acts_as_having_string_id 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 3ebaa9731f8d0e4405bfc9a05a7a9b9ff0dd9e31
+  data.tar.gz: ca0d9fce70599e3b82bdaf3c7321a669669e4dfd
+SHA512:
+  metadata.gz: e625c3f0785cda0b1b1a913992fef3ead5751546fb8590bfdea81ad8247ce133b9f4f414339629b72a3019f2a1feca900533ee54768eb01c479274708cc12678
+  data.tar.gz: 20a95e36d732d027d009cc11cbbc66c35588d58d7ca7fc4ea874339c1a3d61f75512705b4182baf17045a457f8733010101e72dce9ed20cc9fc4dcf9ba17ee2c

data/MIT-LICENSE

@@ -0,0 +1,20 @@
+Copyright 2016 Magnus Hult
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,113 @@
+# ActsAsHavingStringId
+A Rails plugin for exposing non-sequential (Youtube-like) string IDs instead of the sequential integer IDs provided by Rails.
+
+Before, your API may look like
+
+    GET /users/123
+    {
+      "id": 123,
+      "name": "Alice O'User"
+    }
+
+After
+
+    GET /users/9w63Hubh4oL
+    {
+      "id": "9w63Hubh4oL",
+      "name": "Alice O'User"
+    }
+
+Exposing sequential integer IDs has several drawbacks:
+
+* Javascript has a 53-bit limit for integers (see https://dev.twitter.com/overview/api/twitter-ids-json-and-snowflake), which is a problem if you have large IDs
+* Perhaps you don't want objects to be easily enumerable, even if they're public (if you know about http://example.com/documents/104, it's way too easy to find document 105)
+* Sequential IDs make it easy to know how much usage your product gets (if my newly created user is http://example.com/users/1337, your product probably has 1,337 users)
+
+Rails makes heavy use of sequential integer IDs internally, but there's no need of exposing them. `ActsAsHavingStringId` provides an alternative string representation of your IDs. This representation is
+
+    base62(tea(id, md5(ModelClass.name + Rails.application.secrets.string_id_key)))
+
+The representation looks something like "E0znqip4mRA".
+
+`tea` above is the "New variant" of the [Tiny Encryption Algorithm](https://en.wikipedia.org/wiki/Tiny_Encryption_Algorithm). You should probably not consider your id to be forever secret, but it should be pretty hard to figure out from the string representation.
+
+Your controllers will continue to work without modification, but will start to accept string IDs. So if http://example.com/orders/104 worked before, something like http://example.com/orders/E0znqip4mRA should magically work.
+
+You do however need to take care never to expose the `id` member of your models. Instead, use `id_string`.
+
+## Usage
+First, set up your `secrets.yml`:
+
+    development:
+      string_id_key: notverysecret
+
+    test:
+      string_id_key: notverysecreteither
+
+    production:
+      string_id_key: <%= ENV["STRING_ID_KEY"] %>
+
+Then, call the method in your model class:
+
+    class MyModel < ApplicationRecord
+       acts_as_having_string_id
+    end
+
+The string representation is now available as `id_string` on your model object. As an example:
+
+    > m = MyModel.create!
+    > m.id
+    => 1
+    > m.id_string
+    => "7EajpSfdWIf"
+
+All ActiveRecord functions will also accept the string representation as input:
+
+    > MyModel.find("7EajpSfdWIf")
+    => #<MyModel id: 1, created_at: "2016-08-31 13:27:02", updated_at: "2016-08-31 13:27:02">
+    > MyModel.where(id: "7EajpSfdWIf")
+    => #<ActiveRecord::Relation [#<MyModel id: 1, created_at: "2016-08-31 13:27:02", updated_at: "2016-08-31 13:27:02">]>
+
+Then, for exposing your string ID, use the `id_string` method. For example, if you're using [ActiveModelSerializers](https://github.com/rails-api/active_model_serializers):
+
+    class UserSerializer < ActiveModel::Serializer
+      attributes :id, :name
+
+      def id
+        object.id_string
+      end
+    end
+
+And that's just about it!
+
+## TODO
+* Publish on rubygems
+* Since the `MyModel.find("7EajpSfdWIf")` functionality depends on the argument now being a string, `MyModel.find("5")` will no longer mean `MyModel.find(5)`, but rather `MyModel.find(4387534)` or something. Is that a problem?
+* It's a potential security problem that we don't force strings from controllers (integer id coming from JSON postdata will make it find by original id)
+* Although TEA handles (and outputs) 64-bit ids, we currently limit the input to 32-bit
+
+## Installation
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'acts_as_having_string_id'
+```
+
+And then execute:
+```bash
+$ bundle
+```
+
+Or install it yourself as:
+```bash
+$ gem install acts_as_having_string_id
+```
+
+## Contributing
+To contribute, fork the repo, edit the code and create a pull request with tests. :)
+
+## Acknowledgements
+The Tiny Encryption Algorithm was created by David Wheeler and Roger Needham of the Cambridge Computer Laboratory. This library's implementation is based on [this code](https://github.com/pmarreck/ruby-snippets/blob/master/TEA.rb) by Jeremy Hinegardner.
+
+## License
+The gem is available as open source under the terms of the [MIT License](http://opensource.org/licenses/MIT).

data/Rakefile

@@ -0,0 +1,34 @@
+begin
+  require 'bundler/setup'
+rescue LoadError
+  puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
+end
+
+require 'rdoc/task'
+
+RDoc::Task.new(:rdoc) do |rdoc|
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title    = 'ActsAsHavingStringId'
+  rdoc.options << '--line-numbers'
+  rdoc.rdoc_files.include('README.md')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end
+
+
+
+
+
+
+require 'bundler/gem_tasks'
+
+require 'rake/testtask'
+
+Rake::TestTask.new(:test) do |t|
+  t.libs << 'lib'
+  t.libs << 'test'
+  t.pattern = 'test/**/*_test.rb'
+  t.verbose = false
+end
+
+
+task default: :test

data/lib/acts_as_having_string_id/railtie.rb

@@ -0,0 +1,7 @@
+module ActsAsHavingStringId
+  class Railtie < Rails::Railtie
+    initializer "railtie.include_in_application_record" do
+      ApplicationRecord.include(ActsAsHavingStringId)
+    end
+  end
+end

data/lib/acts_as_having_string_id/string_id.rb

@@ -0,0 +1,24 @@
+module ActsAsHavingStringId
+  class StringId < ActiveRecord::Type::Value
+    def initialize(tea)
+      @tea = tea
+    end
+
+    def serialize(value)
+      if value.is_a? String
+        i = @tea.decrypt(value.base62_decode)
+        if i >= 2**31
+          # Since Postgres SERIAL is a signed 32-bit integer, we can
+          # only represent integers up until (2**32)-1. If we're
+          # serializing a larger id, we want a not found rather than
+          # a postgres datatype out of bounds error. WHERE id = -1
+          # will definitely not be found.
+          return -1
+        end
+        return i
+      else
+        value
+      end
+    end
+  end
+end

data/lib/acts_as_having_string_id/tea.rb

@@ -0,0 +1,117 @@
+#---------------------------------------------------------------------
+# This is a pure ruby implementation of the Tiny Encryption Algorithm
+# (TEA) by David Wheeler and Roger Needham of the Cambridge Computer
+# Laboratory.
+#
+# For more information:
+#
+#   http://www.simonshepherd.supanet.com/tea.htm
+#
+# This is an implementation of the 'New Variant' of the cipher.
+#
+# ====================================================================
+# Copyright (c) 2005, 2006 Jeremy Hinegardner <jeremy@hinegardner.org>
+#
+# This implementation of the TEA New Variant is released under
+# the MIT License:
+#
+#   http://www.opensource.org/licenses/mit-license.html
+#
+# ====================================================================
+#
+# Altered for Gem suitability and to support encryption of 64-bit
+# integers by Magnus Hult
+#
+#---------------------------------------------------------------------
+# Ruby 1.8 compatibility
+if RUBY_VERSION.include?('1.8')
+  class Fixnum; def ord; return self; end; end
+end
+require 'digest/md5'
+module ActsAsHavingStringId
+  class TEA
+    DELTA        = 0x9e3779b9
+    ITERATIONS   = 32
+
+    def initialize(pass_phrase)
+      @key = passphrase_to_key(pass_phrase)
+    end
+
+    def encrypt(num)
+      nums = to_32bit_ints(num)
+      enc = encrypt_chunk(nums[0], nums[1], @key)
+      from_32bit_ints(enc[0], enc[1])
+    end
+
+    def decrypt(num)
+      nums = to_32bit_ints(num)
+      dec = decrypt_chunk(nums[0], nums[1], @key)
+      from_32bit_ints(dec[0], dec[1])
+    end
+
+    ############
+    private
+    ############
+
+    def to_32bit_ints(num)
+      # From a 64-bit integer, return an array of two 32-bit integers
+      # high bits first
+      [(num & 0xFFFFFFFF00000000) >> 32, num & 0x00000000FFFFFFFF]
+    end
+
+    def from_32bit_ints(num1, num2)
+      # From two 32-bit integers, high bits first, return
+      # a 64-bit integer
+      (num1 << 32) | num2
+    end
+
+    #-------------------------------------------------------------
+    # convert the given passphrase to and MD5 sum and get the 128
+    # bit key as 4 x 32 bit ints
+    #-------------------------------------------------------------
+    def passphrase_to_key(pass_phrase)
+      Digest::MD5.digest(pass_phrase).unpack('L*')
+    end
+
+
+    #-------------------------------------------------------------
+    # encrypt 2 of the integers ( 8 characters ) of the input into
+    # the cipher text output
+    #-------------------------------------------------------------
+    def encrypt_chunk(num1,num2,key)
+      y,z,sum = num1,num2,0
+
+      ITERATIONS.times do |i|
+        y   += ( z << 4 ^ z >> 5) + z ^ sum + key[sum & 3]
+        y   = y & 0xFFFFFFFF;
+
+        sum += DELTA
+        z   += ( y << 4 ^ y >> 5) + y ^ sum + key[sum >> 11 & 3]
+        z   = z & 0xFFFFFFFF;
+
+        # ruby can keep on getting bigger because of Bignum so
+        # you have to and with 0xFFFFFFFF to get the Fixnum
+        # bytes
+
+      end
+      return [y,z]
+    end
+
+
+    #-------------------------------------------------------------
+    # decrypt 2 of the integer cipher texts into the plaintext
+    #-------------------------------------------------------------
+    def decrypt_chunk(num1,num2,key)
+      y,z = num1,num2
+      sum = DELTA << 5
+      ITERATIONS.times do |i|
+        z   -= ( y << 4 ^ y >> 5) + y ^ sum + key[sum >> 11 & 3]
+        z    = z & 0xFFFFFFFF
+        sum -= DELTA
+        y   -= ( z << 4 ^ z >> 5) + z ^ sum + key[sum & 3]
+        y    = y & 0xFFFFFFFF
+      end
+      return [y,z]
+    end
+  end
+end

data/lib/acts_as_having_string_id/version.rb

@@ -0,0 +1,3 @@
+module ActsAsHavingStringId
+  VERSION = '0.1.0'
+end

data/lib/acts_as_having_string_id.rb

@@ -0,0 +1,28 @@
+require 'base62'
+require 'acts_as_having_string_id/tea'
+require 'acts_as_having_string_id/string_id'
+require 'acts_as_having_string_id/railtie' if defined?(Rails)
+
+module ActsAsHavingStringId
+  extend ActiveSupport::Concern
+
+  module ClassMethods
+    def acts_as_having_string_id(options = {})
+      class_eval do
+        attribute :id, ActsAsHavingStringId::StringId.new(_tea)
+      end
+      include ActsAsHavingStringId::LocalInstanceMethods
+    end
+
+    def _tea
+      pass_phrase = self.class.name + Rails.application.secrets.string_id_key
+      @_tea ||= ActsAsHavingStringId::TEA.new(pass_phrase)
+    end
+  end
+
+  module LocalInstanceMethods
+    def id_string
+      self.class._tea.encrypt(id).base62_encode
+    end
+  end
+end

data/lib/tasks/acts_as_having_string_id_tasks.rake

@@ -0,0 +1,4 @@
+# desc "Explaining what the task does"
+# task :acts_as_having_string_id do
+#   # Task goes here
+# end

metadata

@@ -0,0 +1,101 @@
+--- !ruby/object:Gem::Specification
+name: acts_as_having_string_id
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Magnus Hult
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2016-09-01 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 5.0.0
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 5.0.0.1
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 5.0.0
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 5.0.0.1
+- !ruby/object:Gem::Dependency
+  name: base62
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.0.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.0.0
+- !ruby/object:Gem::Dependency
+  name: sqlite3
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Makes a model accept and expose a seemingly random string id
+email:
+- magnus@magnushult.se
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- MIT-LICENSE
+- README.md
+- Rakefile
+- lib/acts_as_having_string_id.rb
+- lib/acts_as_having_string_id/railtie.rb
+- lib/acts_as_having_string_id/string_id.rb
+- lib/acts_as_having_string_id/tea.rb
+- lib/acts_as_having_string_id/version.rb
+- lib/tasks/acts_as_having_string_id_tasks.rake
+homepage: http://github.com/hult/acts_as_having_string_id
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.5.1
+signing_key: 
+specification_version: 4
+summary: Makes a model accept and expose a seemingly random string id
+test_files: []