first commit

This commit is contained in:
brusnitsyn
2026-06-24 17:20:43 +09:00
commit 43499acf1c
165 changed files with 25929 additions and 0 deletions

145
app/Models/User.php Normal file
View File

@@ -0,0 +1,145 @@
<?php
namespace App\Models;
use App\Models\Concerns\HasPdnEncryption;
use Database\Factories\UserFactory;
use Illuminate\Database\Eloquent\Factories\HasFactory;
use Illuminate\Database\Eloquent\Relations\HasMany;
use Illuminate\Database\Eloquent\SoftDeletes;
use Illuminate\Foundation\Auth\User as Authenticatable;
use Illuminate\Notifications\Notifiable;
use Illuminate\Support\Carbon;
use Spatie\Permission\Traits\HasRoles;
/**
* Учётная запись пользователя.
*
* Меры ФСТЭК: ИАФ.2 (жизненный цикл идентификатора, soft delete), ИАФ.4 (MFA),
* ИАФ.3 (срок действия пароля), УПД.4 (роли через spatie/laravel-permission).
*
* @property int $id
* @property string $name
* @property string $email
* @property Carbon|null $email_verified_at
* @property string $password
* @property Carbon|null $password_changed_at
* @property string|null $mfa_secret Зашифровано (ЗНИ)
* @property string|null $mfa_recovery_codes Зашифровано (ЗНИ), JSON
* @property Carbon|null $mfa_confirmed_at
* @property bool $is_blocked
* @property Carbon|null $last_login_at
* @property string|null $remember_token
*/
class User extends Authenticatable
{
/** @use HasFactory<UserFactory> */
use HasFactory;
use HasPdnEncryption;
use HasRoles;
use Notifiable;
use SoftDeletes;
protected $fillable = [
'name',
'email',
'password',
];
protected $hidden = [
'password',
'remember_token',
'mfa_secret',
'mfa_recovery_codes',
];
/**
* Поля ПДн/секреты, шифруемые на уровне приложения (мера ЗНИ).
*
* @var array<int, string>
*/
protected array $encrypted = [
'mfa_secret',
'mfa_recovery_codes',
];
protected function casts(): array
{
return [
'email_verified_at' => 'datetime',
'password' => 'hashed',
'password_changed_at' => 'datetime',
'mfa_confirmed_at' => 'datetime',
'last_login_at' => 'datetime',
'is_blocked' => 'boolean',
];
}
/*
|--------------------------------------------------------------------------
| Многофакторная аутентификация (ИАФ.4)
|--------------------------------------------------------------------------
*/
public function hasMfaEnabled(): bool
{
return $this->mfa_secret !== null && $this->mfa_confirmed_at !== null;
}
/**
* @return array<int, string>
*/
public function recoveryCodes(): array
{
$raw = $this->mfa_recovery_codes;
return $raw ? (array) json_decode($raw, true) : [];
}
/**
* @param array<int, string> $codes
*/
public function setRecoveryCodes(array $codes): void
{
$this->mfa_recovery_codes = (string) json_encode(array_values($codes), JSON_UNESCAPED_UNICODE);
}
/*
|--------------------------------------------------------------------------
| Парольная политика (ИАФ.3)
|--------------------------------------------------------------------------
*/
public function passwordExpired(): bool
{
$maxAge = (int) config('security.password.max_age_days');
if ($maxAge <= 0) {
return false;
}
$changedAt = $this->password_changed_at ?? $this->created_at;
return $changedAt === null || $changedAt->lt(now()->subDays($maxAge));
}
/**
* @return HasMany<PasswordHistory, $this>
*/
public function passwordHistories(): HasMany
{
return $this->hasMany(PasswordHistory::class);
}
/*
|--------------------------------------------------------------------------
| Состояние учётной записи (ИАФ.2, УПД.1)
|--------------------------------------------------------------------------
*/
public function isBlocked(): bool
{
return (bool) $this->is_blocked;
}
}