will_sign
Create time-based HMAC hashes from URLs.
USAGE
# not really Rails-specific, works with POROs
class FooController < ApplicationController
include WillSign
protected
def sign_secret
:monkey # this should be something unique and special.
end
public
def index
url = "/foo/bar"
hash = sign_url(url)
redirect_to "#{url}?token=#{hash}"
end
def show
url = request.request_uri.split("?").first # "/foo/bar"
hash = params[:token]
if signed_url?(url, hash)
...
else
raise "Token expired"
end
end
end
The default expiry for urls is 300 seconds (5 minutes). You can set a custom expiry like this:
sign_url("foo/bar", 120) # 2 minutes
Or…
WillSign.default_expiry = 180
sign_url("foo/bar") # 3 minutes
CREDITS
Thanks to Digisynd for funding this plugin, and TV for insight in how to properly hash URLs.
TODO
gem spec…