptedProperties') ||
-            empty($this->encryptedProperties) ||
-            empty($this->_encryptedAttributesBuffer ?? [])
-        ) {
+        if (empty($this->encryptedProperties ?? []) || empty($this->_encryptedAttributesBuffer)) {
             return;
         }
-        $dnEncryptController = app(\Wazza\DbEncrypt\Http\Controllers\DbEncryptController::class);
-        $dnEncryptController->setModel($this);
-        foreach ($this->_encryptedAttributesBuffer as $prop => $value) {
-            $this->{$prop} = $value; // restore for encryption
-            $dnEncryptController->encryptProperty($prop);
+
+        try {
+            $dnEncryptController = app(DbEncryptController::class);
+            $dnEncryptController->setModel($this);
+
+            foreach ($this->_encryptedAttributesBuffer as $prop => $value) {
+                $this->{$prop} = $value;
+                $dnEncryptController->encryptProperty($prop);
+            }
+        } catch (\Throwable $e) {
+            // Optionally log or handle encryption errors
         }
-        unset($this->_encryptedAttributesBuffer);
+
+        $this->_encryptedAttributesBuffer = [];
     }
 }
