encrypted_parameter_filter 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
ADDED
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
---
|
|
2
|
+
SHA256:
|
|
3
|
+
metadata.gz: a32b0531f743768cb2dab3bd93637454be0f4ad273500130b10304c778819af7
|
|
4
|
+
data.tar.gz: 11731582354150b5d25a203a67ca6a482850df270648fbf291f57aa1e86affcd
|
|
5
|
+
SHA512:
|
|
6
|
+
metadata.gz: e5ed6b21e1a805615ff5c45b48daa9ca13fa761232dd06a6ac7187127a17e77fadf356f1bc02bd1def394e1cbf5a3952fec0a5fd52ee9f0e7313b3f612c70aed
|
|
7
|
+
data.tar.gz: 22ee119d587ab266c73f585a4b36817a5062339a879ffb55334d3bceb63ec8e9b72df8af0de6867d5a244c6a0b9d2072051947250d849ef795a76f7bf7e9a579
|
|
@@ -0,0 +1,63 @@
|
|
|
1
|
+
class EncryptedParams
|
|
2
|
+
ENCRYPTED = "[ENCRYPTED]"
|
|
3
|
+
|
|
4
|
+
def self.filter(*parameters_to_encrypt)
|
|
5
|
+
new(parameters_to_encrypt).to_proc_array
|
|
6
|
+
end
|
|
7
|
+
|
|
8
|
+
def initialize(parameters_to_encrypt)
|
|
9
|
+
@parameters_to_encrypt = stringify_nested_array(parameters_to_encrypt)
|
|
10
|
+
key_generator = ActiveSupport::KeyGenerator.new(
|
|
11
|
+
Rails.application.secret_key_base,
|
|
12
|
+
iterations: 1000,
|
|
13
|
+
hash_digest_class: OpenSSL::Digest::SHA1
|
|
14
|
+
)
|
|
15
|
+
salt = "encrypted_params:encryption".dup.force_encoding("UTF-8")
|
|
16
|
+
secret = key_generator.generate_key(salt, 32)
|
|
17
|
+
@encryptor = ActiveSupport::MessageEncryptor.new(secret, cipher: "aes-256-gcm")
|
|
18
|
+
end
|
|
19
|
+
|
|
20
|
+
def to_proc_array
|
|
21
|
+
Array(Proc.new { |key, value, original_params| filter(key, value, original_params) })
|
|
22
|
+
end
|
|
23
|
+
|
|
24
|
+
def encrypt(value)
|
|
25
|
+
encrypted_value = @encryptor.encrypt_and_sign(value)
|
|
26
|
+
ENCRYPTED + encrypted_value
|
|
27
|
+
end
|
|
28
|
+
|
|
29
|
+
def decrypt(encrypted_value)
|
|
30
|
+
encrypted_value = encrypted_value.gsub(ENCRYPTED, "")
|
|
31
|
+
@encryptor.decrypt_and_verify(encrypted_value)
|
|
32
|
+
end
|
|
33
|
+
|
|
34
|
+
private
|
|
35
|
+
|
|
36
|
+
def filter(key, value, original_params)
|
|
37
|
+
@parameters_to_encrypt.each do |param|
|
|
38
|
+
if param.to_s == key.to_s
|
|
39
|
+
value.replace(encrypt(value.to_s))
|
|
40
|
+
elsif param.is_a?(Array) && param.last.to_s == key
|
|
41
|
+
original_value = param.reduce(original_params) { |acc, key| acc[key] || break }
|
|
42
|
+
if original_value == value
|
|
43
|
+
value.replace(encrypt(value.to_s))
|
|
44
|
+
end
|
|
45
|
+
end
|
|
46
|
+
end
|
|
47
|
+
end
|
|
48
|
+
|
|
49
|
+
def stringify_nested_array(array)
|
|
50
|
+
array.map do |item|
|
|
51
|
+
case item
|
|
52
|
+
when Array
|
|
53
|
+
stringify_nested_array(item)
|
|
54
|
+
when Hash
|
|
55
|
+
item.transform_keys { |k| k.is_a?(Symbol) ? k.to_s : k }
|
|
56
|
+
when Symbol
|
|
57
|
+
item.to_s
|
|
58
|
+
else
|
|
59
|
+
item
|
|
60
|
+
end
|
|
61
|
+
end
|
|
62
|
+
end
|
|
63
|
+
end
|
metadata
ADDED
|
@@ -0,0 +1,111 @@
|
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
|
2
|
+
name: encrypted_parameter_filter
|
|
3
|
+
version: !ruby/object:Gem::Version
|
|
4
|
+
version: 0.1.0
|
|
5
|
+
platform: ruby
|
|
6
|
+
authors:
|
|
7
|
+
- Joe Hunt
|
|
8
|
+
autorequire:
|
|
9
|
+
bindir: bin
|
|
10
|
+
cert_chain: []
|
|
11
|
+
date: 2025-07-07 00:00:00.000000000 Z
|
|
12
|
+
dependencies:
|
|
13
|
+
- !ruby/object:Gem::Dependency
|
|
14
|
+
name: rails
|
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
|
16
|
+
requirements:
|
|
17
|
+
- - "~>"
|
|
18
|
+
- !ruby/object:Gem::Version
|
|
19
|
+
version: '7.0'
|
|
20
|
+
- - ">="
|
|
21
|
+
- !ruby/object:Gem::Version
|
|
22
|
+
version: 7.0.0
|
|
23
|
+
type: :runtime
|
|
24
|
+
prerelease: false
|
|
25
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
26
|
+
requirements:
|
|
27
|
+
- - "~>"
|
|
28
|
+
- !ruby/object:Gem::Version
|
|
29
|
+
version: '7.0'
|
|
30
|
+
- - ">="
|
|
31
|
+
- !ruby/object:Gem::Version
|
|
32
|
+
version: 7.0.0
|
|
33
|
+
- !ruby/object:Gem::Dependency
|
|
34
|
+
name: rake
|
|
35
|
+
requirement: !ruby/object:Gem::Requirement
|
|
36
|
+
requirements:
|
|
37
|
+
- - "~>"
|
|
38
|
+
- !ruby/object:Gem::Version
|
|
39
|
+
version: '13.0'
|
|
40
|
+
type: :development
|
|
41
|
+
prerelease: false
|
|
42
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
43
|
+
requirements:
|
|
44
|
+
- - "~>"
|
|
45
|
+
- !ruby/object:Gem::Version
|
|
46
|
+
version: '13.0'
|
|
47
|
+
- !ruby/object:Gem::Dependency
|
|
48
|
+
name: minitest
|
|
49
|
+
requirement: !ruby/object:Gem::Requirement
|
|
50
|
+
requirements:
|
|
51
|
+
- - "~>"
|
|
52
|
+
- !ruby/object:Gem::Version
|
|
53
|
+
version: '5.16'
|
|
54
|
+
type: :development
|
|
55
|
+
prerelease: false
|
|
56
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
57
|
+
requirements:
|
|
58
|
+
- - "~>"
|
|
59
|
+
- !ruby/object:Gem::Version
|
|
60
|
+
version: '5.16'
|
|
61
|
+
- !ruby/object:Gem::Dependency
|
|
62
|
+
name: rubocop-rails-omakase
|
|
63
|
+
requirement: !ruby/object:Gem::Requirement
|
|
64
|
+
requirements:
|
|
65
|
+
- - "~>"
|
|
66
|
+
- !ruby/object:Gem::Version
|
|
67
|
+
version: '1.1'
|
|
68
|
+
type: :development
|
|
69
|
+
prerelease: false
|
|
70
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
71
|
+
requirements:
|
|
72
|
+
- - "~>"
|
|
73
|
+
- !ruby/object:Gem::Version
|
|
74
|
+
version: '1.1'
|
|
75
|
+
description: Request parameters can't be encrypted by default in ActiveSupport::Parameter
|
|
76
|
+
filter. This gem allows you to encrypt parameters in logs.
|
|
77
|
+
email:
|
|
78
|
+
- josephbhunt@gmail.com
|
|
79
|
+
executables: []
|
|
80
|
+
extensions: []
|
|
81
|
+
extra_rdoc_files: []
|
|
82
|
+
files:
|
|
83
|
+
- lib/encrypted_parameter_filter.rb
|
|
84
|
+
- lib/encrypted_parameter_filter/encrypted_params.rb
|
|
85
|
+
- lib/encrypted_parameter_filter/version.rb
|
|
86
|
+
homepage: https://github.com/josephbhunt/
|
|
87
|
+
licenses:
|
|
88
|
+
- MIT
|
|
89
|
+
metadata:
|
|
90
|
+
homepage_uri: https://github.com/josephbhunt/
|
|
91
|
+
source_code_uri: https://example.com
|
|
92
|
+
post_install_message:
|
|
93
|
+
rdoc_options: []
|
|
94
|
+
require_paths:
|
|
95
|
+
- lib
|
|
96
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
|
97
|
+
requirements:
|
|
98
|
+
- - ">="
|
|
99
|
+
- !ruby/object:Gem::Version
|
|
100
|
+
version: 3.0.0
|
|
101
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
102
|
+
requirements:
|
|
103
|
+
- - ">="
|
|
104
|
+
- !ruby/object:Gem::Version
|
|
105
|
+
version: '0'
|
|
106
|
+
requirements: []
|
|
107
|
+
rubygems_version: 3.4.19
|
|
108
|
+
signing_key:
|
|
109
|
+
specification_version: 4
|
|
110
|
+
summary: Encrypt parameters in Rails logs
|
|
111
|
+
test_files: []
|