ip_anonymizer 0.1.0 → 0.1.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.gitignore +1 -0
- data/CHANGELOG.md +4 -0
- data/LICENSE.txt +1 -1
- data/README.md +20 -6
- data/ip_anonymizer.gemspec +1 -1
- data/lib/ip_anonymizer.rb +2 -2
- data/lib/ip_anonymizer/hash_ip.rb +13 -2
- data/lib/ip_anonymizer/mask_ip.rb +12 -2
- data/lib/ip_anonymizer/version.rb +1 -1
- metadata +3 -4
- data/Gemfile.lock +0 -24
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 4cb80464583a7c13916477c6fa46fee62c33619face6e13daf75f174ab795db4
|
|
4
|
+
data.tar.gz: e3b71d92e2f819f697f16bac77f5c07cfdf87b17d77770f71368ca6c32dae6ef
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 7522dd1c6fe7c87b24c943964507177c1426ec0b4668b86f754b1f0b7e99afa05bfe4983ffcedc71cdaf990ded12d0b456f8e2b0446e6f77515d87ebc1aa20ff
|
|
7
|
+
data.tar.gz: 5629b162d83e5d2af257660d1135062e70d63224c14ac781ed60bd9e9738b5716f0aece034d268a523535a4d3f373fdc921649b93443a178e501c17d54867ef1
|
data/.gitignore
CHANGED
data/CHANGELOG.md
CHANGED
data/LICENSE.txt
CHANGED
data/README.md
CHANGED
|
@@ -1,8 +1,12 @@
|
|
|
1
1
|
# IP Anonymizer
|
|
2
2
|
|
|
3
|
-
:earth_americas: IP address anonymizer for Ruby
|
|
3
|
+
:earth_americas: IP address anonymizer for Ruby and Rails
|
|
4
4
|
|
|
5
|
-
Works with IPv4 and IPv6
|
|
5
|
+
Works with IPv4 and IPv6
|
|
6
|
+
|
|
7
|
+
Designed to help with [GDPR](https://en.wikipedia.org/wiki/General_Data_Protection_Regulation) compliance
|
|
8
|
+
|
|
9
|
+
[](https://travis-ci.org/ankane/ip_anonymizer)
|
|
6
10
|
|
|
7
11
|
## Getting Started
|
|
8
12
|
|
|
@@ -18,8 +22,8 @@ There are two strategies for anonymizing IPs.
|
|
|
18
22
|
|
|
19
23
|
This is the approach [Google Analytics uses for IP anonymization](https://support.google.com/analytics/answer/2763052):
|
|
20
24
|
|
|
21
|
-
- For IPv4, the last octet
|
|
22
|
-
- For IPv6, the last 80 bits
|
|
25
|
+
- For IPv4, set the last octet to 0
|
|
26
|
+
- For IPv6, set the last 80 bits to zeros
|
|
23
27
|
|
|
24
28
|
```ruby
|
|
25
29
|
IpAnonymizer.mask_ip("8.8.4.4")
|
|
@@ -29,7 +33,7 @@ IpAnonymizer.mask_ip("2001:4860:4860:0:0:0:0:8844")
|
|
|
29
33
|
# => "2001:4860:4860::"
|
|
30
34
|
```
|
|
31
35
|
|
|
32
|
-
An advantange of this approach is geocoding will still work, only with slightly less accuracy.
|
|
36
|
+
An advantange of this approach is geocoding will still work, only with slightly less accuracy. A potential disadvantage is different IPs will have the same mask (`8.8.4.4` and `8.8.4.5` both become `8.8.4.0`).
|
|
33
37
|
|
|
34
38
|
### Hashing
|
|
35
39
|
|
|
@@ -43,7 +47,13 @@ IpAnonymizer.hash_ip("2001:4860:4860:0:0:0:0:8844", key: "secret")
|
|
|
43
47
|
# => "f6e4:a4fe:32dc:2f39:3e47:84cc:e85e:865c"
|
|
44
48
|
```
|
|
45
49
|
|
|
46
|
-
|
|
50
|
+
An advantage of this approach is different IPs will have different hashes.
|
|
51
|
+
|
|
52
|
+
Make sure the key is kept secret and at least 30 random characters. Otherwise, a rainbow table can be constructed. In Rails, you can generate a good key with:
|
|
53
|
+
|
|
54
|
+
```sh
|
|
55
|
+
rails secret
|
|
56
|
+
```
|
|
47
57
|
|
|
48
58
|
## Rails
|
|
49
59
|
|
|
@@ -61,6 +71,10 @@ For hashing, use:
|
|
|
61
71
|
config.middleware.insert_after ActionDispatch::RemoteIp, IpAnonymizer::HashIp, key: "secret"
|
|
62
72
|
```
|
|
63
73
|
|
|
74
|
+
## Related Projects
|
|
75
|
+
|
|
76
|
+
- [Logstop](https://github.com/ankane/logstop) - Keep personally identifiable information (PII) out of your logs
|
|
77
|
+
|
|
64
78
|
## History
|
|
65
79
|
|
|
66
80
|
View the [changelog](https://github.com/ankane/ip_anonymizer/blob/master/CHANGELOG.md)
|
data/ip_anonymizer.gemspec
CHANGED
|
@@ -9,7 +9,7 @@ Gem::Specification.new do |spec|
|
|
|
9
9
|
spec.authors = ["Andrew Kane"]
|
|
10
10
|
spec.email = ["andrew@chartkick.com"]
|
|
11
11
|
|
|
12
|
-
spec.summary = "IP address anonymizer for Ruby"
|
|
12
|
+
spec.summary = "IP address anonymizer for Ruby and Rails"
|
|
13
13
|
spec.homepage = "https://github.com/ankane/ip_anonymizer"
|
|
14
14
|
spec.license = "MIT"
|
|
15
15
|
|
data/lib/ip_anonymizer.rb
CHANGED
|
@@ -7,7 +7,7 @@ require "ip_anonymizer/version"
|
|
|
7
7
|
|
|
8
8
|
module IpAnonymizer
|
|
9
9
|
def self.mask_ip(ip)
|
|
10
|
-
addr = IPAddr.new(ip)
|
|
10
|
+
addr = IPAddr.new(ip.to_s)
|
|
11
11
|
if addr.ipv4?
|
|
12
12
|
# set last octet to 0
|
|
13
13
|
addr.mask(24).to_s
|
|
@@ -18,7 +18,7 @@ module IpAnonymizer
|
|
|
18
18
|
end
|
|
19
19
|
|
|
20
20
|
def self.hash_ip(ip, key:, iterations: 1)
|
|
21
|
-
addr = IPAddr.new(ip)
|
|
21
|
+
addr = IPAddr.new(ip.to_s)
|
|
22
22
|
key_len = addr.ipv4? ? 4 : 16
|
|
23
23
|
family = addr.ipv4? ? Socket::AF_INET : Socket::AF_INET6
|
|
24
24
|
|
|
@@ -7,9 +7,20 @@ module IpAnonymizer
|
|
|
7
7
|
|
|
8
8
|
def call(env)
|
|
9
9
|
req = ActionDispatch::Request.new(env)
|
|
10
|
-
#
|
|
11
|
-
req.remote_ip =
|
|
10
|
+
# get header directly to preserve ActionDispatch::RemoteIp lazy loading
|
|
11
|
+
req.remote_ip = GetIp.new(req.get_header("action_dispatch.remote_ip".freeze), @key)
|
|
12
12
|
@app.call(req.env)
|
|
13
13
|
end
|
|
14
|
+
|
|
15
|
+
class GetIp
|
|
16
|
+
def initialize(remote_ip, key)
|
|
17
|
+
@remote_ip = remote_ip
|
|
18
|
+
@key = key
|
|
19
|
+
end
|
|
20
|
+
|
|
21
|
+
def to_s
|
|
22
|
+
@ip ||= IpAnonymizer.hash_ip(@remote_ip, key: @key)
|
|
23
|
+
end
|
|
24
|
+
end
|
|
14
25
|
end
|
|
15
26
|
end
|
|
@@ -6,9 +6,19 @@ module IpAnonymizer
|
|
|
6
6
|
|
|
7
7
|
def call(env)
|
|
8
8
|
req = ActionDispatch::Request.new(env)
|
|
9
|
-
#
|
|
10
|
-
req.remote_ip =
|
|
9
|
+
# get header directly to preserve ActionDispatch::RemoteIp lazy loading
|
|
10
|
+
req.remote_ip = GetIp.new(req.get_header("action_dispatch.remote_ip".freeze))
|
|
11
11
|
@app.call(req.env)
|
|
12
12
|
end
|
|
13
|
+
|
|
14
|
+
class GetIp
|
|
15
|
+
def initialize(remote_ip)
|
|
16
|
+
@remote_ip = remote_ip
|
|
17
|
+
end
|
|
18
|
+
|
|
19
|
+
def to_s
|
|
20
|
+
@ip ||= IpAnonymizer.mask_ip(@remote_ip)
|
|
21
|
+
end
|
|
22
|
+
end
|
|
13
23
|
end
|
|
14
24
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: ip_anonymizer
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1.
|
|
4
|
+
version: 0.1.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Andrew Kane
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2018-05-
|
|
11
|
+
date: 2018-05-11 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: benchmark-ips
|
|
@@ -77,7 +77,6 @@ files:
|
|
|
77
77
|
- ".travis.yml"
|
|
78
78
|
- CHANGELOG.md
|
|
79
79
|
- Gemfile
|
|
80
|
-
- Gemfile.lock
|
|
81
80
|
- LICENSE.txt
|
|
82
81
|
- README.md
|
|
83
82
|
- Rakefile
|
|
@@ -109,5 +108,5 @@ rubyforge_project:
|
|
|
109
108
|
rubygems_version: 2.7.6
|
|
110
109
|
signing_key:
|
|
111
110
|
specification_version: 4
|
|
112
|
-
summary: IP address anonymizer for Ruby
|
|
111
|
+
summary: IP address anonymizer for Ruby and Rails
|
|
113
112
|
test_files: []
|
data/Gemfile.lock
DELETED
|
@@ -1,24 +0,0 @@
|
|
|
1
|
-
PATH
|
|
2
|
-
remote: .
|
|
3
|
-
specs:
|
|
4
|
-
ip_anonymizer (0.1.0)
|
|
5
|
-
|
|
6
|
-
GEM
|
|
7
|
-
remote: https://rubygems.org/
|
|
8
|
-
specs:
|
|
9
|
-
benchmark-ips (2.7.2)
|
|
10
|
-
minitest (5.11.3)
|
|
11
|
-
rake (12.3.1)
|
|
12
|
-
|
|
13
|
-
PLATFORMS
|
|
14
|
-
ruby
|
|
15
|
-
|
|
16
|
-
DEPENDENCIES
|
|
17
|
-
benchmark-ips
|
|
18
|
-
bundler
|
|
19
|
-
ip_anonymizer!
|
|
20
|
-
minitest
|
|
21
|
-
rake
|
|
22
|
-
|
|
23
|
-
BUNDLED WITH
|
|
24
|
-
1.16.1
|