FilamentF
Filament9mo ago
Manuk Minasyan

Handling Eloquent Query Builder Serialization Securely Between Components

I'm building a Kanban board package with Filament and Livewire. My architecture has a Filament Page that creates an Eloquent query builder which is passed to a Kanban adapter, and then the adapter is passed to a Livewire component.

However, I'm hitting both serialization and security roadblocks: when Livewire attempts to hydrate/dehydrate the component state, it can't serialize the Eloquent query builder inside my adapter. Additionally, I'm concerned about securely handling database queries across component boundaries.

// KanbanBoardPage (Filament)
$adapter = new EloquentQueryAdapter(Task::query()->where(...), $config);

// This fails during Livewire's lifecycle
<livewire:kanban-board :adapter="$adapter" />


I've considered:
  1. A registry pattern with server-side cache storage (most secure but adds complexity)
  2. Custom serialization of query parameters (concerned about exposing query structure)
  3. Stateless API-like approach with Alpine.js (better security boundaries)
  4. Rebuilding queries on each request (potential for query parameter manipulation)
What's the recommended Livewire approach for securely handling non-serializable query builders when working across components? How do you balance security (not exposing database structure or query constraints to clients) with practical component design?
Was this page helpful?