CakePHP 3中表单字段的加密/解密

t9aqgxwy  于 2022-11-11  发布在  PHP
关注(0)|答案(2)|浏览(166)

我希望在添加/编辑表单字段时对它们进行加密,在通过cake查找时对它们进行解密。下面是在v2.7.2中对我有效的代码:

core.php

Configure::write('Security.key','secretkey');

应用程序/模型/患者. php。

public $encryptedFields = array('patient_surname', 'patient_first_name');

public function beforeSave($options = array()) {
    foreach($this->encryptedFields as $fieldName){
        if(!empty($this->data[$this->alias][$fieldName])){
            $this->data[$this->alias][$fieldName] = Security::encrypt(
                $this->data[$this->alias][$fieldName],
                Configure::read('Security.key')
            );
        }
    }
    return true;
}

public function afterFind($results, $primary = false) {

    foreach ($results as $key => $val) {
        foreach($this->encryptedFields as $fieldName) {
            if (@is_array($results[$key][$this->alias])) {
                $results[$key][$this->alias][$fieldName] = Security::decrypt(
                    $results[$key][$this->alias][$fieldName],
                    Configure::read('Security.key')
                );
            }
        }
    }
    return $results;
}

据我所知,我必须用为模型生成的实体替换$this-〉data[],用虚字段替换afterFind方法,但我就是不能把它们放在一起。

cakephp

2条答案

按热度按时间
v64noz0r

v64noz0r1#

解决这个问题的方法不止一种(请注意,下面的代码是未经测试的示例代码!在使用这些代码之前,您应该先掌握一些新的基础知识)。

自定义数据库类型

一种是自定义数据库类型,它在将值绑定到数据库语句时进行加密,在获取结果时进行解密。
下面是一个简单的示例,假设db列可以保存二进制数据。

源代码/数据库/类型/加密类型.php

这应该是相当自我解释的,当转换到数据库时加密,当转换到PHP时解密。

<?php
namespace App\Database\Type;

use Cake\Database\Driver;
use Cake\Database\Type;
use Cake\Utility\Security;

class CryptedType extends Type
{
    public function toDatabase($value, Driver $driver)
    {
        return Security::encrypt($value, Security::getSalt());
    }

    public function toPHP($value, Driver $driver)
    {
        if ($value === null) {
            return null;
        }
        return Security::decrypt($value, Security::getSalt());
    }
}

源代码/配置/引导程序.php

注册自定义类型。

use Cake\Database\Type;
Type::map('crypted', 'App\Database\Type\CryptedType');

源代码/模型/表/患者表.php

最后,将可加密列Map到已注册的类型,就这样,从现在开始,一切都将自动处理。

// ...

use Cake\Database\Schema\Table as Schema;

class PatientsTable extends Table
{
    // ...

    protected function _initializeSchema(Schema $table)
    {
        $table->setColumnType('patient_surname', 'crypted');
        $table->setColumnType('patient_first_name', 'crypted');
        return $table;
    }

    // ...
}

请参阅操作手册〉数据库访问和ORM〉数据库基础知识〉添加自定义类型

beforeSave和结果格式化程序

一个不那么枯燥和紧密耦合的方法,基本上是2.x代码的一个移植,是使用beforeSave回调/事件,和一个结果格式化程序。例如,结果格式化程序可以附加在beforeFind事件/回调中。
beforeSave中,只需向/从传递的实体示例设置/获取值,您可以使用Entity::has()Entity::get()Entity::set(),甚至使用数组访问,因为实体实现了ArrayAccess
结果格式化程序基本上是一个after find挂钩,您可以使用它轻松地迭代结果,并修改它们。
这里有一个基本的例子,不需要做更多的解释:

// ...

use Cake\Event\Event;
use Cake\ORM\Query;

class PatientsTable extends Table
{
    // ...

    public $encryptedFields = [
        'patient_surname',
        'patient_first_name'
    ];

    public function beforeSave(Event $event, Entity $entity, \ArrayObject $options)
    {
        foreach($this->encryptedFields as $fieldName) {
            if($entity->has($fieldName)) {
                $entity->set(
                    $fieldName,
                    Security::encrypt($entity->get($fieldName), Security::getSalt())
                );
            }
        }
        return true;
    }

    public function beforeFind(Event $event, Query $query, \ArrayObject $options, boolean $primary)
    {
        $query->formatResults(
            function ($results) {
                /* @var $results \Cake\Datasource\ResultSetInterface|\Cake\Collection\CollectionInterface */
                return $results->map(function ($row) {
                    /* @var $row array|\Cake\DataSource\EntityInterface */

                    foreach($this->encryptedFields as $fieldName) {
                        if(isset($row[$fieldName])) {
                            $row[$fieldName] = Security::decrypt($row[$fieldName], Security::getSalt());
                        }
                    }

                    return $row;
                });
            }
        );  
    }

    // ...
}

为了将其稍微分离,您还可以将其移动到一个行为中,以便可以在多个模型之间轻松共享。
另请参阅

*Cookbook〉数据库访问和ORM〉数据库基础知识〉添加自定义类型
*Cookbook〉数据库访问和ORM〉查询生成器〉添加计算字段
*Cookbook〉教程和示例〉书签教程第2部分〉持久化标记字符串

赞(0)分享  回复(0)举报  2022-11-11
dxpyg8gm

dxpyg8gm2#

编辑:@npm关于虚拟属性不起作用的说法是正确的。现在我对自己给了一个糟糕的答案感到愤怒。活该我在发帖前没有检查它。
为了使它正确,我实现了一个使用behaviors的版本,在读取字段时对其进行解密,在将字段写入数据库时对其进行加密。
注意:此代码当前不包含任何自定义查找器,因此它不支持按加密字段进行搜索。
例如

$this->Patient->findByPatientFirstname('bob'); // this will not work

行为

/src/Model/Behavior/EncryptBehavior.php

<?php
/**
 * 
 */
namespace Cake\ORM\Behavior;

use ArrayObject;
use Cake\Collection\Collection;
use Cake\Datasource\EntityInterface;
use Cake\Datasource\ResultSetInterface;
use Cake\Event\Event;
use Cake\ORM\Behavior;
use Cake\ORM\Entity;
use Cake\ORM\Query;
use Cake\ORM\Table;
use Cake\ORM\TableRegistry;
use Cake\Utility\Inflector;
use Cake\Utility\Security;
use Cake\Log\Log;

/**
 * Encrypt Behavior
 */
class EncryptBehavior extends Behavior
{
    /**
     * Default config
     *
     * These are merged with user-provided configuration when the behavior is used.
     *
     * @var array
     */
    protected $_defaultConfig = [
        'key' => 'YOUR_KEY_KERE', /* set them in the EntityTable, not here */
        'fields' => []
    ];

    /**
     * Before save listener.
     * Transparently manages setting the lft and rght fields if the parent field is
     * included in the parameters to be saved.
     *
     * @param \Cake\Event\Event $event The beforeSave event that was fired
     * @param \Cake\ORM\Entity $entity the entity that is going to be saved
     * @return void
     * @throws \RuntimeException if the parent to set for the node is invalid
     */
    public function beforeSave(Event $event, Entity $entity)
    {

        $isNew = $entity->isNew();
        $config = $this->config();

        $values = $entity->extract($config['fields'], true);
        $fields = array_keys($values);
        $securityKey = $config['key'];

        foreach($fields as $field){ 
            if( isset($values[$field]) && !empty($values[$field]) ){
                $entity->set($field, Security::encrypt($values[$field], $securityKey));
            }
        }
    }

    /**
     * Callback method that listens to the `beforeFind` event in the bound
     * table. It modifies the passed query
     *
     * @param \Cake\Event\Event $event The beforeFind event that was fired.
     * @param \Cake\ORM\Query $query Query
     * @param \ArrayObject $options The options for the query
     * @return void
     */
    public function beforeFind(Event $event, Query $query, $options)
    {
        $query->formatResults(function ($results){
            return $this->_rowMapper($results);
        }, $query::PREPEND);
    }

    /**
     * Modifies the results from a table find in order to merge the decrypted fields
     * into the results.
     *
     * @param \Cake\Datasource\ResultSetInterface $results Results to map.
     * @return \Cake\Collection\Collection
     */
    protected function _rowMapper($results)
    {
        return $results->map(function ($row) {
            if ($row === null) {
                return $row;
            }
            $hydrated = !is_array($row);

            $fields = $this->_config['fields'];
            $key = $this->_config['key'];
            foreach ($fields as $field) {
                $row[$field] = Security::decrypt($row[$field], $key);
            }

            if ($hydrated) {
                $row->clean();
            }

            return $row;
        });
    }
}

表格

/src/Model/Table/PatientsTable.php

<?php
namespace App\Model\Table;

use App\Model\Entity\Patient;
use Cake\ORM\Query;
use Cake\ORM\RulesChecker;
use Cake\ORM\Table;
use Cake\Validation\Validator;
use Cake\Core\Configure;

/**
 * Patients Model
 *
 */
class PatientsTable extends Table
{

    /**
     * Initialize method
     *
     * @param array $config The configuration for the Table.
     * @return void
     */
    public function initialize(array $config)
    {
        parent::initialize($config);

        $this->table('patients');
        $this->displayField('id');
        $this->primaryKey('id');

        // will encrypt these fields automatically
        $this->addBehavior('Encrypt',[
            'key' => Configure::read('Security.key'),
            'fields' => [
                'patient_surname',
                'patient_firstname'
            ]
        ]);

    }
}

我理解你的痛苦。cakephp 3中的ORM层与cake 2有根本的不同。他们将实体模型和表ORM分成两个不同的类,并且afterFind已经被删除。我会考虑使用虚拟属性。我认为它可能适合你的用例。
示例如下。

<?php

namespace App\Model\Entity;

use Cake\ORM\Entity;
use Cake\Utility\Security;
use Cake\Core\Configure;

class Patient extends Entity
{

    protected function _setPatientSurname($str)
    {
        $this->set('patient_surname', Security::encrypt($str, Configure::read('Security.key'));
    }

    protected function _setPatientFirstname($str)
    {
        $this->set('patient_firstname', Security::encrypt($str, Configure::read('Security.key'));
    }

    protected function _getPatientSurname()
    {
        return Security::decrypt($this->patient_surname, Configure::read('Security.key'));
    }

    protected function _getPatientFirstname()
    {
        return Security::decrypt($this->patient_first_name, Configure::read('Security.key'));
    }

}
赞(0)分享  回复(0)举报  2022-11-11
我来回答

相关问题

    查看更多

    热门标签

    更多
    JavaquerypythonNode开发语言requestUtil数据库Table后端算法LoggerMessageElementParser

    最新问答

    更多
    • 蜀ICP备2022004421号-2 NULL123 https://www.null123.com © All rights reserved
    • 本站内容来源互联网,如果侵犯您的权益请联系我们删除, 联系方式:448109455@qq.com