How does AshCloak work?
Table of Contents
Rewrite attributes to calculations
First, AshCloak changes the name of each cloaked attribute to
encrypted_
, and sets
public?: false
and
sensitive?: true
.
Then it adds a
calculation
matching the original attribute that, when loaded, will decrypt the given attribute and call any configured
on_decrypt
callbacks.
Modify Actions
AshCloak then goes through each action that accepts the attribute and removes the attribute from the accept list.
Then it adds an argument by the same name, and a
change
that encrypts the attribute value.
This
change
also deletes the argument from the arguments list and from the params. This is a small extra layer of security to prevent accidental leakage of the value.
Add
preparation
and
change
Finally, it add a
preparation
and a
change
that will automatically load the corresponding calculations for any attribute in the
decrypt_by_default
list.
The result
The cloaked attribute will now seamlessly encrypt when writing and decrypt on request.