module UrlSigner::Rails::ControllerHelpers

Public Instance Methods

sign_url(url, options={}) click to toggle source

Sign a url.

@signed_url = sign_url(some_route_helper_url)

Can also be used as a view helper:

<%= link_to 'Some secret', sign_url(some_secret_action_url) %>

For options, see UrlSigner#sign.

# File lib/url_signer/rails.rb, line 24
def sign_url(url, options={})
  options = url_signer_options(options)
  UrlSigner.sign(url,  options).to_s
end
signature_invalid!() click to toggle source

Called when an action is called with an invalid signature attached. Will be overridden to enhance behaviour:

class MyController < ActionController::Base
  before_action :verify_signature!

  # ...

  def signature_invalid!
    redirect_to root_path, notice: 'you URL is not valid anymore'
  end
end
# File lib/url_signer/rails.rb, line 76
def signature_invalid!
  head :forbidden
end
signature_valid?(url=nil, options={}) click to toggle source

Verify a url.

class MyController < ActionController::Base
  def my_action

    # verify the validity of the current called url
    current_url_valid = signature_valid?

    # or with another url
    orher_url_valid = signature_valid?(orher_url)

  end
end

For options, see UrlSigner#valid?.

# File lib/url_signer/rails.rb, line 44
def signature_valid?(url=nil, options={})
  url ||= request.url
  options = url_signer_options(options)
  UrlSigner.valid?(url, options)
end
verify_signature!() click to toggle source

Verify the current url and call signature_invalid! on failure. This method is intended to be used in a before action.

class MyController < ActionController::Base
  before_action :verify_signature!

  def secure_action
    # can only be accessed from a signed url
  end
end
# File lib/url_signer/rails.rb, line 60
def verify_signature!
  signature_invalid! unless signature_valid?
end