dbviewer 0.7.11 → 0.8.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b357ba9437acaa807f1b31562bb7a1b76bfaefc7c3e2e6ccb3be4cfdbd627a0a
-  data.tar.gz: 2adbc0f217154bad12cb3c7bfd711a7daa7dcbfa5b01538563ea49010cd6d2f3
+  metadata.gz: 12d0c138efd718011eda36a79ea33a9e96f6609032b1160249e19876df86d00e
+  data.tar.gz: 11150deaa07278a6073f9977000fc4075ac0d24f671601a3525d19afd27b2e25
 SHA512:
-  metadata.gz: c24e471a8d6d3248ef88040cff072a7868b8e936bdb535888882497b9ac64396017bb42f7c7f100b68240c8a927e45b573f679e47bd6573c832fcd2e6adc837a
-  data.tar.gz: a7be084a91cb9d090544d7a770ba3f1cf18e512a56a216b431a58672c09c4fd9b682cb6df768708c5fcc1bf85494a9738643e42f488103abe1aefc945ef2eda6
+  metadata.gz: 0e0bfde143b99b1412a405d46eee0e13efb3711d7b33a297c0327f712dfb946acb808052b377df970dfae65e97656a826af3cab7896a0e544831ad9942a048a4
+  data.tar.gz: 342ee2c29f04c64d68272f843c45860bf60a51e61e338d1a9ff5ae579d85ec6a5684d4bbd12f95b46a1f452100eb01796d57a0caa2a96b0b5732aecb050a4896

data/README.md

@@ -1,6 +1,7 @@
 ![dbviewer](https://github.com/user-attachments/assets/665c1a65-aab3-4a7e-aa54-b42e871cb3d0)
 
 # 👁️ DBViewer
+
 > **The fastest way to visualize and explore your database**
 
 DBViewer is a powerful Rails engine that provides a comprehensive interface to view and explore database tables, records, and schema.
@@ -17,6 +18,7 @@ It's designed for development, debugging, and database analysis, offering a clea
 - **Data Browsing**
 - **SQL Queries**
 - **Multiple Database Connections**
+- **PII Data Masking** - Protect sensitive data with configurable masking rules
 - **Enhanced UI Features**
 
 ## 🧪 Demo Application
@@ -258,6 +260,63 @@ end
 
 When disabled, all DBViewer routes return 404 responses, making it appear as if the tool was never installed. This is the recommended approach for production systems where database admin tools should not be accessible.
 
+## 🔐 PII Data Masking
+
+DBViewer includes built-in support for masking Personally Identifiable Information (PII) to protect sensitive data while allowing developers to browse database contents.
+
+### Quick Setup
+
+Configure PII masking in your Rails initializer (e.g., `config/initializers/dbviewer.rb`):
+
+```ruby
+# Enable PII masking (enabled by default)
+Dbviewer.configure do |config|
+  config.enable_pii_masking = true
+end
+
+# Define masking rules
+Dbviewer.configure_pii do |pii|
+  # Built-in masking types
+  pii.mask 'users.email', with: :email           # john@example.com → jo***@example.com
+  pii.mask 'users.phone', with: :phone           # +1234567890 → +1***90
+  pii.mask 'users.ssn', with: :ssn               # 123456789 → ***-**-6789
+  pii.mask 'payments.card_number', with: :credit_card  # 1234567890123456 → ****-****-****-3456
+  pii.mask 'users.api_key', with: :full_redact   # any_value → ***REDACTED***
+
+  # Custom masking with lambda
+  pii.mask 'users.salary', with: ->(value) { value ? '$***,***' : value }
+
+  # Define reusable custom masks
+  pii.custom_mask :ip_mask, ->(value) {
+    return value if value.nil?
+    parts = value.split('.')
+    "#{parts[0]}.#{parts[1]}.***.***.***"
+  }
+  pii.mask 'logs.ip_address', with: :ip_mask
+end
+```
+
+### Built-in Masking Types
+
+- **`:email`** - Masks email addresses while preserving domain
+- **`:phone`** - Masks phone numbers keeping first and last digits
+- **`:ssn`** - Masks Social Security Numbers showing only last 4 digits
+- **`:credit_card`** - Masks credit card numbers showing only last 4 digits
+- **`:full_redact`** - Completely redacts the value
+- **`:partial`** - Partial masking (default behavior)
+
+### Generate Example Configuration
+
+Use the generator to create an example PII configuration:
+
+```bash
+rails generate dbviewer:install
+```
+
+This creates `config/initializers/dbviewer_pii_example.rb` with comprehensive examples.
+
+For detailed PII masking documentation, see [PII_MASKING.md](docs/PII_MASKING.md).
+
 ## 📝 Security Note
 
 ⚠️ **Warning**: This engine provides direct access to your database contents, which contains sensitive information. Always protect it with HTTP Basic Authentication by configuring strong credentials as shown above.

data/app/helpers/dbviewer/datatable_ui_table_helper.rb

@@ -40,8 +40,8 @@ module Dbviewer
     end
 
     # Render a cell that may include a foreign key link
-    def render_table_cell(cell, column_name, metadata)
-      cell_value = format_cell_value(cell)
+    def render_table_cell(cell, column_name, metadata, table_name = nil)
+      cell_value = format_cell_value(cell, table_name, column_name)
       foreign_key = metadata && metadata[:foreign_keys] ?
                     metadata[:foreign_keys].find { |fk| fk[:column] == column_name } :
                     nil
@@ -61,15 +61,15 @@ module Dbviewer
     end
 
     # Render a table row with cells
-    def render_table_row(row, records, metadata)
+    def render_table_row(row, records, metadata, table_name = nil)
       content_tag(:tr) do
         # Start with action column (sticky first column)
-        cells = [ render_action_cell(row, records.columns, metadata) ]
+        cells = [ render_action_cell(row, records.columns, metadata, table_name) ]
 
         # Add all data cells
         cells += row.each_with_index.map do |cell, cell_index|
           column_name = records.columns[cell_index]
-          render_table_cell(cell, column_name, metadata)
+          render_table_cell(cell, column_name, metadata, table_name)
         end
 
         cells.join.html_safe
@@ -77,7 +77,7 @@ module Dbviewer
     end
 
     # Render the entire table body with rows
-    def render_table_body(records, metadata)
+    def render_table_body(records, metadata, table_name = nil)
       if records.nil? || records.rows.nil? || records.empty?
         content_tag(:tbody) do
           content_tag(:tr) do
@@ -89,19 +89,20 @@ module Dbviewer
       else
         content_tag(:tbody) do
           records.rows.map do |row|
-            render_table_row(row, records, metadata)
+            render_table_row(row, records, metadata, table_name)
           end.join.html_safe
         end
       end
     end
 
     # Render action buttons for a record
-    def render_action_cell(row_data, columns, metadata = nil)
+    def render_action_cell(row_data, columns, metadata = nil, table_name = nil)
       data_attributes = {}
 
       # Create a hash of column_name: value pairs for data attributes
+      # Apply the same formatting logic used in table cells
       columns.each_with_index do |column_name, index|
-        data_attributes[column_name] = row_data[index].to_s
+        data_attributes[column_name] = format_cell_value(row_data[index], table_name, column_name)
       end
 
       content_tag(:td, class: "text-center action-column") do

data/app/helpers/dbviewer/formatting_helper.rb

@@ -1,6 +1,11 @@
 module Dbviewer
   module FormattingHelper
-    def format_cell_value(value)
+    def format_cell_value(value, table_name = nil, column_name = nil)
+      # Apply PII masking if configured
+      if table_name && column_name
+        value = Dbviewer::DataPrivacy::PiiMasker.mask_value(value, table_name, column_name)
+      end
+
       return "NULL" if value.nil?
       return format_default_value(value) unless value.is_a?(String)
 

data/app/views/dbviewer/tables/query.html.erb

@@ -142,8 +142,9 @@
               <% if @records.rows.any? %>
                 <% @records.rows.each do |row| %>
                   <tr>
-                    <% row.each do |cell| %>
-                      <td><%= format_cell_value(cell) %></td>
+                    <% row.each_with_index do |cell, index| %>
+                      <% column_name = @records.columns[index] %>
+                      <td><%= format_cell_value(cell, @table_name, column_name) %></td>
                     <% end %>
                   </tr>
                 <% end %>

data/app/views/dbviewer/tables/show.html.erb

@@ -136,7 +136,7 @@
                 <%= render_sortable_header_row(@records, @order_by, @order_direction, @table_name, @current_page, @per_page, @column_filters) %>
                 <%= render_column_filters_row(form, @records, @columns, @column_filters) %>
               </thead>
-              <%= render_table_body(@records, @metadata) %>
+              <%= render_table_body(@records, @metadata, @table_name) %>
         </table>
         <% end %> <!-- End of form_with -->
       </div>

data/lib/dbviewer/configuration.rb

@@ -59,6 +59,24 @@ module Dbviewer
     # When enabled, all DBViewer routes will return 404 responses
     attr_accessor :disabled
 
+    # PII (Personally Identifiable Information) masking configuration
+    # Hash of table.column => masking rule
+    # @example {
+    #   'users.email' => :email,
+    #   'users.phone' => :phone,
+    #   'customers.ssn' => :custom_mask
+    # }
+    attr_accessor :pii_rules
+
+    # Enable/disable PII masking globally
+    attr_accessor :enable_pii_masking
+
+    # Custom PII masking blocks
+    # @example {
+    #   custom_mask: ->(value) { value ? '***REDACTED***' : value }
+    # }
+    attr_accessor :custom_pii_masks
+
     def initialize
       @per_page_options = [ 10, 20, 50, 100 ]
       @default_per_page = 20
@@ -82,6 +100,9 @@ module Dbviewer
         }
       }
       @current_connection = :default
+      @pii_rules = {}
+      @enable_pii_masking = true
+      @custom_pii_masks = {}
     end
   end
 end

data/lib/dbviewer/data_privacy/pii_masker.rb

@@ -0,0 +1,125 @@
+module Dbviewer
+  module DataPrivacy
+    class PiiMasker
+      BUILT_IN_MASKS = {
+        email: ->(value) { mask_email(value) },
+        phone: ->(value) { mask_phone(value) },
+        credit_card: ->(value) { mask_credit_card(value) },
+        ssn: ->(value) { mask_ssn(value) },
+        full_redact: ->(value) { value ? "***REDACTED***" : value },
+        partial: ->(value) { mask_partial(value) }
+      }.freeze
+
+      def self.mask_value(value, table_name, column_name)
+        return value unless should_mask?(table_name, column_name)
+
+        rule = get_masking_rule(table_name, column_name)
+        apply_mask(value, rule)
+      end
+
+      private
+
+      def self.should_mask?(table_name, column_name)
+        return false unless Dbviewer.configuration.enable_pii_masking
+        return false if Dbviewer.configuration.pii_rules.empty?
+
+        key = "#{table_name}.#{column_name}"
+        Dbviewer.configuration.pii_rules.key?(key)
+      end
+
+      def self.get_masking_rule(table_name, column_name)
+        key = "#{table_name}.#{column_name}"
+        Dbviewer.configuration.pii_rules[key]
+      end
+
+      def self.apply_mask(value, rule)
+        return value if value.nil?
+
+        case rule
+        when Symbol
+          apply_built_in_mask(value, rule)
+        when Proc
+          rule.call(value)
+        else
+          apply_built_in_mask(value, :partial)
+        end
+      rescue => e
+        Rails.logger.warn("PII masking failed for rule #{rule}: #{e.message}")
+        "***ERROR***"
+      end
+
+      def self.apply_built_in_mask(value, mask_type)
+        mask_proc = BUILT_IN_MASKS[mask_type]
+        if mask_proc
+          mask_proc.call(value)
+        else
+          # Check if it's a custom mask
+          custom_mask = Dbviewer.configuration.custom_pii_masks[mask_type]
+          if custom_mask && custom_mask.respond_to?(:call)
+            custom_mask.call(value)
+          else
+            mask_partial(value)
+          end
+        end
+      end
+
+      def self.mask_email(value)
+        return value unless value.to_s.include?("@")
+
+        parts = value.to_s.split("@")
+        username = parts[0]
+        domain = parts[1]
+
+        if username.length <= 1
+          masked_username = "*"
+        elsif username.length <= 2
+          masked_username = username
+        else
+          masked_username = "#{username[0..1]}***"
+        end
+
+        "#{masked_username}@#{domain}"
+      end
+
+      def self.mask_phone(value)
+        # Remove all non-digit characters
+        digits = value.to_s.gsub(/\D/, "")
+        return value if digits.length < 4
+
+        # Keep first and last 2 digits, mask the middle
+        if digits.length <= 6
+          "#{digits[0]}#{'*' * (digits.length - 2)}#{digits[-1]}"
+        else
+          "#{digits[0..1]}#{'*' * 3}#{digits[-2..-1]}"
+        end
+      end
+
+      def self.mask_credit_card(value)
+        digits = value.to_s.gsub(/\D/, "")
+        return value if digits.length < 4
+
+        # Show last 4 digits only
+        "****-****-****-#{digits[-4..-1]}"
+      end
+
+      def self.mask_ssn(value)
+        digits = value.to_s.gsub(/\D/, "")
+        return value if digits.length != 9
+
+        # Show last 4 digits only
+        "***-**-#{digits[-4..-1]}"
+      end
+
+      def self.mask_partial(value)
+        str = value.to_s
+        return str if str.length <= 2
+
+        if str.length <= 4
+          "#{str[0]}#{'*' * (str.length - 2)}#{str[-1]}"
+        else
+          "#{str[0..1]}#{'*' * 3}#{str[-2..-1]}"
+        end
+      end
+    end
+  end
+end

data/lib/dbviewer/version.rb

@@ -1,3 +1,3 @@
 module Dbviewer
-  VERSION = "0.7.11"
+  VERSION = "0.8.1"
 end

data/lib/dbviewer.rb

@@ -23,11 +23,40 @@ require "dbviewer/database/metadata_manager"
 require "dbviewer/datatable/query_operations"
 require "dbviewer/datatable/query_params"
 
+require "dbviewer/data_privacy/pii_masker"
+
 require "propshaft"
 
 module Dbviewer
   # Main module for the database viewer
 
+  # Helper class for configuring PII masking rules
+  class PiiConfigurator
+    def initialize(configuration)
+      @configuration = configuration
+    end
+
+    # Define a PII masking rule
+    # @param column_spec [String] Table and column in format "table.column"
+    # @param with [Symbol, Proc] Masking rule - either built-in symbol or custom proc
+    def mask(column_spec, with:)
+      @configuration.pii_rules[column_spec] = with
+    end
+
+    # Define a custom masking function
+    # @param name [Symbol] Name of the custom mask
+    # @param block [Proc] The masking function
+    def custom_mask(name, block)
+      @configuration.custom_pii_masks[name] = block
+    end
+
+    # Enable or disable PII masking globally
+    # @param enabled [Boolean] Whether to enable PII masking
+    def enabled=(enabled)
+      @configuration.enable_pii_masking = enabled
+    end
+  end
+
   class << self
     # Module accessor for configuration
     attr_writer :configuration
@@ -73,6 +102,22 @@ module Dbviewer
       connection_errors
     end
 
+    # Configure PII masking rules using a block
+    #
+    # @example
+    #   Dbviewer.configure_pii do |pii|
+    #     pii.mask 'users.email', with: :email
+    #     pii.mask 'users.phone', with: :phone
+    #     pii.mask 'users.ssn', with: :ssn
+    #     pii.mask 'customers.credit_card', with: :credit_card
+    #     pii.mask 'profiles.secret', with: :full_redact
+    #     pii.mask 'accounts.api_key', with: ->(value) { value ? 'api_***' : value }
+    #     pii.custom_mask :my_custom, ->(value) { "CUSTOM: #{value[0]}***" }
+    #   end
+    def configure_pii
+      yield(PiiConfigurator.new(configuration)) if block_given?
+    end
+
     private
 
     # Configure the query logger with current configuration settings

data/lib/generators/dbviewer/install_generator.rb

@@ -7,6 +7,10 @@ module Dbviewer
       def copy_initializer_file
         copy_file "initializer.rb", "config/initializers/dbviewer.rb"
       end
+
+      def copy_pii
+        copy_file "dbviewer_pii.rb", "config/initializers/dbviewer_pii.rb"
+      end
     end
   end
 end

data/lib/generators/dbviewer/templates/dbviewer_pii.rb

@@ -0,0 +1,26 @@
+Dbviewer.configure do |config|
+  # Enable/disable PII masking globally (default: true)
+  # config.enable_pii_masking = true
+end
+
+# Configure PII masking rules
+Dbviewer.configure_pii do |pii|
+  # pii.mask "users.email", with: :email
+  # pii.mask "customers.email_address", with: :email
+
+  # # Custom masking with lambda/proc:
+  # pii.mask "users.address", with: ->(value) {
+  #   return value if value.nil?
+  #   "#{value.split(' ').first} ***"  # Show only first word
+  # }
+
+  # # Define custom masking functions that can be reused:
+  # pii.custom_mask :ip_mask, ->(value) {
+  #   return value if value.nil?
+  #   parts = value.split(".")
+  #   return value if parts.length != 4
+  #   "#{parts[0]}.#{parts[1]}.***.***.***"
+  # }
+  # pii.mask "logs.ip_address", with: :ip_mask
+  # pii.mask "sessions.client_ip", with: :ip_mask
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dbviewer
 version: !ruby/object:Gem::Version
-  version: 0.7.11
+  version: 0.8.1
 platform: ruby
 authors:
 - Wailan Tirajoh
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2025-06-22 00:00:00.000000000 Z
+date: 2025-06-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -144,6 +144,7 @@ files:
 - lib/dbviewer/cache/base.rb
 - lib/dbviewer/cache/in_memory.rb
 - lib/dbviewer/configuration.rb
+- lib/dbviewer/data_privacy/pii_masker.rb
 - lib/dbviewer/database/dynamic_model_factory.rb
 - lib/dbviewer/database/manager.rb
 - lib/dbviewer/database/metadata_manager.rb
@@ -165,6 +166,7 @@ files:
 - lib/dbviewer/validator/sql/validation_result.rb
 - lib/dbviewer/version.rb
 - lib/generators/dbviewer/install_generator.rb
+- lib/generators/dbviewer/templates/dbviewer_pii.rb
 - lib/generators/dbviewer/templates/initializer.rb
 - lib/tasks/dbviewer_tasks.rake
 homepage: https://github.com/wailantirajoh/dbviewer