A lightweight library for encoding/decoding Rails request parameters.
signed_params are protected against tampering and safe to share with the internet. Great for generating sharable links and/or mitigating web scrapers.
Battle-tested at Rinkta. Developed at Primevise.
Simply add the gem to your Gemfile by running the following command
bundle add signed_params
The signed paramaters can be accesed via params.signed. It mirrors the behavior of Rails' signed cookies.
Similarly, setting a signed parameter can be done with the params.sign method.
class RecordsController < ApplicationController
def index
# Using `params.signed` will return `nil` if the parameter is tampered
record_ids = params.signed[:record_ids]
# Using `params.signed.fetch` will raise `ActionController::Parameters::InvalidSignature` if the parameter is tampered
record_ids = params.signed.fetch(:record_ids)
@records = Record.find(record_ids)
end
def new_public_link
record_ids = Record.last(8).pluck(:id)
redirect_to records_path(params.sign(record_ids:))
end
endTip
You can use all sorts of datatypes when signing parameters. Strings, integers, arrays, objects - they all just work.
Caution
Avoid exposing sensitive data while using signed_params. Your application should still implement proper authentication and authorization.
The gem is available as open source under the terms of the MIT License.