Module: ConcernsOnRails::Models::Maskable

Extended by:: ActiveSupport::Concern

Defined in:: lib/concerns_on_rails/models/maskable.rb

Overview

Non-destructive display masking for sensitive string attributes.

Masking is ALWAYS read-only: each declaration adds a ‘masked_<field>` reader and never writes the stored column (the raw value stays in the DB, because masking is a presentation concern). For stripping dangerous HTML see Models::Sanitizable.

class User < ApplicationRecord
  include ConcernsOnRails::Models::Maskable

  maskable :email, with: :email          # => user.masked_email  "j****@example.com"
  maskable :card,  with: :credit_card    # => user.masked_card   "**** **** **** 4242"
  maskable :ssn,   with: :last4, mask: "•"
  maskable :token, with: ->(v) { "#{v.to_s[0, 3]}…" }
end

Presets (the ‘with:` argument):

:email       — mask the local part, keep first char + domain
:phone       — keep the last 4 digits ("***-2671")
:credit_card — keep the last 4 digits ("**** **** **** 4242")
:last4       — keep the last 4 characters
:all         — mask every character (the default)
Proc         — used as-is (the caller owns the non-String guard)

‘mask:` sets the mask character (default “*”) for the preset forms.

Constant Summary collapse

PRESETS =

%i[email phone credit_card last4 all].freeze