langleyfoxall/laravel-redacted-model

Laravel Redacted Model allows you to easily dynamically omit and redact fields from Laravel Models

1.2.0 2019-02-23 17:48 UTC

This package is auto-updated.

Last update: 2024-11-24 06:17:21 UTC


README

Packagist

Laravel Redacted Model makes it easier to hide or modify fields on a model based on given conditions in order to reduce data leakage in Laravel applications.

Installation

Laravel Redacted Model can be installed using composer. Run the following command in your project.

composer require langleyfoxall/laravel-redacted-model

If you have never used the Composer dependency manager before, head to the Composer website for more information on how to get started.

Usage

To redact fields simply extend RedactedModel in your model and set the redacted variable to an array of the fields you want to protect. By default when accesed these fields will return [Hidden Data].

class SensitiveModel extends RedactedModel
{
	protected $redacted = ['name'];
}

Conditionally redacting data

To conditionally redact fields override shouldRedactField on your model. The name of the field will be passed into this method. This will return true by default until you override it.

Note: Only fields specified in $redacted will be redacted regardless of what's returned from this method.

class SensitiveModel extends RedactedModel
{
	protected $redacted = ['name'];
	
	public function shouldRedactField($key)
	{
		return !\Auth::user()->canSeeSensitiveFields();
	}
}

Changing the default redacted string

To change the message returned you can set the redactedString on your model. This will then be returned instead of [Hidden Data].

class SensitiveModel extends RedactedModel
{
	protected $redacted = ['name'];
	
	protected $redactedString = '[Top Secret]';
}

Hiding fields instead of redacting them

If you want to completely omit the field instead of redacting it you can set the redact variable on your model to false.

Note: If redactKeys is set to true, when the model is serialised the keys of redacted fields will also be omitted.

class SensitiveModel extends RedactedModel
{
	protected $redacted = ['name'];
	
	protected $redact = false;
}

By default the array key of fields that return null and are in the redacted fields list will too be omitted in case the field name is Sensitive. To disable this set $redactKeys to false on your model.

class SensitiveModel extends RedactedModel
{
	protected $redacted = ['name'];
	
	protected $redactKeys = false;
}

Redacted value accessors

Accesors can be used to define the value of specific fields if they're redacted. Redacted value accessors are defined the same way as Laravel Accessors but ending in RedactedValue instead of Accessor.

The original value is passed into the method, this allows you to abstract the value instead of omitting or redacting it.

For example if instead of returning the name from the model you want to only return the first and last letter:

class SensitiveModel extends RedactedModel
{
	protected $redacted = ['name'];
	
	public function getNameRedactedValue($value)
	{
		return subStr($value, 0, 1).'***'.subStr($value, -1 ,1);
	}
	
}

...

$instanceOfRedactedModel->name // Returns K***y instead of Kathryn Janeway

Overriding the default redacted value

By default redacted values will be returned as [Hidden Value] or null depending on the value of $redacted. You can bypass this by overriding defaultRedactedValue on the model.

This is useful if you want to derive the redacted value from the original value, as the field name and original value are passed into it. For example if you want to replace all characters with stars:

class SensitiveModel extends RedactedModel
{
	protected $redacted = ['name'];
	
	public function defaultRedactedValue($key, $value)
	{
		return str_repeat("*", strlen($value)); 
	}
}

...

$instanceOfRedactedModel->name // Returns ********** instead of Section 31

Enabling and disabling protection

If you want to temporarily disable field redaction or omission you can call disableProtection() on the model to disable protection and enableProtection() to re-enable it. This has to be used on a per-instance basis.

class SensitiveModel extends RedactedModel
{
	protected $redacted = ['name'];
}

...

$instanceOfRedactedModel->name // Returns [Hidden Data]

$instanceOfRedactedModel->disableProtection();

$instanceOfRedactedModel->name // Returns Reginald Barclay

Changing the redacted fields

If you want to change or add to the redacted fields of a model after it has been instantiated you can call the setRedacted method on the model.

If you call it with an array as the parameter the redacted variable will be overridden but anything else will be appended to the existing array.