Make open source

app/models/concerns/findable_with_token.rb

@@ -0,0 +1,27 @@
+#
+# Make a model findable only when a secure token is provided.
+#
+module FindableWithToken
+  extend ActiveSupport::Concern
+
+  ID_TOKEN_RX = /\A(\d+)-(\w+)\z/
+
+  included do
+    has_secure_token
+
+    def to_param
+      id ? "#{id}-#{token}" : nil
+    end
+
+    def self.find_by_id_token(id_token)
+      raise ActiveRecord::RecordNotFound unless id_token =~ ID_TOKEN_RX
+      id = Regexp.last_match(1)
+      token = Regexp.last_match(2)
+
+      record = find(id)
+      raise ActiveRecord::RecordNotFound unless
+        ActiveSupport::SecurityUtils.secure_compare(record.token, token)
+      record
+    end
+  end
+end