README.md in authtrail-0.3.0 vs README.md in authtrail-0.3.1

- old
+ new

@@ -12,13 +12,20 @@ ```ruby gem 'authtrail' ``` -And run: +To encrypt email and IP addresses, install [Lockbox](https://github.com/ankane/lockbox) and [Blind Index](https://github.com/ankane/blind_index) and run: ```sh +rails generate authtrail:install --lockbox +rails db:migrate +``` + +If you prefer not to encrypt data, run: + +```sh rails generate authtrail:install rails db:migrate ``` ## How It Works @@ -93,11 +100,11 @@ The `LoginActivity` model uses a [polymorphic association](https://guides.rubyonrails.org/association_basics.html#polymorphic-associations) so it can be associated with different user models. ## Geocoding -AuthTrail uses [Geocoder](https://github.com/alexreisner/geocoder) for geocoding. We recommend configuring [local geocoding](#local-geocoding) so IP addresses are not sent to a 3rd party service. If you do use a 3rd party service and adhere to GDPR, be sure to add it to your subprocessor list. +AuthTrail uses [Geocoder](https://github.com/alexreisner/geocoder) for geocoding. We recommend configuring [local geocoding](#local-geocoding) or [load balancer geocoding](#load-balancer-geocoding) so IP addresses are not sent to a 3rd party service. If you do use a 3rd party service and adhere to GDPR, be sure to add it to your subprocessor list. To enable geocoding, update `config/initializers/authtrail.rb`: ```ruby AuthTrail.geocode = true @@ -144,19 +151,27 @@ package: :country } ) ``` -## Data Protection +### Load Balancer Geocoding -Protect the privacy of your users by encrypting fields that contain personal data, such as `identity` and `ip`. [Lockbox](https://github.com/ankane/lockbox) is great for this. Use [Blind Index](https://github.com/ankane/blind_index) so you can still query the fields. +Some load balancers can add geocoding information to request headers. +- [nginx](https://nginx.org/en/docs/http/ngx_http_geoip_module.html) +- [Google Cloud](https://cloud.google.com/load-balancing/docs/custom-headers) +- [Cloudflare](https://support.cloudflare.com/hc/en-us/articles/200168236-Configuring-Cloudflare-IP-Geolocation) + ```ruby -class LoginActivity < ApplicationRecord - encrypts :identity, :ip - blind_index :identity, :ip +AuthTrail.geocode = false +AuthTrail.transform_method = lambda do |data, request| + data[:country] = request.headers["<country-header>"] + data[:region] = request.headers["<region-header>"] + data[:city] = request.headers["<city-header>"] end ``` + +Check out [this example](https://github.com/ankane/authtrail/issues/40) ## Other Notes We recommend using this in addition to Devise’s `Lockable` module and [Rack::Attack](https://github.com/kickstarter/rack-attack).