sridhar-s-subramanian/filament-dbview 问题修复 & 功能扩展

解决BUG、新增功能、兼容多环境部署,快速响应你的开发需求

邮箱:yvsm@zunyunkeji.com | QQ:316430983 | 微信:yvsm316

sridhar-s-subramanian/filament-dbview

Composer 安装命令:

composer require sridhar-s-subramanian/filament-dbview

包简介

Adminer-like, strictly read-only database viewer for Filament panels, scoped to the host app's Eloquent models.

README 文档

README

An Adminer-like, strictly read-only database viewer for Filament panels. It is scoped to your Laravel app's Eloquent models and gives you two ways to explore data:

  • Database Browser — pick any model-backed table and browse it with Filament's native table (search, sort, per-column filters, pagination), plus one-click relationship previews via detected foreign keys.
  • Query Runner — run ad-hoc SELECT queries in an Adminer-style console, with CSV/JSON export, per-user query history, and saved queries.

Everything the viewer can reach is defined by the models it discovers — nothing else is exposed.

Requirements

  • PHP 8.2+
  • Laravel 11 or 12
  • Filament v4+

Installation

composer require sridhar-s-subramanian/filament-dbview
php artisan vendor:publish --tag="filament-dbview-config"
php artisan vendor:publish --tag="filament-dbview-migrations"
php artisan migrate

Register the plugin on your panel:

use SridharSSubramanian\FilamentDbview\DbviewPlugin;

public function panel(Panel $panel): Panel
{
    return $panel->plugin(DbviewPlugin::make());
}

Query Runner scope

The Database Browser is always limited to model-backed tables. The Query Runner defaults to the same, but can be widened to any table on an allowed connection:

$panel->plugin(
    DbviewPlugin::make()
        ->allTables()                                   // query any real table
        ->denyTables(['password_reset_tokens', 'sessions']), // …except these
);

->allTables() is shorthand for ->queryRunnerScope('connection'). Read-only guards and column redaction still apply to every table. These setters take precedence over the query_runner values in the config file.

Security model (read-only in depth)

Direct database access is guarded on multiple, independent layers — see ReadOnlyGuard:

  1. Lexical allowlist — only a single SELECT / WITH … SELECT statement is accepted. Stacked statements, executable comments (/*! … */, /*+ … */), and write/DDL/file/DoS tokens (INSERT, UPDATE, DROP, INTO OUTFILE, LOAD_FILE, pg_read_file, SLEEP, BENCHMARK, …) are rejected. Keywords hidden inside string literals or comments cannot fool the analyzer.
  2. Table scope — every referenced table must belong to a discovered model the current user is allowed to see. System tables are never reachable.
  3. Enforced LIMIT and statement timeout cap runaway queries.
  4. Rolled-back transaction — reads execute inside a transaction that is always rolled back, so nothing can persist even if a layer above were bypassed.
  5. Optional dedicated read-only connection — route all queries through a database user granted only SELECT (the strongest control).

Additional controls:

  • Sensitive-column redaction (password, *_token, *_secret, …) in the browser, the runner, and every export.
  • Deny-by-default authorization via configurable gates (page, query-runner, and per-table).
  • Auditing of every allowed/denied attempt to a PSR-3 channel and the history table.

Configure all of the above in config/filament-dbview.php.

Development

composer test        # Pest + Testbench (incl. OWASP security suite)
composer analyse     # PHPStan / Larastan
composer format      # Pint (PER)
composer lint        # PHP_CodeSniffer (PSR-12)

License

MIT.

统计信息

  • 总下载量: 0
  • 月度下载量: 0
  • 日度下载量: 0
  • 收藏数: 0
  • 点击次数: 2
  • 依赖项目数: 0
  • 推荐数: 0

GitHub 信息

  • Stars: 0
  • Watchers: 0
  • Forks: 0
  • 开发语言: PHP

其他信息

  • 授权协议: MIT
  • 更新时间: 2026-07-02

承接程序开发

PHP开发

VUE

Vue开发

前端开发

小程序开发

公众号开发

系统定制

数据库设计

云部署

网站建设

安全加固