[
  {
    "path": ".editorconfig",
    "content": "; This file is for unifying the coding style for different editors and IDEs.\n; More information at http://editorconfig.org\n\nroot = true\n\n[*]\ncharset = utf-8\nindent_size = 4\nindent_style = space\nend_of_line = lf\ninsert_final_newline = true\ntrim_trailing_whitespace = true\n\n[*.md]\ntrim_trailing_whitespace = false\n"
  },
  {
    "path": ".gitattributes",
    "content": "# Path-based git attributes\n# https://www.kernel.org/pub/software/scm/git/docs/gitattributes.html\n\n# Ignore all test and documentation with \"export-ignore\".\n/.gitattributes     export-ignore\n/.gitignore         export-ignore\n/.travis.yml        export-ignore\n/phpunit.xml.dist   export-ignore\n/.scrutinizer.yml   export-ignore\n/tests              export-ignore\n/.editorconfig      export-ignore\n"
  },
  {
    "path": ".gitignore",
    "content": "build\ncomposer.lock\ndocs\nvendor\ncoverage"
  },
  {
    "path": ".scrutinizer.yml",
    "content": "filter:\n    excluded_paths: [tests/*]\n\nchecks:\n    php:\n        remove_extra_empty_lines: true\n        remove_php_closing_tag: true\n        remove_trailing_whitespace: true\n        fix_use_statements:\n            remove_unused: true\n            preserve_multiple: false\n            preserve_blanklines: true\n            order_alphabetically: true\n        fix_php_opening_tag: true\n        fix_linefeed: true\n        fix_line_ending: true\n        fix_identation_4spaces: true\n        fix_doc_comments: true\n\n"
  },
  {
    "path": ".styleci.yml",
    "content": "preset: laravel\n\ndisabled:\n  - single_class_element_per_statement\n"
  },
  {
    "path": ".travis.yml",
    "content": "language: php\n\nphp:\n  - 7.2\n  - 7.3\n\nenv:\n  matrix:\n    - COMPOSER_FLAGS=\"--prefer-lowest\"\n    - COMPOSER_FLAGS=\"\"\n\nbefore_script:\n  - travis_retry composer self-update\n  - travis_retry composer update ${COMPOSER_FLAGS} --no-interaction --prefer-source\n\nscript:\n  - vendor/bin/phpunit --coverage-text --coverage-clover=coverage.clover\n\nafter_script:\n  - php vendor/bin/ocular code-coverage:upload --format=php-clover coverage.clover\n"
  },
  {
    "path": "CHANGELOG.md",
    "content": "# Changelog\n\nAll notable changes to `file-vault` will be documented in this file\n\n## 1.0.0 - 201X-XX-XX\n\n- initial release\n"
  },
  {
    "path": "CONTRIBUTING.md",
    "content": "# Contributing\n\nContributions are **welcome** and will be fully **credited**.\n\nPlease read and understand the contribution guide before creating an issue or pull request.\n\n## Etiquette\n\nThis project is open source, and as such, the maintainers give their free time to build and maintain the source code\nheld within. They make the code freely available in the hope that it will be of use to other developers. It would be\nextremely unfair for them to suffer abuse or anger for their hard work.\n\nPlease be considerate towards maintainers when raising issues or presenting pull requests. Let's show the\nworld that developers are civilized and selfless people.\n\nIt's the duty of the maintainer to ensure that all submissions to the project are of sufficient\nquality to benefit the project. Many developers have different skillsets, strengths, and weaknesses. Respect the maintainer's decision, and do not be upset or abusive if your submission is not used.\n\n## Viability\n\nWhen requesting or submitting new features, first consider whether it might be useful to others. Open\nsource projects are used by many developers, who may have entirely different needs to your own. Think about\nwhether or not your feature is likely to be used by other users of the project.\n\n## Procedure\n\nBefore filing an issue:\n\n- Attempt to replicate the problem, to ensure that it wasn't a coincidental incident.\n- Check to make sure your feature suggestion isn't already present within the project.\n- Check the pull requests tab to ensure that the bug doesn't have a fix in progress.\n- Check the pull requests tab to ensure that the feature isn't already in progress.\n\nBefore submitting a pull request:\n\n- Check the codebase to ensure that your feature doesn't already exist.\n- Check the pull requests to ensure that another person hasn't already submitted the feature or fix.\n\n## Requirements\n\nIf the project maintainer has any additional requirements, you will find them listed here.\n\n- **[PSR-2 Coding Standard](https://github.com/php-fig/fig-standards/blob/master/accepted/PSR-2-coding-style-guide.md)** - The easiest way to apply the conventions is to install [PHP Code Sniffer](https://pear.php.net/package/PHP_CodeSniffer).\n\n- **Add tests!** - Your patch won't be accepted if it doesn't have tests.\n\n- **Document any change in behaviour** - Make sure the `README.md` and any other relevant documentation are kept up-to-date.\n\n- **Consider our release cycle** - We try to follow [SemVer v2.0.0](https://semver.org/). Randomly breaking public APIs is not an option.\n\n- **One pull request per feature** - If you want to do more than one thing, send multiple pull requests.\n\n- **Send coherent history** - Make sure each individual commit in your pull request is meaningful. If you had to make multiple intermediate commits while developing, please [squash them](https://www.git-scm.com/book/en/v2/Git-Tools-Rewriting-History#Changing-Multiple-Commit-Messages) before submitting.\n\n**Happy coding**!\n"
  },
  {
    "path": "LICENSE.md",
    "content": "MIT License\n\nCopyright (c) Costin Soare\n\nPermission is hereby granted, free of charge, to any person obtaining a copy\nof this software and associated documentation files (the \"Software\"), to deal\nin the Software without restriction, including without limitation the rights\nto use, copy, modify, merge, publish, distribute, sublicense, and/or sell\ncopies of the Software, and to permit persons to whom the Software is\nfurnished to do so, subject to the following conditions:\n\nThe above copyright notice and this permission notice shall be included in all\ncopies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\nIMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\nFITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\nAUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\nLIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\nOUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE\nSOFTWARE."
  },
  {
    "path": "README.md",
    "content": "# File encryption / decryption in Laravel\n\n[![Latest Version on Packagist](https://img.shields.io/packagist/v/soarecostin/file-vault.svg?style=flat-square)](https://packagist.org/packages/soarecostin/file-vault)\n[![MIT Licensed](https://img.shields.io/badge/license-MIT-brightgreen.svg?style=flat-square)](LICENSE.md)\n[![Build Status](https://img.shields.io/travis/soarecostin/file-vault/master.svg?style=flat-square)](https://travis-ci.org/soarecostin/file-vault)\n[![Quality Score](https://img.shields.io/scrutinizer/g/soarecostin/file-vault.svg?style=flat-square)](https://scrutinizer-ci.com/g/soarecostin/file-vault)\n[![StyleCI](https://styleci.io/repos/221933072/shield)](https://styleci.io/repos/221933072)\n[![Total Downloads](https://img.shields.io/packagist/dt/soarecostin/file-vault.svg?style=flat-square)](https://packagist.org/packages/soarecostin/file-vault)\n\nWith this package, you can encrypt and decrypt files of any size in your Laravel project. This package uses streams and [CBC encryption](https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Cipher_Block_Chaining_(CBC)), encrypting / decrypting a segment of data at a time.\n\n\n## Installation and usage\n\nThis package requires PHP 7.2 and Laravel 5.8 or higher.  \n\nYou can install the package via composer:\n\n```bash\ncomposer require soarecostin/file-vault\n```\n\n## Usage\n\n### Tutorials\nFor a detailed description of how to encrypt files in Laravel using this package, please see the following articles:\n- [Part 1: How to encrypt large files in Laravel](https://medium.com/swlh/how-to-encrypt-large-files-in-laravel-293460836ded?source=friends_link&sk=976ab6e5d1cfb52e10c801fe0cb04fca)\n- [Part 2: How to encrypt & upload large files to Amazon S3 in Laravel](https://medium.com/@soarecostin/how-to-encrypt-upload-large-files-to-amazon-s3-in-laravel-af88324a9aa?sk=a9a358a3892e898a60448d5314fb3dc0)\n\n### Description\nThis package will automatically register a facade called `FileVault`. The `FileVault` facade is using the Laravel `Storage` and will allow you to specify a `disk`, just as you would normally do when working with Laravel Storage. All file names/paths that you will have to pass into the package encrypt/decrypt functions are relative to the disk root folder. By default, the `local` disk is used, but you can either specify a different disk each time you call one of `FileVault` methods, or you can set the default disk to something else, by publishing this package's config file.\n\nIf you want to change the default `disk` or change the `key`/`cipher` used for encryption, you can publish the config file:\n\n```\nphp artisan vendor:publish --provider=\"SoareCostin\\FileVault\\FileVaultServiceProvider\"\n```\n\nThis is the contents of the published file:\n``` php\nreturn [\n    /*\n     * The default key used for all file encryption / decryption\n     * This package will look for a FILE_VAULT_KEY in your env file\n     * If no FILE_VAULT_KEY is found, then it will use your Laravel APP_KEY\n     */\n    'key' => env('FILE_VAULT_KEY', env('APP_KEY')),\n\n    /*\n     * The cipher used for encryption.\n     * Supported options are AES-128-CBC and AES-256-CBC\n     */\n    'cipher' => 'AES-256-CBC',\n\n    /*\n     * The Storage disk used by default to locate your files.\n     */\n    'disk' => 'local',\n];\n```\n\n\n### Encrypting a file\n\nThe `encrypt` method will search for a file, encrypt it and save it in the same directory, while deleting the original file.\n\n``` php\npublic function encrypt(string $sourceFile, string $destFile = null, $deleteSource = true)\n```\n\nThe `encryptCopy` method will search for a file, encrypt it and save it in the same directory, while preserving the original file.\n\n``` php\npublic function encryptCopy(string $sourceFile, string $destFile = null)\n```\n\n\n#### Examples:\n\nThe following example will search for `file.txt` into the `local` disk, save the encrypted file as `file.txt.enc` and delete the original `file.txt`:\n``` php\nFileVault::encrypt('file.txt');\n```\n\nYou can also specify a different `disk`, just as you would normally with the Laravel `Storage` facade:\n``` php\nFileVault::disk('s3')->encrypt('file.txt');\n```\n\nYou can also specify a different name for the encrypted file by passing in a second parameter. The following example will search for `file.txt` into the `local` disk, save the encrypted file as `encrypted.txt` and delete the original `file.txt`:\n``` php\nFileVault::encrypt('file.txt', 'encrypted.txt');\n```\n\nThe following examples both achive the same results as above, with the only difference that the original file is not deleted:\n``` php\n// save the encrypted copy to file.txt.enc\nFileVault::encryptCopy('file.txt');\n\n// or save the encrypted copy with a different name\nFileVault::encryptCopy('file.txt', 'encrypted.txt');\n```\n\n### Decrypting a file\n\nThe `decrypt` method will search for a file, decrypt it and save it in the same directory, while deleting the encrypted file.\n\n``` php\npublic function decrypt(string $sourceFile, string $destFile = null, $deleteSource = true)\n```\n\nThe `decryptCopy` method will search for a file, decrypt it and save it in the same directory, while preserving the encrypted file.\n\n``` php\npublic function decryptCopy(string $sourceFile, string $destFile = null)\n```\n\n#### Examples:\n\nThe following example will search for `file.txt.enc` into the `local` disk, save the decrypted file as `file.txt` and delete the encrypted file `file.txt.enc`:\n``` php\nFileVault::decrypt('file.txt.enc');\n```\n\nIf the file that needs to be decrypted doesn't end with the `.enc` extension, the decrypted file will have the `.dec` extention. The following example will search for `encrypted.txt` into the `local` disk, save the decrypted file as `encrypted.txt.dec` and delete the encrypted file `encrypted.txt`:\n``` php\nFileVault::decrypt('encrypted.txt');\n```\n\nAs with the encryption, you can also specify a different `disk`, just as you would normally with the Laravel `Storage` facade:\n``` php\nFileVault::disk('s3')->decrypt('file.txt.enc');\n```\n\nYou can also specify a different name for the decrypted file by passing in a second parameter. The following example will search for `encrypted.txt` into the `local` disk, save the decrypted file as `decrypted.txt` and delete the original `encrypted.txt`:\n``` php\nFileVault::decrypt('encrypted.txt', 'decrypted.txt');\n```\n\nThe following examples both achive the same results as above, with the only difference that the original (encrypted) file is not deleted:\n``` php\n// save the decrypted copy to file.txt while preserving file.txt.enc\nFileVault::decryptCopy('file.txt.enc');\n\n// or save the decrypted copy with a different name, while preserving the file.txt.enc\nFileVault::decryptCopy('file.txt.enc', 'decrypted.txt');\n```\n\n### Streaming a decrypted file\n\nSometimes you will only want to allow users to download the decrypted file, but you don't need to store the actual decrypted file. For this, you can use the `streamDecrypt` function that will decrypt the file and will write it to the `php://output` stream. You can use the Laravel [`streamDownload` method](https://laravel.com/docs/6.x/responses#file-downloads) (available since 5.6) in order to generate a downloadable response:\n\n``` php\nreturn response()->streamDownload(function () {\n    FileVault::streamDecrypt('file.txt')\n}, 'laravel-readme.md');\n```\n\n### Using a different key for each file\n\nYou may need to use different keys to encrypt your files. You can explicitly specify the key used for encryption using the `key` method.\n\n``` php\nFileVault::key($encryptionKey)->encrypt('file.txt');\n```\n\nPlease note that the encryption key must be 16 bytes long for the `AES-128-CBC` cipher and 32 bytes long for the `AES-256-CBC` cipher.\n\nYou can generate a key with the correct length (based on the cipher specified in the config file) by using the `generateKey` method:\n\n``` php\n$encryptionKey = FileVault::generateKey();\n```\n\n## Testing\n\nRun the tests with:\n\n``` bash\ncomposer test\n```\n\n### Changelog\n\nPlease see [CHANGELOG](CHANGELOG.md) for more information what has changed recently.\n\n## Contributing\n\nPlease see [CONTRIBUTING](CONTRIBUTING.md) for details.\n\n### Security\n\nIf you discover any security related issues, please email soarecostin@gmail.com instead of using the issue tracker.\n\n## Credits\n\n- [Costin Soare](https://github.com/soarecostin)\n- [All Contributors](../../contributors)\n\n## License\n\nThe MIT License (MIT). Please see [License File](LICENSE.md) for more information.\n\n## Laravel Package Boilerplate\n\nThis package was generated using the [Laravel Package Boilerplate](https://laravelpackageboilerplate.com).\n"
  },
  {
    "path": "composer.json",
    "content": "{\n    \"name\": \"soarecostin/file-vault\",\n    \"description\": \"\",\n    \"keywords\": [\n        \"laravel\", \"encrypt\", \"decrypt\", \"encryption\", \"decryption\",\n        \"cbc\", \"php\", \"file\", \"file-vault\"\n    ],\n    \"homepage\": \"https://github.com/soarecostin/file-vault\",\n    \"license\": \"MIT\",\n    \"type\": \"library\",\n    \"authors\": [\n        {\n            \"name\": \"Costin Soare\",\n            \"email\": \"soarecostin@gmail.com\",\n            \"role\": \"Developer\"\n        }\n    ],\n    \"require\": {\n        \"php\": \"^7.2|^8.0\",\n        \"illuminate/support\": \"5.8.* || 6.*.* || ^7.0 || ^8.0\"\n    },\n    \"require-dev\": {\n        \"orchestra/testbench\": \"^5.0|^6.0\",\n        \"phpunit/phpunit\": \"^8.0\"\n    },\n    \"autoload\": {\n        \"psr-4\": {\n            \"SoareCostin\\\\FileVault\\\\\": \"src\"\n        }\n    },\n    \"autoload-dev\": {\n        \"psr-4\": {\n            \"SoareCostin\\\\FileVault\\\\Tests\\\\\": \"tests\"\n        }\n    },\n    \"scripts\": {\n        \"test\": \"vendor/bin/phpunit\",\n        \"test-coverage\": \"vendor/bin/phpunit --coverage-html coverage\"\n\n    },\n    \"config\": {\n        \"sort-packages\": true\n    },\n    \"extra\": {\n        \"laravel\": {\n            \"providers\": [\n                \"SoareCostin\\\\FileVault\\\\FileVaultServiceProvider\"\n            ],\n            \"aliases\": {\n                \"FileVault\": \"SoareCostin\\\\FileVault\\\\Facades\\\\FileVault\"\n            }\n        }\n    }\n}\n"
  },
  {
    "path": "config/config.php",
    "content": "<?php\n\nreturn [\n    /*\n     * The default key used for all file encryption / decryption\n     * This package will look for a FILE_VAULT_KEY in your env file\n     * If no FILE_VAULT_KEY is found, then it will use your Laravel APP_KEY\n     */\n    'key' => env('FILE_VAULT_KEY', env('APP_KEY')),\n\n    /*\n     * The cipher used for encryption.\n     * Supported options are AES-128-CBC and AES-256-CBC\n     */\n    'cipher' => 'AES-256-CBC',\n\n    /*\n     * The Storage disk used by default to locate your files.\n     */\n    'disk' => 'local',\n];\n"
  },
  {
    "path": "phpunit.xml.dist",
    "content": "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<phpunit bootstrap=\"vendor/autoload.php\"\n         backupGlobals=\"false\"\n         backupStaticAttributes=\"false\"\n         colors=\"true\"\n         verbose=\"true\"\n         convertErrorsToExceptions=\"true\"\n         convertNoticesToExceptions=\"true\"\n         convertWarningsToExceptions=\"true\"\n         processIsolation=\"false\"\n         stopOnFailure=\"false\">\n    <testsuites>\n        <testsuite name=\"Test Suite\">\n            <directory>tests</directory>\n        </testsuite>\n    </testsuites>\n    <filter>\n        <whitelist>\n            <directory suffix=\".php\">src/</directory>\n        </whitelist>\n    </filter>\n    <logging>\n        <log type=\"tap\" target=\"build/report.tap\"/>\n        <log type=\"junit\" target=\"build/report.junit.xml\"/>\n        <log type=\"coverage-html\" target=\"build/coverage\" charset=\"UTF-8\" yui=\"true\" highlight=\"true\"/>\n        <log type=\"coverage-text\" target=\"build/coverage.txt\"/>\n        <log type=\"coverage-clover\" target=\"build/logs/clover.xml\"/>\n    </logging>\n</phpunit>\n"
  },
  {
    "path": "src/Facades/FileVault.php",
    "content": "<?php\n\nnamespace SoareCostin\\FileVault\\Facades;\n\nuse Illuminate\\Support\\Facades\\Facade;\n\n/**\n * @method static mixed disk(string $disk)\n * @method static mixed key(string $key)\n * @method static mixed encrypt(string $sourceFile, string $destFile = null, $deleteSource = true)\n * @method static mixed encryptCopy(string $sourceFile, string $destFile = null)\n * @method static mixed decrypt(string $sourceFile, string $destFile = null, $deleteSource = true)\n * @method static mixed decryptCopy(string $sourceFile, string $destFile = null)\n *\n * @see \\SoareCostin\\FileVault\\FileVault\n */\nclass FileVault extends Facade\n{\n    /**\n     * Get the registered name of the component.\n     *\n     * @return string\n     */\n    protected static function getFacadeAccessor()\n    {\n        return 'file-vault';\n    }\n}\n"
  },
  {
    "path": "src/FileEncrypter.php",
    "content": "<?php\n\nnamespace SoareCostin\\FileVault;\n\nuse Exception;\nuse Illuminate\\Support\\Str;\nuse RuntimeException;\n\nclass FileEncrypter\n{\n    /**\n     * Define the number of blocks that should be read from the source file for each chunk.\n     * We chose 255 because on decryption we want to read chunks of 4kb ((255 + 1)*16).\n     */\n    protected const FILE_ENCRYPTION_BLOCKS = 255;\n\n    /**\n     * The encryption key.\n     *\n     * @var string\n     */\n    protected $key;\n\n    /**\n     * The algorithm used for encryption.\n     *\n     * @var string\n     */\n    protected $cipher;\n\n    /**\n     * Create a new encrypter instance.\n     *\n     * @param  string  $key\n     * @param  string  $cipher\n     * @return void\n     *\n     * @throws \\RuntimeException\n     */\n    public function __construct($key, $cipher = 'AES-128-CBC')\n    {\n        // If the key starts with \"base64:\", we will need to decode the key before handing\n        // it off to the encrypter. Keys may be base-64 encoded for presentation and we\n        // want to make sure to convert them back to the raw bytes before encrypting.\n        if (Str::startsWith($key, 'base64:')) {\n            $key = base64_decode(substr($key, 7));\n        }\n\n        if (static::supported($key, $cipher)) {\n            $this->key = $key;\n            $this->cipher = $cipher;\n        } else {\n            throw new RuntimeException('The only supported ciphers are AES-128-CBC and AES-256-CBC with the correct key lengths.');\n        }\n    }\n\n    /**\n     * Determine if the given key and cipher combination is valid.\n     *\n     * @param  string  $key\n     * @param  string  $cipher\n     * @return bool\n     */\n    public static function supported($key, $cipher)\n    {\n        $length = mb_strlen($key, '8bit');\n\n        return ($cipher === 'AES-128-CBC' && $length === 16) ||\n               ($cipher === 'AES-256-CBC' && $length === 32);\n    }\n\n    /**\n     * Encrypts the source file and saves the result in a new file.\n     *\n     * @param string $sourcePath  Path to file that should be encrypted\n     * @param string $destPath  File name where the encryped file should be written to.\n     * @return bool\n     */\n    public function encrypt($sourcePath, $destPath)\n    {\n        $fpOut = $this->openDestFile($destPath);\n        $fpIn = $this->openSourceFile($sourcePath);\n\n        // Put the initialzation vector to the beginning of the file\n        $iv = openssl_random_pseudo_bytes(16);\n        fwrite($fpOut, $iv);\n\n        $numberOfChunks = ceil(filesize($sourcePath) / (16 * self::FILE_ENCRYPTION_BLOCKS));\n\n        $i = 0;\n        while (! feof($fpIn)) {\n            $plaintext = fread($fpIn, 16 * self::FILE_ENCRYPTION_BLOCKS);\n            $ciphertext = openssl_encrypt($plaintext, $this->cipher, $this->key, OPENSSL_RAW_DATA, $iv);\n\n            // Because Amazon S3 will randomly return smaller sized chunks:\n            // Check if the size read from the stream is different than the requested chunk size\n            // In this scenario, request the chunk again, unless this is the last chunk\n            if (strlen($plaintext) !== 16 * self::FILE_ENCRYPTION_BLOCKS\n                && $i + 1 < $numberOfChunks\n            ) {\n                fseek($fpIn, 16 * self::FILE_ENCRYPTION_BLOCKS * $i);\n                continue;\n            }\n\n            // Use the first 16 bytes of the ciphertext as the next initialization vector\n            $iv = substr($ciphertext, 0, 16);\n            fwrite($fpOut, $ciphertext);\n\n            $i++;\n        }\n\n        fclose($fpIn);\n        fclose($fpOut);\n\n        return true;\n    }\n\n    /**\n     * Decrypts the source file and saves the result in a new file.\n     *\n     * @param string $sourcePath   Path to file that should be decrypted\n     * @param string $destPath  File name where the decryped file should be written to.\n     * @return bool\n     */\n    public function decrypt($sourcePath, $destPath)\n    {\n        $fpOut = $this->openDestFile($destPath);\n        $fpIn = $this->openSourceFile($sourcePath);\n\n        // Get the initialzation vector from the beginning of the file\n        $iv = fread($fpIn, 16);\n\n        $numberOfChunks = ceil((filesize($sourcePath) - 16) / (16 * (self::FILE_ENCRYPTION_BLOCKS + 1)));\n\n        $i = 0;\n        while (! feof($fpIn)) {\n            // We have to read one block more for decrypting than for encrypting because of the initialization vector\n            $ciphertext = fread($fpIn, 16 * (self::FILE_ENCRYPTION_BLOCKS + 1));\n            $plaintext = openssl_decrypt($ciphertext, $this->cipher, $this->key, OPENSSL_RAW_DATA, $iv);\n\n            // Because Amazon S3 will randomly return smaller sized chunks:\n            // Check if the size read from the stream is different than the requested chunk size\n            // In this scenario, request the chunk again, unless this is the last chunk\n            if (strlen($ciphertext) !== 16 * (self::FILE_ENCRYPTION_BLOCKS + 1)\n                && $i + 1 < $numberOfChunks\n            ) {\n                fseek($fpIn, 16 + 16 * (self::FILE_ENCRYPTION_BLOCKS + 1) * $i);\n                continue;\n            }\n\n            if ($plaintext === false) {\n                throw new Exception('Decryption failed');\n            }\n\n            // Get the the first 16 bytes of the ciphertext as the next initialization vector\n            $iv = substr($ciphertext, 0, 16);\n            fwrite($fpOut, $plaintext);\n\n            $i++;\n        }\n\n        fclose($fpIn);\n        fclose($fpOut);\n\n        return true;\n    }\n\n    protected function openDestFile($destPath)\n    {\n        if (($fpOut = fopen($destPath, 'w')) === false) {\n            throw new Exception('Cannot open file for writing');\n        }\n\n        return $fpOut;\n    }\n\n    protected function openSourceFile($sourcePath)\n    {\n        $contextOpts = Str::startsWith($sourcePath, 's3://') ? ['s3' => ['seekable' => true]] : [];\n\n        if (($fpIn = fopen($sourcePath, 'r', false, stream_context_create($contextOpts))) === false) {\n            throw new Exception('Cannot open file for reading');\n        }\n\n        return $fpIn;\n    }\n}\n"
  },
  {
    "path": "src/FileVault.php",
    "content": "<?php\n\nnamespace SoareCostin\\FileVault;\n\nuse Illuminate\\Support\\Facades\\Storage;\nuse Illuminate\\Support\\Str;\n\nclass FileVault\n{\n    /**\n     * The storage disk.\n     *\n     * @var string\n     */\n    protected $disk;\n\n    /**\n     * The encryption key.\n     *\n     * @var string\n     */\n    protected $key;\n\n    /**\n     * The algorithm used for encryption.\n     *\n     * @var string\n     */\n    protected $cipher;\n\n    /**\n     * The storage adapter.\n     *\n     * @var string\n     */\n    protected $adapter;\n\n    public function __construct()\n    {\n        $this->disk = config('file-vault.disk');\n        $this->key = config('file-vault.key');\n        $this->cipher = config('file-vault.cipher');\n    }\n\n    /**\n     * Set the disk where the files are located.\n     *\n     * @param  string  $disk\n     * @return $this\n     */\n    public function disk($disk)\n    {\n        $this->disk = $disk;\n\n        return $this;\n    }\n\n    /**\n     * Set the encryption key.\n     *\n     * @param  string  $key\n     * @return $this\n     */\n    public function key($key)\n    {\n        $this->key = $key;\n\n        return $this;\n    }\n\n    /**\n     * Create a new encryption key for the given cipher.\n     *\n     * @return string\n     */\n    public static function generateKey()\n    {\n        return random_bytes(config('file-vault.cipher') === 'AES-128-CBC' ? 16 : 32);\n    }\n\n    /**\n     * Encrypt the passed file and saves the result in a new file with \".enc\" as suffix.\n     *\n     * @param string $sourceFile Path to file that should be encrypted, relative to the storage disk specified\n     * @param string $destFile   File name where the encryped file should be written to, relative to the storage disk specified\n     * @return $this\n     */\n    public function encrypt($sourceFile, $destFile = null, $deleteSource = true)\n    {\n        $this->registerServices();\n\n        if (is_null($destFile)) {\n            $destFile = \"{$sourceFile}.enc\";\n        }\n\n        $sourcePath = $this->getFilePath($sourceFile);\n        $destPath = $this->getFilePath($destFile);\n\n        // Create a new encrypter instance\n        $encrypter = new FileEncrypter($this->key, $this->cipher);\n\n        // If encryption is successful, delete the source file\n        if ($encrypter->encrypt($sourcePath, $destPath) && $deleteSource) {\n            Storage::disk($this->disk)->delete($sourceFile);\n        }\n\n        return $this;\n    }\n\n    public function encryptCopy($sourceFile, $destFile = null)\n    {\n        return self::encrypt($sourceFile, $destFile, false);\n    }\n\n    /**\n     * Dencrypt the passed file and saves the result in a new file, removing the\n     * last 4 characters from file name.\n     *\n     * @param string $sourceFile Path to file that should be decrypted\n     * @param string $destFile   File name where the decryped file should be written to.\n     * @return $this\n     */\n    public function decrypt($sourceFile, $destFile = null, $deleteSource = true)\n    {\n        $this->registerServices();\n\n        if (is_null($destFile)) {\n            $destFile = Str::endsWith($sourceFile, '.enc')\n                        ? Str::replaceLast('.enc', '', $sourceFile)\n                        : $sourceFile.'.dec';\n        }\n\n        $sourcePath = $this->getFilePath($sourceFile);\n        $destPath = $this->getFilePath($destFile);\n\n        // Create a new encrypter instance\n        $encrypter = new FileEncrypter($this->key, $this->cipher);\n\n        // If decryption is successful, delete the source file\n        if ($encrypter->decrypt($sourcePath, $destPath) && $deleteSource) {\n            Storage::disk($this->disk)->delete($sourceFile);\n        }\n\n        return $this;\n    }\n\n    public function decryptCopy($sourceFile, $destFile = null)\n    {\n        return self::decrypt($sourceFile, $destFile, false);\n    }\n\n    public function streamDecrypt($sourceFile)\n    {\n        $this->registerServices();\n\n        $sourcePath = $this->getFilePath($sourceFile);\n\n        // Create a new encrypter instance\n        $encrypter = new FileEncrypter($this->key, $this->cipher);\n\n        return $encrypter->decrypt($sourcePath, 'php://output');\n    }\n\n    protected function getFilePath($file)\n    {\n        if ($this->isS3File()) {\n            return \"s3://{$this->adapter->getBucket()}/{$file}\";\n        }\n\n        return Storage::disk($this->disk)->path($file);\n    }\n\n    protected function isS3File()\n    {\n        return $this->disk == 's3';\n    }\n\n    protected function setAdapter()\n    {\n        if ($this->adapter) {\n            return;\n        }\n\n        $this->adapter = Storage::disk($this->disk)->getAdapter();\n    }\n\n    protected function registerServices()\n    {\n        $this->setAdapter();\n\n        if ($this->isS3File()) {\n            $client = $this->adapter->getClient();\n            $client->registerStreamWrapper();\n        }\n    }\n}\n"
  },
  {
    "path": "src/FileVaultServiceProvider.php",
    "content": "<?php\n\nnamespace SoareCostin\\FileVault;\n\nuse Illuminate\\Support\\ServiceProvider;\n\nclass FileVaultServiceProvider extends ServiceProvider\n{\n    /**\n     * Bootstrap the application services.\n     */\n    public function boot()\n    {\n        if ($this->app->runningInConsole()) {\n            $this->publishes([\n                __DIR__.'/../config/config.php' => config_path('file-vault.php'),\n            ], 'file-vault-config');\n        }\n    }\n\n    /**\n     * Register the application services.\n     */\n    public function register()\n    {\n        // Automatically apply the package configuration\n        $this->mergeConfigFrom(__DIR__.'/../config/config.php', 'file-vault');\n\n        // Register the main class to use with the facade\n        $this->app->singleton('file-vault', function () {\n            return new FileVault;\n        });\n    }\n}\n"
  },
  {
    "path": "storage/app/.gitignore",
    "content": "*\n!.gitignore"
  },
  {
    "path": "tests/FileVaultTest.php",
    "content": "<?php\n\nnamespace SoareCostin\\FileVault\\Tests;\n\nuse Illuminate\\Support\\Facades\\Storage;\nuse Orchestra\\Testbench\\TestCase;\nuse SoareCostin\\FileVault\\Facades\\FileVault;\nuse SoareCostin\\FileVault\\FileVaultServiceProvider;\n\nclass FileVaultTest extends TestCase\n{\n    /**\n     * Get package providers.\n     *\n     * @param  \\Illuminate\\Foundation\\Application  $app\n     *\n     * @return array\n     */\n    protected function getPackageProviders($app)\n    {\n        return [\n            FileVaultServiceProvider::class,\n        ];\n    }\n\n    /**\n     * Get package aliases.\n     *\n     * @param  \\Illuminate\\Foundation\\Application  $app\n     *\n     * @return array\n     */\n    protected function getPackageAliases($app)\n    {\n        return [\n            'FileVault' => FileVault::class,\n        ];\n    }\n\n    /**\n     * Define environment setup.\n     *\n     * @param  \\Illuminate\\Foundation\\Application  $app\n     * @return void\n     */\n    protected function getEnvironmentSetUp($app)\n    {\n        // Set the storage local filesystem\n        $app['config']->set('filesystems.disks.local.driver', 'local');\n        $app['config']->set('filesystems.disks.local.root', realpath(__DIR__.'/../storage/app'));\n        $app['config']->set('filesystems.default', 'local');\n\n        // Generate and set a random encryption key\n        $app['config']->set('file-vault.key', $this->generateRandomKey());\n    }\n\n    /**\n     * Generate a random key for the application.\n     *\n     * @return string\n     */\n    protected function generateRandomKey()\n    {\n        return 'base64:'.base64_encode(\n            \\SoareCostin\\FileVault\\FileVault::generateKey()\n        );\n    }\n\n    /**\n     * Generate a file with random contents.\n     *\n     * @return int|bool\n     */\n    protected function generateFile($fileName, $fileSize = 500000)\n    {\n        $fileContents = random_bytes($fileSize);\n\n        return Storage::put($fileName, $fileContents);\n    }\n\n    /** @test */\n    public function test_encrypt_generates_a_file()\n    {\n        $this->generateFile($fileName = 'file.txt');\n\n        FileVault::encrypt($fileName);\n\n        // Test if the encrypted file exists\n        $this->assertFileExists(\n            Storage::path(\"{$fileName}.enc\")\n        );\n    }\n\n    /** @test */\n    public function test_encrypt_copy_generates_a_file()\n    {\n        $this->generateFile($fileName = 'file.txt');\n\n        FileVault::encryptCopy($fileName);\n\n        // Test if the encrypted file exists\n        $this->assertFileExists(\n            Storage::path(\"{$fileName}.enc\")\n        );\n    }\n\n    /** @test */\n    public function test_it_can_encrypt_a_file_using_a_different_destination_name()\n    {\n        $this->generateFile($fileName = 'file.txt');\n\n        FileVault::encrypt($fileName, 'encrypted.enc');\n\n        // Test if the encrypted file exists\n        $this->assertFileExists(\n            Storage::path('encrypted.enc')\n        );\n    }\n\n    /** @test */\n    public function test_encrypt_deletes_the_original()\n    {\n        $this->generateFile($fileName = 'file.txt');\n\n        FileVault::encrypt($fileName);\n\n        // Test if the original file has been deleted\n        $this->assertFileNotExists(\n            Storage::path($fileName)\n        );\n    }\n\n    /** @test */\n    public function test_encrypt_copy_keeps_the_original()\n    {\n        $this->generateFile($fileName = 'file.txt');\n\n        FileVault::encryptCopy($fileName);\n\n        // Test if the original file still exists\n        $this->assertFileExists(\n            Storage::path($fileName)\n        );\n    }\n\n    /** @test */\n    public function test_decrypt()\n    {\n        $this->generateFile($fileName = 'file.txt');\n\n        FileVault::encrypt($fileName);\n        FileVault::decrypt(\"{$fileName}.enc\");\n\n        // Test that the decrypted file was generated\n        $this->assertFileExists(\n            Storage::path($fileName)\n        );\n    }\n\n    /** @test */\n    public function test_decrypt_using_a_different_destination_name()\n    {\n        $this->generateFile($fileName = 'file.txt');\n\n        FileVault::encrypt($fileName);\n        FileVault::decrypt(\"{$fileName}.enc\", \"{$fileName}.dec\");\n\n        // Test that the decrypted file was generated\n        $this->assertFileExists(\n            Storage::path(\"{$fileName}.dec\")\n        );\n    }\n\n    /** @test */\n    public function test_decrypt_deletes_the_encrypted_file()\n    {\n        $this->generateFile($fileName = 'file.txt');\n\n        FileVault::encrypt($fileName);\n        FileVault::decrypt(\"{$fileName}.enc\");\n\n        // Test that the encrypted file was deleted after decryption\n        $this->assertFileNotExists(\n            Storage::path(\"{$fileName}.enc\")\n        );\n    }\n\n    /** @test */\n    public function test_decrypt_copy_keeps_the_encrypted_file()\n    {\n        $this->generateFile($fileName = 'file.txt');\n\n        FileVault::encrypt($fileName);\n        FileVault::decryptCopy(\"{$fileName}.enc\");\n\n        // Test that the encrypted file was deleted after decryption\n        $this->assertFileExists(\n            Storage::path(\"{$fileName}.enc\")\n        );\n    }\n\n    /** @test */\n    public function test_a_decrypted_file_has_the_same_content_as_the_original_file()\n    {\n        $this->generateFile($fileName = 'file.txt');\n\n        FileVault::encryptCopy($fileName);\n        FileVault::decrypt(\"{$fileName}.enc\", \"{$fileName}.dec\");\n\n        // Test to see if the decrypted content is the same as the original\n        $this->assertEquals(\n            Storage::get($fileName),\n            Storage::get(\"{$fileName}.dec\")\n        );\n    }\n\n    /** @test */\n    public function test_it_can_encrypt_and_decrypt_using_a_user_generated_key()\n    {\n        $key = FileVault::generateKey();\n\n        $this->generateFile($fileName = 'file.txt');\n\n        FileVault::key($key)->encryptCopy($fileName);\n        FileVault::key($key)->decrypt(\"{$fileName}.enc\", \"{$fileName}.dec\");\n\n        // Test to see if the decrypted content is the same as the original\n        $this->assertEquals(\n            Storage::get($fileName),\n            Storage::get(\"{$fileName}.dec\")\n        );\n    }\n\n    /** @test */\n    public function test_it_can_stream_a_decrypted_file()\n    {\n        $this->generateFile($fileName = 'file.txt');\n\n        FileVault::encryptCopy($fileName);\n\n        ob_start();\n        FileVault::streamDecrypt(\"{$fileName}.enc\");\n        $phpOutput = ob_get_contents();\n        ob_end_clean();\n\n        // Test to see if the decrypted content is sent to php://output\n        $this->assertEquals(\n            Storage::get($fileName),\n            $phpOutput\n        );\n    }\n\n    public function tearDown(): void\n    {\n        // Cleanup the storage dir\n        array_map('unlink', glob(__DIR__.'/../storage/app/*.*'));\n\n        parent::tearDown();\n    }\n}\n"
  }
]