How to handle encrypted URL's in rails?

Question

I am sending email to user, in that email one link is there to redirect that user to rails application. I want that link to be in encrypted form with domain name for example:

https://www.domain_name.com?hdurstihnzdfalgfgdfhdrbnhduolsasrtyumyrtyr

when user click on this link, he should directly redirect to controller method we specified in that URL which is not visible.

Controller and methods given in URL may vary according to user.

So my question is how we can do this in rails.

If I encrypt controller name, method name and parameter we passed. How routes file come to know where to redirect this URL? How to decrypt this in routes file and redirect internally to decrypted URL?

Answer 1

Life will be easier if you can do a slight modification to your url, something like:

https://www.domain_name.com/enc/hdurstihnzdfalgfgdfhdrbnhduolsasrtyumyrtyr

Then you can create a route for that path to redirect where you want.

get '/enc/:encoded_path' => "controller#action"

This would give you access to params[:encoded_path], which would equal hdurstihnzdfalgfgdfhdrbnhduolsasrtyumyrtyr in this case. From there, you could decode in the controller and then redirect however you want.

Answer 2

That's not the right approach. Here's what you can do instead:

Create a new controller action, say for instance, activate.

def activate
 activation_token = params[:auth_token]
 ....
  your logic to do whatever with this token
end

Create a corresponding route:

match '/activate' => 'your_awesome_controller#activate'

Now, when you email your users, I'm guessing you're sending some sort of activation token. If not, create two new fields in your users table:

activation_token:string
activated:boolean

Use some unique string generation algorithm to generate your activation_token and email it to your user:

yourdomain.com/activate?auth_token=user.activation_token