feat: implement hashID URL obfuscation/shortening

Author: Bulletdev

Gemfile

@@ -81,6 +81,9 @@ gem 'elasticsearch', '~> 9.1', '>= 9.1.3'
 # LLM Integration for Support Chatbot
 gem 'ruby-openai', '~> 7.0'
 
+# HashID for URL obfuscation and shortening
+gem 'hashid-rails', '~> 1.0'
+
 group :development, :test do
   # See https://guides.rubyonrails.org/debugging_rails_applications.html#debugging-with-the-debug-gem
   gem 'debug', platforms: %i[mri mingw x64_mingw]

Gemfile.lock

@@ -145,6 +145,10 @@ GEM
     globalid (1.3.0)
       activesupport (>= 6.1)
     hashdiff (1.2.1)
+    hashid-rails (1.4.1)
+      activerecord (>= 4.0)
+      hashids (~> 1.0)
+    hashids (1.0.6)
     i18n (1.14.7)
       concurrent-ruby (~> 1.0)
     io-console (0.8.1)
@@ -419,6 +423,7 @@ DEPENDENCIES
   faker
   faraday
   faraday-retry
+  hashid-rails (~> 1.0)
   jwt
   kamal (~> 2.0)
   kaminari

app/models/concerns/hashable.rb

@@ -0,0 +1,108 @@
+# frozen_string_literal: true
+
+# Hashable Concern
+# Adds HashID encoding/decoding capabilities to ActiveRecord models with UUID primary keys
+#
+# @see config/initializers/hashid.rb
+
+module Hashable
+  extend ActiveSupport::Concern
+
+  included do
+    def hashid
+      return nil if id.blank?
+
+      numeric_id = uuid_to_numeric(id)
+
+      hashids_instance.encode(numeric_id)
+    rescue StandardError => e
+      Rails.logger.error "[HASHID] Failed to encode #{self.class.name}##{id}: #{e.message}"
+      Rails.logger.error e.backtrace.first(3).join("\n")
+      nil
+    end
+
+    # Alternative shorter method name
+    alias_method :to_hashid, :hashid
+
+    # @example
+    #   vod.public_hashid_url # => "https://prostaff.gg/vod-reviews/Zx1U3mA7caXq"
+    def public_hashid_url
+      return nil unless hashid.present?
+      return nil unless ENV['FRONTEND_URL'].present?
+
+      "#{ENV['FRONTEND_URL']}/#{self.class.name.underscore.pluralize}/#{hashid}"
+    end
+
+    private
+
+    # Get Hashids instance with proper configuration
+    # @return [Hashids] Configured Hashids instance
+    def hashids_instance
+      salt = ENV.fetch('HASHID_SALT', 'development_fallback_salt')
+      min_length = ENV.fetch('HASHID_MIN_LENGTH', '6').to_i
+      alphabet = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'
+
+      full_salt = "#{salt}#{self.class.table_name}"
+
+      Hashids.new(full_salt, min_length, alphabet)
+    end
+
+    # Convert UUID to numeric value
+    # @param uuid [String] UUID string (e.g., "5c8d9b3e-3155-4871-a419-e72ad5f21c19")
+    # @return [Integer] Numeric representation (128-bit integer)
+    def uuid_to_numeric(uuid)
+      uuid.delete('-').to_i(16)
+    end
+  end
+
+  class_methods do
+    # Find record by HashID
+    # @param hashid [String] The HashID to decode
+    # @return [ActiveRecord::Base, nil] The found record or nil
+    # @example
+    #   VodReview.find_by_hashid("mA7cXq") # => #<VodReview:0x00...>
+    def find_by_hashid(hashid)
+      return nil if hashid.blank?
+
+      numeric_id = hashids_instance.decode(hashid).first
+      return nil if numeric_id.nil?
+
+      uuid = numeric_to_uuid(numeric_id)
+      find_by(id: uuid)
+    rescue StandardError => e
+      Rails.logger.error "[HASHID] Failed to decode hashid '#{hashid}' for #{name}: #{e.message}"
+      Rails.logger.error e.backtrace.first(3).join("\n")
+      nil
+    end
+
+    def find_by_hashid!(hashid)
+      find_by_hashid(hashid) or raise ActiveRecord::RecordNotFound, "Couldn't find #{name} with hashid=#{hashid}"
+    end
+
+    private
+
+    # Get Hashids instance with proper configuration (class method)
+    # @return [Hashids] Configured Hashids instance
+    def hashids_instance
+      salt = ENV.fetch('HASHID_SALT', 'development_fallback_salt')
+      min_length = ENV.fetch('HASHID_MIN_LENGTH', '6').to_i
+      alphabet = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'
+
+      # Add table name as pepper
+      full_salt = "#{salt}#{table_name}"
+
+      Hashids.new(full_salt, min_length, alphabet)
+    end
+
+    # Convert numeric value to UUID string
+    # @param numeric [Integer] Numeric representation of UUID (128-bit integer)
+    # @return [String] UUID string (e.g., "5c8d9b3e-3155-4871-a419-e72ad5f21c19")
+    def numeric_to_uuid(numeric)
+      # Convert to hex and pad to 32 characters
+      hex = numeric.to_s(16).rjust(32, '0')
+
+      # Format as UUID: 8-4-4-4-12
+      "#{hex[0..7]}-#{hex[8..11]}-#{hex[12..15]}-#{hex[16..19]}-#{hex[20..31]}"
+    end
+  end
+end

app/models/vod_review.rb

@@ -33,6 +33,7 @@
 class VodReview < ApplicationRecord
   include OrganizationScoped
   include Constants
+  include Hashable
 
   # Associations
   belongs_to :organization
@@ -148,9 +149,21 @@ def share_with_all_players!
   end
 
   def public_url
-    return nil unless is_public? && share_link.present?
+    return nil unless is_public?
 
-    "#{ENV['FRONTEND_URL']}/vod-reviews/#{share_link}"
+    # Use HashID if available, fallback to share_link
+    identifier = hashid.presence || share_link
+    return nil if identifier.blank?
+
+    "#{ENV['FRONTEND_URL']}/vod-reviews/#{identifier}"
+  end
+
+  # Override from Hashable concern to use proper route
+  def public_hashid_url
+    return nil unless hashid.present?
+    return nil unless ENV['FRONTEND_URL'].present?
+
+    "#{ENV['FRONTEND_URL']}/vod-reviews/#{hashid}"
   end
 
   private

app/modules/vod_reviews/controllers/vod_reviews_controller.rb

@@ -125,7 +125,19 @@ def destroy
       private
 
       def set_vod_review
-        @vod_review = organization_scoped(VodReview).find(params[:id])
+        # Try to find by HashID first, then fall back to UUID
+        id_param = params[:id]
+
+        @vod_review = if id_param.match?(/\A[a-zA-Z0-9]{6,12}\z/)
+                        # Looks like a HashID (Base62, 6-12 chars)
+                        VodReview.find_by_hashid(id_param)
+                      else
+                        # Looks like a UUID or numeric ID
+                        organization_scoped(VodReview).find_by(id: id_param)
+                      end
+
+        # If not found, raise 404
+        raise ActiveRecord::RecordNotFound, "Couldn't find VodReview with id=#{id_param}" if @vod_review.nil?
       end
 
       def vod_review_params

app/serializers/vod_review_serializer.rb

@@ -11,6 +11,21 @@ class VodReviewSerializer < Blueprinter::Base
          :status, :tags, :metadata,
          :created_at, :updated_at
 
+  # HashID for short, obfuscated public URLs
+  field :hashid do |vod_review|
+    vod_review.hashid
+  end
+
+  # Public URL using HashID (preferred) or share_link (fallback)
+  field :public_url do |vod_review|
+    vod_review.public_url
+  end
+
+  # Direct HashID URL (for explicit HashID usage)
+  field :public_hashid_url do |vod_review|
+    vod_review.public_hashid_url
+  end
+
   field :timestamps_count do |vod_review, options|
     options[:include_timestamps_count] ? vod_review.vod_timestamps.count : nil
   end

config/initializers/hashid.rb

@@ -0,0 +1,49 @@
+# frozen_string_literal: true
+
+# HashID Configuration for URL Obfuscation
+#
+# This initializer configures Hashid::Rails for generating short, obfuscated URLs
+# for public-facing resources like VOD Reviews, Draft Plans, and Tactical Boards.
+#
+# @see https://github.com/jcypret/hashid-rails
+
+require 'hashid/rails'
+
+Hashid::Rails.configure do |config|
+  # Salt: MUST be set via ENV for security
+  salt = ENV.fetch('HASHID_SALT') do
+    if Rails.env.production?
+      raise 'HASHID_SALT environment variable must be set in production!'
+    else
+      Rails.logger.warn '[HASHID] Using fallback salt in development. Set HASHID_SALT for production!'
+      'development_fallback_salt'
+    end
+  end
+  config.salt = salt
+
+  # Minimum length of HashIDs
+  # Lower = shorter URLs (e.g., 6 = "aBcD3f")
+  # Higher = more obfuscation (e.g., 12 = "aBcD3fGhIjKl")
+  min_length = ENV.fetch('HASHID_MIN_LENGTH') do
+    if Rails.env.production?
+      Rails.logger.warn '[HASHID] HASHID_MIN_LENGTH not set, using default: 6'
+      '6'
+    else
+      '6'
+    end
+  end
+  config.min_hash_length = min_length.to_i
+
+  # Alphabet: Use Base62 by default (a-z, A-Z, 0-9)
+  config.alphabet = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'
+end
+
+Rails.application.config.after_initialize do
+  min_length = ENV.fetch('HASHID_MIN_LENGTH', '6')
+  salt = ENV.fetch('HASHID_SALT', 'development_fallback_salt')
+
+  Rails.logger.info '[HASHID] Initialized with:'
+  Rails.logger.info "  - Salt: #{salt[0..2]}*** (hidden)"
+  Rails.logger.info "  - Min Length: #{min_length}"
+  Rails.logger.info "  - Alphabet: Base62 (a-z, A-Z, 0-9)"
+end