develop/v2.3.0: Added encryption logic

wazzac · wazzac · commit bc36b2279153 · 2025-06-11T22:57:34.000+08:00
diff --git a/src/Helper/Encryptor.php b/src/Helper/Encryptor.php
@@ -1,6 +1,6 @@
 <?php
 
-namespace Wazzac\DbEncrypt\Helper;
+namespace Wazza\DbEncrypt\Helper;
 
 use RuntimeException;
 use InvalidArgumentException;
diff --git a/src/Http/Controllers/DnEncryptController.php b/src/Http/Controllers/DnEncryptController.php
@@ -4,6 +4,7 @@
 
 use Wazza\DbEncrypt\Http\Controllers\BaseController;
 use Wazza\DbEncrypt\Models\EncryptedAttributes;
+use Wazza\DbEncrypt\Helper\Encryptor;
 use Illuminate\Support\Facades\App;
 use Illuminate\Database\Eloquent\Model;
 use Illuminate\Contracts\Container\BindingResolutionException;
@@ -22,6 +23,26 @@
 
 class DnEncryptController extends BaseController
 {
+    /**
+     * The model to sync
+     *
+     * @var \Illuminate\Database\Eloquent\Model
+     */
+    private $model;
+
+    /**
+     * Property to define the Model properties that will be encrypted.
+     * Structure:
+     *   $encryptedProperties = [
+     *     'social_security_number',
+     *     'business_address',
+     *     'business_city',
+     *   ];
+     *
+     * @var array
+     */
+    private $encryptedProperties = [];
+
     /**
      * Create a new CrmController instance and define the log identifier (blank will create a new one)
      *
@@ -36,6 +57,136 @@ public function __construct(?string $logIdentifier = null)
         // parent constructor
         parent::__construct($logIdentifier);
 
-        // ...
+        // clear the properties
+        $this->model = null;
+        $this->encryptedProperties = [];
+    }
+
+    /**
+     * Set the model to process.
+     * Any property that is defined in the model will be encrypted in the `encrypted_attributes` table
+     *
+     * @param \Illuminate\Database\Eloquent\Model|null $model
+     * @return $this
+     */
+    public function setModel(?Model $model = null)
+    {
+        // -- set the model
+        $this->model = $model;
+
+        // -- log the model set (and set the append to model type)
+        $this->logger->setLogIdentifier('[' . get_class($this->model) . ']', true);
+        $this->logger->infoLow('DB Encrypt Model set. Class: `' . get_class($this->model) . '`, Table: `' . $this->model->getTable() . '`.');
+
+        // -- set the properties in the model that will be encrypted
+        $this->setEncryptedProperties($model->encryptedProperties ?? []);
+
+        // done
+        return $this;
+    }
+
+    /**
+     * Set the property mapping for the CRM provider
+     *
+     * @param array $propertyMapping
+     * @return $this
+     */
+    public function setEncryptedProperties(array $propertyMapping = []): self
+    {
+        // set the property mappings
+        $this->encryptedProperties = $propertyMapping;
+        $this->logger->infoLow('DB Encrypt Mapping: `' . json_encode($this->encryptedProperties) . '`');
+        return $this;
+    }
+
+    /**
+     * Get the encrypted properties defined in the model.
+     *
+     * @return array
+     */
+    public function getEncryptedProperties(): array
+    {
+        // return the encrypted properties
+        return $this->encryptedProperties;
+    }
+
+    /**
+     * Get the model that is set.
+     *
+     * @return \Illuminate\Database\Eloquent\Model|null
+     */
+    public function getModel(): ?Model
+    {
+        // return the model
+        return $this->model;
+    }
+
+    /**
+     * Check if the model is defined.
+     *
+     * @return bool
+     */
+    public function isModelDefined(): bool
+    {
+        // check if the model is defined
+        return $this->model instanceof Model;
+    }
+
+    /**
+     * Encrypt all of the model defined ($this->encryptedProperties) properties.
+     * If $property is provided, only that property will be encrypted.
+     *
+     * @param mixed $property The property to encrypt. If null, all properties will be encrypted.
+     * @return void
+     * @throws Exception
+     */
+    public function encrypt($property = null)
+    {
+        // check if the model is set
+        if (!$this->isModelDefined()) {
+            throw new Exception('Model is not set. Please set the model using the `setModel` method.');
+        }
+
+        // check if the property is set
+        if ($property !== null && !in_array($property, $this->encryptedProperties)) {
+            throw new Exception('Property `' . $property . '` is not defined in the encrypted properties.');
+        }
+
+        // encrypt the properties
+        $this->logger->infoLow('Encrypting properties for model: ' . get_class($this->model) . ', property: ' . ($property ?? 'all'));
+
+        // loop through the encrypted properties
+        foreach ($this->encryptedProperties as $prop) {
+            // making sure the provided property to encrypt (if any) is defined in the model encrypted properties list
+            if ($property === null || $prop === $property) {
+                // check if the property exists in the model
+                if (property_exists($this->model, $prop)) {
+                    // encrypt the property
+                    $value = $this->model->{$prop};
+                    $encryptedValue = Encryptor::encrypt($value);
+
+                    // save the encrypted value in the EncryptedAttributes model
+                    EncryptedAttributes::updateOrCreate(
+                        [
+                            'object_type' => get_class($this->model),
+                            'object_id' => $this->model->getKey(),
+                            'attribute' => $prop,
+                        ],
+                        [
+                            'hash_index' => Encryptor::hash($value),
+                            'encrypted_value' => $encryptedValue,
+                        ]
+                    );
+
+                    // log the encryption
+                    $this->logger->infoLow('Encrypted property: ' . $prop . ', value: ' . $value);
+                } else {
+                    throw new Exception('Property `' . $prop . '` does not exist in the model.');
+                }
+            }
+        }
+
+        // log the encryption
+        $this->logger->infoLow('Encryption completed for model: ' . get_class($this->model) . ', properties: ' . json_encode($this->encryptedProperties));
     }
 }
diff --git a/src/Providers/DbEncryptServiceProvider.php b/src/Providers/DbEncryptServiceProvider.php
@@ -42,6 +42,25 @@ public function register(): void
         $this->app->singleton(DnEncryptController::class, function () {
             return new DnEncryptController();
         });
+
+        /*
+        You can use the above registered singleton service in your application like this:
+        $dnEncryptController = app(DnEncryptController::class);
+        $dnEncryptController->someMethod();
+
+        You can also use dependency injection in your controllers or other services.
+        For example:
+        public function __construct(DnEncryptController $dnEncryptController)
+        {
+            $this->dnEncryptController = $dnEncryptController;
+        }
+
+        This allows you to access the methods of DnEncryptController within your class.
+        You can also register other services or bindings as needed.
+        $this->app->bind('some.service', function ($app) {
+            return new SomeService();
+        });
+        */
     }
 
     /**
diff --git a/src/Traits/HasEncryptedAttributes.php b/src/Traits/HasEncryptedAttributes.php
@@ -0,0 +1,162 @@
+<?php
+
+namespace Wazza\DbEncrypt\Traits;
+
+use Wazza\DbEncrypt\Http\Controllers\DnEncryptController;
+
+/**
+ * Include this trait in your model to enable database encryption functionality.
+ *
+ * public function save(array $options = [])
+ * {
+ *     parent::save($options);
+ *     // Call the encryptAttributes method to encrypt the model's attributes.
+ *     $this->encryptAttributes();
+ * }
+ */
+trait HasEncryptedAttributes
+{
+    /**
+     * Encrypt the model's attributes using the DnEncryptController.
+     *
+     * @return void
+     */
+    public function encryptAttributes(): void
+    {
+        // Get the current model instance the trait is called from
+        $model = $this;
+
+        if (!$model instanceof \Illuminate\Database\Eloquent\Model) {
+            throw new \InvalidArgumentException('The encryptAttributes method can only be called from an Eloquent model instance.');
+        }
+
+        // Initiate a database encryption process
+        $dnEncryptController = app(DnEncryptController::class);
+        $dnEncryptController->setModel($model);
+        $dnEncryptController->encrypt();
+    }
+
+    /**
+     * Decrypt the model's attributes using the DnEncryptController.
+     *
+     * @return void
+     */
+    public function decryptAttributes(): void
+    {
+        // Get the current model instance the trait is called from
+        $model = $this;
+
+        if (!$model instanceof \Illuminate\Database\Eloquent\Model) {
+            throw new \InvalidArgumentException('The decryptAttributes method can only be called from an Eloquent model instance.');
+        }
+
+        // Initiate a database decryption process
+        $dnEncryptController = app(DnEncryptController::class);
+        $dnEncryptController->setModel($model);
+        $dnEncryptController->decrypt();
+    }
+
+    /**
+     * Get the encryption status of the model's attributes.
+     *
+     * @return bool
+     */
+    public function isEncrypted(): bool
+    {
+        // Get the current model instance the trait is called from
+        $model = $this;
+
+        if (!$model instanceof \Illuminate\Database\Eloquent\Model) {
+            throw new \InvalidArgumentException('The isEncrypted method can only be called from an Eloquent model instance.');
+        }
+
+        // Check if the model's attributes are encrypted
+        $dnEncryptController = app(DnEncryptController::class);
+        return $dnEncryptController->isEncrypted($model);
+    }
+
+    /**
+     * Decrypt the model's attributes before saving.
+     *
+     * @param array $options
+     * @return void
+     */
+    public function save(array $options = []): void
+    {
+        // Decrypt the attributes before saving
+        $this->decryptAttributes();
+
+        // Call the parent save method
+        parent::save($options);
+
+        // Encrypt the attributes after saving
+        $this->encryptAttributes();
+    }
+
+    /**
+     * Delete the model and its encrypted attributes.
+     *
+     * @return void
+     */
+    public function delete(): void
+    {
+        // Get the current model instance the trait is called from
+        $model = $this;
+
+        if (!$model instanceof \Illuminate\Database\Eloquent\Model) {
+            throw new \InvalidArgumentException('The delete method can only be called from an Eloquent model instance.');
+        }
+
+        // Delete the encrypted attributes using the DnEncryptController
+        $dnEncryptController = app(DnEncryptController::class);
+        $dnEncryptController->deleteEncryptedAttributes($model);
+
+        // Call the parent delete method
+        parent::delete();
+    }
+
+    /**
+     * Restore the model and its encrypted attributes.
+     *
+     * @return void
+     */
+    public function restore(): void
+    {
+        // Get the current model instance the trait is called from
+        $model = $this;
+
+        if (!$model instanceof \Illuminate\Database\Eloquent\Model) {
+            throw new \InvalidArgumentException('The restore method can only be called from an Eloquent model instance.');
+        }
+
+        // Restore the encrypted attributes using the DnEncryptController
+        $dnEncryptController = app(DnEncryptController::class);
+        $dnEncryptController->restoreEncryptedAttributes($model);
+
+        // Call the parent restore method
+        parent::restore();
+    }
+
+    /**
+     * Force delete the model and its encrypted attributes.
+     *
+     * @return void
+     */
+    public function forceDelete(): void
+    {
+        // Get the current model instance the trait is called from
+        $model = $this;
+
+        if (!$model instanceof \Illuminate\Database\Eloquent\Model) {
+            throw new \InvalidArgumentException('The forceDelete method can only be called from an Eloquent model instance.');
+        }
+
+        // Force delete the encrypted attributes using the DnEncryptController
+        $dnEncryptController = app(DnEncryptController::class);
+        $dnEncryptController->forceDeleteEncryptedAttributes($model);
+
+        // Call the parent forceDelete method
+        parent::forceDelete();
+    }
+
+}
