jwilger

This code is extracted from one of my private projects as an example of how to implement encryption of PII in event streams using two keys: a master key for each "data subject" that is stored in Vault and never transported to the systems that process the PII, and a key unique to each event that is stored (itself encrypted) with the event.

To be clear, the key that is stored with the data is encrypted by another key that is not stored with the data. The idea is that each "data subject" has an encryption key that is stored in Vault (external). When you encrypt data, the library will:

1. create a new AES 256 encryption key

jwilger

/************************************************************************************
* Inserts 2-million events with some randomized data for fields that will typically
* be used for searching.
*
* Run from the command line with:
*
*   PGOPTIONS='--client-min-messages=warning' psql -X -q -v ON_ERROR_STOP=1 --pset pager=off \
*     -f event_store_test.sql | less
*
************************************************************************************/

jwilger

class Event < ApplicationRecord
  attribute :event_data, :gzip_string
end

jwilger

In general, I try to avoid using instance variables directly in Ruby. Using private accessor methods wherever possible accomplishes two things:

1. It makes it much easier to refactor down the line if you end up needing to add some additional behavior whenever a value is set (validation, callbacks, etc), because you need only add the #my_attr= method definition and need not find all the places where you used @my_attr = ... and change them as well.

2. It better guards against the kind of typo-induced bugs that leave one staring at their computer for half an hour cursing the day they decided to earn a living as a programmer. For example:

jwilger

class BlogPost < ActiveRecord::Base
end

class MyBlog::Post
  attr_accessor :title, :author, :posted_at, :body

  def initialize(title:, author:, posted_at:, body:)
    self.title = title
    self.author = author
    self.posted_at = posted_at

jwilger

Keybase proof

I hereby claim:

• I am jwilger on github.
• I am johnwilger (https://keybase.io/johnwilger) on keybase.
• I have a public key whose fingerprint is E938 C913 259D EC12 FF0C CF6B E749 3168 FF48 EEB8

To claim this, I am signing this object:

jwilger

require 'delegate'
require 'forwardable'

module PseudoSingleton
  def instance
    @instance ||= new
  end

  private

jwilger

Avoiding Multiple Render Errors by Using Throw/Catch

When creating Rails controllers, I often dislike the use of filters such as #before_filter due to the fact that they can get a bit unweildy. I'd much rather be able to look at the definition of an action's method and see right in the first few lines if there are is anything that might run which would cause the action to behave differently.

The nice thing about before-filters, of course, is that you can cancel the running of the action method form within the filter, which is handy for redirects or changing what is rendered in cases such as failed authorization, etc. If you use inline methods to, say, check authorization, and that method does a render or a redirect, you need some way to ensure that the remainder of the action does not execute, so that you avoid both performing unauthorized actions and getting a

jwilger

require 'pass_to'

class Page
  attr_reader :content

  def initialize(content = nil)
    @content = content
  end

  def print

jwilger

# A) Instantiate Connection object directly, have it know whether it
# needs to use a "test mode" implementation internally.
my_api = MyAPI::Connection.new(:mode => :test)

# B) Directly instantiate a "test mode" connection object. In
# production, a call to `MyAPI::Connection.new` would be used instead.
my_api = MyAPI::TestConnection.new

# C) The MyAPI module has a factory method that knows whether to return
# a `Connection` or a `TestConnection` (or a `Connection` in test