身份证数据加密以及提示

2023-01-15 20:22:55 +08:00 · 2023-01-15 20:22:55 +08:00 · 76d6af6d5f
commit 76d6af6d5f
parent 8e1f29a373
7 changed files with 171 additions and 33 deletions
--- a/app/Models/User.php
+++ b/app/Models/User.php
@ -5,11 +5,14 @@
 // use Illuminate\Contracts\Auth\MustVerifyEmail;
 use Carbon\Exceptions\InvalidFormatException;
 use GeneaLabs\LaravelModelCaching\Traits\Cachable;
+use Illuminate\Contracts\Encryption\DecryptException;
+use Illuminate\Database\Eloquent\Casts\Attribute;
 use Illuminate\Database\Eloquent\Factories\HasFactory;
 use Illuminate\Database\Eloquent\Relations\BelongsTo;
 use Illuminate\Database\Eloquent\Relations\HasMany;
 use Illuminate\Foundation\Auth\User as Authenticatable;
 use Illuminate\Notifications\Notifiable;
+use Illuminate\Support\Facades\Crypt;
 use Laravel\Sanctum\HasApiTokens;

 class User extends Authenticatable
@ -44,7 +47,7 @@ class User extends Authenticatable
        'real_name_verified_at' => 'datetime',
        'balance' => 'decimal:2',
        'banned_at' => 'datetime',
-        'birthday_at' => 'date',
+        'birthday_at' => 'date:Y-m-d'
    ];

    protected $dates = [
@ -54,6 +57,7 @@ class User extends Authenticatable
        'birthday_at',
    ];

+    // id card 必须加密

    protected static function boot()
    {
@ -77,19 +81,20 @@ protected static function boot()
                $user->email_md5 = md5($user->email);
            }

-            if ($user->isDirty('id_card') || $user->isDirty('real_name')) {
+            if ($user->isDirty('id_card')) {
+                $user->id_card = Crypt::encryptString($user->id_card);
+            }

-                if (empty($user->id_card) || empty($user->real_name)) {
-                    $user->real_name_verified_at = null;
-                } else {
-                    $user->real_name_verified_at = now();
+            if ($user->isDirty('id_card') || $user->isDirty('real_name')) if (empty($user->id_card) || empty($user->real_name)) {
+                $user->real_name_verified_at = null;
+            } else {
+                $user->real_name_verified_at = now();

-                    // 更新生日
-                    try {
-                        $user->birthday_at = $user->getBirthdayFromIdCard();
-                    } catch (InvalidFormatException) {
-                        $user->birthday_at = null;
-                    }
+                // 更新生日
+                try {
+                    $user->birthday_at = $user->getBirthdayFromIdCard();
+                } catch (InvalidFormatException) {
+                    $user->birthday_at = null;
                }
            }

@ -111,6 +116,24 @@ private function getBirthdayFromIdCard(): string
        return $year . '-' . $month . '-' . $day;
    }

+    /**
+     * 获取用户的身份证号
+     *
+     * @return Attribute
+     */
+    protected function idCard(): Attribute
+    {
+        return Attribute::make(
+            function ($value) {
+                try {
+                    return Crypt::decryptString($value);
+                } catch (DecryptException) {
+                    return $value;
+                }
+            }
+        );
+    }
+
    public function isAdult(): bool
    {
        // 如果 birthday_at 为空，那么就返回 false
--- a/database/migrations/2023_01_15_191519_encrypt_id_card_from_users.php
+++ b/database/migrations/2023_01_15_191519_encrypt_id_card_from_users.php
@ -0,0 +1,40 @@
+<?php
+
+use App\Models\User;
+use Illuminate\Database\Migrations\Migration;
+use Illuminate\Support\Facades\Crypt;
+
+return new class extends Migration {
+    /**
+     * Run the migrations.
+     *
+     * @return void
+     */
+    public function up(): void
+    {
+        User::chunk(100, function ($users) {
+            foreach ($users as $user) {
+
+                if (!$user->id_card) {
+                    continue;
+                }
+
+                echo "Encrypting user {$user->id}..." . PHP_EOL;
+                // 设置值（不走模型的 mutator）
+                $user->setAttribute('id_card', Crypt::encryptString($user->id_card));
+
+                $user->save();
+            }
+        });
+    }
+
+    /**
+     * Reverse the migrations.
+     *
+     * @return void
+     */
+    public function down(): void
+    {
+        echo PHP_EOL . '无法解密用户数据，因为此操作是不可逆的。' . PHP_EOL;
+    }
+};
--- a/database/migrations/2023_01_15_194111_add_real_name_verified_at_index_to_users.php
+++ b/database/migrations/2023_01_15_194111_add_real_name_verified_at_index_to_users.php
@ -0,0 +1,32 @@
+<?php
+
+use Illuminate\Database\Migrations\Migration;
+use Illuminate\Database\Schema\Blueprint;
+use Illuminate\Support\Facades\Schema;
+
+return new class extends Migration
+{
+    /**
+     * Run the migrations.
+     *
+     * @return void
+     */
+    public function up(): void
+    {
+        Schema::table('users', function (Blueprint $table) {
+            $table->index('real_name_verified_at');
+        });
+    }
+
+    /**
+     * Reverse the migrations.
+     *
+     * @return void
+     */
+    public function down(): void
+    {
+        Schema::table('users', function (Blueprint $table) {
+            $table->dropIndex('users_real_name_verified_at_index');
+        });
+    }
+};
--- a/resources/views/admin/users/edit.blade.php
+++ b/resources/views/admin/users/edit.blade.php
@ -30,7 +30,7 @@
    @if ($user->birthday_at)
        <p>
            生日: {{ $user->birthday_at->format('Y-m-d') }}
-            <br />
+            <br/>
            {{ $user->birthday_at->age }} 岁，{{ $user->isAdult() ? '已成年' : '未成年' }}。
        </p>
    @endif
@ -208,26 +208,42 @@
        <button type="submit" class="btn btn-primary mt-3">提交</button>
    </form>

-    {{--  实人认证  --}}
-    <h3 class="mt-3">实人认证</h3>
-    <p>您应该保持此信息保密。</p>
-    <form action="{{ route('admin.users.update', $user) }}" method="post">
-        @csrf
-        @method('PATCH')

-        <div class="form-group">
-            <label for="real_name">姓名</label>
-            <input type="text" class="form-control" id="real_name" name="real_name" placeholder="姓名"
-                   value="{{ $user->real_name }}" autocomplete="off">
-        </div>
+    <h3 class="mt-3">实人认证信息</h3>
+    <p>
+        请注意自己的底线，不要随意改写及泄漏以下信息。
+    </p>
+    <div id="real_name_form">
+        <form action="{{ route('admin.users.update', $user) }}" method="post">
+            @csrf
+            @method('PATCH')

-        <div class="form-group">
-            <label for="id_card">身份证号</label>
-            <input type="text" class="form-control" id="id_card" name="id_card" placeholder="身份证号"
-                   value="{{ $user->id_card }}" maxlength="18" autocomplete="off">
-        </div>
+            <div class="form-group">
+                <label for="real_name">姓名</label>
+                <input type="text" class="form-control" id="real_name" name="real_name" placeholder="姓名"
+                       value="{{ $user->real_name }}" autocomplete="off">
+            </div>

-        <button type="submit" class="btn btn-primary mt-3">提交</button>
-    </form>
+            <div class="form-group">
+                <label for="id_card">身份证号</label>
+                <input type="text" class="form-control" id="id_card" name="id_card" placeholder="身份证号"
+                       value="{{ $user->id_card }}" maxlength="18" autocomplete="off">
+            </div>
+
+            <button type="submit" class="btn btn-primary mt-3">提交</button>
+        </form>
+    </div>
+
+
+    <style>
+        #real_name_form {
+            filter: blur(10px);
+            transition: all 0.5s;
+        }
+
+        #real_name_form:hover {
+            filter: blur(0);
+        }
+    </style>

@endsection
--- a/resources/views/index.blade.php
+++ b/resources/views/index.blade.php
@ -15,8 +15,10 @@ class="text-decoration-underline">服务条款</a></p>
        @if(!auth('web')->user()->real_name_verified_at)
            <x-alert-danger>
                <div>
-                    全站实名认证状态已刷新，您需要进行实人认证。
-                    <hr/>
+                    由于我们 镜缘映射 部门收到了来自服务商的 电信诈骗 警告，并且被封禁了服务器。
+                    <br />
+                    即日起，我们将开始加强监管，将实名认证升级为 实人认证。
+                    <br />
                    您还没有完成实人认证，请尽快完成实人认证。
                    <br/>
                    <a href="{{ route('real_name.create') }}">点击这里实人认证</a>
--- a/resources/views/layouts/admin.blade.php
+++ b/resources/views/layouts/admin.blade.php
@ -149,6 +149,8 @@ class="d-none">
        </div>
    </main>

+    <div class="mt-5"></div>
+
 </div>
 </body>

--- a/resources/views/real_name/create.blade.php
+++ b/resources/views/real_name/create.blade.php
@ -25,6 +25,29 @@
            人脸识别需要使用手机摄像头，所以请使用手机浏览器进行实人认证。
        </p>

+        <x-alert-info>
+            实人认证产品是结合公安一所“互联网+”可信身份认证平台（简称CTID平台），通过用户活体视频进行活体检测得到人脸视频，通过OCR扫描用户身份证获取姓名+身份证号，并将人脸视频检测成功后获取的高质量人像照片直连公安一所“互联网+可信身份认证平台”（简称CTID平台）进行照片及信息比对，返回权威比对结果。H5全流程，接入简单，应用方便快捷。
+        </x-alert-info>
+        <x-alert-warning>
+            莱云 隐私协议和 TOS: <a target="_blank"
+                                    href="https://www.laecloud.com/tos/">https://www.laecloud.com/tos</a>
+            <br/>
+            公安 CTID 实人认证服务由 北京一砂信息技术有限公司 提供。它将会引导您完成实人认证。
+        </x-alert-warning>
+        <x-alert-success>
+            我们会妥善保管您的数据，不会泄露给任何第三方，更详细的隐私政策请查看上方的链接。
+        </x-alert-success>
+        <x-alert-warning>
+            如果您是怀抱志向的未成年人，请确保您的父母或监护人已经同意您进行实人认证。
+            <br />
+            但是请注意，如果您的父母或监护人不同意您进行实人认证，我们将无法为您提供服务。
+        </x-alert-warning>
+        <x-alert-warning>
+            实人认证的人脸数据来自 "互联网+”可信身份认证平台"，我们不会保存您的人脸数据。
+            <br />
+            如果您未办理过身份证，则公安数据库中没有您的人脸信息，请勿进行实人认证。
+        </x-alert-warning>
+
        <h3>实人认证</h3>