Doppar

Appearance

Introduction

Before diving into Doppar's data management capabilities, it’s important to familiarize yourself with some key model properties that shape how your data is handled. Doppar offers the flexibility to customize these properties to suit your specific needs. Key properties include $pageSize, which controls the number of records displayed per page; $primaryKey, which defines the unique identifier for your table; $table, which specifies the database table associated with the model; $creatable, which determines whether new records can be added; and $unexposable and $timeStamps, which allows you to hide sensitive or irrelevant data from being exposed and handle datetime columns. With Doppar, you have full control to tweak these properties, ensuring your data interactions are both efficient and secure. Let's see the User model as for example.

Creating Model Classes

To get started, let's create an Eloquent model. Models typically live in the app\Models directory and extend the Phaseolies\Database\Eloquent\Model class. You may use the make:model Pool command to generate a new model:

bash
php pool make:model Post

This command will generate a new model inside App\Models directory. Models generated by the make:model command will be placed in the app/Models directory. Let's see a basic model class.

php
<?php

namespace App\Models;

use Phaseolies\Database\Eloquent\Model;

class Post extends Model
{
    //
}

If you pass the -m option, it will create a migration file for your associative model, like:

bash
php pool make:model Post -m

$primaryKey

Specifies the column name that serves as the unique identifier for the table. By default, this is set to 'id', but it can be customized if your table uses a different primary key.

php
<?php

namespace App\Models;

use Phaseolies\Database\Eloquent\Model;

class Post extends Model
{
    /**
     * The primary key associated with the table.
     *
     * @var int
     */
    protected $primaryKey = 'id';
}

$table

Specifies the database table associated with this model

php
<?php

namespace App\Models;

use Phaseolies\Database\Eloquent\Model;

class Post extends Model
{
    /**
     * The table associated with the model.
     *
     * @var string
     */
    protected $table = 'posts';
}

$creatable

Specifies which attributes can be mass-assigned when creating or updating records.This helps prevent mass assignment vulnerabilities by explicitly defining safe fields. Only the attributes listed here can be set in bulk operations.

php
<?php

namespace App\Models;

use Phaseolies\Database\Eloquent\Model;

class Post extends Model
{
    /**
     * Creatable Attributes
     *
     * @var array
     */
    protected $creatable = ['title', 'status', 'description'];
}

$unexposable

Specifies which attributes should be hidden when the model is converted to an array or JSON or Collection. This is particularly useful for hiding sensitive information, such as passwords, from being exposed in API responses or other outputs.

php
<?php

namespace App\Models;

use Phaseolies\Database\Eloquent\Model;

class User extends Model
{
    /**
     * Unexposable Attributes
     *
     * @var array
     */
    protected $unexposable = ['password'];
}

$timeStamps

Indicates whether the model should maintain timest(created_at and updated_at fields.).

php
<?php

namespace App\Models;

use Phaseolies\Database\Eloquent\Model;

class Post extends Model
{
    /**
     * Indicates if the model should be timestamped.
     *
     * @var bool
     */
    protected $timeStamps = true;
}

#[CastToDate]

By default, $timeStamps uses the datetime format. However, you can convert it to a date format by using Phaseolies\Utilities\Casts\CastToDate like this:

php
<?php

namespace App\Models;

use Phaseolies\Utilities\Casts\CastToDate;
use Phaseolies\Database\Eloquent\Model;

class Post extends Model
{
    /**
     * Indicates if the model should be timestamped.
     *
     * @var bool
     */
    #[CastToDate]
    protected $timeStamps = true;
}

Properties Encryption

What is Property Encryption?

Property encryption refers to the automatic encryption of specific attributes (also called properties) of a model, and their automatic decryption when retrieved via the decrypt($property) method.

This means:

  • Sensitive fields (like name, email, phone, notes, etc.) are encrypted at rest, improving data security.
  • Developers can still interact with the model normally (e.g., $user->eemail), without needing to manually encrypt values.
  • Only selected fields are encrypted — not the entire model — allowing secure yet efficient storage and querying.

The Doppar provides Phaseolies\Support\Contracts\Encryptable interface for property encryption. When a model implements the Encryptable contract, the framework knows which fields to automatically encrypt based on your configuration.

Example: User Model

php
namespace App\Models;

use Phaseolies\Database\Eloquent\Model;
use Phaseolies\Support\Contracts\Encryptable;

class User extends Model implements Encryptable
{
    /**
     * Return an array of model attributes that should be encrypted
     *
     * @return array
     */
    public function getEncryptedProperties(): array
    {
        return [
            'email',
        ];
    }
}

In this case, the email field will always be encrypted when you will fecth data. Now When you perform a query like this using Eloquent.

php
User::find(1);

The Doppar will automatically encrypted fields inside your application. However, when you serialize the data — such as converting it to JSON for APIs or logging — the encrypted values are preserved unless explicitly decrypted before printing.

json
{
    "id": 1,
    "name": "Nure Yesmin",
    "email": "T0RvMnZqWUIzVWhURkNKdWZSN0ZPaDZvN3g2M0o0L21nUTZ1",
    "status": 1,
    "created_at": "2025-07-13 07:48:05",
    "updated_at": "2025-07-13 07:48:05"
}

The Doppar Framework’s support for encrypted model properties makes it easy to protect sensitive data with minimal code. Just declare what to encrypt — and the framework handles the rest.

Fetch Without Encryption

If you've enabled encryption in your model but need to retrieve data without applying encryption, Doppar provides the withoutEncryption method. This allows you to fetch unencrypted data when necessary.

php
User::query()
    ->withoutEncryption()
    ->get();

You can also use withoutEncryption when fetching relational data. For example:

php
User::query()
    ->embed('posts', fn($query) => $query->withoutEncryption())
    ->withoutEncryption()
    ->paginate(10);

In this example, both the parent (User) and the related (posts) data are retrieved without applying encryption.

WARNING

The withoutEncryption method is not intended for use with find(). It should only be used for queries that do not rely on find() to retrieve individual records.

Same-Origin Decryption

By default, encrypted properties on models like when you retrieve them (e.g., using User::all()), these properties will appear as encrypted unless you decrypt them manually.

Accessing Decrypted Values Manually

In some cases — especially when working with raw collections, external tools, or custom logic — you may want to manually decrypt encrypted values.

Here’s how you can do that safely:

php
$users = User::all();

foreach ($users as $item) {
    $encryptedName = $item->name; // This is encrypted
    $decryptedName = decrypt($item->name); // The original value
}

Cross-Origin Decryption

In the Doppar Framework, sensitive model properties are encrypted using a secure AES-256-CBC algorithm and stored as base64-encoded strings that combine the cipher text and IV (Initialization Vector), separated by ::.

While this protects data at rest, you may encounter situations where the encrypted data must be decrypted outside of the originating backend — for example:

  • On a separate frontend app (e.g., React, Vue)
  • On a different backend service (e.g., microservices)
  • For external APIs or partners with access to encrypted data

This is known as cross-origin decryption.

To successfully decrypt encrypted properties on a cross-origin system (such as a separate frontend, backend service, or external application), the receiving system must have access to the exact encryption configuration used by the Doppar backend.

Required Shared Data:

Encryption Cipher

Must match the cipher used during encryption.

php
$cipher = config('app.cipher') ?? 'AES-256-CBC';

Application Encryption Key

Must be the base64-decoded version of the application’s APP_KEY.

php
$key = base64_decode(getenv('APP_KEY'));

WARNING

⚠️ Security Warning: The APP_KEY is highly sensitive. It must only be shared with trusted systems over secure channels (e.g., HTTPS, encrypted environment variables, secure vaults).

For more detail, see the Phaseolies\Support\Encryption class for a detailed understanding of how the encryption key, IV, and cipher are generated and used internally.