A plugin for Phoenix and Plug to allow for more secure interaction with clients, and companion project to SecureClient.
Add secure_server to your list of dependencies in mix.exs:
def deps do
[{:secure_server, "~> 0.1.0"}]
endIn your config/config.exs, setup the MIME type(s), FormatEncoder(s), and Encryption method(s)
# config/config.exs
config :mime, :types, %{
"application/encrypted" => ["encrypted"]
}
config :phoenix, :format_encoders,
encrypted: SecureServer
config :cloak, Cloak.AES.CTR,
# Note, this config must be identical to the one used in your client
# See https://github.com/danielberkompas/cloak for more details encryption
tag: "AES",
default: true,
keys: [
%{
tag: <<1>>,
key: :base64.decode(System.get_env("YOUR_SYMMETRIC_KEY")),
default: true
}
]See Cloak for more info about encryption.
In your endpoint file, include :encrypted in the valid parsers, and set the
encrypted parser to SecureServer.
# lib/your_application/endpoint.ex
plug Plug.Parsers,
parsers: [:encrypted, :urlencoded, :multipart, :json],
pass: ["*/*"],
json_decoder: Poison,
encrypted_decoder: SecureServerIn the router, add encrypted to your accepts, either in it's own pipeline
(more secure) or in an existing pipeline.
# web/router
pipeline :secure do
accepts, ["encrypted"]
...
endIn the error view, add or change the error render functions to use encrypted
in addition to or instead of html or json.
# web/views/error_view.ex
defmodule YourApplication.ErrorView do
use YourApplication.Web, :view
...
def render("404.encrypted", _assigns) do
%{errors: %{detail: "Page not found"}}
end
...
def render("500.encrypted", _assigns) do
%{errors: %{detail: "Internal server error"}}
end
...
endWhen rendering, render using the .encrypted renderers rather than the .json
or .html renderers.
See SecureClient for detalis on created an elixir client to interact with this server.
Copyright © 2016 Riley Trautman, <asonix.dev@gmail.com>
This work is free. You can redistribute it and/or modify it under the
terms of the MIT License. See the LICENSE file for more details.