Encrypted data fieldtype


#1

Hey guys, first wanted to say how great cockpit cms is! Thanks for all the hard work!

I’m working on a project that will require me to encrypt data saved to db and decrypt when requested. I wasn’t able to find any information if such is possible out of the box.

Can something like this be created easily myself? I noticed Addons, is there any documenation how to create addons?

Thanks for any info!


#2

there is no guide on how to create addons but you can take a look at addons created by other people

somebody started to create an index / list of user-addons which can be found here:

download some of the addons and get a clou how creating addons for cockpit works. I’m afraid there is no easier way to learn how to create a own addon.

===================

For the encryption thing: I think you could use the “save” hook in order to encrypt data that is set to any field. Go to the collection settings -> privileges and activate “save” (at the very bottom of the configuration frame). Again I’m afraid there is no documentation on how to use this hook. I only used the “create” hook yet, so I am not sure how to use the “save” hook and I am not even sure if it can suit your needs.
You would need to “reverse engineer” the cockpit code in order to see how you could put the save hook into some use for you needs.


#3

Hey @owldesign, that’s an interesting feature, mostly for dealing with privacy and GDPR related stuff. As @jb-storms-media mentioned you can act during the save of a collection by using collections.save.after hook and encrypt there the data.

I see space for an addon that does the following:

Make use of a secure encryption library.
On any field that has in the field definition an encrypted attribute, like:

(...)
"options": {
  "encrypt": true
}
(...)

Will encrypt the field value during the collections.save.after hook.
And will decrypt the field value during the collections.find.after hook.


#4

Ok this is good direction. I figured I’d have to look at the code for the most part, not much documentation is there for event hooks etc.

@jb-storms-media not sure if we are using different version of CMS (im on the latest dev) or maybe not in the correct place, but I have Permissions tab. For me its called Create (not save) I think I need to put stuff in there? Now just need to figure out how to consume the data, change some fields and continue with saving.

@pauloamgomes once I get a good handle of the cms I want to figure out the addon side of it. I like the route of toggling some option within a fieldtype to encrypt data.

Thanks for the info!

Also just found this snippet to test:

<?php

$app->on("collections.save.before.{$collectionname}", function($name, &$entry, $isUpdate) {
  // custom code to modify $entry before saving
});

Sounds like I need to place this into config/bootstrap.php file (need to create the file). I’ll give this a shot.


#5

Yeah, sounds good! You can have the following addon structure:

+ EncryptAddon
  - admin.php
  - bootstrap.php
  - actions.php

the hook can be in the admin.php (included in bootstrap):

// Incldude admin.
if (COCKPIT_ADMIN && !COCKPIT_API_REQUEST) {
  include_once __DIR__ . '/admin.php';
}

and you probably dont want to target a collection name and use instead:

$app->on("collections.save.before", function($name, &$entry, $isUpdate) {
});

#6

I have managed to put together an addon for my encryption field. If anyone needs it its here https://github.com/owldesign/Encrypt

Post any issues in github

Thanks for all the help @pauloamgomes and @jb-storms-media