Drop-in ViewSets, Serializers, and Fields that replace your IntegerField pk or id lookups with encrypted string lookups.
Use a single cipher across your entire project, or provide a unique cipher for each serializer, model, user, and/or client.
The json representation of a poll:
{
"id": 5,
"questions": [
2,
10,
12,
]
}becomes:
{
"id": "4xoh7gja2mtvz3i47ywy5h6ouu",
"questions": [
"t6y4zo26vutj4xclh5hpy3sc5m",
"hp7c75ggggiwv6cs5zc4mpzeoe",
"rqq5a2evfokyo7tz74loiu3bcq",
]
}Choose a user-by-user cipher such that:
# User A GETs /api/polls/ and receives:
{
"results": [
"4xoh7gja2mtvz3i47ywy5h6ouu",
"12gc75ggggiwv6cs5zc4mpzeoe",
]
}
# User B GETs /api/polls/ and receives:
{
"results": [
"rqq5a2evfokyo7tz74loiu3bcq",
"hp7c75g84g63v6cs5zc423zeoe",
]
}If you prefer hyperlinked related fields:
{
"id": "4xoh7gja2mtvz3i47ywy5h6ouu",
"questions": [
"https://example.com/api/questions/t6y4zo26vutj4xclh5hpy3sc5m/",
"https://example.com/api/questions/hp7c75ggggiwv6cs5zc4mpzeoe/",
"https://example.com/api/questions/rqq5a2evfokyo7tz74loiu3bcq/",
]
}The endpoint:
/api/polls/5/becomes:
/api/polls/4xoh7gja2mtvz3i47ywy5h6ouu/Encrypted lookups are not appropriate to use as a security measure against users guessing object URIs. Encrypted lookups are appropriate to use as a method of obfuscating object pks/ids.
Install the module in your Python distribution or virtualenv:
$ pip install django-rest-encrypted-lookupAdd the application to your INSTALLED_APPS:
INSTALLED_APPS = (
...
"rest_framework_encrypted_lookup",
...
)And in settings.py:
ENCRYPTED_LOOKUP = {
'lookup_field_name': 'id', # String value name of your drf lookup field, generally 'id' or 'pk'
'secret_key': 'uniquesecret', # Choose a string value unique secret key with which to encrypt your lookup fields
}Encrypted lookup strings are not stored in the database in association with the objects they represent. Encrypted lookups are generated by the model serializers during response composition. Encrypted lookups presented in the endpoint URI are decrypted in the call to dispatch, and encrypted lookups presented in data fields are decrypted by the model deserializers.
Encryption is provided by the PyCrypto AES library.
django-rest-encrypted-lookup provides three field classes:
from rest_framework_encrypted_lookup.fields import EncryptedLookupField, EncryptedLookupRelatedField, EncryptedLookupHyperlinkedRelatedFieldtwo new serializer classes:
from rest_framework_encrypted_lookup.serializers import EncryptedLookupModelSerializer, EncryptedLookupHyperlinkedModelSerializerand a generic view class:
from rest_framework_encrypted_lookup.views import EncryptedLookupGenericViewSetUse these in place of the classes provided with Django Rest Framework 3.
Example:
# models.py
...
class Poll(models.Model):
...
# serializers.py
...
class PollSerializer(EncryptedLookupModelSerializer):
class Meta:
model = Poll
# views.py
...
from rest_framework import viewsets
class PollViewSet(EncryptedLookupGenericViewSet,
viewsets.mixins.ListModelMixin,
viewsets.mixins.RetrieveModelMixin,
...
)
queryset = Poll.objects.all()
serializer_class = PollSerializer
lookup_field = 'id'
# urls.py
...
from rest_framework import router
from polls import views
router = routers.SimpleRouter()
router.register(r'polls', views.PollViewSet)
urlpatterns = [
url(r'^admin/', include(admin.site.urls)),
url(r'^', include(router.urls)),
]
Of the classes included in this package, the example above makes use of EncryptedLookupModelSerializer, and
EncryptedLookupGenericViewSet.
The fields EncryptedLookupField, EncryptedLookupRelatedField are used implicitly
by the EncryptedLookupModelSerializer. These fields may also be used explicitly, if needed.
We could have used EncryptedLookupHyperlinkedModelSerializer instead of EncryptedLookupModelSerializer:
# serializers.py
...
class PollSerializer(EncryptedLookupHyperlinkedModelSerializer):
class Meta:
model = PollIn this case, PollSerializer would serialize related fields as hyperlinks, using the EncryptedHyperlinkedLookupRelatedField.
By default, every encrypted-lookup serializer class will use the same cypher. You can choose a non-default cypher by
overwriting your serializer's get_cypher method. Here is a get_cypher method that will produce a unique cypher per-model:
from rest_framework_encrypted_lookup.utils import IDCipher
from rest_framework_encrypted_lookup.settings import encrypted_lookup_settings
class MyEncryptedLookupModelSerializer(EncryptedLookupModelSerializer):
def get_cipher(self):
return IDCipher(secret=encrypted_lookup_settings['secret_key']+self.Meta.model)
Here is a get_cypher method that will produce a unique cypher per-user:
from rest_framework_encrypted_lookup.utils import IDCipher
from rest_framework_encrypted_lookup.settings import encrypted_lookup_settings
class MyEncryptedLookupModelSerializer(EncryptedLookupModelSerializer):
def get_cipher(self):
# Let's suppose that a user must be logged in to reach this endpoint.
return IDCipher(secret=encrypted_lookup_settings['secret_key']+self._context["request"].user.username)
See tox.ini for specific minor versions tested.
Feel free to open pull requests or issues. GitHub is the canonical location of this project.
Here's the general sequence of events for contribution: