enkrip 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: ed86ace6f37ae25ece693100929e8c4a85721901fdce14878ba320293937c776
+  data.tar.gz: 0b744465c19433f28b0317e933f11d711446aad4accdf2cbfee7863264256abc
+SHA512:
+  metadata.gz: 22acbd270fa85f882801487b5e507b59085af06592dd57bbdd23e66e85a761683243640cf00ca9eb193c31cb99df200cff0356e3651275630cdb016c5f1aa7d5
+  data.tar.gz: fd963e2d091f3a29a3a5542bf0d7b4f80b5b71998c9747ed4309be683f0f2a97abbfb5dbada4fe7ae6c63b523cdc028380190feb74902bdc1c76e6c6c3da75b0

data/.gitignore

@@ -0,0 +1 @@
+*.gem

data/Gemfile

@@ -0,0 +1,3 @@
+source 'https://rubygems.org'
+
+gemspec

data/Gemfile.lock

@@ -0,0 +1,43 @@
+PATH
+  remote: .
+  specs:
+    enkrip (0.1.0)
+      activerecord (>= 5.2, < 6)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    activemodel (5.2.1)
+      activesupport (= 5.2.1)
+    activerecord (5.2.1)
+      activemodel (= 5.2.1)
+      activesupport (= 5.2.1)
+      arel (>= 9.0)
+    activesupport (5.2.1)
+      concurrent-ruby (~> 1.0, >= 1.0.2)
+      i18n (>= 0.7, < 2)
+      minitest (~> 5.1)
+      tzinfo (~> 1.1)
+    arel (9.0.0)
+    concurrent-ruby (1.0.5)
+    i18n (1.1.1)
+      concurrent-ruby (~> 1.0)
+    minitest (5.11.3)
+    rake (12.3.1)
+    sqlite3 (1.3.13)
+    thread_safe (0.3.6)
+    tzinfo (1.2.5)
+      thread_safe (~> 0.1)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  bundler (~> 1.16)
+  enkrip!
+  minitest (~> 5.11)
+  rake (~> 12.3)
+  sqlite3
+
+BUNDLED WITH
+   1.16.6

data/LICENSE.txt

@@ -0,0 +1,22 @@
+Copyright (c) 2018 Kunto Aji Kristianto
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,100 @@
+# Enkrip
+
+Encrypt & decrypt Active Record's model attributes with Message Encryptor.
+
+## Goals
+
+* Seamlessly encrypt and decrypt value for both string and numeric attribute
+* Compatible with Active Model validation
+* Automatically convert numeric attributes to desired data types
+
+## Limitations
+
+* All attributes that are defined in `numeric_attributes` will be forced to use UTF-8 encoding
+* Enkrip requires Active Record 5.2 or newer
+* Does not compatible with [activerecord-import](https://rubygems.org/gems/activerecord-import)
+
+## Installation
+
+Add `enkrip` to your Rails app’s Gemfile and run bundle install:
+
+```
+gem 'enkrip'
+```
+
+## Configuration
+
+After installation, you need to define `ENKRIP_LENGTH`, `ENKRIP_SALT`, and `ENKRIP_SECRET` environment variables:
+
+```
+# example
+export ENKRIP_LENGTH=32 # 32 is default value from ActiveSupport::MessageEncryptor.key_len
+export ENKRIP_SALT=random_salt_with_length_32 # you can generate from SecureRandom.random_bytes(YOUR_ENKRIP_LENGTH)
+export ENKRIP_SECRET=random_secret_with_length_32
+```
+
+## Usage
+
+Use text data type for encrypted attributes
+
+```
+# migration
+
+class CreatePosts < ActiveRecord::Migration[5.2]
+  def change
+    create_table :posts do |t|
+      t.text :my_string
+      t.text :my_numeric
+
+      t.timestamps
+    end
+  end
+end
+```
+
+After run the migration, define you encrypted attributes
+
+```
+# Active Record model
+
+class Post < ActiveRecord::Base
+  include Enkrip::Model
+
+  enkrip_configure do |config|
+    config.string_attributes << :my_string
+    config.numeric_attributes << :my_numeric
+    config.purpose = :example # optional, default is nil
+    config.convert_method_for_numeric_attribute = :to_f # optional, default is to_i
+    config.default_value_if_numeric_attribute_blank =  0.0 # optional, default is 0
+  end
+end
+```
+
+You can check encrypted value from rails console with raw query
+
+```
+# Rails 5.2 console
+post = Post.new => #<Post id: nil, my_string: nil, my_numeric: nil, created_at: nil, updated_at: nil>
+post.valid? # => false
+post.errors.full_messages # => ["My numeric must be greater than 0", "My string can't be blank"]
+
+post.my_string = "aloha" # => "aloha"
+post.my_numeric = 5 # => 5
+post.save # => true
+
+raw = ActiveRecord::Base.connection.exec_query 'SELECT my_string, my_numeric FROM posts limit 1'
+
+raw.rows.first[raw.columns.find_index('my_string')]
+# => "TUVQcnRBck5oYzMvRlRZUWR3Mzlzdz09LS1tZ09xNGNYbnkzdFc2d1duMEIrdUdBPT0=--ffae1f04753ca5c636915746a4c6fccf81897138"
+
+raw.rows.first[raw.columns.find_index('my_numeric')]
+# => "TkdSbURRNzVMbUF6MjF0bjI2ZEtmQT09LS1rRHhqQ2xpWGhYaHBoRlhCRnVZSmh3PT0=--74e45e6c96df78258a1731994a71a74c5047d655"
+
+post.reload
+post.my_string # => "aloha"
+post.my_numeric # => 5
+```
+
+## License
+
+Enkrip is released under the [MIT License](https://opensource.org/licenses/MIT).

data/Rakefile

@@ -0,0 +1,8 @@
+require 'rake/testtask'
+
+Rake::TestTask.new do |t|
+  t.libs << 'test'
+end
+
+desc 'Run tests'
+task default: :test

data/enkrip.gemspec

@@ -0,0 +1,21 @@
+require 'date'
+require_relative 'lib/enkrip/version'
+
+Gem::Specification.new do |spec|
+  spec.name        = 'enkrip'
+  spec.version     = Enkrip::VERSION
+  spec.date        = Date.today.to_s
+  spec.summary     = 'encrypt & decrypt Active Record attributes with Message Encryptor'
+  spec.description = 'Enkrip will encrypt & decrypt Active Record attributes seamlessly with Message Encryptor. By default compatible with Active model validation'
+  spec.author      = 'Kunto Aji Kristianto'
+  spec.email       = 'kuntoaji@kaklabs.com'
+  spec.files       = `git ls-files -z`.split("\x0")
+  spec.homepage    = 'http://github.com/kuntoaji/enkrip'
+  spec.license     = 'MIT'
+
+  spec.add_dependency 'activerecord', '>= 5.2', '< 6'
+  spec.add_development_dependency 'bundler', '~> 1.16'
+  spec.add_development_dependency 'rake', '~> 12.3'
+  spec.add_development_dependency 'minitest', '~> 5.11'
+  spec.add_development_dependency 'sqlite3', '~> 0'
+end

data/lib/enkrip.rb

@@ -0,0 +1,6 @@
+# frozen_string_literal: true
+
+require 'active_record'
+require 'enkrip/version'
+require 'enkrip/engine'
+require 'enkrip/model'

data/lib/enkrip/engine.rb

@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+
+module Enkrip
+  LENGTH = ENV['ENKRIP_LENGTH'].to_i # ActiveSupport::MessageEncryptor.key_len
+  SALT   = ENV['ENKRIP_SALT'] # SecureRandom.random_bytes(LENGTH)
+  SECRET = ENV['ENKRIP_SECRET']
+  KEY    = ActiveSupport::KeyGenerator.new(SECRET).generate_key(SALT, LENGTH).freeze
+
+  class Engine
+    class << self
+      @@verifier = ActiveSupport::MessageEncryptor.new(Enkrip::KEY)
+
+      def encrypt(value, purpose: nil)
+        @@verifier.encrypt_and_sign value, purpose: purpose
+      end
+
+      def decrypt(value, purpose: nil)
+        @@verifier.decrypt_and_verify value, purpose: purpose
+      end
+    end
+  end
+end

data/lib/enkrip/model.rb

@@ -0,0 +1,49 @@
+# frozen_string_literal: true
+
+module Enkrip
+  module Model
+    extend ActiveSupport::Concern
+
+    included do
+      after_find :decrypt
+      before_save :encrypt
+      after_save :decrypt
+
+      def encrypt
+        self.class::ENCRYPTED_CONFIG.all_attributes.each do |attr|
+          self[attr] = Enkrip::Engine.encrypt(self[attr], purpose: self.class::ENCRYPTED_CONFIG.purpose) if respond_to?(attr) && self[attr].present?
+        end
+      end
+
+      def decrypt
+        self.class::ENCRYPTED_CONFIG.all_attributes.each do |attr|
+          self[attr] = Enkrip::Engine.decrypt(self[attr], purpose: self.class::ENCRYPTED_CONFIG.purpose) if respond_to?(attr) && self[attr].present?
+        end
+      end
+    end
+
+    class_methods do
+      def enkrip_configure
+        config = OpenStruct.new(
+          string_attributes: [],
+          numeric_attributes: [],
+          purpose: nil,
+          convert_method_for_numeric_attribute: :to_i,
+          default_value_if_numeric_attribute_blank: 0
+        )
+
+        yield config
+
+        config.all_attributes = config.string_attributes + config.numeric_attributes
+        const_set :ENCRYPTED_CONFIG, config
+
+        config.numeric_attributes.each do |attr|
+          define_method(attr) do
+            value = super()
+            value.present? ? value.force_encoding('UTF-8').send(config.convert_method_for_numeric_attribute) : config.default_value_if_numeric_attribute_blank
+          end
+        end
+      end
+    end
+  end
+end

data/lib/enkrip/version.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+module Enkrip
+  VERSION = '0.1.0'
+end

data/test/test_enkrip.rb

@@ -0,0 +1,33 @@
+require 'test_helper'
+
+describe Enkrip do
+  def test_version
+    assert Enkrip::VERSION
+  end
+
+  def test_encryption_decryption
+    model = ExampleModel.new my_string: '', my_numeric: 0
+    assert_equal model.valid?, false
+
+    model.my_string = 'my example string'
+    model.my_numeric = 1
+    model.save!
+    model.reload
+
+    raw = ActiveRecord::Base.connection.exec_query 'SELECT my_string, my_numeric FROM example_models limit 1'
+    encrypted_my_string = raw.rows.first.first
+    encrypted_my_numeric = raw.rows.first.last
+
+    assert_equal encrypted_my_string.nil?, false
+    assert_equal encrypted_my_string.empty?, false
+    refute_equal encrypted_my_string, model.my_string
+    assert_equal model.my_string, 'my example string'
+    assert_equal Enkrip::Engine.decrypt(encrypted_my_string, purpose: :example), 'my example string'
+
+    assert_equal encrypted_my_numeric.nil?, false
+    assert_equal encrypted_my_numeric.empty?, false
+    refute_equal encrypted_my_numeric, model.my_numeric
+    assert_equal model.my_numeric, 1
+    assert_equal Enkrip::Engine.decrypt(encrypted_my_numeric, purpose: :example).to_i, 1
+  end
+end

data/test/test_helper.rb

@@ -0,0 +1,25 @@
+require 'minitest/autorun'
+
+ENV['ENKRIP_LENGTH'] = '32'
+ENV['ENKRIP_SALT']   = 'y\xBC\xAD\xA7\xAE6\xAD\x9F](\x89\xB2\xF6!\xED\xC8\xA2(1\x8E\xA9&/ef`\xD3\xB3\x11\xB6C\xB4' # SecureRandom.random_bytes(LENGTH)
+ENV['ENKRIP_SECRET'] = 'f031fbebc6bb5a69094139c24090fd42'
+
+require_relative '../lib/enkrip'
+
+ActiveRecord::Base.establish_connection adapter: 'sqlite3', database: ':memory:', encoding: 'unicode'
+ActiveRecord::Base.connection.create_table(:example_models, force: true) do |t|
+  t.text :my_string
+  t.text :my_numeric
+end
+
+class ExampleModel < ActiveRecord::Base
+  include Enkrip::Model
+  validates :my_numeric, numericality: { greater_than: 0 }
+  validates :my_string, presence: true
+
+  enkrip_configure do |config|
+    config.string_attributes << :my_string
+    config.numeric_attributes << :my_numeric
+    config.purpose = :example # optional
+  end
+end

metadata

@@ -0,0 +1,133 @@
+--- !ruby/object:Gem::Specification
+name: enkrip
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Kunto Aji Kristianto
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2018-10-28 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: activerecord
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '5.2'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '6'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '5.2'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '6'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.16'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.16'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '12.3'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '12.3'
+- !ruby/object:Gem::Dependency
+  name: minitest
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '5.11'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '5.11'
+- !ruby/object:Gem::Dependency
+  name: sqlite3
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Enkrip will encrypt & decrypt Active Record attributes seamlessly with
+  Message Encryptor. By default compatible with Active model validation
+email: kuntoaji@kaklabs.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- Gemfile
+- Gemfile.lock
+- LICENSE.txt
+- README.md
+- Rakefile
+- enkrip.gemspec
+- lib/enkrip.rb
+- lib/enkrip/engine.rb
+- lib/enkrip/model.rb
+- lib/enkrip/version.rb
+- test/test_enkrip.rb
+- test/test_helper.rb
+homepage: http://github.com/kuntoaji/enkrip
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.7.6
+signing_key: 
+specification_version: 4
+summary: encrypt & decrypt Active Record attributes with Message Encryptor
+test_files: []