Merge pull request #2 from kaspth/extend-parameters

elvinaspredkelis · web-flow · commit df51191c7e49 · 2025-06-01T23:30:35.000+03:00
Expose `params.signed` and `params.sign`
diff --git a/.gitignore b/.gitignore
@@ -1 +1,2 @@
 *.gem
+tmp/
diff --git a/Gemfile b/Gemfile
@@ -0,0 +1,6 @@
+source "https://rubygems.org"
+
+gemspec
+
+gem "debug"
+gem "railties"
diff --git a/Gemfile.lock b/Gemfile.lock
@@ -0,0 +1,142 @@
+PATH
+  remote: .
+  specs:
+    signed_params (0.1.0)
+      actionpack (>= 6.1)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    actionpack (8.0.2)
+      actionview (= 8.0.2)
+      activesupport (= 8.0.2)
+      nokogiri (>= 1.8.5)
+      rack (>= 2.2.4)
+      rack-session (>= 1.0.1)
+      rack-test (>= 0.6.3)
+      rails-dom-testing (~> 2.2)
+      rails-html-sanitizer (~> 1.6)
+      useragent (~> 0.16)
+    actionview (8.0.2)
+      activesupport (= 8.0.2)
+      builder (~> 3.1)
+      erubi (~> 1.11)
+      rails-dom-testing (~> 2.2)
+      rails-html-sanitizer (~> 1.6)
+    activesupport (8.0.2)
+      base64
+      benchmark (>= 0.3)
+      bigdecimal
+      concurrent-ruby (~> 1.0, >= 1.3.1)
+      connection_pool (>= 2.2.5)
+      drb
+      i18n (>= 1.6, < 2)
+      logger (>= 1.4.2)
+      minitest (>= 5.1)
+      securerandom (>= 0.3)
+      tzinfo (~> 2.0, >= 2.0.5)
+      uri (>= 0.13.1)
+    base64 (0.3.0)
+    benchmark (0.4.1)
+    bigdecimal (3.2.0)
+    builder (3.3.0)
+    concurrent-ruby (1.3.5)
+    connection_pool (2.5.3)
+    crass (1.0.6)
+    date (3.4.1)
+    debug (1.10.0)
+      irb (~> 1.10)
+      reline (>= 0.3.8)
+    drb (2.2.3)
+    erb (5.0.1)
+    erubi (1.13.1)
+    i18n (1.14.7)
+      concurrent-ruby (~> 1.0)
+    io-console (0.8.0)
+    irb (1.15.2)
+      pp (>= 0.6.0)
+      rdoc (>= 4.0.0)
+      reline (>= 0.4.2)
+    logger (1.7.0)
+    loofah (2.24.1)
+      crass (~> 1.0.2)
+      nokogiri (>= 1.12.0)
+    minitest (5.25.5)
+    nokogiri (1.18.8-aarch64-linux-gnu)
+      racc (~> 1.4)
+    nokogiri (1.18.8-aarch64-linux-musl)
+      racc (~> 1.4)
+    nokogiri (1.18.8-arm-linux-gnu)
+      racc (~> 1.4)
+    nokogiri (1.18.8-arm-linux-musl)
+      racc (~> 1.4)
+    nokogiri (1.18.8-arm64-darwin)
+      racc (~> 1.4)
+    nokogiri (1.18.8-x86_64-darwin)
+      racc (~> 1.4)
+    nokogiri (1.18.8-x86_64-linux-gnu)
+      racc (~> 1.4)
+    nokogiri (1.18.8-x86_64-linux-musl)
+      racc (~> 1.4)
+    pp (0.6.2)
+      prettyprint
+    prettyprint (0.2.0)
+    psych (5.2.6)
+      date
+      stringio
+    racc (1.8.1)
+    rack (3.1.15)
+    rack-session (2.1.1)
+      base64 (>= 0.1.0)
+      rack (>= 3.0.0)
+    rack-test (2.2.0)
+      rack (>= 1.3)
+    rackup (2.2.1)
+      rack (>= 3)
+    rails-dom-testing (2.3.0)
+      activesupport (>= 5.0.0)
+      minitest
+      nokogiri (>= 1.6)
+    rails-html-sanitizer (1.6.2)
+      loofah (~> 2.21)
+      nokogiri (>= 1.15.7, != 1.16.7, != 1.16.6, != 1.16.5, != 1.16.4, != 1.16.3, != 1.16.2, != 1.16.1, != 1.16.0.rc1, != 1.16.0)
+    railties (8.0.2)
+      actionpack (= 8.0.2)
+      activesupport (= 8.0.2)
+      irb (~> 1.13)
+      rackup (>= 1.0.0)
+      rake (>= 12.2)
+      thor (~> 1.0, >= 1.2.2)
+      zeitwerk (~> 2.6)
+    rake (13.3.0)
+    rdoc (6.14.0)
+      erb
+      psych (>= 4.0.0)
+    reline (0.6.1)
+      io-console (~> 0.5)
+    securerandom (0.4.1)
+    stringio (3.1.7)
+    thor (1.3.2)
+    tzinfo (2.0.6)
+      concurrent-ruby (~> 1.0)
+    uri (1.0.3)
+    useragent (0.16.11)
+    zeitwerk (2.7.3)
+
+PLATFORMS
+  aarch64-linux-gnu
+  aarch64-linux-musl
+  arm-linux-gnu
+  arm-linux-musl
+  arm64-darwin
+  x86_64-darwin
+  x86_64-linux-gnu
+  x86_64-linux-musl
+
+DEPENDENCIES
+  debug
+  railties
+  signed_params!
+
+BUNDLED WITH
+   2.6.9
diff --git a/bin/test b/bin/test
@@ -0,0 +1,5 @@
+#!/usr/bin/env ruby
+$: << File.expand_path("../test", __dir__)
+
+require "bundler/setup"
+require "rails/plugin/test"
diff --git a/lib/signed_params.rb b/lib/signed_params.rb
@@ -1,15 +1,29 @@
-require "signed_params/concern"
-require "signed_params/configuration"
 require "signed_params/version"
+require "action_controller/metal/strong_parameters"
 
-module SignedParams
-  class << self
-    def configuration
-      @configuration ||= Configuration.new
-    end
+class ActionController::Parameters::Signed < Data.define(:verifier, :params)
+  ActionController::Parameters::InvalidSignature = Class.new StandardError
 
-    def configure
-      yield configuration
-    end
+  def [](key)
+    verifier.verified(params[key])
   end
+
+  def fetch(key)
+    verifier.verify(params[key])
+  rescue ActiveSupport::MessageVerifier::InvalidSignature
+    raise ActionController::Parameters::InvalidSignature
+  end
+end
+
+module ActionController::Parameters::Signed::Integration
+  def self.included(parameters)
+    parameters.mattr_accessor :verifier
+  end
+
+  def sign(**params)
+    params.transform_values { verifier.generate _1 }
+  end
+  def signed = @signed ||= ActionController::Parameters::Signed.new(verifier, self)
 end
+
+require_relative "signed_params/railtie" if defined?(Rails::Railtie)
diff --git a/lib/signed_params/concern.rb b/lib/signed_params/concern.rb
diff --git a/lib/signed_params/configuration.rb b/lib/signed_params/configuration.rb
diff --git a/lib/signed_params/railtie.rb b/lib/signed_params/railtie.rb
@@ -0,0 +1,6 @@
+class SignedParams::Railtie < Rails::Railtie
+  initializer "parameters.signed.set_verifier" do |app|
+    ActionController::Parameters.include ActionController::Parameters::Signed::Integration
+    ActionController::Parameters.verifier = app.message_verifier :signed_parameters
+  end
+end
diff --git a/signed_params.gemspec b/signed_params.gemspec
@@ -18,4 +18,6 @@ Gem::Specification.new do |spec|
   spec.files = Dir.chdir(File.expand_path(__dir__)) do
     Dir["{lib}/**/*", "LICENCE", "Rakefile", "README.md"]
   end
+
+  spec.add_dependency "actionpack", ">= 6.1"
 end
diff --git a/test/signed_params_test.rb b/test/signed_params_test.rb
@@ -0,0 +1,37 @@
+require "test_helper"
+
+class SignedParamsTest < ActionDispatch::IntegrationTest
+  test "with nil id" do
+    assert_nil params.signed[:id]
+    assert_raises ActionController::Parameters::InvalidSignature do
+      params.signed.fetch(:id)
+    end
+  end
+
+  test "with signed parameter id" do
+    signed = params.sign(id: 1)
+    assert_includes signed[:id], "==--"
+
+    params = ActionController::Parameters.new(**signed)
+    assert_equal 1, params.signed[:id]
+    assert_equal 1, params.signed.fetch(:id)
+  end
+
+  test "pass signed params to URLs" do
+    uri = URI post_url params.sign(id: 1, first_query_param: true, second_query_param: false)
+    assert_match(/posts\/.*?==--/, uri.path)
+
+    query = Rack::Utils.parse_query uri.query
+    assert_equal 2, query.keys.size
+    assert_match "--", query.fetch("first_query_param")
+    assert_match "--", query.fetch("second_query_param")
+  end
+
+  test "extract signed params from controller" do
+    get post_url(params.sign(id: 1))
+    assert_equal 1, response.body.to_i
+  end
+
+  private
+    def params = ActionController::Parameters.new
+end
diff --git a/test/test_helper.rb b/test/test_helper.rb
@@ -0,0 +1,28 @@
+require "rails"
+require "rails/application"
+require "action_controller"
+require "action_controller/test_case"
+
+require "signed_params"
+
+class SignedParams::Application < Rails::Application
+end
+
+SignedParams::Railtie.run_initializers :default, Rails.application
+
+Rails.logger = Logger.new "/dev/null"
+
+class PostsController < ActionController::Base
+  def show
+    render plain: params.signed[:id]
+  end
+end
+
+Rails.application.routes.draw do
+  resources :posts
+end
+
+class ActionDispatch::IntegrationTest
+  include Rails.application.routes.url_helpers
+  setup { @app = Rails.application }
+end
