Repository inventory

cole-robertson/inertia-rails-skills

Skills indexed from this repository, with install-style signals scoped to the repo.
5 skills0 GitHub stars0 weekly installsShellGitHubOwner profile

Overview

This skill implements authentication and authorization for Inertia + Rails apps, providing ready patterns for Devise, has_secure_password, session handling, and permission propagation to the frontend. It focuses on secure, session-based flows that work with Inertia’s shared props model so your Vue or React pages receive auth state and per-record permissions. The goal is practical, secure defaults for sign-in, registration, password reset, protected routes, and history encryption.

How this skill works

The skill wires Rails authentication (Devise or has_secure_password) into Inertia by sharing minimal auth state via inertia_share and sending permission flags as props from controllers. Controllers render Inertia responses with can: hashes for global and per-record authorization checks (Pundit or Action Policy), while client components read auth and can props to conditionally render UI. It also configures encrypted history, CSRF protection, and clear-history logout flows to prevent sensitive data leakage.

When to use it

  • Setting up sign-in, sign-out, registration, and password reset pages in an Inertia Rails app
  • Exposing current user info and signed_in state to Vue or React pages without leaking sensitive attributes
  • Enforcing server-side permissions while showing permitted UI actions on the frontend
  • Protecting admin or role-based areas with before_action checks and per-controller requirements
  • Preventing back-button access to sensitive data after logout via encrypted history and clear_history

Best practices

  • Share only minimal user fields (id, name, email, avatar_url) via inertia_share to avoid data leaks
  • Always enforce authorization server-side (authorize/allowed_to?) and only mirror results to the client
  • Use secure session configuration (secure, httponly, same_site) and graceful session expiry handling
  • Enable CSRF protection and rely on Rails/XSRF cookie integration with Inertia/axios
  • Rotate or clear encrypted history on logout to prevent back-button exposure of sensitive views

Example use cases

  • Add Devise sign-in and registration pages that post via Inertia form helpers and return errors as props
  • Implement has_secure_password sessions with server-side authenticate, session[:user_id], and inertia_share
  • Render users index with can.create_user and per-user can.edit/can.delete flags for UI controls
  • Protect an admin namespace with require_admin! and enable inertia_config(encrypt_history: true) for admin controllers
  • Implement a password reset flow that never leaks whether an email exists and returns token state for the edit page

FAQ

No. Inertia works well with session-based Rails auth because frontend and backend share the same domain; use sessions and standard Rails auth gems.

How do I show permissions in the frontend?

Compute permission boolean values server-side (Pundit or Action Policy) and include them in the inertia render payload as global can flags and per-record can hashes for components to read.

5 skills

More from this maintainer
Other repositories and skills published under the same GitHub owner.
Skills library
Jump back to the full directory or explore grouped topics.
Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational