update: encrypt private messages

Author: Roardom

app/Http/Livewire/ConversationSearch.php

@@ -18,6 +18,7 @@
 
 use App\Models\Conversation;
 use App\Traits\LivewireSort;
+use Illuminate\Support\Facades\DB;
 use Livewire\Attributes\Computed;
 use Livewire\Attributes\Rule;
 use Livewire\Attributes\Url;
@@ -80,7 +81,18 @@ final public function conversations(): \Illuminate\Pagination\LengthAwarePaginat
             )
             ->when(
                 $this->message !== null && $this->message !== '',
-                fn ($query) => $query->whereRelation('messages', 'message', 'LIKE', '%'.str_replace(' ', '%', $this->message).'%')
+                fn ($query) => $query->whereHas('messages', function ($query): void {
+                    DB::statement("SET block_encryption_mode = 'aes-256-cbc'");
+                    $query
+                        ->selectRaw(<<<SQL
+                            AES_DECRYPT(
+                                FROM_BASE64(JSON_UNQUOTE(JSON_EXTRACT(CONVERT(FROM_BASE64(message) USING utf8), '$.value'))),
+                                ?,
+                                FROM_BASE64(JSON_UNQUOTE(JSON_EXTRACT(CONVERT(FROM_BASE64(message) USING utf8), '$.iv')))
+                            ) AS decrypted_message
+                        SQL, [base64_decode(substr(config('app.key'), 7))])
+                        ->having('decrypted_message', 'LIKE', '%'.str_replace(' ', '%', $this->message).'%');
+                })
             )
             ->when(
                 $this->tab === 'inbox' || $this->tab === 'unread',

app/Models/PrivateMessage.php

@@ -41,6 +41,20 @@ class PrivateMessage extends Model
      */
     protected $guarded = ['id', 'created_at', 'updated_at'];
 
+    /**
+     * Get the attributes that should be cast.
+     *
+     * @return array{
+     *     message: 'encrypted',
+     * }
+     */
+    protected function casts(): array
+    {
+        return [
+            'message' => 'encrypted',
+        ];
+    }
+
     /**
      * Belongs To A User.
      *

database/migrations/2025_07_17_104138_encrypt_private_messages.php

@@ -0,0 +1,35 @@
+<?php
+/**
+ * NOTICE OF LICENSE.
+ *
+ * UNIT3D Community Edition is open-sourced software licensed under the GNU Affero General Public License v3.0
+ * The details is bundled with this project in the file LICENSE.txt.
+ *
+ * @project    UNIT3D Community Edition
+ *
+ * @author     Roardom <[email protected]>
+ * @license    https://www.gnu.org/licenses/agpl-3.0.en.html/ GNU Affero General Public License v3.0
+ */
+
+use Illuminate\Database\Migrations\Migration;
+use Illuminate\Support\Facades\Crypt;
+use Illuminate\Support\Facades\DB;
+use Illuminate\Support\Facades\Schema;
+
+return new class () extends Migration {
+    /**
+     * Run the migrations.
+     */
+    public function up(): void
+    {
+        DB::table('private_messages')
+            ->lazyById()
+            ->each(function (object $privateMessage): void {
+                DB::table('private_messages')
+                    ->where('id', '=', $privateMessage->id)
+                    ->update([
+                        'message' => Crypt::encryptString($privateMessage->message),
+                    ]);
+            });
+    }
+};

database/schema/mysql-schema.sql

@@ -3005,3 +3005,4 @@ INSERT INTO `migrations` (`id`, `migration`, `batch`) VALUES (354,'2025_06_18_00
 INSERT INTO `migrations` (`id`, `migration`, `batch`) VALUES (355,'2025_06_18_040627_alter_requests_drop_claimed',1);
 INSERT INTO `migrations` (`id`, `migration`, `batch`) VALUES (356,'2025_06_21_234021_alter_requests_drop_votes',1);
 INSERT INTO `migrations` (`id`, `migration`, `batch`) VALUES (357,'2025_07_15_061844_add_block_order_to_user_settings',1);
+INSERT INTO `migrations` (`id`, `migration`, `batch`) VALUES (358,'2025_07_17_104138_encrypt_private_messages',1);