Security
API Authentication
class RecipeService
def initialize(key = ENV["SECURE_KEY"])
@key = key
end
def get_recipes
response = HTTParty.get("https://api.example.com/recipes", headers: { 'Authorization' => "Bearer #{@key}" })
# ...
end
# ...
end
Encryption
- Method: AES-256-CBC encryption
- Location: app/services/encryption_service.rb
- Usage: Sensitive data such as user passwords are encrypted before being stored in the database.
class EncryptionService
def initialize(key = ENV["ENCRYPTION_KEY"])
@key = key
end
def encrypt(data)
cipher = OpenSSL::Cipher.new('aes-256-cbc')
cipher.encrypt
cipher.key = @key
cipher.iv = SecureRandom.random_bytes(cipher.iv_len)
encrypted_data = cipher.update(data) + cipher.final
Base64.strict_encode64(encrypted_data)
end
# ...
end
Input Validation
class RecipesController < ApplicationController
def create
@recipe = Recipe.new(recipe_params)
# ...
end
private
def recipe_params
params.require(:recipe).permit(:name, :description, :ingredients, :instructions)
end
end
Security Best Practices
- Security Patches: The application uses Gemfile to ensure that all dependencies are up to date with the latest security patches.
source 'https://rubygems.org'
git_source(:github) do |repo|
repo.gsub!(%r{^github.com/}, '')
"https://github.com/#{repo}.git"
end
gem 'rails', '~> 6.1.4.6'
# ...
