Monday, April 20, 2015

Extending DataMapper for CodeIgniter

For one of my projects I was using CodeIgniter framework with goodies like DataMapper (by wanwizard.eu), HMVC ModuleView Objects and more. Everything was smooth and sound until client requested that some of database tables must be encrypted. I was already encrypting sensitive information like passwords, etc but client wanted encryption for more tables such that:

  • One-way hashing, once data is encrypted, it can't be decrypted, we chose AES (Advanced Encryption Standard)
  • For same piece of text, hashing should be able to generate different encrypted text always so no two same text should sound like similar
  • Code should know whether provided piece of text is already encrypted or not

I created the encryption class and did some trickery so that it always gave different encryption text for the same string. And also used some kind of prefix information that would later let the code know whether or not something is already encrypted.

The real problem for me was that by the time project had turned into huge codebase, it would have taken ages to go and modify code everywhere so that new requirement of encryption is applied everywhere. I was using DataMapper library everywhere to interact with database and model classes looked like this:

class Api_client extends DataMapper
{
    # object properties
    public $id;
    public $appid;
    public $apikey;
    public $request_uri;

    # relations
    public $has_one = array('client');

    # validation
    public $validation = array(
        'appid' => array(
            'label' => 'App ID',
            'rules' => array('required', 'trim')
        ),
        'apikey' => array(
            'label' => 'API Key',
            'rules' => array('required', 'trim')
        ),
        'request_uri' => array(
            'label' => 'Request URI',
            'rules' => array('required', 'trim')
        )
    );

    # Default to ordering by id
    public $default_order_by = array('id' => 'desc');

    # Optional - useful if a record is to be retrieved by ID eg $user = new User(1);
    public function __construct($id = null)
    {
        parent::__construct($id);
    }

    # Optional - post model initialisation code
    public function post_model_init($from_cache = false)
    {
    }
}

We can see that each model class extends the data mapper:

class Api_client extends DataMapper

This is what was a clue to me. So in order to avoid modifying lots of code in whole codebase, I knew I can only extend this data mapper and inject my functionality the way I needed.

I actually needed the ability to:

  • automatically encrypt given fields in some table when saving them to database
  • automatically getting the right value when reading back from database

By that I mean, instead of going everywhere in codebase and modifying code to encrypt certain fields like this:

$apiClient = new Api_client();
$apiClient->appid = Encode($appId);     // encrypt this field value
$apiClient->apikey = Encode($apikey);  // encrypt this field value
$apiClient->request_uri = $request_uri;
$apiClient->save(); // save to db

I simply wanted to leave current code as is without modifying it:

$apiClient = new Api_client();
$apiClient->appid = $appId;
$apiClient->apikey = $apikey;
$apiClient->request_uri = $request_uri;
$apiClient->save(); // save to db

In this case, I wanted data mapper to automatically encrypt the appid and apikey values for me. Now imagine I had this code placed in quite some files, it would have been time-consuming process to modify and add Encode() function calls manually everywhere.

In order to do that, I simply told data mapper which fields need to be encrypted:

class Api_client extends DataMapper
{
    ////////////////////

    // for encryption fields
    private $encryptFields = array(
       'appid',
       'apikey',
    );    
}

Now if you look at the code of data mapper, you would see it uses _to_object() function to map fields and save() function to save the info to database. So I tapped into these in my child classes and modified them a bit so that $encryptFields are auto-magically encrypted on my behalf. Since we are extending data mapper (class Api_client extends DataMapper), I modified it like this to do the encryption for me:

class Api_client extends DataMapper
{
    # object properties
    public $id;
    public $appid;
    public $apikey;
    public $request_uri;

    # relations
    public $has_one = array('client');

    # validation
    public $validation = array(
    'appid' => array('label' => 'App ID', 'rules' => array('required', 'trim')), 
    'apikey' => array('label' => 'API Key', 'rules' => array('required', 'trim')), 
    'request_uri' => array('label' => 'Request URI', 'rules' => array('required', 'trim'))
    );

    // for encryption fields
    private $encryptFields = array('appid', 'apikey');

    # Default to ordering by id
    public $default_order_by = array('id' => 'desc');

    # Optional - useful if a record is to be retrieved by ID eg $user = new User(1);
    public function __construct($id = null)
    {
        parent::__construct($id);
    }

    # Optional - post model initialisation code
    public function post_model_init($from_cache = false)
    {
    }

    // extending date modal here //
    public function _to_object($item, $row)
    {
        // Populate this object with values from first record
        foreach ($row as $key => $value) {
            if ($this->isEncryptedField($key)) {
                $item->{$key} = decodeField($value);
            } else {
                $item->{$key} = $value;
            }
        }

        foreach ($this->fields as $field) {
            if (!isset($row->{$field})) {
                $item->{$field} = null;
            }
        }

        // Force IDs to integers
        foreach ($this->_field_tracking['intval'] as $field) {
            if (isset($item->{$field})) {
                $item->{$field} = intval($item->{$field});
            }
        }

        if (!empty($this->_field_tracking['get_rules'])) {
            $item->_run_get_rules();
        }

        $item->_refresh_stored_values();

        if ($this->_instantiations) {
            foreach ($this->_instantiations as $related_field => $field_map) {
                // convert fields to a 'row' object
                $row = new stdClass();
                foreach ($field_map as $item_field => $c_field) {
                    $row->{$c_field} = $item->{$item_field};
                }

                // get the related item
                $c =& $item->_get_without_auto_populating($related_field);
                // set the values
                $c->_to_object($c, $row);

                // also set up the ->all array
                $c->all    = array();
                $c->all[0] = $c->get_clone();
            }
        }
    }

    public function save($object = '', $related_field = '')
    {
        // Temporarily store the success/failure
        $result = array();

        // Validate this objects properties
        $this->validate($object, $related_field);

        // If validation passed
        if ($this->valid) {

            // Begin auto transaction
            $this->_auto_trans_begin();

            $trans_complete_label = array();

            // Get current timestamp
            $timestamp = $this->_get_generated_timestamp();

            // Check if object has a 'created' field, and it is not already set
            if (in_array($this->created_field, $this->fields) && empty($this->{$this->created_field})) {
                $this->{$this->created_field} = $timestamp;
            }

            // SmartSave: if there are objects being saved, and they are stored
            // as in-table foreign keys, we can save them at this step.
            if (!empty($object)) {
                if (!is_array($object)) {
                    $object = array(
                        $object
                    );
                }

                $this->_save_itfk($object, $related_field);
            }

            // Convert this object to array
            $data = $this->_to_array();
            $data = $this->changeWithEncrypted($data);
            //pretty_print($data);

            if (!empty($data)) {
                if (!$this->_force_save_as_new && !empty($data['id'])) {
                    // Prepare data to send only changed fields
                    foreach ($data as $field => $value) {
                        // Unset field from data if it hasn't been changed
                        if ($this->{$field} === $this->stored->{$field}) {
                            unset($data[$field]);
                        }
                    }

                    // if there are changes, check if we need to update the update timestamp
                    if (count($data) && in_array($this->updated_field, $this->fields) && !isset($data[$this->updated_field])) {
                        // update it now
                        $data[$this->updated_field] = $this->{$this->updated_field} = $timestamp;
                    }

                    // Only go ahead with save if there is still data
                    if (!empty($data)) {
                        // Update existing record
                        $this->db->where('id', $this->id);
                        $this->db->update($this->table, $data);

                        $trans_complete_label[] = 'update';
                    }

                    // Reset validated
                    $this->_validated = false;

                    $result[] = true;
                } else {
                    // Prepare data to send only populated fields
                    foreach ($data as $field => $value) {
                        // Unset field from data
                        if (!isset($value)) {
                            unset($data[$field]);
                        }
                    }

                    // Create new record
                    $this->db->insert($this->table, $data);

                    if (!$this->_force_save_as_new) {
                        // Assign new ID
                        $this->id = $this->db->insert_id();
                    }

                    $trans_complete_label[] = 'insert';

                    // Reset validated
                    $this->_validated = false;

                    $result[] = true;
                }
            }

            $this->_refresh_stored_values();

            // Check if a relationship is being saved
            if (!empty($object)) {
                // save recursively
                $this->_save_related_recursive($object, $related_field);

                $trans_complete_label[] = 'relationships';
            }

            if (!empty($trans_complete_label)) {
                $trans_complete_label = 'save (' . implode(', ', $trans_complete_label) . ')';
            } else {
                $trans_complete_label = '-nothing done-';
            }

            $this->_auto_trans_complete($trans_complete_label);

        }

        $this->_force_save_as_new = false;

        // If no failure was recorded, return TRUE
        return (!empty($result) && !in_array(false, $result));
    }

    private function isEncryptedField($key)
    {
        if (false !== in_array($key, $this->encryptFields)) {
            return true;
        }

        return false;
    }

    private function changeWithEncrypted(array $array)
    {
        foreach ($array as $key => $value) {
            if ($this->isEncryptedField($key)) {
                if ($value !== '') {
                    $array[$key] = encodeField($value);
                } else {
                    $array[$key] = $value;
                }
            }
        }

        return $array;
    }

    private function _get_generated_timestamp()
    {
        // Get current timestamp
        $timestamp = ($this->local_time) ? date($this->timestamp_format) : gmdate($this->timestamp_format);

        // Check if unix timestamp
        return ($this->unix_timestamp) ? strtotime($timestamp) : $timestamp;
    }

}

In above class, most of the code remains same for _to_object() and save() functions as in original data mapper class but I have modified few places so that I can put encryption for needed fields.

So in conclusion, we learned how we tapped onto the data mapper class and extended it for our needs of auto-encryption of told fields. If you happen to have similar requirement or you wanted to inject your own functionality to the data mapper, you can do that through the use of _to_object() and save() functions of data mapper.

No comments:

Post a Comment

Popular Posts