How to delete ==%0A from url in order to obfuscate the ids of my records in rails?

Question

using the built-in OpenSSL library to encrypt and decrypt the id

the url be like this: http://localhost:3000/requests/Ym7c8FQQlCe5FvotzKu4yw==%0A and i want to delete ==%0A from it ? how ?

require 'openssl'
require 'base64'

module Obfuscate
  def self.included(base)
    base.extend self
  end

  def cipher
    OpenSSL::Cipher::Cipher.new('aes-256-cbc')
  end

  def cipher_key
    'blah!'
  end

  def decrypt(value)
    c = cipher.decrypt
    c.key = Digest::SHA256.digest(cipher_key)
    c.update(Base64.decode64(value.to_s)) + c.final
  end

  def encrypt(value)
    c = cipher.encrypt
    c.key = Digest::SHA256.digest(cipher_key)
    Base64.encode64(c.update(value.to_s) + c.final)
  end
end

and in my model:

class MyModel < ActiveRecord::Base
  include Obfuscate

  def to_param
    encrypt id
  end
end

Answer 1

Take a look at activeuuid

When you create a Create a Migration this is how it should look like

class CreateEmails < ActiveRecord::Migration
  def change
    create_table :users, :id => false  do |t|
      t.uuid :id, :primary_key => true
      t.uuid :something_id  # belongs_to :something

      t.timestamps
    end
    add_index :emails, :id
  end
end

then in your models all you have to do is include include ActiveUUID::UUID

and this is a example of a uuid 1dd74dd0-d116-11e0-99c7-5ac5d975667e

I hope that this helps

Answer 2

Another solution would be to use Friendly ID . Basically, it replaces the id in your routes with a name or other field. It changes

/requests/Ym7c8FQQlCe5FvotzKu4yw==%0A

to

/requests/some_cool_name_in_your_database

That way, your users don't see the id , but instead see something a little more pretty. And if your users were to return to that page, it would still work because you have a valid "id".