jeckel/eloquent-signature

Signature trait to manage a signature field in models

eloquent-signature

Add a signature integrity check in your Eloquent model, _(*1)

Installation

To get started, install secure-eloquent via Composer:, _(*2)

composer require jeckel/eloquent-signature

Next add the HasSignature trait and the Signable interface to your model, _(*3)

<?php
namespace App;

use Jeckel\EloquentSignature\HasSignature;
use Jeckel\EloquentSignature\Signable;
use Illuminate\Database\Eloquent\Model;

class User extends Model implements Signable
{
    use HasSignature;

    /**
     * Required 
     */
    protected static $signatureProperties = ['login', 'email', 'password'];

    /**
     * Required   
     */
    protected static $signatureSalt = 'MySalt';

    /**
     * Optional (default: 'signature')  
     */
    protected $signatureFieldName = 'signature';

    /**
     * Optional (default: false) 
     */
    protected $throwExceptionOnRetrieve = false;
}

Field description :, _(*4)

• signatureProperties: fields which will be include in the signature check, if any of this field is updated without updating the model will cause an integrity check error
• signatureSalt: String to include in the signature calculation
• signatureFieldName: name of the field in your model where the calculated signature will be stored
• throwExceptionOnRetrieve: if set to true, all find queries will throw an exception if the signature retrieved is invalid. Using this options is more secure but need some implementation on your side to handle this exception.

Methods :, _(*5)

• checkSignatureIsValid: allow you to check the signature when you need in your code.