Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Referral codes and affiliate links for Ruby on Rails applications.
Add this line to your application's Gemfile:
gem "refer"
And then execute:
$ bundle
Add Refer to your controllers to store referral cookies:
bin/rails generate refer:install
And add Refer to your model:
bin/rails generate refer:model User
bin/rails db:migrate
Refer adds a model to your Rails application for tracking referrals and referral codes.
To track referrals, you'll need to
You can create referral codes through the association:
user.referral_codes.create #=> randomly generated code
user.referral_codes.create(code: "chris")
To customize the referral code generator:
Refer.code_generator = ->(referrer) { [referrer.id, SecureRandom.alphanumeric(8)].join("-") }
#=> generates codes like "1-7frb5fUw"
By default, Refer will generate 8 character alphanumeric codes.
To track users, we need to stash the referral code in a cookie when present. By default, Refer will look for ?ref=code
and save this in a cookie.
class ApplicationController < ActionController::Base
set_referral_cookie
end
Move set_referral_cookie
to specific controllers if you'd only like cookies set in certain areas like marketing pages for example.
class MarketingController < ActionController::Base
set_referral_cookie except: [:about_us]
end
You can customize the param name with:
Refer.param_name = :ref
You can customize the cookie name with:
Refer.cookie_name = :refer_code
To create a referral, you can run the following
class RegistrationsController < ApplicationController
def create
@user = User.new(user_params)
if @user.save
refer @user #=> Looks up cookie and attempts referral
redirect_to root_path
else
render :new, status: :unprocessable_entity
end
end
end
You can also do this manually:
Refer.refer(code: "referral_code", referee: user)
Refer will make sure the user has not already been referred and create a Referral.
Refer.referred?(user)
#=> true/false
To access a user's referrals, you can use the referrals
association:
user.referrals #=> [Refer::Referral, Refer::Referral]
This returns a list of Refer::Referral
objects.
To access a user's referral, you can use the referral
association:
user.referral #=> Refer::Referral
To access a user's referrer, you can use referrer
:
user.referrer #=> User that referred this User
To use Refer with Devise, you'll need to customize the Devise controller to track the referral after a successful registration.
We can do this by telling Devise to use a custom controller in the routes and hooking into the create
action to track the referral.
# config/routes.rb
devise_for :users, controllers: { registrations: "users/registrations" }
# app/controllers/users/registrations_controller.rb
class Users::RegistrationsController < Devise::RegistrationsController
def create
super do
refer resource if resource.persisted?
end
end
end
There are several common ways of handling rewards for successful referrals:
Immediate rewards When the referral is successfully created, you can immediately credit the referrer with their reward.
Reward after user actions You can check if a user was referred after they complete the action and provide a reward to the referrer.
Time-based rewards To provide a reward X days after a successful referral, you can use a schedule job to check for referrals X days ago and provide rewards to those referrers.
We recommend keeping records for each reward given to a referral so you can limit rewards.
If you have an issue you'd like to submit, please do so using the issue tracker in GitHub. In order for us to help you in the best way possible, please be as detailed as you can.
The gem is available as open source under the terms of the MIT License.
FAQs
Unknown package
We found that refer demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.