[Suggestion] Support AR encryption

[kieraneglin]

Problem Statement

Depending on the security posture of your app, you could be broadcasting sensitive or semi-sensitive information via websockets. This may not be an issue with conventional Redis/NOTIFY setups since the messages are more ephemeral, but it becomes noticeable with Solid Cable since messages are stored in the database for up to a day by default.

Proposed Solution

Add opt-in encryption of payload (and maybe channel) for the solid_cable_messages table.

There's good precedent for this in Solid Cache (1, 2, 3) and it looks like that logic could be copied over fairly verbatim.

I'd be willing to take a swing at a PR next week if there's interest!

[kieraneglin]

I'm not comfortable recommending it or anything, but initial tests seem to be working:

# config/initializers/solid_cable.rb

module SolidCableMessageExtensions
  extend ActiveSupport::Concern

  included do
    encrypts :payload, :channel
  end
end

Rails.application.config.to_prepare do
  SolidCable::Message.include(SolidCableMessageExtensions)
end

Note that this may break existing setups unless you have config.active_record.encryption.support_unencrypted_data enabled

[npezza93]

happy to take a pr to optionally enable this. We would also have to handle the case where people want to migrate to having their messages encrypted and are currently unencrypted

[kieraneglin]

Sounds good! I'll try and take a look some time this week 👍

As for the migration case, I don't personally think that's something we'd need to handle for a few reasons:

• Messages are relatively short-lived so unencrypted messages will be culled in short order
• Rails provides a way to simultaneously support encrypted and unencrypted messages via active_record.encryption.support_unencrypted_data
• Prior art: SolidCache doesn't provide a migration mechanism

My opinion is that adding a note to the README would be enough here but let me know what you think!

[npezza93]

Nice! Didn't realize you could have unencrypted and encrypted messages at the same time. I think a note in the readme is sufficient enough. This sounds like a good game plan to me!