dbviewer 0.7.11 → 0.8.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b357ba9437acaa807f1b31562bb7a1b76bfaefc7c3e2e6ccb3be4cfdbd627a0a
-  data.tar.gz: 2adbc0f217154bad12cb3c7bfd711a7daa7dcbfa5b01538563ea49010cd6d2f3
+  metadata.gz: 988493e4778410960da76a39e233df19e74a8155393a2b7cbe39a5f073c5d905
+  data.tar.gz: 5fbc3a34833d8d7758b786623bf3a5767699f80bba68ba953415e791d63fe86f
 SHA512:
-  metadata.gz: c24e471a8d6d3248ef88040cff072a7868b8e936bdb535888882497b9ac64396017bb42f7c7f100b68240c8a927e45b573f679e47bd6573c832fcd2e6adc837a
-  data.tar.gz: a7be084a91cb9d090544d7a770ba3f1cf18e512a56a216b431a58672c09c4fd9b682cb6df768708c5fcc1bf85494a9738643e42f488103abe1aefc945ef2eda6
+  metadata.gz: 06c52e89a4342edcc7edfb15f91ef5c53bc528ddff3b56bb3f7a0a9d9967b2c75ecf41e8850bdab13a535e93dbdb9036bf545aac4e4b55aeb0a05b9fec0b1b2e
+  data.tar.gz: a18bd6e86c8dcd70dc851e2800d13cf150fe5a08ec1c4c606bd6d714e4dd62a3548b1bfc7e9510c8f8836fb01a783a5a6be32b5d6344bd0cd040c3da430e92b6

data/README.md

@@ -1,6 +1,7 @@
 ![dbviewer](https://github.com/user-attachments/assets/665c1a65-aab3-4a7e-aa54-b42e871cb3d0)
 
 # 👁️ DBViewer
+
 > **The fastest way to visualize and explore your database**
 
 DBViewer is a powerful Rails engine that provides a comprehensive interface to view and explore database tables, records, and schema.
@@ -17,6 +18,7 @@ It's designed for development, debugging, and database analysis, offering a clea
 - **Data Browsing**
 - **SQL Queries**
 - **Multiple Database Connections**
+- **PII Data Masking** - Protect sensitive data with configurable masking rules
 - **Enhanced UI Features**
 
 ## 🧪 Demo Application
@@ -258,6 +260,63 @@ end
 
 When disabled, all DBViewer routes return 404 responses, making it appear as if the tool was never installed. This is the recommended approach for production systems where database admin tools should not be accessible.
 
+## 🔐 PII Data Masking
+
+DBViewer includes built-in support for masking Personally Identifiable Information (PII) to protect sensitive data while allowing developers to browse database contents.
+
+### Quick Setup
+
+Configure PII masking in your Rails initializer (e.g., `config/initializers/dbviewer.rb`):
+
+```ruby
+# Enable PII masking (enabled by default)
+Dbviewer.configure do |config|
+  config.enable_pii_masking = true
+end
+
+# Define masking rules
+Dbviewer.configure_pii do |pii|
+  # Built-in masking types
+  pii.mask 'users.email', with: :email           # john@example.com → jo***@example.com
+  pii.mask 'users.phone', with: :phone           # +1234567890 → +1***90
+  pii.mask 'users.ssn', with: :ssn               # 123456789 → ***-**-6789
+  pii.mask 'payments.card_number', with: :credit_card  # 1234567890123456 → ****-****-****-3456
+  pii.mask 'users.api_key', with: :full_redact   # any_value → ***REDACTED***
+
+  # Custom masking with lambda
+  pii.mask 'users.salary', with: ->(value) { value ? '$***,***' : value }
+
+  # Define reusable custom masks
+  pii.custom_mask :ip_mask, ->(value) {
+    return value if value.nil?
+    parts = value.split('.')
+    "#{parts[0]}.#{parts[1]}.***.***.***"
+  }
+  pii.mask 'logs.ip_address', with: :ip_mask
+end
+```
+
+### Built-in Masking Types
+
+- **`:email`** - Masks email addresses while preserving domain
+- **`:phone`** - Masks phone numbers keeping first and last digits
+- **`:ssn`** - Masks Social Security Numbers showing only last 4 digits
+- **`:credit_card`** - Masks credit card numbers showing only last 4 digits
+- **`:full_redact`** - Completely redacts the value
+- **`:partial`** - Partial masking (default behavior)
+
+### Generate Example Configuration
+
+Use the generator to create an example PII configuration:
+
+```bash
+rails generate dbviewer:install
+```
+
+This creates `config/initializers/dbviewer_pii_example.rb` with comprehensive examples.
+
+For detailed PII masking documentation, see [PII_MASKING.md](docs/PII_MASKING.md).
+
 ## 📝 Security Note
 
 ⚠️ **Warning**: This engine provides direct access to your database contents, which contains sensitive information. Always protect it with HTTP Basic Authentication by configuring strong credentials as shown above.

data/app/helpers/dbviewer/datatable_ui_table_helper.rb

@@ -40,8 +40,8 @@ module Dbviewer
     end
 
     # Render a cell that may include a foreign key link
-    def render_table_cell(cell, column_name, metadata)
-      cell_value = format_cell_value(cell)
+    def render_table_cell(cell, column_name, metadata, table_name = nil)
+      cell_value = format_cell_value(cell, table_name, column_name)
       foreign_key = metadata && metadata[:foreign_keys] ?
                     metadata[:foreign_keys].find { |fk| fk[:column] == column_name } :
                     nil
@@ -61,15 +61,15 @@ module Dbviewer
     end
 
     # Render a table row with cells
-    def render_table_row(row, records, metadata)
+    def render_table_row(row, records, metadata, table_name = nil)
       content_tag(:tr) do
         # Start with action column (sticky first column)
-        cells = [ render_action_cell(row, records.columns, metadata) ]
+        cells = [ render_action_cell(row, records.columns, metadata, table_name) ]
 
         # Add all data cells
         cells += row.each_with_index.map do |cell, cell_index|
           column_name = records.columns[cell_index]
-          render_table_cell(cell, column_name, metadata)
+          render_table_cell(cell, column_name, metadata, table_name)
         end
 
         cells.join.html_safe
@@ -77,7 +77,7 @@ module Dbviewer
     end
 
     # Render the entire table body with rows
-    def render_table_body(records, metadata)
+    def render_table_body(records, metadata, table_name = nil)
       if records.nil? || records.rows.nil? || records.empty?
         content_tag(:tbody) do
           content_tag(:tr) do
@@ -89,19 +89,20 @@ module Dbviewer
       else
         content_tag(:tbody) do
           records.rows.map do |row|
-            render_table_row(row, records, metadata)
+            render_table_row(row, records, metadata, table_name)
           end.join.html_safe
         end
       end
     end
 
     # Render action buttons for a record
-    def render_action_cell(row_data, columns, metadata = nil)
+    def render_action_cell(row_data, columns, metadata = nil, table_name = nil)
       data_attributes = {}
 
       # Create a hash of column_name: value pairs for data attributes
+      # Apply the same formatting logic used in table cells
       columns.each_with_index do |column_name, index|
-        data_attributes[column_name] = row_data[index].to_s
+        data_attributes[column_name] = format_cell_value(row_data[index], table_name, column_name)
       end
 
       content_tag(:td, class: "text-center action-column") do

data/app/helpers/dbviewer/formatting_helper.rb

@@ -1,6 +1,11 @@
 module Dbviewer
   module FormattingHelper
-    def format_cell_value(value)
+    def format_cell_value(value, table_name = nil, column_name = nil)
+      # Apply PII masking if configured
+      if table_name && column_name
+        value = Dbviewer::DataPrivacy::PiiMasker.mask_value(value, table_name, column_name)
+      end
+
       return "NULL" if value.nil?
       return format_default_value(value) unless value.is_a?(String)
 

data/app/views/dbviewer/tables/query.html.erb

@@ -142,8 +142,9 @@
               <% if @records.rows.any? %>
                 <% @records.rows.each do |row| %>
                   <tr>
-                    <% row.each do |cell| %>
-                      <td><%= format_cell_value(cell) %></td>
+                    <% row.each_with_index do |cell, index| %>
+                      <% column_name = @records.columns[index] %>
+                      <td><%= format_cell_value(cell, @table_name, column_name) %></td>
                     <% end %>
                   </tr>
                 <% end %>

data/app/views/dbviewer/tables/show.html.erb

@@ -136,7 +136,7 @@
                 <%= render_sortable_header_row(@records, @order_by, @order_direction, @table_name, @current_page, @per_page, @column_filters) %>
                 <%= render_column_filters_row(form, @records, @columns, @column_filters) %>
               </thead>
-              <%= render_table_body(@records, @metadata) %>
+              <%= render_table_body(@records, @metadata, @table_name) %>
         </table>
         <% end %> <!-- End of form_with -->
       </div>

data/lib/dbviewer/configuration.rb

@@ -59,6 +59,24 @@ module Dbviewer
     # When enabled, all DBViewer routes will return 404 responses
     attr_accessor :disabled
 
+    # PII (Personally Identifiable Information) masking configuration
+    # Hash of table.column => masking rule
+    # @example {
+    #   'users.email' => :email,
+    #   'users.phone' => :phone,
+    #   'customers.ssn' => :custom_mask
+    # }
+    attr_accessor :pii_rules
+
+    # Enable/disable PII masking globally
+    attr_accessor :enable_pii_masking
+
+    # Custom PII masking blocks
+    # @example {
+    #   custom_mask: ->(value) { value ? '***REDACTED***' : value }
+    # }
+    attr_accessor :custom_pii_masks
+
     def initialize
       @per_page_options = [ 10, 20, 50, 100 ]
       @default_per_page = 20
@@ -82,6 +100,9 @@ module Dbviewer
         }
       }
       @current_connection = :default
+      @pii_rules = {}
+      @enable_pii_masking = true
+      @custom_pii_masks = {}
     end
   end
 end

data/lib/dbviewer/data_privacy/pii_masker.rb

@@ -0,0 +1,125 @@
+module Dbviewer
+  module DataPrivacy
+    class PiiMasker
+      BUILT_IN_MASKS = {
+        email: ->(value) { mask_email(value) },
+        phone: ->(value) { mask_phone(value) },
+        credit_card: ->(value) { mask_credit_card(value) },
+        ssn: ->(value) { mask_ssn(value) },
+        full_redact: ->(value) { value ? "***REDACTED***" : value },
+        partial: ->(value) { mask_partial(value) }
+      }.freeze
+
+      def self.mask_value(value, table_name, column_name)
+        return value unless should_mask?(table_name, column_name)
+
+        rule = get_masking_rule(table_name, column_name)
+        apply_mask(value, rule)
+      end
+
+      private
+
+      def self.should_mask?(table_name, column_name)
+        return false unless Dbviewer.configuration.enable_pii_masking
+        return false if Dbviewer.configuration.pii_rules.empty?
+
+        key = "#{table_name}.#{column_name}"
+        Dbviewer.configuration.pii_rules.key?(key)
+      end
+
+      def self.get_masking_rule(table_name, column_name)
+        key = "#{table_name}.#{column_name}"
+        Dbviewer.configuration.pii_rules[key]
+      end
+
+      def self.apply_mask(value, rule)
+        return value if value.nil?
+
+        case rule
+        when Symbol
+          apply_built_in_mask(value, rule)
+        when Proc
+          rule.call(value)
+        else
+          apply_built_in_mask(value, :partial)
+        end
+      rescue => e
+        Rails.logger.warn("PII masking failed for rule #{rule}: #{e.message}")
+        "***ERROR***"
+      end
+
+      def self.apply_built_in_mask(value, mask_type)
+        mask_proc = BUILT_IN_MASKS[mask_type]
+        if mask_proc
+          mask_proc.call(value)
+        else
+          # Check if it's a custom mask
+          custom_mask = Dbviewer.configuration.custom_pii_masks[mask_type]
+          if custom_mask && custom_mask.respond_to?(:call)
+            custom_mask.call(value)
+          else
+            mask_partial(value)
+          end
+        end
+      end
+
+      def self.mask_email(value)
+        return value unless value.to_s.include?("@")
+
+        parts = value.to_s.split("@")
+        username = parts[0]
+        domain = parts[1]
+
+        if username.length <= 1
+          masked_username = "*"
+        elsif username.length <= 2
+          masked_username = username
+        else
+          masked_username = "#{username[0..1]}***"
+        end
+
+        "#{masked_username}@#{domain}"
+      end
+
+      def self.mask_phone(value)
+        # Remove all non-digit characters
+        digits = value.to_s.gsub(/\D/, "")
+        return value if digits.length < 4
+
+        # Keep first and last 2 digits, mask the middle
+        if digits.length <= 6
+          "#{digits[0]}#{'*' * (digits.length - 2)}#{digits[-1]}"
+        else
+          "#{digits[0..1]}#{'*' * 3}#{digits[-2..-1]}"
+        end
+      end
+
+      def self.mask_credit_card(value)
+        digits = value.to_s.gsub(/\D/, "")
+        return value if digits.length < 4
+
+        # Show last 4 digits only
+        "****-****-****-#{digits[-4..-1]}"
+      end
+
+      def self.mask_ssn(value)
+        digits = value.to_s.gsub(/\D/, "")
+        return value if digits.length != 9
+
+        # Show last 4 digits only
+        "***-**-#{digits[-4..-1]}"
+      end
+
+      def self.mask_partial(value)
+        str = value.to_s
+        return str if str.length <= 2
+
+        if str.length <= 4
+          "#{str[0]}#{'*' * (str.length - 2)}#{str[-1]}"
+        else
+          "#{str[0..1]}#{'*' * 3}#{str[-2..-1]}"
+        end
+      end
+    end
+  end
+end

data/lib/dbviewer/version.rb

@@ -1,3 +1,3 @@
 module Dbviewer
-  VERSION = "0.7.11"
+  VERSION = "0.8.0"
 end

data/lib/dbviewer.rb

@@ -23,11 +23,40 @@ require "dbviewer/database/metadata_manager"
 require "dbviewer/datatable/query_operations"
 require "dbviewer/datatable/query_params"
 
+require "dbviewer/data_privacy/pii_masker"
+
 require "propshaft"
 
 module Dbviewer
   # Main module for the database viewer
 
+  # Helper class for configuring PII masking rules
+  class PiiConfigurator
+    def initialize(configuration)
+      @configuration = configuration
+    end
+
+    # Define a PII masking rule
+    # @param column_spec [String] Table and column in format "table.column"
+    # @param with [Symbol, Proc] Masking rule - either built-in symbol or custom proc
+    def mask(column_spec, with:)
+      @configuration.pii_rules[column_spec] = with
+    end
+
+    # Define a custom masking function
+    # @param name [Symbol] Name of the custom mask
+    # @param block [Proc] The masking function
+    def custom_mask(name, block)
+      @configuration.custom_pii_masks[name] = block
+    end
+
+    # Enable or disable PII masking globally
+    # @param enabled [Boolean] Whether to enable PII masking
+    def enabled=(enabled)
+      @configuration.enable_pii_masking = enabled
+    end
+  end
+
   class << self
     # Module accessor for configuration
     attr_writer :configuration
@@ -73,6 +102,22 @@ module Dbviewer
       connection_errors
     end
 
+    # Configure PII masking rules using a block
+    #
+    # @example
+    #   Dbviewer.configure_pii do |pii|
+    #     pii.mask 'users.email', with: :email
+    #     pii.mask 'users.phone', with: :phone
+    #     pii.mask 'users.ssn', with: :ssn
+    #     pii.mask 'customers.credit_card', with: :credit_card
+    #     pii.mask 'profiles.secret', with: :full_redact
+    #     pii.mask 'accounts.api_key', with: ->(value) { value ? 'api_***' : value }
+    #     pii.custom_mask :my_custom, ->(value) { "CUSTOM: #{value[0]}***" }
+    #   end
+    def configure_pii
+      yield(PiiConfigurator.new(configuration)) if block_given?
+    end
+
     private
 
     # Configure the query logger with current configuration settings

data/lib/generators/dbviewer/install_generator.rb

@@ -7,6 +7,12 @@ module Dbviewer
       def copy_initializer_file
         copy_file "initializer.rb", "config/initializers/dbviewer.rb"
       end
+
+      def copy_pii_example
+        copy_file "pii_configuration_example.rb", "config/initializers/dbviewer_pii_example.rb"
+        say "Created example PII configuration at config/initializers/dbviewer_pii_example.rb", :green
+        say "Review and customize the PII masking rules, then rename to dbviewer_pii.rb to activate.", :yellow
+      end
     end
   end
 end

data/lib/generators/dbviewer/templates/pii_configuration_example.rb

@@ -0,0 +1,99 @@
+# Example DBViewer PII Configuration
+#
+# This file shows how to configure PII (Personally Identifiable Information) masking
+# in DBViewer to protect sensitive data in your database views.
+#
+# Place this configuration in your Rails initializer file (e.g., config/initializers/dbviewer.rb)
+
+Dbviewer.configure do |config|
+  # Enable/disable PII masking globally (default: true)
+  config.enable_pii_masking = true
+
+  # Other DBViewer configurations...
+  # config.default_per_page = 20
+  # config.enable_data_export = false
+end
+
+# Configure PII masking rules
+Dbviewer.configure_pii do |pii|
+  # Built-in masking types:
+
+  # Email masking: john.doe@example.com -> jo***@example.com
+  pii.mask "users.email", with: :email
+  pii.mask "customers.email_address", with: :email
+
+  # Phone masking: +1234567890 -> +1***90
+  pii.mask "users.phone", with: :phone
+  pii.mask "profiles.mobile_number", with: :phone
+
+  # Social Security Number masking: 123456789 -> ***-**-6789
+  pii.mask "users.ssn", with: :ssn
+  pii.mask "employees.social_security", with: :ssn
+
+  # Credit card masking: 1234567890123456 -> ****-****-****-3456
+  pii.mask "payments.card_number", with: :credit_card
+
+  # Full redaction: any_value -> ***REDACTED***
+  pii.mask "users.api_key", with: :full_redact
+  pii.mask "accounts.secret_token", with: :full_redact
+
+  # Partial masking (default): john_doe -> jo***oe
+  pii.mask "users.username", with: :partial
+
+  # Custom masking with lambda/proc:
+  pii.mask "users.address", with: ->(value) {
+    return value if value.nil?
+    "#{value.split(' ').first} ***"  # Show only first word
+  }
+
+  # Define custom masking functions that can be reused:
+  pii.custom_mask :ip_mask, ->(value) {
+    return value if value.nil?
+    parts = value.split(".")
+    return value if parts.length != 4
+    "#{parts[0]}.#{parts[1]}.***.***.***"
+  }
+
+  # Use custom mask:
+  pii.mask "logs.ip_address", with: :ip_mask
+  pii.mask "sessions.client_ip", with: :ip_mask
+
+  # More examples:
+
+  # Customer data
+  pii.mask "customers.first_name", with: :partial
+  pii.mask "customers.last_name", with: :partial
+  pii.mask "customers.date_of_birth", with: ->(value) {
+    return value if value.nil?
+    date = Date.parse(value.to_s) rescue nil
+    date ? "#{date.year}/***/**" : value
+  }
+
+  # Employee data
+  pii.mask "employees.salary", with: ->(value) { value ? "$***,***" : value }
+  pii.mask "employees.bank_account", with: :full_redact
+
+  # User profiles
+  pii.mask "profiles.biography", with: ->(value) {
+    return value if value.nil? || value.length <= 50
+    "#{value[0..50]}... [TRUNCATED FOR PRIVACY]"
+  }
+
+  # System logs with PII
+  pii.mask "audit_logs.user_data", with: :full_redact
+  pii.mask "error_logs.request_params", with: ->(value) {
+    # Redact JSON containing potential PII
+    return value if value.nil?
+    begin
+      JSON.parse(value)
+      "{ [REDACTED JSON DATA] }"
+    rescue
+      value
+    end
+  }
+end
+
+# You can also disable PII masking globally:
+# Dbviewer.configure_pii do |pii|
+#   pii.enabled = false
+# end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dbviewer
 version: !ruby/object:Gem::Version
-  version: 0.7.11
+  version: 0.8.0
 platform: ruby
 authors:
 - Wailan Tirajoh
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2025-06-22 00:00:00.000000000 Z
+date: 2025-06-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -144,6 +144,7 @@ files:
 - lib/dbviewer/cache/base.rb
 - lib/dbviewer/cache/in_memory.rb
 - lib/dbviewer/configuration.rb
+- lib/dbviewer/data_privacy/pii_masker.rb
 - lib/dbviewer/database/dynamic_model_factory.rb
 - lib/dbviewer/database/manager.rb
 - lib/dbviewer/database/metadata_manager.rb
@@ -166,6 +167,7 @@ files:
 - lib/dbviewer/version.rb
 - lib/generators/dbviewer/install_generator.rb
 - lib/generators/dbviewer/templates/initializer.rb
+- lib/generators/dbviewer/templates/pii_configuration_example.rb
 - lib/tasks/dbviewer_tasks.rake
 homepage: https://github.com/wailantirajoh/dbviewer
 licenses: