thibautbaissac/rails_ai_agents
Overview
This skill implements Rails 8 built-in authentication generator and supplies a complete, production-ready auth flow without external gems. It scaffolds User, Session, and Current models, controller concerns, and views for login, logout, and password resets. Use it to quickly add secure session management, cookie-based authentication, and easy controller protection.
How this skill works
Run the generator to create models (User, Session, Current), controllers (Sessions, Passwords), and an authentication concern included into ApplicationController. The concern resumes sessions from signed cookies, enforces authentication by default, and provides helpers to start and terminate sessions. The User uses has_secure_password, Session generates secure tokens, and Current exposes request-local user access.
When to use it
- When adding sign-up, sign-in, and sign-out flows to a Rails 8 app
- When you need secure, cookie-based session handling without external gems
- When protecting controllers and actions by default with opt-out for public pages
- When implementing password reset flows and session tracking
- When you want test helpers and request specs for auth scenarios
Best practices
- Include the Authentication concern in ApplicationController to protect all actions by default
- Use Current.user in controllers and views for request-scoped access; avoid heavy use in models
- Store session tokens in signed, HttpOnly cookies and rotate or expire tokens for security
- Write request specs for login, logout, and protected routes; use provided test helpers to sign_in/sign_out
- Consider rate limiting the sessions#create action to protect against credential stuffing
Example use cases
- Protecting an admin area so only authenticated users can access PostsController
- Adding a ‘Remember me’ option by setting cookie expiry when starting a session
- Implementing multi-device session tracking and an interface to terminate sessions
- Building password reset flows using the generated PasswordsController and views
- Writing RSpec request specs that assert redirects for unauthenticated access and successful sign-in flows
FAQ
The generator stores a session token in a signed, HttpOnly cookie. On each request the Authentication concern checks cookies.signed[:session_token], looks up the Session by token, and sets Current.session if found.
Can I allow public access to specific controller actions?
Yes. The Authentication concern provides allow_unauthenticated_access which calls skip_before_action for listed actions so those routes remain public.
13 skills
This skill helps you implement Rails 8 built-in authentication with a complete user, session, and password reset flow, including controllers and views.
This skill helps you scaffold Rails controllers using a TDD workflow, writing red specs first and delivering fully tested actions.
This skill helps you implement Rails caching patterns to boost performance with fragment, Russian doll, and low-level caching strategies.
This skill helps you implement Rails service objects with a clear contract, testability, and dependency injection for complex business logic.
This skill helps optimize Rails performance by detecting N+1 queries, indexing gaps, and memory issues to speed up responses.
This skill helps you create test-driven Rails query objects that encapsulate complex queries and ensure multi-tenant data isolation.
This skill helps you implement and orchestrate Hotwire patterns (Turbo Frames, Streams, Stimulus) for real-time, interactive Rails UIs.
This skill helps you choose Rails 8 architecture patterns, guiding where to place code and how to refactor for clean, maintainable apps.
This skill helps Rails developers create reusable ViewComponents with TDD workflows, enabling fast, testable UI for cards, badges, tables, and modals.
This skill helps Rails developers configure Solid Queue for background jobs, from installation to recurring tasks, with adapters, queues, and monitoring.
This skill helps you implement robust Rails form objects to manage multi-model, wizard, and non-persisted forms with tests.
This skill helps you implement Rails i18n patterns across models, views, and locales, ensuring consistent translations and locale switching.
This skill creates Rails models using a test-driven approach, guiding you from requirements to green specs for reliable, scalable data models.