enhancement(elixir): Hash ids

[mrapacz]

Type

Enhancement

Current behaviour Right now we're using ids as they are on the frontend side. Moreover, we're storing them as ints and casting them to strings everytime we want to use them.

Expected behaviour We would start using encrypted ids on the frontend side.

Motivation / use case Using integer ids is not convenient because everytime we use them we have to cast them to strings. Even if we decided to store an integer id cast to string it would still not be safe, because anyone using our system could get the idea how much data we have in our db.

It seems that hashids are the best solution, I'm open for your suggestions and comments, though.

[mrapacz]

I think we could actually use cipher. It would only require importing some env vars in config and the usage in code would be really straightforward.

[mrapacz]

This will be hard since we cannot override Ecto.Repo's get! etc. There are two possible solutions here:

• encrypting/decrypting ids everywhere where they are exposed to the outer world (in channels and in endpoints). This is not very nice, though, as we would have to remember about hashing stuff every time we are adding any new logic etc.
• Adding a new module like Aion.Resolver that would implement its own functions like get! etc. and call Aion.Repo's functions inside its own but would take care of all the encryption and decryption layers. This would require replacing all of the Aion.Repo usage in code, though.