CakePHP 3中表单字段的加密/解密

时间:2015-08-27 22:07:34

标签: php cakephp cakephp-3.0

我希望在添加/编辑时加密一些表单字段,并在通过蛋糕查找时解密。 以下是在v2.7.2中适用于我的代码:

core.php

Configure::write('Security.key','secretkey');

应用程序/模型/ patient.php。

public $encryptedFields = array('patient_surname', 'patient_first_name');

public function beforeSave($options = array()) {
    foreach($this->encryptedFields as $fieldName){
        if(!empty($this->data[$this->alias][$fieldName])){
            $this->data[$this->alias][$fieldName] = Security::encrypt(
                $this->data[$this->alias][$fieldName],
                Configure::read('Security.key')
            );
        }
    }
    return true;
}

public function afterFind($results, $primary = false) {

    foreach ($results as $key => $val) {
        foreach($this->encryptedFields as $fieldName) {
            if (@is_array($results[$key][$this->alias])) {
                $results[$key][$this->alias][$fieldName] = Security::decrypt(
                    $results[$key][$this->alias][$fieldName],
                    Configure::read('Security.key')
                );
            }
        }
    }
    return $results;
}

据我了解,我必须用模型的生成实体和虚拟字段的afterFind方法替换$ this-> data [],但我不能将它们全部放在一起。

2 个答案:

答案 0 :(得分:10)

解决此问题的方法不止一种(请注意,以下代码是未经测试的示例代码!在使用任何此类代码之前,您应首先掌握新的基础知识。)

自定义数据库类型

一种是自定义数据库类型,它在将值绑定到数据库语句时进行加密,并在获取结果时进行解密。这是我更喜欢的选项。

这是一个简单的例子,假设db列可以保存二进制数据。

<强>的src /数据库/类型/ CryptedType.php

这应该是自我解释,在转换为数据库时加密,在转换为PHP时解密。

<?php
namespace App\Database\Type;

use Cake\Database\Driver;
use Cake\Database\Type;
use Cake\Utility\Security;

class CryptedType extends Type
{
    public function toDatabase($value, Driver $driver)
    {
        return Security::encrypt($value, Security::salt());
    }

    public function toPHP($value, Driver $driver)
    {
        if ($value === null) {
            return null;
        }
        return Security::decrypt($value, Security::salt());
    }
}

<强> SRC /配置/ bootstrap.php中

注册自定义类型。

use Cake\Database\Type;
Type::map('crypted', 'App\Database\Type\CryptedType');

<强>的src /型号/表/ PatientsTable.php

最后将加密列映射到已注册的类型,从现在开始将其自动处理。

// ...

use Cake\Database\Schema\Table as Schema;

class PatientsTable extends Table
{
    // ...

    protected function _initializeSchema(Schema $table)
    {
        $table->columnType('patient_surname', 'crypted');
        $table->columnType('patient_first_name', 'crypted');
        return $table;
    }

    // ...
}

参见 Cookbook > Database Access & ORM > Database Basics > Adding Custom Types

beforeSave和结果格式化程序

一种不太干燥和紧密的耦合方法,基本上是2.x代码的端口,将使用beforeSave回调/事件和结果格式化程序。例如,结果格式化程序可以附加在beforeFind事件/回调中。

beforeSave中设置/获取传递的实体实例的值,您可以使用Entity::has()Entity::get()Entity::set(),甚至可以使用数组访问权限实体实施ArrayAccess

结果格式化程序基本上是一个after find钩子,您可以使用它轻松迭代结果并修改它们。

这是一个基本的例子,不需要进一步的出版:

// ...

use Cake\Event\Event;
use Cake\ORM\Query;

class PatientsTable extends Table
{
    // ...

    public $encryptedFields = [
        'patient_surname',
        'patient_first_name'
    ];

    public function beforeSave(Event $event, Entity $entity, \ArrayObject $options)
    {
        foreach($this->encryptedFields as $fieldName) {
            if($entity->has($fieldName)) {
                $entity->set(
                    $fieldName,
                    Security::encrypt($entity->get($fieldName), Security::salt())
                );
            }
        }
        return true;
    }

    public function beforeFind(Event $event, Query $query, \ArrayObject $options, boolean $primary)
    {
        $query->formatResults(
            function ($results) {
                /* @var $results \Cake\Datasource\ResultSetInterface|\Cake\Collection\CollectionInterface */
                return $results->map(function ($row) {
                    /* @var $row array|\Cake\DataSource\EntityInterface */

                    foreach($this->encryptedFields as $fieldName) {
                        if(isset($row[$fieldName])) {
                            $row[$fieldName] = Security::decrypt($row[$fieldName], Security::salt());
                        }
                    }

                    return $row;
                });
            }
        );  
    }

    // ...
}

另见

答案 1 :(得分:0)

编辑:@npm对虚拟属性不起作用是正确的。现在,我对自己的回答很生气。在我发布之前,我没有检查它是正确的。

为了使其正确,我已经使用behaviors实现了一个版本,以便在读取字段时对其进行解密,并在将字段写入数据库时​​对其进行加密。

注意:此代码目前不包含任何自定义查找程序,因此不支持通过加密字段进行搜索。

例如。

$this->Patient->findByPatientFirstname('bob'); // this will not work

<强>行为

/src/Model/Behavior/EncryptBehavior.php

<?php
/**
 * 
 */
namespace Cake\ORM\Behavior;

use ArrayObject;
use Cake\Collection\Collection;
use Cake\Datasource\EntityInterface;
use Cake\Datasource\ResultSetInterface;
use Cake\Event\Event;
use Cake\ORM\Behavior;
use Cake\ORM\Entity;
use Cake\ORM\Query;
use Cake\ORM\Table;
use Cake\ORM\TableRegistry;
use Cake\Utility\Inflector;
use Cake\Utility\Security;
use Cake\Log\Log;

/**
 * Encrypt Behavior
 */
class EncryptBehavior extends Behavior
{
    /**
     * Default config
     *
     * These are merged with user-provided configuration when the behavior is used.
     *
     * @var array
     */
    protected $_defaultConfig = [
        'key' => 'YOUR_KEY_KERE', /* set them in the EntityTable, not here */
        'fields' => []
    ];


    /**
     * Before save listener.
     * Transparently manages setting the lft and rght fields if the parent field is
     * included in the parameters to be saved.
     *
     * @param \Cake\Event\Event $event The beforeSave event that was fired
     * @param \Cake\ORM\Entity $entity the entity that is going to be saved
     * @return void
     * @throws \RuntimeException if the parent to set for the node is invalid
     */
    public function beforeSave(Event $event, Entity $entity)
    {

        $isNew = $entity->isNew();
        $config = $this->config();


        $values = $entity->extract($config['fields'], true);
        $fields = array_keys($values);
        $securityKey = $config['key'];

        foreach($fields as $field){ 
            if( isset($values[$field]) && !empty($values[$field]) ){
                $entity->set($field, Security::encrypt($values[$field], $securityKey));
            }
        }
    }

    /**
     * Callback method that listens to the `beforeFind` event in the bound
     * table. It modifies the passed query
     *
     * @param \Cake\Event\Event $event The beforeFind event that was fired.
     * @param \Cake\ORM\Query $query Query
     * @param \ArrayObject $options The options for the query
     * @return void
     */
    public function beforeFind(Event $event, Query $query, $options)
    {
        $query->formatResults(function ($results){
            return $this->_rowMapper($results);
        }, $query::PREPEND);
    }

    /**
     * Modifies the results from a table find in order to merge the decrypted fields
     * into the results.
     *
     * @param \Cake\Datasource\ResultSetInterface $results Results to map.
     * @return \Cake\Collection\Collection
     */
    protected function _rowMapper($results)
    {
        return $results->map(function ($row) {
            if ($row === null) {
                return $row;
            }
            $hydrated = !is_array($row);

            $fields = $this->_config['fields'];
            $key = $this->_config['key'];
            foreach ($fields as $field) {
                $row[$field] = Security::decrypt($row[$field], $key);
            }

            if ($hydrated) {
                $row->clean();
            }

            return $row;
        });
    }
}

表格

/src/Model/Table/PatientsTable.php

<?php
namespace App\Model\Table;

use App\Model\Entity\Patient;
use Cake\ORM\Query;
use Cake\ORM\RulesChecker;
use Cake\ORM\Table;
use Cake\Validation\Validator;
use Cake\Core\Configure;

/**
 * Patients Model
 *
 */
class PatientsTable extends Table
{

    /**
     * Initialize method
     *
     * @param array $config The configuration for the Table.
     * @return void
     */
    public function initialize(array $config)
    {
        parent::initialize($config);

        $this->table('patients');
        $this->displayField('id');
        $this->primaryKey('id');

        // will encrypt these fields automatically
        $this->addBehavior('Encrypt',[
            'key' => Configure::read('Security.key'),
            'fields' => [
                'patient_surname',
                'patient_firstname'
            ]
        ]);

    }
}

我感到痛苦。 cakephp 3中的ORM层与cake2完全不同。他们将实体模型和表ORM分成两个不同的类,并且afterFind已被删除。我会看一下使用虚拟属性。我认为它可能适合您的用例。

以下示例。

<?php

namespace App\Model\Entity;

use Cake\ORM\Entity;
use Cake\Utility\Security;
use Cake\Core\Configure;

class Patient extends Entity
{

    protected function _setPatientSurname($str)
    {
        $this->set('patient_surname', Security::encrypt($str, Configure::read('Security.key'));
    }

    protected function _setPatientFirstname($str)
    {
        $this->set('patient_firstname', Security::encrypt($str, Configure::read('Security.key'));
    }

    protected function _getPatientSurname()
    {
        return Security::decrypt($this->patient_surname, Configure::read('Security.key'));
    }

    protected function _getPatientFirstname()
    {
        return Security::decrypt($this->patient_first_name, Configure::read('Security.key'));
    }

}