gistfile1.txt

perishable tokens ?

I want to publish invoices after a product checkout. I don't want to send the invoice by email but rather give a link to the user in the email. The file itself is stored on aws s3.

By default AWS S3 generates perishable urls when the url method is used (http://amazon.rubyforge.org/)

The customers don't have accounts in the shop, they fill up a form every time they buy something on the shop. So they will not have access to a list of their past orders.
I'm thinking to use a Token model with something like id, and token attributes, with an attached controller. When the "invoice ready" email is prepared a token is generated (let's say a unique 8 digits string), associated with the invoice object, and a link to the app using that token (http://app/tokens/<token>) is inserted in the email.
Then when the customer follow that link the controller redirects to the a fresh S3 url that would perish few minutes later.

That way : the customer would still be able to retrieve his invoice even if already did, yet it would not be trivial to access the invoice either. or is it ?

my thinking seems a bit twisted and complicated to me, yet it sounds like it could work, no? some better, more railsfull way to do it ?