README.md in authtrail-0.3.0 vs README.md in authtrail-0.3.1
- old
+ new
@@ -12,13 +12,20 @@
```ruby
gem 'authtrail'
```
-And run:
+To encrypt email and IP addresses, install [Lockbox](https://github.com/ankane/lockbox) and [Blind Index](https://github.com/ankane/blind_index) and run:
```sh
+rails generate authtrail:install --lockbox
+rails db:migrate
+```
+
+If you prefer not to encrypt data, run:
+
+```sh
rails generate authtrail:install
rails db:migrate
```
## How It Works
@@ -93,11 +100,11 @@
The `LoginActivity` model uses a [polymorphic association](https://guides.rubyonrails.org/association_basics.html#polymorphic-associations) so it can be associated with different user models.
## Geocoding
-AuthTrail uses [Geocoder](https://github.com/alexreisner/geocoder) for geocoding. We recommend configuring [local geocoding](#local-geocoding) so IP addresses are not sent to a 3rd party service. If you do use a 3rd party service and adhere to GDPR, be sure to add it to your subprocessor list.
+AuthTrail uses [Geocoder](https://github.com/alexreisner/geocoder) for geocoding. We recommend configuring [local geocoding](#local-geocoding) or [load balancer geocoding](#load-balancer-geocoding) so IP addresses are not sent to a 3rd party service. If you do use a 3rd party service and adhere to GDPR, be sure to add it to your subprocessor list.
To enable geocoding, update `config/initializers/authtrail.rb`:
```ruby
AuthTrail.geocode = true
@@ -144,19 +151,27 @@
package: :country
}
)
```
-## Data Protection
+### Load Balancer Geocoding
-Protect the privacy of your users by encrypting fields that contain personal data, such as `identity` and `ip`. [Lockbox](https://github.com/ankane/lockbox) is great for this. Use [Blind Index](https://github.com/ankane/blind_index) so you can still query the fields.
+Some load balancers can add geocoding information to request headers.
+- [nginx](https://nginx.org/en/docs/http/ngx_http_geoip_module.html)
+- [Google Cloud](https://cloud.google.com/load-balancing/docs/custom-headers)
+- [Cloudflare](https://support.cloudflare.com/hc/en-us/articles/200168236-Configuring-Cloudflare-IP-Geolocation)
+
```ruby
-class LoginActivity < ApplicationRecord
- encrypts :identity, :ip
- blind_index :identity, :ip
+AuthTrail.geocode = false
+AuthTrail.transform_method = lambda do |data, request|
+ data[:country] = request.headers["<country-header>"]
+ data[:region] = request.headers["<region-header>"]
+ data[:city] = request.headers["<city-header>"]
end
```
+
+Check out [this example](https://github.com/ankane/authtrail/issues/40)
## Other Notes
We recommend using this in addition to Devise’s `Lockable` module and [Rack::Attack](https://github.com/kickstarter/rack-attack).