我们已经将我们的应用程序升级到 Rails 7,现在我们遇到了 attr_encrypted gem 的问题。当我们尝试启动 Rails 服务器/控制台时,我们收到以下错误:
gems/ruby-3.0.2/gems/attr_encrypted-3.1.0/lib/attr_encrypted.rb:176:in `block in attr_encrypted': undefined method `[]=' for nil:NilClass (NoMethodError)
如果我们恢复到 Rails 6,错误就会消失,有没有人遇到过同样的问题?
所以我终于明白是怎么回事了。
Rails 7.0 有它自己的加密,attr_encrypted gem 和 rails 7 都引用变量
encrypted_attributes
并且 rails 7 变量优先使 gem 无用。 attr_encrypted gem 上有一个 PR 可以解决这个问题,但是这个 gem 已经很多年没有更新了,我怀疑现在会更新。
GoRails 发布了一个教程,介绍如何将数据从使用 attr_encrypted 迁移到使用 rails 7 加密。我不想为此付费,所以我查看了教程的 git repo。
他们所做的是在迁移中自行解密数据并手动更新新的加密字段。
根据之前的回答,双向完全迁移:
class SwitchToRailsBuiltInEncryption < ActiveRecord::Migration[7.0]
ATTRIBUTES = [
[Account, :password],
[Account, :client_secret],
]
def up
ATTRIBUTES.each do |klass, attribute|
add_column klass.table_name, attribute, :string, length: 510
klass.all.each do |record|
puts "Processing #{klass} with ID #{record.id}"
if record.send("encrypted_#{attribute}").present?
encrypted_value = record.send("encrypted_#{attribute}")
iv = record.send("encrypted_#{attribute}_iv")
value = decrypt(encrypted_value, iv)
record.update!(attribute => value)
end
end
remove_column klass.table_name, "encrypted_#{attribute}"
remove_column klass.table_name, "encrypted_#{attribute}_iv"
end
end
def down
ATTRIBUTES.each do |klass, attribute|
add_column klass.table_name, "encrypted_#{attribute}", :string, length: 510
add_column klass.table_name, "encrypted_#{attribute}_iv", :string, length: 510
klass.all.each do |record|
puts "Processing #{klass} with ID #{record.id}"
if record.send(attribute).present?
encrypted_value, iv = encrypt(record.send(attribute))
record.update!("encrypted_#{attribute}" => encrypted_value, "encrypted_#{attribute}_iv" => iv)
end
end
remove_column klass.table_name, attribute
end
end
# based on https://github.com/gorails-screencasts/migrate-attr_encrypted-to-rails-7-encryption/blob/master/db/migrate/20211005214633_migrate_encrypted_attributes.rb
# as suggested by https://stackoverflow.com/questions/72096672/using-attr-encrypted-with-rails-7
def decrypt(encrypted_value, iv)
value = Base64.decode64(encrypted_value)
cipher = OpenSSL::Cipher.new("aes-256-gcm")
cipher.decrypt
cipher.key = Rails.application.credentials.key
cipher.iv = Base64.decode64(iv)
cipher.auth_tag = value[-16..]
cipher.auth_data = ""
cipher.update(value[0..-17]) + cipher.final
end
def encrypt(value)
cipher = OpenSSL::Cipher.new("aes-256-gcm")
cipher.encrypt
cipher.key = Rails.application.credentials.key
iv = cipher.random_iv
cipher.auth_data = ""
encrypted_value = cipher.update(value) + cipher.final
return Base64.encode64(encrypted_value + cipher.auth_tag), Base64.encode64(iv)
end
end