I would like to send a link to a user (via email) that expires after a period of time. When a user takes a certain action, they are emailed a link that allows them access to a certain resource. What I want to do is make it so that the link will work for a period of time (say 48 hours) and then will no longer work. I would like the link to look like: http://www.mysite.com/stuff/b39a8b314588d04e23f15ceb026196c5 or http://www.mysite.com/stuff/resourcea?b39a8b314588d04e23f15ceb026196c5 Rails would need to decrypt the url (it doesn''t need to be cryptographically secure, but it should be non obvious), determine if the timeframe is still valid and serve the resource (or not). I would rather that the timeframe be included in the link instead of having to do a db lookup. Are there any gems/plug-ins out there for this? How would I go about creating it from scratch? Matt -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit https://groups.google.com/groups/opt_out.
Christopher R. Maden
2012-Sep-29 04:36 UTC
Re: How do you create a link to a resource that expires
On 09/28/2012 06:21 PM, Matt Martini wrote:> Are there any gems/plug-ins out there for this? How would I go about > creating it from scratch?Not sure about existing gems, not having looked at this in Ruby or Rails, but having solved it in another language: you create an entry in your database with a token and a timestamp. When a user sends the token back, you check the current time against the token’s associated timestamp, and reject it if the token is unknown or the timestamp is too old. (Periodically, you can garden your database to delete any entry with an old timestamp.) ~Chris -- Chris Maden, text nerd <URL: http://crism.maden.org/ > LIVE FREE: vote for Gary Johnson, Libertarian for President. <URL: http://garyjohnson2012.com/ > <URL: http://lp.org/ > GnuPG fingerprint: DB08 CF6C 2583 7F55 3BE9 A210 4A51 DBAC 5C5C 3D5E -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Alexandre Calvão
2012-Sep-29 13:05 UTC
Re: How do you create a link to a resource that expires
I would use cancan. https://github.com/ryanb/cancan/wiki/Authorizing-Controller-Actions if valid(params[:token]) authorize! :show, @stuff end ==================*Alexandre Mondaini Calvão* "*Nossa recompensa se encontra no esforço e não no resultado. Um esforço total é uma vitória completa*." [Ghandi] 2012/9/29 Christopher R. Maden <crism-KB/imElbUW3YtjvyW6yDsg@public.gmane.org>> On 09/28/2012 06:21 PM, Matt Martini wrote: > > Are there any gems/plug-ins out there for this? How would I go about > > creating it from scratch? > > Not sure about existing gems, not having looked at this in Ruby or > Rails, but having solved it in another language: you create an entry in > your database with a token and a timestamp. When a user sends the token > back, you check the current time against the token’s associated > timestamp, and reject it if the token is unknown or the timestamp is too > old. (Periodically, you can garden your database to delete any entry > with an old timestamp.) > > ~Chris > -- > Chris Maden, text nerd <URL: http://crism.maden.org/ > > LIVE FREE: vote for Gary Johnson, Libertarian for President. > <URL: http://garyjohnson2012.com/ > <URL: http://lp.org/ > > GnuPG fingerprint: DB08 CF6C 2583 7F55 3BE9 A210 4A51 DBAC 5C5C 3D5E > > -- > You received this message because you are subscribed to the Google Groups > "Ruby on Rails: Talk" group. > To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org > To unsubscribe from this group, send email to > rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org > For more options, visit https://groups.google.com/groups/opt_out. > > >-- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.