add validators and local scopes

Author: chr15k

README.md

@@ -2,7 +2,7 @@
 
 [![Latest Stable Version](https://poser.pugx.org/chr15k/laravel-mysql-encrypt/v)](//packagist.org/packages/chr15k/laravel-mysql-encrypt) [![Latest Unstable Version](https://poser.pugx.org/chr15k/laravel-mysql-encrypt/v/unstable)](//packagist.org/packages/chr15k/laravel-mysql-encrypt) [![Total Downloads](https://poser.pugx.org/chr15k/laravel-mysql-encrypt/downloads)](//packagist.org/packages/chr15k/laravel-mysql-encrypt) [![License](https://poser.pugx.org/chr15k/laravel-mysql-encrypt/license)](//packagist.org/packages/chr15k/laravel-mysql-encrypt)
 
-Laravel database encryption at database side using native AES_DECRYPT and AES_ENCRYPT functions.
+Laravel/Lumen database encryption at database side using native AES_DECRYPT and AES_ENCRYPT functions.
 Automatically encrypt and decrypt fields in your Models.
 
 ## Install
@@ -16,13 +16,20 @@ composer require chr15k/laravel-mysql-encrypt
 php artisan vendor:publish --provider="Chr15k\MysqlEncrypt\MysqlEncryptServiceProvider"
 ```
 
-### 3. Configure Provider (Laravel 5.4 or earlier)
-For Laravel 5.4 or earlier, you'll need to add the following to config/app.php:
+### 3. Configure Provider
+For Laravel 5.5 or later then the service provider is automatically loaded.
+
+For Laravel 5.4 or earlier, you'll need to add the following to `config/app.php`:
 
 ```php
 'providers' => array(
     Chr15k\\MysqlEncrypt\\MysqlEncryptServiceProvider::class
-)
+);
+```
+
+For Lumen, add the following to `bootstrap/app.php`:
+```php
+$app->register(Chr15k\MysqlEncrypt\Providers\LumenServiceProvider::class);
 ```
 
 ### 4. Set encryption key in `.env` file
@@ -52,6 +59,28 @@ class User extends Model
 }
 ```
 
+## Validators
+`unique_encrypted`
+```
+unique_encrypted:<table>,<field(optional)>
+```
+
+`exists_encrypted`
+```
+exists_encrypted:<table>,<field(optional)>
+```
+
+## Scopes
+Custom Local scopes available:
+
+- whereEncrypted
+- whereNotEncrypted
+- orWhereEncrypted
+- orWhereNotEncrypted
+- orderByEncrypted
+
+Global scope `DecryptSelectScope` automatically booted in models using `Encryptable` trait.
+
 ## Schema columns to support encrypted data
 ```php
 Schema::create('users', function (Blueprint $table) {
@@ -69,11 +98,5 @@ DB::statement('ALTER TABLE `users` ADD `email` VARBINARY(300)');
 DB::statement('ALTER TABLE `users` ADD `telephone` VARBINARY(50)');
 ```
 
-## Lumen support
-Add the following to `bootstrap/app.php`:
-```php
-$app->register(Chr15k\MysqlEncrypt\Providers\LumenServiceProvider::class);
-```
-
 ## License
 The MIT License (MIT). Please see [License File](https://github.com/chr15k/laravel-mysql-encrypt/blob/master/LICENSE) for more information.

src/Providers/LaravelServiceProvider.php

@@ -2,10 +2,18 @@
 
 namespace Chr15k\MysqlEncrypt\Providers;
 
+use PDOException;
+use InvalidArgumentException;
+use Illuminate\Support\Facades\DB;
+use Illuminate\Support\Facades\Schema;
+use Illuminate\Support\Facades\Validator;
 use Illuminate\Support\ServiceProvider;
+use Chr15k\MysqlEncrypt\Traits\ValidatesEncrypted;
 
 class LaravelServiceProvider extends ServiceProvider
 {
+    use ValidatesEncrypted;
+
     /**
      * {@inheritdoc}
      */
@@ -14,6 +22,8 @@ public function boot()
         $this->publishes([
             __DIR__.'/../config/config.php' => config_path('mysql-encrypt.php'),
         ], 'config');
+
+        $this->addValidators();
     }
 
     /**

src/Providers/LumenServiceProvider.php

@@ -2,10 +2,18 @@
 
 namespace Chr15k\MysqlEncrypt\Providers;
 
+use PDOException;
+use InvalidArgumentException;
+use Illuminate\Support\Facades\DB;
+use Illuminate\Support\Facades\Schema;
+use Illuminate\Support\Facades\Validator;
 use Illuminate\Support\ServiceProvider;
+use Chr15k\MysqlEncrypt\Traits\ValidatesEncrypted;
 
 class LumenServiceProvider extends ServiceProvider
 {
+    use ValidatesEncrypted;
+
     /**
      * {@inheritdoc}
      */
@@ -16,5 +24,7 @@ public function boot()
         $path = realpath(__DIR__.'/../../config/config.php');
 
         $this->mergeConfigFrom($path, 'mysql-encrypt');
+
+        $this->addValidators();
     }
 }

src/Traits/Encryptable.php

@@ -37,4 +37,79 @@ public function encryptable(): array
     {
         return $this->encryptable ?? [];
     }
+
+   /**
+     * where for encrypted columns
+     *
+     * @param $query
+     * @param $column
+     * @param $value
+     *
+     * @return mixed
+     */
+    public function scopeWhereEncrypted($query, $column, $value)
+    {
+        /** @var Builder $query */
+        return $query->whereRaw(db_decrypt_string($column, $value));
+    }
+
+    /**
+     * where not for encrypted columns
+     *
+     * @param $query
+     * @param $column
+     * @param $value
+     *
+     * @return mixed
+     */
+    public function scopeWhereNotEncrypted($query, $column, $value)
+    {
+        /** @var Builder $query */
+        return $query->whereRaw(db_decrypt_string($column, $value, 'NOT LIKE'));
+    }
+
+    /**
+     * orWhere for encrypted columns
+     *
+     * @param $query
+     * @param $column
+     * @param $value
+     *
+     * @return mixed
+     */
+    public function scopeOrWhereEncrypted($query, $column, $value)
+    {
+        /** @var Builder $query */
+        return $query->orWhereRaw(db_decrypt_string($column, $value));
+    }
+
+    /**
+     * orWhere not for encrypted columns
+     *
+     * @param $query
+     * @param $column
+     * @param $value
+     *
+     * @return mixed
+     */
+    public function scopeOrWhereNotEncrypted($query, $column, $value)
+    {
+        /** @var Builder $query */
+        return $query->orWhereRaw(db_decrypt_string($column, $value, 'NOT LIKE'));
+    }
+
+    /**
+     * orderBy for encrypted columns
+     *
+     * @param $query
+     * @param $column
+     * @param $direction
+     *
+     * @return mixed
+     */
+    public function scopeOrderByEncrypted($query, $column, $direction)
+    {
+        /** @var Builder $query */
+        return $query->orderByRaw(db_decrypt_string($column, $direction, ''));
+    }
 }

src/Traits/ValidatesEncrypted.php

@@ -0,0 +1,79 @@
+<?php
+
+namespace Chr15k\MysqlEncrypt\Traits;
+
+use PDOException;
+use InvalidArgumentException;
+use Illuminate\Support\Facades\DB;
+use Illuminate\Support\Facades\Schema;
+use Illuminate\Support\Facades\Validator;
+
+trait ValidatesEncrypted
+{
+ /**
+     * Validators.
+     *
+     * @return void
+     */
+    public function addValidators()
+    {
+        Validator::extend('unique_encrypted', function ($attribute, $value, array $parameters) {
+
+            $this->requireParameterCount(1, $parameters, 'unique_encrypted');
+
+            $this->requireTableExists($parameters[0]);
+
+            $field = isset($parameters[1]) ? $parameters[1] : $attribute;
+            $ignore = isset($parameters[2]) ? $parameters[2] : null;
+
+            $items = DB::select("SELECT count(*) as aggregate FROM `".$parameters[0]."` WHERE AES_DECRYPT(`".$field."`, '".config("app.key")."') LIKE '".$value."' COLLATE utf8mb4_general_ci".($ignore ? " AND id != ".$ignore : ''));
+
+            return $items[0]->aggregate === 0;
+        });
+
+        Validator::extend('exists_encrypted', function ($attribute, $value, array $parameters) {
+
+            $this->requireParameterCount(1, $parameters, 'exists_encrypted');
+
+            $this->requireTableExists($parameters[0]);
+
+            $field = isset($parameters[1]) ? $parameters[1] : $attribute;
+
+            $items = DB::select("SELECT count(*) as aggregate FROM `".$parameters[0]."` WHERE AES_DECRYPT(`".$field."`, '".config("app.key")."') LIKE '".$value."' COLLATE utf8mb4_general_ci");
+
+            return $items[0]->aggregate > 0;
+        });
+    }
+
+    /**
+     * Require a certain number of parameters to be present.
+     *
+     * @param  int    $count
+     * @param  array  $parameters
+     * @param  string $rule
+     * @return void
+     *
+     * @throws \InvalidArgumentException
+     */
+    public function requireParameterCount($count, $parameters, $rule)
+    {
+        if (count($parameters) < $count) {
+            throw new InvalidArgumentException("Validation rule $rule requires at least $count parameters.");
+        }
+    }
+
+    /**
+     * The table must exist.
+     *
+     * @param  string  $table
+     * @return void
+     *
+     * @throws PDOException
+     */
+    public function requireTableExists($table)
+    {
+        if (! Schema::hasTable($table)) {
+            throw new PDOException("Table $table not found.");
+        }
+    }
+}

src/helpers.php

@@ -31,3 +31,19 @@ function db_decrypt($column)
         return DB::raw("AES_DECRYPT({$column}, '{$key}') AS '{$column}'");
     }
 }
+
+
+if (! function_exists('db_decrypt_string')) {
+    /**
+     * Decrpyt value.
+     *
+     * @param  string  $column
+     * @param  string  $value
+     * @param  string  $operator
+     * @return string
+     */
+    function db_decrypt_string($column, $value, $operator = 'LIKE')
+    {
+        return 'AES_DECRYPT('.$column.', "'.config("mysql-encrypt.key").'") "'.$operator.'" "'.$value.'" COLLATE utf8mb4_general_ci';
+    }
+}