signed_params 0.1.0 → 0.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 891a56fac43ec97d7619f289ffc82d565d0d363615b2273329592e29d1152108
-  data.tar.gz: cb4b69abffc6625eee315f5575e916d326d833a6b1749eff5dab4af1da8598ec
+  metadata.gz: 7bb815e0b8cc4495a7f7714cbe16cf48ec4ec0704a43f78e87b262abf6df6434
+  data.tar.gz: 284ba299d0d2fb5215f821c9428d2df7f9e88006b603cd00877ebd463be09b15
 SHA512:
-  metadata.gz: 9557c06ef1af6fc3ff0e253b44d13f4a5a12857cfb25e2d138477f58d24d6aa576c8a10816a010771f3a738593dc49aff9a98be8b99b5bd1e992bc72ad37afd3
-  data.tar.gz: 912c6259c604c4c3d33403720ed74b0fad1769ba5f76283ddc163d7bcc7aee84711e555e5fe8d04a94f580035988d54a85f8dee5270690ab1a36f80d96db6c7c
+  metadata.gz: 3c46582d4a3e0aee5929930684677f7fc1a560d52a63937b30b7c1cf3899f2dcdeba2dd480a162f751329e3865e4d01e9fc0a785a4995c9158811913a18bca3d
+  data.tar.gz: 2a7752b203a38ef492eac4a44177a79138f4b909e801ff055db587867033ea4c24f2c34fecf1b77c5fb80bfeae772ce3003415322c197e062cd0b9ad47e5a14a

data/README.md

@@ -6,13 +6,8 @@ A lightweight library for encoding/decoding Rails request parameters.
 
 Battle-tested at [Hansa](https://hansahq.com). Developed at [Primevise](https://primevise.com).
 
-<a href="https://rubygems.org/gems/signed_params">
-  <img alt="signed_params GEM Version" src="https://img.shields.io/gem/v/signed_params?color=10b981&include_prereleases&logo=ruby&logoColor=f43f5e">
-</a>
-
-<a href="https://rubygems.org/gems/signed_params">
-  <img alt="signed_params GEM Downloads" src="https://img.shields.io/gem/dt/signed_params?color=10b981&include_prereleases&logo=ruby&logoColor=f43f5e">
-</a>
+<a href="https://rubygems.org/gems/signed_params"><img alt="signed_params GEM Version" src="https://img.shields.io/gem/v/signed_params?color=10b981&include_prereleases&logo=ruby&logoColor=f43f5e"></a>
+<a href="https://rubygems.org/gems/signed_params"><img alt="signed_params GEM Downloads" src="https://img.shields.io/gem/dt/signed_params?color=10b981&include_prereleases&logo=ruby&logoColor=f43f5e"></a>
 
 ---
 
@@ -22,63 +17,48 @@ Battle-tested at [Hansa](https://hansahq.com). Developed at [Primevise](https://
 
 Simply add the gem to your Gemfile by running the following command
 
-```bash
-$ bundle add signed_params
 ```
-
-#### Add to application
-
-After you have the gem installed, you include the functionality in `app/controllers/application_controller.rb`:
-
-```ruby
-class ApplicationController < ActionController::Base
-  include SignedParams::Concern
-end
+bundle add signed_params
 ```
 
-> [!TIP]
-> You can also include the concern only in the controllers you seem fit. Adding the concern to the `ApplicationController` is a "forget about it" approach.
-
 ---
 
 ## Usage
 
-You can encode your parameters with a `sign_param` helper method. Specify which params you want to decode by specifying them in the `has_signed_params` class method.
+The signed paramaters can be accesed via `params.signed`. It mirrors the behavior of Rails' [signed cookies](https://api.rubyonrails.org/classes/ActionDispatch/Cookies.html).
+
+Similarly, setting a signed parameter can be done with the `params.sign` method.
 
 #### Example
 
 ```ruby
 class RecordsController < ApplicationController
-  has_signed_params :record_ids, only: :index
-
   def index
-    # The record_ids param is automatically decoded
-    @records = Record.find(params[:record_ids])
+    
+    # Using `params.signed` will return `nil` if the parameter is tampered
+    record_ids = params.signed[:record_ids]
+
+    # Using `params.signed.fetch` will raise `ActionController::Parameters::InvalidSignature` if the parameter is tampered
+    record_ids = params.signed.fetch(:record_ids)    
+
+    @records = Record.find(record_ids)
   end
 
   def new_public_link
     record_ids = Record.last(8).pluck(:id)
-    encoded_record_ids = sign_params(record_ids)
-    # Your controller action logic that generates shareable public links
+    redirect_to records_path(params.sign(record_ids:))
   end
 end
 ```
 
+> [!TIP]
+> You can use all sorts of datatypes when signing parameters. Strings, integers, arrays, objects - they all just work.
+
 > [!CAUTION]
 > Avoid exposing sensitive data while using `signed_params`. Your application should still implement proper authentication and authorization.
 
 ---
 
-## Configuration
-
-`signed_params` uses Rails' [ActiveSupport::MessageVerifier](https://api.rubyonrails.org/classes/ActiveSupport/MessageVerifier.html) under the hood to encode the params. You can adjust the secret used for encoding by adding an initializer.
-
-```ruby
-SignedParams.configure do |config|
-  config.verifier_secret = ENV["SIGNED_PARAMS_ENCODING_SECRET"] || "my-strong-and-private-signing-secret"
-end
-```
-
 ## License
 
 The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).

data/lib/signed_params/railtie.rb

@@ -0,0 +1,6 @@
+class SignedParams::Railtie < Rails::Railtie
+  initializer "parameters.signed.set_verifier" do |app|
+    ActionController::Parameters.include ActionController::Parameters::Signed::Integration
+    ActionController::Parameters.verifier = app.message_verifier :signed_parameters
+  end
+end

data/lib/signed_params/version.rb

@@ -1,3 +1,3 @@
 module SignedParams
-  VERSION = "0.1.0"
+  VERSION = "0.2.0"
 end

data/lib/signed_params.rb

@@ -1,15 +1,29 @@
-require "signed_params/concern"
-require "signed_params/configuration"
 require "signed_params/version"
+require "action_controller/metal/strong_parameters"
 
-module SignedParams
-  class << self
-    def configuration
-      @configuration ||= Configuration.new
-    end
+class ActionController::Parameters::Signed < Data.define(:verifier, :params)
+  ActionController::Parameters::InvalidSignature = Class.new StandardError
 
-    def configure
-      yield configuration
-    end
+  def [](key)
+    verifier.verified(params[key])
   end
+
+  def fetch(key)
+    verifier.verify(params[key])
+  rescue ActiveSupport::MessageVerifier::InvalidSignature
+    raise ActionController::Parameters::InvalidSignature
+  end
+end
+
+module ActionController::Parameters::Signed::Integration
+  def self.included(parameters)
+    parameters.mattr_accessor :verifier
+  end
+
+  def sign(**params)
+    params.transform_values { verifier.generate _1 }
+  end
+  def signed = @signed ||= ActionController::Parameters::Signed.new(verifier, self)
 end
+
+require_relative "signed_params/railtie" if defined?(Rails::Railtie)

metadata

@@ -1,16 +1,29 @@
 --- !ruby/object:Gem::Specification
 name: signed_params
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.2.0
 platform: ruby
 authors:
 - Elvinas Predkelis
 bindir: bin
 cert_chain: []
-date: 2025-05-26 00:00:00.000000000 Z
-dependencies: []
-description: A Rails concern that provides automatic encoding/decoding of signed parameters
-  to prevent tampering
+date: 1980-01-02 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: actionpack
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '6.1'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '6.1'
+description: A lightweight library for encoding/decoding Rails request parameters.
 email:
 - elvinas@primevise.com
 executables: []
@@ -20,8 +33,7 @@ files:
 - LICENCE
 - README.md
 - lib/signed_params.rb
-- lib/signed_params/concern.rb
-- lib/signed_params/configuration.rb
+- lib/signed_params/railtie.rb
 - lib/signed_params/version.rb
 homepage: https://github.com/elvinaspredkelis/signed_params
 licenses:
@@ -44,8 +56,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.6.2
+rubygems_version: 3.6.7
 specification_version: 4
-summary: A Rails concern that provides automatic encoding/decoding of signed parameters
-  to prevent tampering
+summary: A lightweight library for encoding/decoding Rails request parameters.
 test_files: []

data/lib/signed_params/concern.rb

@@ -1,38 +0,0 @@
-module SignedParams
-  module Concern
-    extend ActiveSupport::Concern
-
-    included do
-      class_attribute :signed_param_keys, default: []
-      helper_method :sign_param
-    end
-
-    class_methods do
-      def has_signed_params(*keys, **attributes)
-        self.signed_param_keys = keys
-        before_action :decode_signed_params
-      end
-    end
-
-    def sign_param(value)
-      signed_params_verifier.generate(value)
-    end
-
-    private
-
-    def decode_signed_params
-      return unless signed_param_keys.length
-      signed_param_keys.each do |key|
-        begin
-          params[key] = signed_params_verifier.verify(params[key])
-        rescue ActiveSupport::MessageVerifier::InvalidSignature
-          params[key] = nil
-        end
-      end
-    end
-
-    def signed_params_verifier
-      @signed_params_verifier ||= Rails.application.message_verifier(SignedParams.configuration.verifier_secret)
-    end
-  end
-end

data/lib/signed_params/configuration.rb

@@ -1,21 +0,0 @@
-module SignedParams
-  class Configuration
-    attr_accessor :verifier_secret
-
-    def initialize
-      @verifier_secret = :signed_params
-    end
-  end
-
-  class << self
-    attr_accessor :configuration
-  end
-
-  def self.configuration
-    @configuration ||= Configuration.new
-  end
-
-  def self.configure
-    yield(configuration)
-  end
-end