changes for 2.0.0

Author: chr15k

.gitignore

@@ -1,4 +1,5 @@
 .DS_Store
-/vendor
+vendor
 composer.lock
 .phpunit.result.cache
+workbench

CHANGELOG.md

@@ -0,0 +1,13 @@
+## 2.0.0 - 2024-11-05
+
+-   Added new AES key generation command (using sha512 hashing alorithm as per [MySQL encrypt docs](https://dev.mysql.com/doc/refman/8.0/en/encryption-functions.html#function_aes-decrypt))
+-   Refactored validators to implement ValidationRule contract
+-   Automatic decryption when accessing properties on a model
+-   Fixed a bug where encrypted model fields where not being hydrated with decrypted values (i.e. on creation)
+-   Updated MySQL AES_DECRYPT/AES_ENCRYPT queries as per [MySQL encrypt docs](https://dev.mysql.com/doc/refman/8.0/en/encryption-functions.html#function_aes-decrypt)
+-   Updated README with example usage
+-   Discontinued Lumen support as the project has been archived as of Apr 9, 2024
+
+## 1.0.0
+
+-   Initial release

README.md

@@ -1,51 +1,40 @@
-# Laravel/Lumen MySql AES Encrypt/Decrypt
+# Laravel MySql AES Encrypt/Decrypt
 
 [![Latest Stable Version](https://poser.pugx.org/chr15k/laravel-mysql-encrypt/v)](//packagist.org/packages/chr15k/laravel-mysql-encrypt) [![Latest Unstable Version](https://poser.pugx.org/chr15k/laravel-mysql-encrypt/v/unstable)](//packagist.org/packages/chr15k/laravel-mysql-encrypt) [![Total Downloads](https://poser.pugx.org/chr15k/laravel-mysql-encrypt/downloads)](//packagist.org/packages/chr15k/laravel-mysql-encrypt) [![License](https://poser.pugx.org/chr15k/laravel-mysql-encrypt/license)](//packagist.org/packages/chr15k/laravel-mysql-encrypt)
 
-Laravel/Lumen database encryption at database side using native AES_DECRYPT and AES_ENCRYPT functions.
+Laravel MySQL encryption using native MySQL AES_DECRYPT and AES_ENCRYPT functions.
 Automatically encrypt and decrypt fields in your Models.
 
 ## Install
+
 ### 1. Composer
+
 ```bash
 composer require chr15k/laravel-mysql-encrypt
 ```
 
-### 2. Publish config (optional)
-`Laravel`
-```bash
-php artisan vendor:publish --provider="Chr15k\MysqlEncrypt\Providers\LaravelServiceProvider"
-```
+### 2. Publish config
 
-`Lumen`
 ```bash
-mkdir -p config
-cp vendor/chr15k/laravel-mysql-encrypt/config/config.php config/mysql-encrypt.php
+php artisan vendor:publish --provider="Chr15k\MysqlEncrypt\Providers\MysqlEncryptServiceProvider"
 ```
 
-### 3. Configure Provider
-`Laravel`
-- For Laravel 5.5 or later, the service provider is automatically loaded, skip this step.
+### 3. AES Key generation
 
-- For Laravel 5.4 or earlier, add the following to `config/app.php`:
-```php
-'providers' => array(
-    Chr15k\\MysqlEncrypt\\Providers\\LaravelServiceProvider::class
-);
-```
+Add to .env file:
 
-`Lumen`
-- For Lumen, add the following to `bootstrap/app.php`:
-```php
-$app->register(Chr15k\MysqlEncrypt\Providers\LumenServiceProvider::class);
 ```
-
-### 4. Set encryption key in `.env` file
+APP_AESENCRYPT_KEY=
 ```
-APP_AESENCRYPT_KEY=yourencryptionkey
+
+Generate a new secure AES key (or add your existing key manually):
+
+```bash
+php artisan laravel-mysql-encrypt:key:generate
 ```
 
 ## Update Models
+
 ```php
 <?php
 
@@ -68,17 +57,21 @@ class User extends Model
 ```
 
 ## Validators
+
 `unique_encrypted`
+
 ```
-unique_encrypted:<table>,<field(optional)>
+unique_encrypted:<table>,<field(optional)>,<ignore_id(optional)>
 ```
 
 `exists_encrypted`
+
 ```
 exists_encrypted:<table>,<field(optional)>
 ```
 
 ## Scopes
+
 Custom Local scopes available:
 
 `whereEncrypted`
@@ -90,6 +83,7 @@ Custom Local scopes available:
 Global scope `DecryptSelectScope` automatically booted in models using `Encryptable` trait.
 
 ## Schema columns to support encrypted data
+
 ```php
 Schema::create('users', function (Blueprint $table) {
     $table->bigIncrements('id');
@@ -106,5 +100,66 @@ DB::statement('ALTER TABLE `users` ADD `email` VARBINARY(300)');
 DB::statement('ALTER TABLE `users` ADD `telephone` VARBINARY(50)');
 ```
 
+## Example Usage
+
+```php
+<?php
+
+use App\Models\User;
+use Chr15k\MysqlEncrypt\Rules\ExistsEncrypted;
+use Chr15k\MysqlEncrypt\Rules\UniqueEncrypted;
+use Illuminate\Support\Facades\Hash;
+use Illuminate\Support\Facades\Route;
+use Illuminate\Support\Facades\Validator;
+use Illuminate\Support\Str;
+
+Route::get('/', function () {
+
+    $user = User::firstOrCreate([
+        'email' => '[email protected]',
+    ], [
+        'name' => 'Test',
+        'email' => '[email protected]',
+        'email_verified_at' => now(),
+        'password' => Hash::make('password'),
+        'remember_token' => Str::random(10),
+    ]);
+
+    // querying an encrypted value using the base methods will not work (as expected):
+    dump(User::where('name', 'Test')->first()); // => null
+
+    // querying through the encrypted scopes will decrypt the value as expected:
+    dump(
+        User::whereEncrypted('name', 'Test')
+            ->orWhereEncrypted('name', 'Chris')
+            ->first()
+    ); // => App\Models\User
+
+    // Accessing the encrypted attribute on the model will automatically decrypt the value:
+    dump($user->name); // => 'Test'
+
+
+    // Validation rules
+
+    // ExistsEncrypted
+    $validator = Validator::make(['name' => 'Chris'], [
+        'name' => [new ExistsEncrypted('users')],
+    ]);
+    if ($validator->fails()) {
+        dump($validator->errors()->first()); // => "The selected name does not exist"
+    }
+
+    // UniqueEncrypted
+    $validator = Validator::make(['name' => 'Test'], [
+        'name' => [new UniqueEncrypted('users')],
+    ]);
+    if ($validator->fails()) {
+        dump($validator->errors()->first()); // => "The name field must be unique"
+    }
+
+});
+```
+
 ## License
+
 The MIT License (MIT). Please see [License File](https://github.com/chr15k/laravel-mysql-encrypt/blob/master/LICENSE) for more information.

composer.json

@@ -1,13 +1,14 @@
 {
     "name": "chr15k/laravel-mysql-encrypt",
-    "description": "Laravel 5.x | 6.x | 7.x | 8.x Database encryption mysql side",
+    "description": "Laravel database encryption using native MySQL functions",
     "keywords": [
         "laravel",
         "chr15k",
         "mysql",
         "encryption",
         "php",
-        "pii"
+        "pii",
+        "gdpr"
     ],
     "license": "MIT",
     "authors": [
@@ -17,13 +18,15 @@
         }
     ],
     "require": {
-        "php": "^7.2.5",
-        "illuminate/support": "^5.0|^6.0|^7.0|^8.0",
-        "illuminate/database": "^5.0|^6.0|^7.0|^8.0"
+        "php": "^8.0",
+        "illuminate/support": "^8.0|^9.0|^10.0|^11.0",
+        "illuminate/database": "^8.0|^9.0|^10.0|^11.0",
+        "illuminate/console": "^8.0|^9.0|^10.0|^11.0",
+        "illuminate/contracts": "^8.0|^9.0|^10.0|^11.0"
     },
     "autoload": {
         "psr-4": {
-            "Chr15k\\MysqlEncrypt\\": "src/"
+            "Chr15k\\MysqlEncrypt\\": "src"
         },
         "files": [
             "src/helpers.php"
@@ -35,7 +38,7 @@
     "extra": {
         "laravel": {
             "providers": [
-                "Chr15k\\MysqlEncrypt\\Providers\\LaravelServiceProvider"
+                "Chr15k\\MysqlEncrypt\\Providers\\MysqlEncryptServiceProvider"
             ]
         }
     },

src/Commands/AesKeyGenerateCommand.php

@@ -0,0 +1,112 @@
+<?php
+
+namespace Chr15k\MysqlEncrypt\Commands;
+
+use Illuminate\Console\Command;
+use Illuminate\Console\ConfirmableTrait;
+use Illuminate\Support\Facades\Validator;
+use Illuminate\Support\Str;
+use Symfony\Component\Console\Attribute\AsCommand;
+
+#[AsCommand(name: 'laravel-mysql-encrypt:key:generate')]
+class AesKeyGenerateCommand extends Command
+{
+    use ConfirmableTrait;
+
+    protected $signature = 'laravel-mysql-encrypt:key:generate';
+
+    protected $description = 'Generate secure AES Key hash';
+
+    /** @see https://dev.mysql.com/doc/refman/8.0/en/encryption-functions.html#function_aes-decrypt */
+    const HASHING_ALGORITHM = 'sha512';
+
+    /**
+     * Execute the console command.
+     */
+    public function handle()
+    {
+        do {
+            $passphrase = $this->secret('Passphrase?');
+
+            $validator = Validator::make(['passphrase' => $passphrase], [
+                'passphrase' => 'required|min:3|max:255',
+            ]);
+
+            if ($validator->fails()) {
+                $this->error($validator->errors()->first());
+            }
+        } while ($validator->fails());
+
+        $key = hash(self::HASHING_ALGORITHM, $passphrase);
+
+        if (! $this->setKeyInEnvironmentFile($key)) {
+            return Command::FAILURE;
+        }
+
+        $this->laravel['config']['mysql-encrypt.key'] = $key;
+
+        $this->info('AES key set successfully.');
+
+        return Command::SUCCESS;
+    }
+
+    /**
+     * Set the application key in the environment file.
+     */
+    protected function setKeyInEnvironmentFile(string $key): bool
+    {
+        $currentKey = $this->laravel['config']['mysql-encrypt.key'];
+
+        if (strlen($currentKey) !== 0 && (! $this->confirmToProceed())) {
+            return false;
+        }
+
+        if (! $this->writeNewEnvironmentFileWith($key)) {
+            return false;
+        }
+
+        return true;
+    }
+
+    /**
+     * Write a new environment file with the given key.
+     */
+    protected function writeNewEnvironmentFileWith(string $key): bool
+    {
+        $replaced = preg_replace(
+            $this->keyReplacementPattern(),
+            'APP_AESENCRYPT_KEY='.$key,
+            $input = file_get_contents($this->laravel->environmentFilePath())
+        );
+
+        $exists = Str::contains($replaced, 'APP_AESENCRYPT_KEY=');
+        $error = 'Unable to set application key.';
+
+        if ($exists && $input === $replaced) {
+            $this->comment($error.' No change detected for APP_AESENCRYPT_KEY in the .env file, skipping...');
+
+            return false;
+        }
+
+        if (is_null($replaced) || ! $exists) {
+            $this->error($error.' No APP_AESENCRYPT_KEY variable was found in the .env file.');
+
+            return false;
+        }
+
+        file_put_contents($this->laravel->environmentFilePath(), $replaced);
+
+        return true;
+    }
+
+    /**
+     * Get a regex pattern that will match env APP_AESENCRYPT_KEY with any random key.
+     */
+    protected function keyReplacementPattern(): string
+    {
+        return sprintf(
+            '/^APP_AESENCRYPT_KEY%s/m',
+            preg_quote('='.$this->laravel['config']['mysql-encrypt.key'], '/')
+        );
+    }
+}