signed_params 0.0.1 → 0.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 8c20a32fb7717fdc82f737a65b377486beffbc9faa4852d36563c9c4828a9f3c
-  data.tar.gz: d64e43dde0ed9bc8294dc1b4d44b3157fba803ca1a83c2576c1172a0c4f30bbe
+  metadata.gz: 7bb815e0b8cc4495a7f7714cbe16cf48ec4ec0704a43f78e87b262abf6df6434
+  data.tar.gz: 284ba299d0d2fb5215f821c9428d2df7f9e88006b603cd00877ebd463be09b15
 SHA512:
-  metadata.gz: 830bc743e8226ae34d62686bb305274c35a0a4abe4f399de5076cfc55e563a5df889efae64d924694a853e8cad94e6a4370c429c41ba2e6c660bc00a558160b1
-  data.tar.gz: 3a026ec3ee4eb1103e0a29eed1989a4e7f2637e39599ae3d675ef2965b59a2b7db36c6cd15980fa9096046d91de0cc1ce5f1b347a030624ae758a8e3077b7b16
+  metadata.gz: 3c46582d4a3e0aee5929930684677f7fc1a560d52a63937b30b7c1cf3899f2dcdeba2dd480a162f751329e3865e4d01e9fc0a785a4995c9158811913a18bca3d
+  data.tar.gz: 2a7752b203a38ef492eac4a44177a79138f4b909e801ff055db587867033ea4c24f2c34fecf1b77c5fb80bfeae772ce3003415322c197e062cd0b9ad47e5a14a

data/README.md

@@ -1,10 +1,13 @@
 # Signed Params
 
-A small Rails controller concern that allows encoding and decoding parameters. Such parameters are protected against tampering and safe to share with the internet.
+A lightweight library for encoding/decoding Rails request parameters.
 
-`signed_params` are great for generating sharable links and/or mitigating web scrapers.
+`signed_params` are protected against tampering and safe to share with the internet. Great for generating sharable links and/or mitigating web scrapers.
 
-Battle tested at [Hansa](https://hansahq.com). Developed at [Primevise](https://primevise.com).
+Battle-tested at [Hansa](https://hansahq.com). Developed at [Primevise](https://primevise.com).
+
+<a href="https://rubygems.org/gems/signed_params"><img alt="signed_params GEM Version" src="https://img.shields.io/gem/v/signed_params?color=10b981&include_prereleases&logo=ruby&logoColor=f43f5e"></a>
+<a href="https://rubygems.org/gems/signed_params"><img alt="signed_params GEM Downloads" src="https://img.shields.io/gem/dt/signed_params?color=10b981&include_prereleases&logo=ruby&logoColor=f43f5e"></a>
 
 ---
 
@@ -14,61 +17,47 @@ Battle tested at [Hansa](https://hansahq.com). Developed at [Primevise](https://
 
 Simply add the gem to your Gemfile by running the following command
 
-```bash
-$ bundle add signed_params
 ```
-
----
-
-#### Add it to your application
-
-After you have the gem installed, you include the functionality in `app/controllers/application_controller.rb`:
-
-```ruby
-class ApplicationController < ActionController::Base
-  include SignedParams::Concern
-end
+bundle add signed_params
 ```
 
-> [!TIP]
-> You can also include the concern only in the controllers you seem fit. Adding the concern to the `ApplicationController` is a "forget about it" approach.
-
 ---
 
 ## Usage
 
-You can encode your parameters with a `sign_param` helper method. Specify which params you want to decode by specifying them in the `has_signed_params` class method.
+The signed paramaters can be accesed via `params.signed`. It mirrors the behavior of Rails' [signed cookies](https://api.rubyonrails.org/classes/ActionDispatch/Cookies.html).
+
+Similarly, setting a signed parameter can be done with the `params.sign` method.
 
 #### Example
 
 ```ruby
 class RecordsController < ApplicationController
-  has_signed_params :record_ids, only: :index
-
   def index
-    # The record_ids param is automatically decoded
-    @records = Record.find(params[:record_ids])
+    
+    # Using `params.signed` will return `nil` if the parameter is tampered
+    record_ids = params.signed[:record_ids]
+
+    # Using `params.signed.fetch` will raise `ActionController::Parameters::InvalidSignature` if the parameter is tampered
+    record_ids = params.signed.fetch(:record_ids)    
+
+    @records = Record.find(record_ids)
   end
 
   def new_public_link
     record_ids = Record.last(8).pluck(:id)
-    encoded_record_ids = sign_params(record_ids)
-    # Your controller action logic that generates shareable public links
+    redirect_to records_path(params.sign(record_ids:))
   end
 end
 ```
 
----
-
-## Configuration
+> [!TIP]
+> You can use all sorts of datatypes when signing parameters. Strings, integers, arrays, objects - they all just work.
 
-`signed_params` uses Rails' [ActiveSupport::MessageVerifier](https://api.rubyonrails.org/classes/ActiveSupport/MessageVerifier.html) under the hood to encode the params. You can adjust the secret used for encoding by adding an initializer.
+> [!CAUTION]
+> Avoid exposing sensitive data while using `signed_params`. Your application should still implement proper authentication and authorization.
 
-```ruby
-SignedParams.configure do |config|
-  config.verifier_secret = ENV["SIGNED_PARAMS_ENCODING_SECRET"] || "my-strong-and-private-signing-secret"
-end
-```
+---
 
 ## License
 

data/lib/signed_params/railtie.rb

@@ -0,0 +1,6 @@
+class SignedParams::Railtie < Rails::Railtie
+  initializer "parameters.signed.set_verifier" do |app|
+    ActionController::Parameters.include ActionController::Parameters::Signed::Integration
+    ActionController::Parameters.verifier = app.message_verifier :signed_parameters
+  end
+end

data/lib/signed_params/version.rb

@@ -1,3 +1,3 @@
 module SignedParams
-  VERSION = "0.0.1"
+  VERSION = "0.2.0"
 end

data/lib/signed_params.rb

@@ -1,15 +1,29 @@
-require "signed_params/concern"
-require "signed_params/configuration"
 require "signed_params/version"
+require "action_controller/metal/strong_parameters"
 
-module SignedParams
-  class << self
-    def configuration
-      @configuration ||= Configuration.new
-    end
+class ActionController::Parameters::Signed < Data.define(:verifier, :params)
+  ActionController::Parameters::InvalidSignature = Class.new StandardError
 
-    def configure
-      yield configuration
-    end
+  def [](key)
+    verifier.verified(params[key])
   end
+
+  def fetch(key)
+    verifier.verify(params[key])
+  rescue ActiveSupport::MessageVerifier::InvalidSignature
+    raise ActionController::Parameters::InvalidSignature
+  end
+end
+
+module ActionController::Parameters::Signed::Integration
+  def self.included(parameters)
+    parameters.mattr_accessor :verifier
+  end
+
+  def sign(**params)
+    params.transform_values { verifier.generate _1 }
+  end
+  def signed = @signed ||= ActionController::Parameters::Signed.new(verifier, self)
 end
+
+require_relative "signed_params/railtie" if defined?(Rails::Railtie)

metadata

@@ -1,16 +1,29 @@
 --- !ruby/object:Gem::Specification
 name: signed_params
 version: !ruby/object:Gem::Version
-  version: 0.0.1
+  version: 0.2.0
 platform: ruby
 authors:
 - Elvinas Predkelis
 bindir: bin
 cert_chain: []
-date: 2025-05-26 00:00:00.000000000 Z
-dependencies: []
-description: A Rails concern that provides automatic encoding/decoding of signed parameters
-  to prevent tampering
+date: 1980-01-02 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: actionpack
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '6.1'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '6.1'
+description: A lightweight library for encoding/decoding Rails request parameters.
 email:
 - elvinas@primevise.com
 executables: []
@@ -20,8 +33,7 @@ files:
 - LICENCE
 - README.md
 - lib/signed_params.rb
-- lib/signed_params/concern.rb
-- lib/signed_params/configuration.rb
+- lib/signed_params/railtie.rb
 - lib/signed_params/version.rb
 homepage: https://github.com/elvinaspredkelis/signed_params
 licenses:
@@ -44,8 +56,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.6.2
+rubygems_version: 3.6.7
 specification_version: 4
-summary: A Rails concern that provides automatic encoding/decoding of signed parameters
-  to prevent tampering
+summary: A lightweight library for encoding/decoding Rails request parameters.
 test_files: []

data/lib/signed_params/concern.rb

@@ -1,38 +0,0 @@
-module SignedParams
-  module Concern
-    extend ActiveSupport::Concern
-
-    included do
-      class_attribute :signed_param_keys, default: []
-      helper_method :sign_param
-    end
-
-    class_methods do
-      def has_signed_params(*keys, **attributes)
-        self.signed_param_keys = keys
-        before_action :decode_signed_params
-      end
-    end
-
-    def sign_param(value)
-      signed_params_verifier.generate(value)
-    end
-
-    private
-
-    def decode_signed_params
-      return unless signed_param_keys.length
-      signed_param_keys.each do |key|
-        begin
-          params[key] = signed_params_verifier.verify(params[key])
-        rescue ActiveSupport::MessageVerifier::InvalidSignature
-          params[key] = nil
-        end
-      end
-    end
-
-    def signed_params_verifier
-      @signed_params_verifier ||= Rails.application.message_verifier(SignedParams.configuration.verifier_secret)
-    end
-  end
-end

data/lib/signed_params/configuration.rb

@@ -1,21 +0,0 @@
-module SignedParams
-  class Configuration
-    attr_accessor :verifier_secret
-
-    def initialize
-      @verifier_secret = :signed_params
-    end
-  end
-
-  class << self
-    attr_accessor :configuration
-  end
-
-  def self.configuration
-    @configuration ||= Configuration.new
-  end
-
-  def self.configure
-    yield(configuration)
-  end
-end