Laravel middleware and helpers for VormiaQuery encrypted API integration.
- Install via Composer:
composer require vormiaphp/vormiaqueryphp
composer require phpseclib/phpseclib- Run the installation command:
php artisan vormiaquery:installThis command will:
- Prompt you to install Sanctum API features if not already installed (Laravel 12+)
- Add VormiaQuery environment variables to your
.envand.env.examplefiles - Prompt you to publish CORS configuration if not already published
You will be interactively asked to run:
php artisan install:api(for Sanctum)php artisan vendor:publish --tag=cors(for CORS)
- Add your RSA keys to
.env:
VORMIA_PRIVATE_KEY="<contents of vormia_private.pem>"
VORMIA_PUBLIC_KEY="<contents of vormia_public.pem>"To remove VormiaQuery integration:
php artisan vormiaquery:uninstallThis command will:
- Remove VormiaQuery environment variables from
.envand.env.examplefiles - Remove CORS configuration file
To update VormiaQuery integration (re-run setup steps):
php artisan vormiaquery:updateThis command will:
- Re-apply environment variables and configuration as needed
- Prompt for any new setup steps in future versions
Note:
- There is currently no separate
updatecommand. Use the install command to re-run setup steps as needed.
For optimal performance and RSA encryption support, install the companion JavaScript package:
npm install vormiaqueryjsFor complete documentation and examples, visit:
Register the middleware in your app/Http/Kernel.php:
protected $routeMiddleware = [
// ...
$middleware->alias([
'vormia.decrypt' => \VormiaQueryPhp\Http\Middleware\DecryptVormiaRequest::class,
'vormia.encrypt' => \VormiaQueryPhp\Http\Middleware\EncryptVormiaResponse::class,
]);
];Apply the middleware to your API routes:
Route::middleware(['vormia.decrypt', 'vormia.encrypt'])->group(function () {
Route::post('/vormia/data', [\VormiaQueryPhp\Http\Controllers\VormiaQueryController::class, 'loadData']);
});namespace VormiaQueryPhp\Http\Controllers;
use Illuminate\Routing\Controller;
use Illuminate\Http\Request;
class VormiaQueryController extends Controller
{
public function loadData(Request $request)
{
$data = [
['id' => 1, 'name' => 'Alpha'],
['id' => 2, 'name' => 'Beta'],
];
$response = [
'response' => $data,
'message' => 'Success',
'meta' => [
'total' => count($data),
'page' => 1,
'perPage' => count($data),
],
];
return response()->json($response);
}
}- DecryptVormiaRequest: Decrypts incoming requests with the private key if an
encryptedfield is present. - EncryptVormiaResponse: Encrypts outgoing responses with the public key if the request expects encryption (via header or flag).
- Standard VormiaQuery Response: Always return data in the format:
{ "response": [...], "message": "Success", "meta": { "total": 2, "page": 1, "perPage": 2 } }
- Never expose your private key in frontend/browser code.
- Rotate keys as needed and keep them secure.
use VormiaQueryPhp\Helpers\VormiaSecurityHelper;
if (!VormiaSecurityHelper::isDomainAllowed()) {
abort(403, 'Domain not allowed');
}use VormiaQueryPhp\Helpers\VormiaSecurityHelper;
if (!VormiaSecurityHelper::validateApiToken()) {
abort(401, 'Invalid API token');
}use VormiaQueryPhp\Helpers\VormiaSecurityHelper;
if (!VormiaSecurityHelper::userHasRole('admin')) {
abort(403, 'Admin role required');
}
if (!VormiaSecurityHelper::userCan('edit-posts')) {
abort(403, 'Permission denied');
}use VormiaQueryPhp\Helpers\VormiaSecurityHelper;
$key = request()->ip(); // or use Auth::id() for user-based
if (!VormiaSecurityHelper::rateLimit($key, 10, 60)) {
abort(429, 'Too many requests');
}use VormiaQueryPhp\Helpers\VormiaSecurityHelper;
if (!VormiaSecurityHelper::isIpAllowed()) {
abort(403, 'IP not allowed');
}