Add decrypt_value() and encrypt_value() helper functions

Extracts the recurring decryption/encryption pattern into reusable helper functions with consistent error handling: - decrypt_value(): Safely decrypts encrypted values with try/catch - encrypt_value(): Safely encrypts values with error handling Both functions handle: - Empty/null values gracefully - Missing encryption key (logs warning) - Encryption/decryption failures (logs error, returns default) This pattern appears in 8+ locations across the codebase. GitHub-Issue: #4554
2026-06-01 20:26:50 -04:00 · 2026-05-22 01:28:30 +02:00
parent 403180db7b
commit 26e8d9d80c
1 changed files with 62 additions and 0 deletions
--- a/app/Helpers/security_helper.php
+++ b/app/Helpers/security_helper.php
@@ -258,4 +258,66 @@ function remove_backup(): void
    if (file_exists($backup_path)) {
        unlink($backup_path);
    }
+}
+
+/**
+ * Decrypts an encrypted value with proper error handling.
+ *
+ * This function provides a consistent decryption pattern across the codebase,
+ * handling cases where encryption key may not be available or decryption fails.
+ *
+ * @param string|null $encrypted_value The encrypted value to decrypt
+ * @param string      $default         Default value to return if decryption fails
+ *
+ * @return string The decrypted value, or default if decryption fails
+ */
+function decrypt_value(?string $encrypted_value, string $default = ''): string
+{
+    if (empty($encrypted_value)) {
+        return $default;
+    }
+
+    if (!check_encryption()) {
+        log_message('warning', 'Cannot decrypt value: encryption key not available');
+        return $default;
+    }
+
+    try {
+        $encrypter = Services::encrypter();
+        return $encrypter->decrypt($encrypted_value);
+    } catch (\CodeIgniter\Encryption\Exceptions\EncryptionException $e) {
+        log_message('error', 'Decryption failed: ' . $e->getMessage());
+        return $default;
+    }
+}
+
+/**
+ * Encrypts a value with proper error handling.
+ *
+ * This function provides a consistent encryption pattern across the codebase,
+ * handling cases where encryption key may not be available.
+ *
+ * @param string|null $value   The value to encrypt
+ * @param string      $default Default value to return if encryption fails
+ *
+ * @return string The encrypted value, or default if encryption fails
+ */
+function encrypt_value(?string $value, string $default = ''): string
+{
+    if (empty($value)) {
+        return $default;
+    }
+
+    if (!check_encryption()) {
+        log_message('warning', 'Cannot encrypt value: encryption key not available');
+        return $default;
+    }
+
+    try {
+        $encrypter = Services::encrypter();
+        return $encrypter->encrypt($value);
+    } catch (\CodeIgniter\Encryption\Exceptions\EncryptionException $e) {
+        log_message('error', 'Encryption failed: ' . $e->getMessage());
+        return $default;
+    }
 }