Module: ActiveRecord::Encryption::ExtendedDeterministicQueries
- Defined in:
- lib/active_record/encryption/extended_deterministic_queries.rb
Overview
Automatically expand encrypted arguments to support querying both encrypted and unencrypted data
Active Record Encryption supports querying the db using deterministic attributes. For example:
Contact.find_by(email_address: "[email protected]")
The value “[email protected]” will get encrypted automatically to perform the query. But there is a problem while the data is being encrypted. This won’t work. During that time, you need these queries to be:
Contact.find_by(email_address: [ "[email protected]", "<encrypted [email protected]>" ])
This patches ActiveRecord to support this automatically. It addresses both:
-
ActiveRecord::Base - Used in
Contact.find_by_email_address(...)
-
ActiveRecord::Relation - Used in
Contact.internal.find_by_email_address(...)
ActiveRecord::Base relies on ActiveRecord::Relation (ActiveRecord::QueryMethods) but it does some prepared statements caching. That’s why we need to intercept ActiveRecord::Base
as soon as it’s invoked (so that the proper prepared statement is cached).
When modifying this file run performance tests in test/performance/extended_deterministic_queries_performance_test.rb
to
make sure performance overhead is acceptable.
We will extend this to support previous “encryption context” versions in future iterations
Defined Under Namespace
Modules: CoreQueries, EncryptedQueryArgumentProcessor, ExtendedEncryptableType, InWithAdditionalValues, RelationQueries Classes: AdditionalValue
Class Method Summary collapse
Class Method Details
.install_support ⇒ Object
34 35 36 37 38 39 |
# File 'lib/active_record/encryption/extended_deterministic_queries.rb', line 34 def self.install_support ActiveRecord::Relation.prepend(RelationQueries) ActiveRecord::Base.include(CoreQueries) ActiveRecord::Encryption::EncryptedAttributeType.prepend(ExtendedEncryptableType) Arel::Nodes::HomogeneousIn.prepend(InWithAdditionalValues) end |