Handling Eloquent Query Builder Serialization Securely Between Components

I'm building a Kanban board package with Filament and Livewire. My architecture has a Filament Page that creates an Eloquent query builder which is passed to a Kanban adapter, and then the adapter is passed to a Livewire component.

However, I'm hitting both serialization and security roadblocks: when Livewire attempts to hydrate/dehydrate the component state, it can't serialize the Eloquent query builder inside my adapter. Additionally, I'm concerned about securely handling database queries across component boundaries.

// KanbanBoardPage (Filament)
$adapter = new EloquentQueryAdapter(Task::query()->where(...), $config);

// This fails during Livewire's lifecycle
<livewire:kanban-board :adapter="$adapter" />

// KanbanBoardPage (Filament)
$adapter = new EloquentQueryAdapter(Task::query()->where(...), $config);

// This fails during Livewire's lifecycle
<livewire:kanban-board :adapter="$adapter" />

I've considered:
1. A registry pattern with server-side cache storage (most secure but adds complexity)
2. Custom serialization of query parameters (concerned about exposing query structure)
3. Stateless API-like approach with Alpine.js (better security boundaries)
4. Rebuilding queries on each request (potential for query parameter manipulation)

What's the recommended Livewire approach for securely handling non-serializable query builders when working across components? How do you balance security (not exposing database structure or query constraints to clients) with practical component design?

Filament•11mo ago•

15 replies

Manuk Minasyan

Handling Eloquent Query Builder Serialization Securely Between Components

// KanbanBoardPage (Filament)
$adapter = new EloquentQueryAdapter(Task::query()->where(...), $config);

// This fails during Livewire's lifecycle
<livewire:kanban-board :adapter="$adapter" />

// KanbanBoardPage (Filament)
$adapter = new EloquentQueryAdapter(Task::query()->where(...), $config);

// This fails during Livewire's lifecycle
<livewire:kanban-board :adapter="$adapter" />

Handling Eloquent Query Builder Serialization Securely Between Components

Similar Threads

Handling Eloquent Query Builder Serialization Securely Between Components

Similar Threads

Similar Threads

Similar Threads