{"id":13878515,"url":"https://github.com/monade/paramoid","last_synced_at":"2025-11-11T19:30:25.650Z","repository":{"id":37212800,"uuid":"478303154","full_name":"monade/paramoid","owner":"monade","description":"Getting paranoid about your Rails application params? Try paramoid!","archived":false,"fork":false,"pushed_at":"2025-01-24T17:27:07.000Z","size":46,"stargazers_count":71,"open_issues_count":0,"forks_count":0,"subscribers_count":7,"default_branch":"main","last_synced_at":"2025-03-27T02:11:19.141Z","etag":null,"topics":["gem","rails","ruby","ruby-on-rails","strong-parameters"],"latest_commit_sha":null,"homepage":"https://monade.io/en/home-en/","language":"Ruby","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/monade.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-04-05T21:16:58.000Z","updated_at":"2025-01-24T17:25:56.000Z","dependencies_parsed_at":"2025-01-23T19:19:24.662Z","dependency_job_id":"7e11ee16-a80e-4f21-95e8-ff2a694294ab","html_url":"https://github.com/monade/paramoid","commit_stats":null,"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/monade%2Fparamoid","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/monade%2Fparamoid/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/monade%2Fparamoid/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/monade%2Fparamoid/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/monade","download_url":"https://codeload.github.com/monade/paramoid/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248702999,"owners_count":21148116,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["gem","rails","ruby","ruby-on-rails","strong-parameters"],"created_at":"2024-08-06T08:01:51.924Z","updated_at":"2025-11-11T19:30:20.622Z","avatar_url":"https://github.com/monade.png","language":"Ruby","readme":"![Tests](https://github.com/monade/paramoid/actions/workflows/test.yml/badge.svg)\n[![Gem Version](https://badge.fury.io/rb/paramoid.svg)](https://badge.fury.io/rb/paramoid)\n\n# Paramoid\n\nGetting _paranoid_ about your Rails application params? Try _paramoid_!\n\nParamoid is an extension for Rails Strong Parameters that allows to sanitize complex params structures with a super cool DSL, supporting:\n\n* Required params and default values\n* A simplified nested structures management\n* Conditional sanitization, based on user auth, role or custom logic\n* Renaming and remapping parameter names\n\n## Installation\n\nAdd the gem to your Gemfile\n\n```ruby\ngem 'paramoid'\n```\n\nand run the `bundle install` command.\n\n## Usage\nDeclare a class extending `Paramoid::Base`.\n\n```ruby\nclass PersonParamsSanitizer \u003c Paramoid::Base\n  # @param [User] user\n  def initialize(user = nil)\n    params! :first_name, :last_name\n\n    group! :address_attributes do\n      params! :id, :road, :town, :state, :zip_code, :country\n    end\n  end\nend\n```\n\nThen use it in your controller:\n\n```ruby\nclass PeopleController \u003c ApplicationController\n\n  def create\n    @person = Person.create!(person_params)\n  end\n\n  private\n\n  def person_params\n    # The name is automatically inferred by the controller name\n    sanitize_params!\n    # Or you can instantiate a custom one\n    # You can pass the current user or nil\n    # CustomPersonParamsSanitizer.new(current_user).sanitize(params)\n  end\nend\n```\n\n### param! vs params! vs group! vs array!\nParamoid is based on Rails Strong Parameters and it's inheriting its behaviour.\n\n* `param!` is used to permit a single scalar parameter. `param! :name` is equivalent of `params.permit(:name, ...)`\n* `params!` is just a shortcut to sanitize in mass a list of parameters having the same options\n* `group!` is used to sanitize objects or arrays, like `params.permit(my_key: [:list, :of, :keys])`\n* `array!` is an alias of `group!` and it's added for readability: in Strong Parameters, `params.permit(name: [:some_key])` accepts both a single object or an array of objects, and this is preserved here.\n\nSo the previous example:\n```ruby\nclass PersonParamsSanitizer \u003c Paramoid::Base\n  # @param [User] user\n  def initialize(user = nil)\n    params! :first_name, :last_name\n\n    group! :address_attributes do\n      params! :id, :road, :town, :state, :zip_code, :country\n    end\n  end\nend\n```\n\nIs equivalent to:\n```ruby\nparams.permit(:first_name, :last_name, address_attributes: [:id, :road, :town, :state, :zip_code, :country])\n```\n\n### Required values\nDeclaring a parameter as required, will raise a `ActionController::ParameterMissing` error if that parameter is not passed by to the controller. This also works with nested structures.\n\n```ruby\nclass UserParamsSanitizer \u003c Paramoid::Base\n  def initialize(user = nil)\n    params! :first_name, :last_name, required: true\n    group! :contact_attributes do\n      param! :phone, required: true\n    end\n  end\nend\n```\n\n### Default values\nYou can declare a default value to a certain parameter. That value is assigned only if that value is not passed in the parameters.\n\nExample:\n```ruby\nclass PostParamsSanitizer \u003c Paramoid::Base\n  def initialize(user = nil)\n    param! :status, default: 'draft'\n    param! :approved, default: false\n  end\nend\n```\n\nInput:\n```ruby\n\u003cActionController::Parameters {\"status\"=\u003e\"published\",\"another_parameter\"=\u003e\"this will be filtered out\"} permitted: false\u003e\n```\n\nOutput:\n```ruby\n\u003cActionController::Parameters {\"status\"=\u003e\"published\",\"approved\":false} permitted: true\u003e\n```\n\n### Name remapping\nYou can also remap the name of a parameter.\n```ruby\nclass PostParamsSanitizer \u003c Paramoid::Base\n  def initialize(user = nil)\n    param! :status, as: :state\n  end\nend\n```\n\nInput:\n```ruby\n\u003cActionController::Parameters {\"status\"=\u003e\"draft\",\"another_parameter\"=\u003e\"this will be filtered out\"} permitted: false\u003e\n```\n\nOutput:\n```ruby\n\u003cActionController::Parameters {\"state\"=\u003e\"draft\"} permitted: true\u003e\n```\n\n### Conditional parameters\nBy using the reference of the current_user in the constructor, you can permit certain parameters based on a specific condition.\n\nExample:\n```ruby\nclass PostParamsSanitizer \u003c Paramoid::Base\n  def initialize(user = nil)\n    params! :first_name, :last_name\n    param! :published if user\u0026.admin?\n  end\nend\n```\n\n### Inline sanitization\nYou can also use the sanitizer DSL inline directly in your controller:\n\n```ruby\nclass PeopleController \u003c ApplicationController\n  def create\n    @person = Person.create!(person_params)\n  end\n\n  private\n\n  def person_params\n    sanitize_params! do\n      params! :first_name, :last_name, required: true\n    end\n  end\nend\n```\n\n### Full Example\n```ruby\nclass PersonParamsSanitizer \u003c Paramoid::Base\n  # @param [User] user\n  def initialize(user = nil)\n    params! :first_name, :last_name, :gender\n\n    param! :current_user_id, required: true\n\n    param! :an_object_filtered\n    param! :an_array_filtered\n\n    array! :an_array_unfiltered\n\n    param! :role if user\u0026.admin?\n\n    default! :some_default, 1\n\n    group! :contact, as: :contact_attributes do\n      params! :id, :first_name, :last_name, :birth_date, :birth_place, :phone, :role, :fiscal_code\n    end\n  end\nend\n```\n\n## TODOs\n* Params type checking and regexp-based validations\n\nAbout Monade\n----------------\n\n![monade](https://monade.io/wp-content/uploads/2021/06/monadelogo.png)\n\nParamoid is maintained by [mònade srl](https://monade.io/en/home-en/).\n\nWe \u003c3 open source software. [Contact us](https://monade.io/en/contact-us/) for your next project!\n","funding_links":[],"categories":["Ruby"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmonade%2Fparamoid","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmonade%2Fparamoid","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmonade%2Fparamoid/lists"}