Add some hash magic to your ruby classes.
Use this gem to conceal ids or any integer based array.
Ideally, user a serializer to exlucde ids and include your hash.
Credits on hasher to Peter Hellberg's Hashid
Include HashMan in your model
class User < ActiveRecord::Base
include HashMan
# include activuuid only if thats your style
include activeuuid
# optionally set a hash length minimum
# useful for integer based ids
hash_length 8
end
A typical user will look like:
user = User.create({ :name => "awesome" })
user.id
=> #<UUID:0x3fe2f1dda1d0 UUID:5604ee6e-c934-44cb-89ff-d2934a708e55>
Generate a hash for an id (integer or uuid):
user.hash_id
=> "rkALRLO3rJyz3vRjx9XJrzlq6"
Reverse the hash for lookup:
User.reverse_hash("rkALRLO3rJyz3vRjx9XJrzlq6")
=> #<UUID:0x3fe2f1d00f70 UUID:5604ee6e-c934-44cb-89ff-d2934a708e55>
Hashprint sensitive data:
# secrets are created in userspace
secrets = {:number => 1234123412341234, :cvv => 701, :zip => 90025 }
# hashprint is created before saving to model
secret_hash = User.create_hashprint = [ secrets[:number], secrets[:cvv], secrets[:zip ]
=> "evALO3rJyzJrzlq6"
# persist the secret
user.hashprint = secret_hash
user.save!
# Do some cool stuff in your model
def verify_cvv(cvv)
# where [1] is the index of the value
# `decoded_hashprint` is a private method form hashman
cvv == self.decoded_hashprint[1]
end
user.verify_cvv(700)
=> false
user.verify_cvv(701)
=> true
Secret data is then hidden from prying eyes!
Index hashprint for uniqueness validation! ;)
require 'hashman'
magic
HashMan.encode(integer)
HashMan.create_hashprint(integer_array)
Hashman.decode(hash)
find method on model to allow hash_id$ gem install hashman
Copyright (c) 2016 Evan Surdam
See {file:LICENSE.txt} for details.
FAQs
Unknown package
We found that hashman demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
/Research
Malicious npm package impersonates Nodemailer and drains wallets by hijacking crypto transactions across multiple blockchains.
Security News
This episode explores the hard problem of reachability analysis, from static analysis limits to handling dynamic languages and massive dependency trees.
Security News
/Research
Malicious Nx npm versions stole secrets and wallet info using AI CLI tools; Socket’s AI scanner detected the supply chain attack and flagged the malware.