Posted on by mike

Job Encryption in Laravel

Job Encryption in Laravel

https://ift.tt/3jlYQ0f


Consider this job:

class VerifyUser implements ShouldQueue
{
    private $user;
    private $socialSecurityNumber;

    public function __construct($user, $socialSecurityNumber)
    {
        $this->user = $user;
        $this->socialSecurityNumber = $socialSecurityNumber;
    }
}

When you dispatch this job, Laravel is going to serialize it so that it can be persisted in the queue store. Let’s take a look at how the final form will look like in the store:

VerifyUser::dispatch($user, '45678AB90');

{
   "uuid":"765434b3-8251-469f-8d9b-199c89407346",
   // ...
   "data":{
      "commandName":"App\\Jobs\\VerifyUser",
      "command":"O:16:\"App\\Jobs\\VerifyUser\":12:{s:22:\"\u0000App\\Jobs\\VerifyUser\u0000user\";N;s:38:\"\u0000App\\Jobs\\VerifyUser\u0000
socialSecurityNumber\";s:9:\"45678AB90\";s:3:\"job\";N;s:10:\"connection\";N;s:5:
\"queue\";N;s:15:\"chainConnection\";N;s:10:\"chainQueue\";N;s:19:\"chainCatchCallbacks\";N;s:5:\"delay\";N;s:11:\"afterCommit\";N;s:10:\"middleware\";a:0:{}s:7:\"chained\";a:0:{}}"
   }
}

Looking at the payload, you can see that the value of socialSecurityNumber is visible to the human eye. Any person—or program—that gains access to the queue store will be able to extract this value.

For most jobs this isn’t a problem. But if the job stores critical information in the payload, it’s better we encrypt it so that only our queue workers can read it while processing the job. To do that, we’ll need to implement the ShouldBeEncrypted interface:

use Illuminate\Contracts\Queue\ShouldBeEncrypted;

class VerifyUser implements ShouldQueue, ShouldBeEncrypted
{
    private $user;
    private $socialSecurityNumber;

    public function __construct($user, $socialSecurityNumber)
    {
        $this->user = $user;
        $this->socialSecurityNumber = $socialSecurityNumber;
    }
}

This interface was introduced in Laravel v8.19.0 (Released on December 15, 2020)

Now the payload will look like this:

{
   "uuid":"765434b3-8251-469f-8d9b-199c89407346",
   // ...
   "data":{
      "commandName":"App\\Jobs\\VerifyUser",
      "command":"eyJpdiI6IjIyNWFQOXVNWn...OTJlYjBhYTFmZmQ4MjU1MDZiMDVhMjk0OTYwMTY3ZTgyYjEifQ=="
   }
}

Any person or program with access to the queue store will not be able to decrypt the job payload.

You can use the ShouldBeEncrypted interface with queued jobs, mailables, notifications, and event listeners.

programming

via Laravel News Links https://ift.tt/2dvygAJ

February 12, 2021 at 09:45AM