Download the PHP package amreljako/laravel-ledger-guard without Composer
On this page you can find all versions of the php package amreljako/laravel-ledger-guard. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Download amreljako/laravel-ledger-guard
More information about amreljako/laravel-ledger-guard
Files in amreljako/laravel-ledger-guard
Package laravel-ledger-guard
Short Description A highly secure, tamper-evident financial ledger and double-entry wallet system for Laravel with built-in anti-race condition mechanisms.
License MIT
Informations about the package laravel-ledger-guard
Laravel LedgerGuard
Laravel LedgerGuard is a highly secure, production-grade, and tamper-evident financial ledger system for Laravel. Unlike traditional wallet packages that simply increment/decrement a balance column, LedgerGuard utilizes a strict Double-Entry Bookkeeping architecture combined with Blockchain-like cryptographic chaining and Pessimistic Locking to completely eliminate financial fraud, race conditions, and unauthorized database manipulation.
The Threat Model & Architecture
Traditional database structures for wallets are inherently insecure against multi-threaded application exploits or insider threats. LedgerGuard introduces an immutable infrastructure layer to protect financial records:
| Threat | Standard Wallet Design | LedgerGuard |
|---|---|---|
| Race Conditions / Double Spending | Vulnerable during high-concurrency requests (e.g., fast sequential API calls). | Employs strict database Pessimistic Locking (lockForUpdate) to queue concurrent transactions safely. |
| Direct Database Tampering | If an attacker or malicious insider alters a balance directly in the DB, the system accepts it blindly. | Tamper-Evident Hashing Chain: Every transaction is cryptographically chained to the previous one via SHA-256. Any manual alteration breaks the chain and triggers an instant lockdown. |
| Negative Balance Exploit | Relies solely on application-level checks, which can be bypassed via asynchronous requests. | Enforces strict unsignedDecimal constraints at the database engine level, making negative data insertion physically impossible. |
| Data Leakage / Privacy | Transaction metadata (e.g., bank notes, user references) is stored in plaintext. | Metadata payloads are automatically encrypted at rest using AES-256-GCM. |
Key Features
- Polymorphic Flexibility: Attach financial wallets to any Eloquent model (
User,Vendor,Company, etc.) seamlessly using Morph relations. - Immutable Ledger Records: Financial logs are legally immutable; the Eloquent model explicitly blocks
updateanddeleteactions at the kernel level. - Automatic Account Freezing: Instantly locks and freezes a ledger with custom alerts if malicious data integrity degradation is spotted during runtime audits.
- Full Audit Trail: Every single transaction automatically tracks the originator's IP Address and User-Agent out-of-the-box.
Installation
Install the package via Composer:
Publish and run the secure migrations:
Optionally publish the config file:
Configuration
The published configuration file will be located at config/ledger-guard.php:
Usage & Quick Start
1. Prepare Your Model
Add the HasLedger trait to any Eloquent model you wish to grant a secure financial wallet:
2. Credit Money (Deposits / Inbound)
To safely deposit funds into a model's ledger:
3. Debit Money (Secure Purchases / Payouts)
To safely deduct funds from a wallet, wrapped automatically inside a database transaction with Pessimistic Locking:
4. Fetch the Audited Balance
Calculates the real-time balance via double-entry arithmetic while simultaneously auditing the entire cryptographic signature chain:
Mathematical Cryptographic Chain
Each record inside the ledger_transactions table computes a rolling cryptographic signature:
$$\text{Current Hash} = \text{SHA256}(\text{ledger_id} \parallel \text{type} \parallel \text{amount} \parallel \text{previous_hash} \parallel \text{APP_KEY})$$
If an attacker gains direct access to your SQL database and attempts to alter a transaction amount, the ledger's mathematical equilibrium breaks. Upon the next balance calculation or transaction request, LedgerGuard:
- Flags the anomaly
- Halts execution
- Freezes the account
- Throws a Security Violation Exception
All versions of laravel-ledger-guard with dependencies
illuminate/support Version ^10.0|^11.0
illuminate/database Version ^10.0|^11.0