DEV Community: Fazle Rabbi

Mask Your Laravel App Eloquent Attributes on Retrieval

Fazle Rabbi — Mon, 02 Feb 2026 11:35:57 +0000

Mask Your Laravel App Eloquent Attributes on Retrieval

A Laravel package that automatically masks sensitive model attributes on retrieval. Supports email, phone, and text masking with highly configurable rules.

This is the Github Repository. https://github.com/irabbi360/laravel-attribute-mask

Features

Automatic attribute masking on retrieval
Email, phone, and text masking support
Configurable mask character and visibility
Global or per-attribute masking rules
Auto-detection of phone fields by column name

Installation

composer require irabbi360/laravel-attribute-mask

Publish the config file:

php artisan vendor:publish --tag="attribute-mask-config"

Configuration

The default configuration (config/attribute-mask.php):

return [
    'enabled' => true,
    'mask_char' => '*',

    'email_masking' => [
        'show_domain' => true,
        'show_start' => 1,
        'show_end' => 1,
    ],

    'phone_masking' => [
        'show_start' => 3,
        'show_end' => 2,
        'patterns' => ['phone', 'phone_number', 'mobile', 'mobile_number', ...],
    ],

    'text_masking' => [
        'show_start' => 3,
        'show_end' => 3,
    ],
];

Usage

Define Maskable Attributes

Add the HasMaskedAttributes trait and define maskable attributes using the maskables() method:

use Irabbi360\LaravelAttributeMask\Concern\HasMaskedAttributes;
use Illuminate\Database\Eloquent\Model;

class User extends Model
{
    use HasMaskedAttributes;

    /**
     * Get the attributes that should be masked.
     */
    protected function maskables(): array
    {
        return ['email', 'phone', 'phone_number', 'ssn'];
    }
}

Alternatively, use the $maskable property:

class User extends Model
{
    use HasMaskedAttributes;

    protected array $maskable = ['email', 'phone', 'ssn'];
}

Masking Behavior

Attributes are automatically masked on retrieval:

$user = User::find(1);

$user->email;       // t**t@example.com
$user->phone;       // 123****90
$user->ssn;         // 123***789

Retrieving Original Values

Get the unmasked value using getOriginal():

$user->getOriginal('email');  // test@example.com

Or temporarily disable masking:

config(['attribute-mask.enabled' => false]);
$original = $user->email;
config(['attribute-mask.enabled' => true]);

Email Masking

Configure email masking behavior:

'email_masking' => [
    'show_domain' => true,      // Show domain part
    'show_start' => 2,          // Show first 2 characters
    'show_end' => 2,            // Show last 2 characters
],

Examples:

test@example.com → te**t@example.com
john.doe@example.com → jo**oe@example.com

Phone Masking

Phone fields are auto-detected by column name. Configure visibility:

'phone_masking' => [
    'show_start' => 3,
    'show_end' => 2,
],

Examples:

1234567890 → 123****90
+1-555-123-4567 → +15-***-67

Add custom phone patterns:

'phone_masking' => [
    'patterns' => ['phone', 'mobile', 'whatsapp', 'fax'],
],

Text Masking

For other text attributes:

'text_masking' => [
    'show_start' => 3,
    'show_end' => 3,
],

Examples:

secretpassword → sec********rd
API_KEY_12345 → API***345

Custom Mask Character

Change the mask character globally:

'mask_char' => '#',

// Result: test@example.com → t##t@example.com

Disable Masking

Disable globally:

'enabled' => false,

Or temporarily:

config(['attribute-mask.enabled' => false]);
$user->email;  // Returns unmasked value

Testing

composer test

Find here source code

If you like this package give a star on Github

Wordpress Secure ShareLink – Generate, manage, secure temporary share links for files, 301 Redirect

Fazle Rabbi — Sun, 25 Jan 2026 03:29:12 +0000

Secure ShareLink – Generate, manage, and secure temporary share links for files, 301 Redirect, and add data preview.

https://wordpress.org/plugins/secure-sharelink/advanced/

Secure ShareLink is a WordPress plugin that allows you to generate secure, time-limited sharing links for files, routes, or model data. It includes advanced security features such as password protection, IP filtering, burn-after-read, and usage limits, along with comprehensive auditing. Perfect for sharing sensitive content or providing temporary access to resources.

Key Features
🔗 Multiple Resource Types – Share files, URLs, 301 Redirect, or text/data seamlessly

⏰ Time-Limited Access – Set expiration dates and usage limits

🔒 Password Protection – Protect links with a secure password

🚫 IP Filtering – Restrict access to specific IP addresses

🔥 Burn After Reading – One-time access links that self-destruct

📊 Comprehensive Auditing – Track access patterns and usage

🎯 Flexible Delivery – Supports file downloads and URL redirection

💻 Admin UI – Create, edit, manage, and monitor links from WordPress admin

🧪 Secure – Passwords are hashed, preventing exposure in the database

Usage
Creating a Link

Go to ShareLink → Add New.

Choose the resource type: File, URL, or Text.

If selecting a file, use the Media Library picker.

Optionally configure:

Password protection

Expiration date/time

Maximum uses

IP whitelist

Burn after reading

Click Create Link. You will get a secure URL like:

http://yourdomain.com/shareurl/82ddae9522c4dd0a40bcdfd036c5f56f

Accessing a Link

Visiting the link will:

Prompt for a password if set.

Enforce IP whitelist and max uses.

Expire after the specified date or after the configured number of uses.

Automatically delete if burn-after-reading is enabled.

Users can download files or view content directly depending on the resource type.

Laravel API Inspector - Auto Generate API Documentation

Fazle Rabbi — Sat, 17 Jan 2026 05:52:20 +0000

Laravel API Inspector automatically generates API documentation from your Laravel routes, FormRequest validation rules, and API Resources. It's like Postman + Swagger combined, but deeply integrated with Laravel.

This is the git repository https://github.com/irabbi360/laravel-api-inspector

Features

✨ Auto-Parse FormRequest Rules - Converts Laravel validation rules into comprehensive documentation
📮 Generate Postman Collections - Create ready-to-use Postman collections with examples
📖 OpenAPI/Swagger Specs - Export to OpenAPI 3.0 format for tools like Swagger UI and Redoc
📄 HTML Documentation - Beautiful, auto-generated HTML documentation with examples
🔍 API Resource Detection - Extract response structures from your API Resources
💾 Save Response Examples - Automatically save JSON responses to files
🔐 Authentication Support - Automatically detect protected routes and add auth headers

Installation
Requirements

PHP: 8.1 or higher
Laravel: 10.0 or higher
Database: MySQL 5.7+ / PostgreSQL 10+ / SQLite 3.8+
Get up and running in just two commands:

composer require irabbi360/laravel-api-inspector

Run the interactive installer

php artisan api-inspector:install

Quick Start
View Documentation in Browser
After generating documentation, visit:

http://localhost:8000/api-docs
Create a FormRequest with Validation Rules

<?php

namespace App\Http\Requests;

use Illuminate\Foundation\Http\FormRequest;

class StoreUserRequest extends FormRequest
{
    public function rules()
    {
        return [
            'name' => 'required|string|max:255',
            'email' => 'required|email|unique:users',
            'password' => 'required|min:8|confirmed',
            'age' => 'integer|min:18|max:100',
        ];
    }
}

Use FormRequest in Your Controller

<?php

namespace App\Http\Controllers;

use App\Http\Requests\StoreUserRequest;

class UserController extends Controller
{
    public function store(StoreUserRequest $request)
    {
        return response()->json([
            'success' => true,
            'message' => 'User created successfully',
            'data' => User::create($request->validated()),
        ], 201);
    }
}

Use Actions in Your Controller

<?php

namespace App\Http\Controllers;

use App\Actions\CreateUser;

class UserController extends Controller
{
    public function store(Request $request, CreateUser $action)
    {
        $action->create($request->all());

        return response()->json([
            'success' => true,
            'message' => 'User created successfully',
        ], 201);
    }
}

Auto Response Schema generate. You can now add the annotation to your controller methods:

<?php
    /**
     * Get user profile
     * @LAPIresponsesSchema ProfileResource
     */
    public function show(User $user)
    {
        return new ProfileResource($user);
    }

Or without the annotation, it will auto-detect from the return type:

<?php
    public function show(User $user): ProfileResource
    {
        return new ProfileResource($user);
    }
<?php
    /**
     * Get users list with pagination
     * @LAPIpagination
     */
    public function index()
    {
        $users = User::latest()->paginate();
        return ProfileResource::collection($users);
    }
Query parameters
<?php
/**
 * Get users list
 * @LAPIQueryParams {
 *   "name": {"type": "string", "required": true, "description": "Filter by user name"},
 *   "page": {"type": "integer", "required": false, "example": 1},
 *   "limit": {"type": "integer", "required": false}
 * }
 */

public function index(Request $request) { ... }
or

<?php
/**
 * Get users list
 * @LAPIQueryParams name:string required, page:integer optional, limit:integer optional
 */
public function index(Request $request) { ... }
or

<?php
/**
 * // Simple format (new)
 * @LAPIQueryParams name, page, per_page, status
 */

public function index(Request $request) { ... }
✅ Parse @LAPIresponsesSchema ResourceName from docblocks
✅ Parse @LAPIpagination Pagination from docblocks
✅ Parse @LAPIQueryParams query params from docblocks
✅ Display response schema as JSON format
✅ Recursively handle nested resources
✅ Support unqualified resource names with auto-namespace resolution
✅ Prevent infinite recursion with depth limit

View in Browser After generating, automatically view your documentation:

http://localhost:8000/api-docs
That's it! 🎉 Your API is now documented and accessible via browser.

Generate or Download API Collection
The command generates documentation in three formats:

API Stats - http://localhost:8000/api-docs/stats (view in browser) From Stats page download the Postman API Collections & OpenAPI Specification
Files are also saved to storage/api-docs/ directory for backup.

Configuration
Edit config/api-inspector.php:

return [
    'enabled' => true,

    'save_responses' => true,        // Save example responses to JSON

    'save_responses_driver' => 'json', // 'cache' or 'json' - Phase 2

    'middleware_capture' => true,    // Capture real responses - Phase 2

    'response_ttl' => 3600,          // Cache TTL in seconds (1 hour) - Phase 2

    'auth' => [
        'type' => 'bearer',
        'header' => 'Authorization'
    ],

    'response_path' => storage_path('api-docs'),
];

Runtime Response Capture & Caching
Middleware Response Capture
Automatically capture real API responses from your running endpoints:

// The middleware automatically captures successful (2xx) JSON responses
// Configuration in config/api-inspector.php:

'middleware_capture' => true,  // Enable response capture
'save_responses_driver' => 'json', // Store in files or cache
'response_ttl' => 3600,       // Cache expiration time

Features:

✅ Captures real API responses automatically
✅ Only captures successful (2xx) responses
✅ Only targets API routes (configurable prefix)
✅ Saves responses to JSON files or Laravel cache
✅ Includes capture timestamp for freshness tracking
✅ Graceful error handling (doesn't break your API)
Using ResponseCache Class
Programmatically manage cached responses:

use Irabbi360\LaravelApiInspector\Support\ResponseCache;

class YourController extends Controller
{
    public function someAction(ResponseCache $responseCache)
    {
        // Store a response
        $responseCache->store('api/users/index', 200, [
            'data' => [/* ... */],
            'success' => true
        ]);

        // Retrieve a cached response
        $cached = $responseCache->get('api/users/index', 200);

        // Check if response is cached
        if ($responseCache->has('api/users/index', 200)) {
            // Use cached response
        }

        // Get all responses for a route
        $allResponses = $responseCache->getForRoute('api/users');

        // Clear responses for a route
        $responseCache->clearForRoute('api/users');

        // Clear all cached responses
        $responseCache->clearAll();
    }
}

Storage Drivers
JSON Driver (recommended for development/production)

'save_responses_driver' => 'json'
// Stores in storage/api-docs/cached-responses/
// Persists across cache flushes
// Better for team sharing
Cache Driver (recommended for performance)

'save_responses_driver' => 'cache'
// Uses your configured cache backend (redis, memcached, etc.)
// Faster access
// Configurable TTL per response
Example Workflow
Enable middleware capture:
// config/api-inspector.php
'middleware_capture' => true,
Make requests to your API:
curl -X GET http://localhost:8000/api/users
curl -X POST http://localhost:8000/api/users \
  -H "Content-Type: application/json" \
  -d '{"name":"John","email":"john@example.com"}'
Responses are automatically captured:
storage/api-docs/cached-responses/
├── api_response:api_users:200.json
├── api_response:api_users:201.json
└── ...

Use captured responses in documentation:
Postman collection now includes real example responses
OpenAPI spec contains actual response schemas
HTML docs show real data from your API
Phase 3: Dashboard, Analytics & Advanced Features
API Analytics & Monitoring
Automatically track and monitor API performance:

// Enable analytics in config/api-inspector.php

'analytics' => [
    'enabled' => true,
    'track_response_time' => true,
    'track_memory_usage' => true,
    'track_errors' => true,
    'retention_days' => 30,
    'track_only_uri_start_with' => 'api/',
]

After enabling, the package will log request metrics to the database. You need add the middleware to your API routes:

Irabbi360\LaravelApiInspector\Middleware\ApiInspectorAnalyticsMiddleware;
Features:

✅ Real-time request tracking
✅ Response time analytics
✅ Memory usage monitoring
✅ Error rate calculation
✅ Performance trends and insights
✅ Automatic data retention management
Web UI Dashboard
Access the Telescope-like dashboard at /api-docs/stats:

Dashboard Includes:

Real-time request metrics
Response time distribution charts
Error rate monitoring
Status code statistics
Top slow routes identification
Recent errors tracking
Route-level performance analytics
Customizable time ranges (1h, 24h, 7d, 30d)
'dashboard' => [
'enabled' => true,
'auth_middleware' => ['web'], // Protect dashboard access
]

A beautiful, responsive documentation site with:

Request/response examples
Parameter descriptions
Authentication indicators
Search and navigation
Examples
FormRequest to Documentation
Your FormRequest:


'email' => 'required|email',
'age' => 'integer|min:18|max:100'
Generated Documentation:

{
  "email": {
    "name": "email",
    "type": "string",
    "format": "email",
    "required": true,
    "example": "user@example.com",
    "description": "Email"
  },
  "age": {
    "name": "age",
    "type": "integer",
    "required": false,
    "min": 18,
    "max": 100,
    "example": 25,
    "description": "Age"
  }
}

Validation Rules Mapping
Laravel Rule Generated Type Format Notes

email   string  email   -
date    string  date    -
url string  uri -
numeric integer -   -
integer integer -   -
boolean boolean -   -
array   array   -   -
file    string  binary  -
image   string  binary  -
min:N   -   minLength: N    Works with strings, numbers, arrays
max:N   -   maxLength: N    Works with strings, numbers, arrays
size:N  -   -   Exact size for strings/numbers/arrays
regex:PATTERN   string  -   Regex pattern validation
in:val1,val2,...    -   enum    Creates enum values
confirmed   -   -   Requires {field}_confirmation field
same:field  -   -   Must match another field's value
different:field -   -   Must be different from another field
in_array:field.*    -   -   Values must be in another field's array
before:field    date    -   Must be before another field/date
after:field date    -   Must be after another field/date
before_or_equal:field   date    -   Must be ≤ another field/date
after_or_equal:field    date    -   Must be ≥ another field/date
required    -   -   Field is required
nullable    -   -   Field can be null
json    -   json    -
uuid    string  uuid    -
ipv4    string  ipv4    -
ipv6    string  ipv6    -

Relational Validation Rules
When using relational rules like confirmed, same, different, etc., the generated documentation includes metadata about the relationship:

'password' => ['required', 'string', 'min:8', 'confirmed']
Generated schema:

{
  "password": {
    "name": "password",
    "required": true,
    "type": "string",
    "min": 8,
    "confirmed": true,
    "requires_field": "password_confirmation",
    "description": "Password (must match password_confirmation)"
  }
}

Example: Complex Validation Rules
Here's a real-world example with multiple relational validation rules:

// In your FormRequest class

public function rules(): array
{
    return [
        'email' => ['required', 'email'],
        'token' => ['required', 'string'],
        'password' => ['required', 'string', 'min:8', 'confirmed'],
        'password_confirmation' => ['required', 'same:password'],
        'start_date' => ['required', 'date', 'before:end_date'],
        'end_date' => ['required', 'date', 'after:start_date'],
        'status' => ['required', 'in:active,inactive,pending'],
    ];
}

Generated documentation will include:

✅ password field with requires_field: password_confirmation
✅ password_confirmation field with same_as: password
✅ start_date field with relationship to end_date
✅ end_date field with relationship to start_date
✅ status field with enum values: ['active', 'inactive', 'pending']
Testing
composer test # Run all tests
composer test-coverage # With code coverage
composer analyse # PHPStan static analysis
composer format # Format code with Pint
Troubleshooting
Routes not appearing
Ensure routes have the api middleware
Check that API_INSPECTOR_ENABLED=true in your .env
Validation rules not extracted
Make sure you're using FormRequest in the controller method
Validate that the method name matches rules()
Files not generating
Check that storage/api-docs directory is writable
Verify config settings in config/api-inspector.php