Hyperf方案 数据隐私合规（GDPR）

GDPR 合规涉及几个核心维度，用组合方案最实用： ┌───────────────┬───────────────────────────────┬──────────────────┐ │ 维度 │ 库 │ 说明 │ ├───────────────┼───────────────────────────────┼──────────────────┤ │ 个人数据加密 │ 原生 openssl │ 零依赖，PHP 内置 │ ├───────────────┼───────────────────────────────┼──────────────────┤ │ 数据匿名化 │ webnet-fr/database-anonymizer │ CLI + PHP API │ ├───────────────┼───────────────────────────────┼──────────────────┤ │ 审计日志 │ Hyperf ORM 事件 │ 原生支持 │ ├───────────────┼───────────────────────────────┼──────────────────┤ │ 数据导出/删除 │ 自实现接口 │ GDPR Art.17/20 │ └───────────────┴───────────────────────────────┴──────────────────┘ --- 安装composerrequire webnet-fr/database-anonymizer ---1. 个人数据加密（字段级）<?php namespace App\Trait;trait EncryptsPersonalData{private static string$cipher='aes-256-gcm';publicfunctionencryptPII(string$value): string{$key=base64_decode(env('PII_ENCRYPTION_KEY'));$iv=random_bytes(12);$tag='';$encrypted=openssl_encrypt($value, self::$cipher,$key, OPENSSL_RAW_DATA,$iv,$tag);returnbase64_encode($iv.$tag.$encrypted);}publicfunctiondecryptPII(string$value): string{$key=base64_decode(env('PII_ENCRYPTION_KEY'));$raw=base64_decode($value);$iv=substr($raw,0,12);$tag=substr($raw,12,16);$data=substr($raw,28);returnopenssl_decrypt($data, self::$cipher,$key, OPENSSL_RAW_DATA,$iv,$tag);}}Model 中使用： class User extends Model{use EncryptsPersonalData;// 自动加解密 publicfunctionsetEmailAttribute(string$v): void{$this->attributes['email']=$this->encryptPII($v);}publicfunctiongetEmailAttribute(string$v): string{return$this->decryptPII($v);}}---2. 数据匿名化配置（webnet-fr） config/anonymizer.yaml： tables: users: email: generator: faker formatter: safeEmail name: generator: faker formatter: name phone: generator: faker formatter: phoneNumber ip_address: generator: faker formatter: ipv4 执行匿名化（测试环境/数据导出前）： php vendor/bin/database-anonymizer anonymize--config=config/anonymizer.yaml ---3. 审计日志中间件<?php namespace App\Middleware;use App\Model\GdprAuditLog;use Psr\Http\Message\ResponseInterface;use Psr\Http\Message\ServerRequestInterface;use Psr\Http\Server\MiddlewareInterface;use Psr\Http\Server\RequestHandlerInterface;class GdprAuditMiddleware implements MiddlewareInterface{private array$sensitiveRoutes=['/api/users','/api/profile'];publicfunctionprocess(ServerRequestInterface$request, RequestHandlerInterface$handler): ResponseInterface{$response=$handler->handle($request);if($this->isSensitive($request->getUri()->getPath())){GdprAuditLog::create(['user_id'=>auth()->id(),'action'=>$request->getMethod(),'resource'=>$request->getUri()->getPath(),'ip'=>$request->getServerParams()['remote_addr']??'','created_at'=>now(),]);}return$response;}privatefunctionisSensitive(string$path): bool{returnstr_starts_with($path, implode('|',$this->sensitiveRoutes))||collect($this->sensitiveRoutes)->contains(fn($r)=>str_starts_with($path,$r));}}---4. GDPR 权利接口（Art.17 删除 / Art.20 导出）<?php namespace App\Controller;use Hyperf\HttpServer\Annotation\Controller;use Hyperf\HttpServer\Annotation\DeleteMapping;use Hyperf\HttpServer\Annotation\GetMapping;#[Controller(prefix: '/api/gdpr')]class GdprController{// Art.20 数据可携带权 - 导出#[GetMapping(path: 'export')]publicfunctionexport(): array{$user=auth()->user();return['exported_at'=>now()->toIso8601String(),'data'=>['profile'=>$user->only(['name','email','created_at']),'orders'=>$user->orders()->get(['id','total','created_at']),'activity'=>GdprAuditLog::where('user_id',$user->id)->get(),],];}// Art.17 被遗忘权 - 删除#[DeleteMapping(path: 'erase')]publicfunctionerase(): array{$user=auth()->user();// 匿名化而非物理删除（保留业务完整性）$user->update(['name'=>'Deleted User','email'=>"deleted_{$user->id}@removed.invalid",'phone'=>null,'deleted_at'=>now(),]);GdprAuditLog::create(['user_id'=>$user->id,'action'=>'ERASE_REQUEST','resource'=>'user_account',]);return['status'=>'erased'];}}---5. 数据保留策略（定时清理）<?php namespace App\Crontab;use Hyperf\Crontab\Annotation\Crontab;#[Crontab(rule: '0 2 * * *', name: 'GdprRetention', singleton: true)]class GdprRetentionCrontab{publicfunctionexecute(): void{// 删除超过保留期的数据（GDPR 要求明确保留期限） GdprAuditLog::where('created_at','<', now()->subYears(2))->delete();User::onlyTrashed()->where('deleted_at','<', now()->subDays(30))->forceDelete();}}--- 核心要点： - 加密用 AES-256-GCM（带认证标签，防篡改） - PII_ENCRYPTION_KEY 用 base64_encode(random_bytes(32))生成，存 .env - 删除用匿名化替代物理删除，保留业务数据完整性 - 审计日志保留期建议2年，超期自动清理