lekoala / silverstripe-encrypt

src/HasEncryption.php

<?php

namespace LeKoala\Encrypt;

use SilverStripe\Model\ModelData;

/**
 * This trait allow encryption for fields that don't
 * require a blind index
 */
trait HasEncryption
{
    use HasBaseEncryption;

    /**
     * prepValueForDB gets passed $this->value
     *
     * @param string $value
     * @return string
     */
    public function prepValueForDB(mixed $value): array|string|null
    {
        if (!$value) {
            if ($this->getNullifyEmpty() || $value === null) {

It seems like getNullifyEmpty() must be provided by classes using this trait. How about adding it as abstract method to this trait?

                return null;
            }
            return '';
        }
        // Don't encrypt twice
        if (EncryptHelper::isEncrypted($value)) {
            return $value;
        }
        $aad = $this->encryptionAad;
        $encryptedValue = $this->getEncryptedField()->encryptValue($value, $aad);
        return $encryptedValue;
    }

    public function setValue(mixed $value, null|array|ModelData $record = null, bool $markChanged = true): static
    {
        $this->setEncryptionAad($record);

It seems like $record can also be of type array; however, parameter $record of LeKoala\Encrypt\HasEncryption::setEncryptionAad() does only seem to accept SilverStripe\ORM\DataObject, maybe add an additional type check?

        // Return early if we keep encrypted value in memory
        if (!EncryptHelper::getAutomaticDecryption()) {
            $this->value = $value;

The property value does not exist. Although not strictly required by PHP, it is generally a best practice to declare properties explicitly.

            return $this;
        }

        // $markChanged is not used
        // The value might come encrypted from the database
        if ($value && EncryptHelper::isEncrypted($value)) {
            $this->value = $this->decryptValue($value);
        } else {
            $this->value = $value;
        }
        return $this;
    }
}