SlideShare a Scribd company logo
1 of 19
Download to read offline
/vendor/plugins/panmind
Spinoffs from a large Rails Application




                               Ruby Social Club night @MIKAMAI
Why?
‣ Code     you write in /app will be obsolete soon

‣ Code     you write in /lib will be obsolete less soon (maybe)

‣ Code     you you share with the Open Source community could live
 really long and beyond your expectations



‣ It’s   a sane engineering principle to write reusable code

‣ Sharing    the code makes you write good documentation




                                                       Ruby Social Club night @MIKAMAI
How?
‣ gem     uninstall -f copy-paste ide-tools

‣ Abstract    early, abstract often

‣ Create    temporary modules in your models, helpers, controllers

‣ Move     those modules away in /lib[1] - SOON

‣ Decouple     ‘em from the app assumptions, logic and configuration

‣ Move     ‘em in /vendor/plugins



‣ [1]:   Optional but recommended:
 config.load_once_paths.push((Rails.root+'lib').to_s)

                                                      Ruby Social Club night @MIKAMAI
A real world example
    http://github.com/Panmind/bigbro/commits/master

‣ Write   code in /lib, include the rusty module(s) in your app
‣ Decouple    configuration:
    -     def account
    -       Config[:id]
    +     attr_accessor :account
    +     def self.set(options = {})
    +        self.account = options[:account]
‣   Remove initialization code and put it in init.rb
‣   Rename the module and move code around
‣   Write documentation
‣   Release (Git is your friend: co, cherry-pick and rebase -i)
‣   Present at a Ruby event so someone else will write tests ;-)

                                                       Ruby Social Club night @MIKAMAI
Compatibility checklist
‣ Ruby    1.9.1-p378
‣ Rails   2.3.8
‣ rails_xss       plugin


‣ Patches   to support older versions of Ruby/Rails
 and/or without the rails_xss plugin more than
 welcome! (it’s just an .html_safe after all :-)


                                           Ruby Social Club night @MIKAMAI
Release #1: SSLHelper - What
    http://github.com/Panmind/ssl_helper

‣   require_ssl / ignore_ssl / refuse_ssl DSL for your
    controllers (simple wrap of a before_filter)
‣   Named route helpers (ssl_ / plain_ relatives) and test helpers
    (with_ / without_ssl, use_ / forget_ssl) generation
    redirect_to ssl_login_url
    <%= link_to “Sign up”, ssl_signup_url %>
    <% form_tag plain_search_url do %> ... <% end %>
    without_ssl do
      get :show, :id => @project.id
      assert_redirected_to ssl_project_url(@project.id)
    end

                                                    Ruby Social Club night @MIKAMAI
Release #1: SSLHelper - How
‣   Checks HTTPS / X-Forwarded-Proto variables via Rails’
    request.ssl?
‣   Includes the controller DSL straight into ActionController::Base
‣   Inserts into Rails’ router initialization by extending
    ActionController::Routing::Routes and overriding the
    reload! method (returning super do ... end)
‣   Generates ssl_ and plain_ wrappers of every named route helper
    defined in your app and puts them into an anonymous Module
‣   Includes it in ActionView::Base and in ActionController::
    {Base,Integration::Session,TestCase}


                                                             Ruby Social Club night @MIKAMAI
Release #2: BigBro - What
    http://github.com/Panmind/bigbro
‣   Google Analytics -- let’s get it straight (and async)
‣   Optimizes GA’s protocol check (it’s http://www. or https://ssl.?)
‣   Generates <noscript> tracking code
‣   Contains an embryo of a jQuery GA toolkit (in the js/ directory)
    <%= analytics %> or
    <%= analytics :track => false %>
    context “an user”
      should “be aware to live in 1984”
            get :index
            assert_analytics
      end
    end

                                                            Ruby Social Club night @MIKAMAI
Release #2: BigBro - How
‣   A submodule contains view helpers, another one test helpers
‣   The top-level module singleton class holds the initialization
    method and the GA account into an instance variable:
    class << self
      attr_accessor :account
      def set(options = {}) ... end
    end
‣   View helpers are included in ActionView::Base
‣   Test helpers are included in ActionController::TestCase

    ...Whoops, the plugin currently adds ‘em in ActiveSupport::
    TestCase! who’ll be the first to send out a pull request? :-)


                                                               Ruby Social Club night @MIKAMAI
Release #3: ReCaptcha - What
    http://github.com/Panmind/recaptcha

‣   Embeds ReCaptcha JS / Generates <noscript> code

‣   Provides a require_valid_captcha controller class method

‣   Chats with ReCaptcha HTTP service - handling timeouts

‣   AJAX validation via a custom jQuery plugin (untied to this one)

    <%= recaptcha :label => 'Human?', :theme => 'clean' %>
    require_valid_captcha :only => :create
    def invalid_captcha
      @user.errors.add_to_base('Captcha failed')
      render :new, :layout => 'login'
    end
                                                       Ruby Social Club night @MIKAMAI
Release #3: ReCaptcha - Test
Using mocha -- gem install it if you don’t have it

context ‘a guest’ do
  should ‘insert a valid captcha’
    mock_invalid_captcha
    post :signup, :email => ‘vjt@openssl.it’, ...
    assert_response :precondition_failed # 412

    mock_valid_captcha
    post :signup, :email => ‘vjt@openssl.it’, ...
    assert_redirected_to root_url # 302
  end
end

                                               Ruby Social Club night @MIKAMAI
Release #3: ReCaptcha - How
‣   Controller, View and Test helpers live in separate modules
‣   The top-level module singleton class contains the initialization
    method and the ReCaptcha keys
    class << self
      attr_accessor :private_key, :public_key, ...
      def set(options = {}) ... end
    end
‣   Controller methods included in ActionController::Base, and
    self.included() adds the require_valid_captcha method
‣   View helpers are included in ActionView::Base
‣   Test helpers are included in ActionController::TestCase

                                                       Ruby Social Club night @MIKAMAI
Release #3: ReCaptcha - AJAX
‣   ReCaptchas can be validated only once
‣   The jquery.ajax-validate plugin calls a controller action
    (Metal is better) that returns different HTTP status codes
‣   If successful, a flag is saved in the flash
‣   When the form is submitted, if the flag is true, ReCaptcha
    validation is skipped
‣   Unless your session cookies can be tampered with, the code is not
    vulnerable to replay attacks
‣   Older versions used a DB table first, memcached after.. but the
    flash is the best choice -- see the commit history for details :-)


                                                       Ruby Social Club night @MIKAMAI
Release #4: Zendesk - What
    http://github.com/Panmind/zendesk
‣   Zendesk? The best support platform / CRM in town
‣   View helpers to generate the trendy “feedback” button code --->
    and to generate links that display the feedback form
‣   Route and controller methods to implement Zendesk’s remote
    authentication: your users won’t have to register and log in on the
    support forum
‣   View helpers to generate links to the support forum
    <%= zendesk_dropbox_tags %>
    <%= zendesk_link_to ‘Support’ %>
    map.zendesk ‘/support’, :controller => :sessions

                                                       Ruby Social Club night @MIKAMAI
Release #4: Zendesk - How
‣   View helpers are included into ActionView::Base
‣   The route generation method is included into
    ActionController::Routing::RouteSet::Mapper
‣   This time, you have to include the controller methods into your
    login controller: in development mode they would be lost because
    of ActiveSupport’s reloading (solutions welcome!)


‣   Too much configuration is needed to make it work; your login
    action must implement a redirect_to params[:return_to]
    -- does anyone want to help?

                                                     Ruby Social Club night @MIKAMAI
Release #4: Zendesk - Flow
1. Guest clicks on zendesk_link_to(‘Support’)
2. Guest is taken to the support forum
3. Guest clicks ‘login’ in the support forum
4. Guest is redirected to the login page by the
  zendesk_handle_guests filter of the zendesk_login action
5. User is redirected to the zendesk_login action
6. User is redirected to zendesk’s remote authentication endpoint with a
  set of query string parameters (hash, timestamp, ...) and logged in
  ----------------------------------------------------------
1. User clicks on zendesk_link_to(‘Support’)
2. GOTO 5

                                                        Ruby Social Club night @MIKAMAI
Release #5: Leaker
Don’t use this plugin.
It’s an example of how plugins can be
evil. Even if written elegantly.

If you’re really curious why you shouldn’t, read the documentation
on GitHub - http://github.com/Panmind/leaker


You have been warned :-p


                                                  Ruby Social Club night @MIKAMAI
Where is the live demo?
SSLHelper: curl -I http://panmind.org/login -> 301

BigBro: have a look at the source of any panmind.org page, and
search for ga.js

ReCaptcha: https://panmind.org/signup input wrong data first and
then sign up

Zendesk: try the “Support” link in the footer and the “feedback” ->
button on the right of every page - both before and after logging in

Leaker: no way! :-)


                                                   Ruby Social Club night @MIKAMAI
Thank you! :-)

@vjt - vjt@openssl.it
http://panmind.org/



                        Ruby Social Club night @MIKAMAI

More Related Content

What's hot

Hackathon - Building vaadin add on components
Hackathon - Building vaadin add on componentsHackathon - Building vaadin add on components
Hackathon - Building vaadin add on componentsJoonas Lehtinen
 
Workshop: Building Vaadin add-ons
Workshop: Building Vaadin add-onsWorkshop: Building Vaadin add-ons
Workshop: Building Vaadin add-onsSami Ekblad
 
Java Web Application Security with Java EE, Spring Security and Apache Shiro ...
Java Web Application Security with Java EE, Spring Security and Apache Shiro ...Java Web Application Security with Java EE, Spring Security and Apache Shiro ...
Java Web Application Security with Java EE, Spring Security and Apache Shiro ...Matt Raible
 
Java REST API Comparison: Micronaut, Quarkus, and Spring Boot - jconf.dev 2020
Java REST API Comparison: Micronaut, Quarkus, and Spring Boot - jconf.dev 2020Java REST API Comparison: Micronaut, Quarkus, and Spring Boot - jconf.dev 2020
Java REST API Comparison: Micronaut, Quarkus, and Spring Boot - jconf.dev 2020Matt Raible
 
10 Laravel packages everyone should know
10 Laravel packages everyone should know10 Laravel packages everyone should know
10 Laravel packages everyone should knowPovilas Korop
 
GlobalLogic Test Automation Online TechTalk “Playwright — A New Hope”
GlobalLogic Test Automation Online TechTalk “Playwright — A New Hope”GlobalLogic Test Automation Online TechTalk “Playwright — A New Hope”
GlobalLogic Test Automation Online TechTalk “Playwright — A New Hope”GlobalLogic Ukraine
 
Reconciling ReactJS as a View Layer Replacement (MidwestJS 2014)
Reconciling ReactJS as a View Layer Replacement (MidwestJS 2014)Reconciling ReactJS as a View Layer Replacement (MidwestJS 2014)
Reconciling ReactJS as a View Layer Replacement (MidwestJS 2014)Zach Lendon
 
MidwestJS 2014 Reconciling ReactJS as a View Layer Replacement
MidwestJS 2014 Reconciling ReactJS as a View Layer ReplacementMidwestJS 2014 Reconciling ReactJS as a View Layer Replacement
MidwestJS 2014 Reconciling ReactJS as a View Layer ReplacementZach Lendon
 
Developing Modern Java Web Applications with Java EE 7 and AngularJS
Developing Modern Java Web Applications with Java EE 7 and AngularJSDeveloping Modern Java Web Applications with Java EE 7 and AngularJS
Developing Modern Java Web Applications with Java EE 7 and AngularJSShekhar Gulati
 
What's New in JHipsterLand - Devoxx Poland 2017
What's New in JHipsterLand - Devoxx Poland 2017What's New in JHipsterLand - Devoxx Poland 2017
What's New in JHipsterLand - Devoxx Poland 2017Matt Raible
 
Building fast and performant apps
Building fast and performant appsBuilding fast and performant apps
Building fast and performant appsRahul Yadav
 
How to Build ToDo App with Vue 3 + TypeScript
How to Build ToDo App with Vue 3 + TypeScriptHow to Build ToDo App with Vue 3 + TypeScript
How to Build ToDo App with Vue 3 + TypeScriptKaty Slemon
 
How to Implement Basic Angular Routing and Nested Routing With Params in Angu...
How to Implement Basic Angular Routing and Nested Routing With Params in Angu...How to Implement Basic Angular Routing and Nested Routing With Params in Angu...
How to Implement Basic Angular Routing and Nested Routing With Params in Angu...Katy Slemon
 
Marvel of Annotation Preprocessing in Java by Alexey Buzdin
Marvel of Annotation Preprocessing in Java by Alexey BuzdinMarvel of Annotation Preprocessing in Java by Alexey Buzdin
Marvel of Annotation Preprocessing in Java by Alexey BuzdinJava User Group Latvia
 
EWD 3 Training Course Part 41: Building a React.js application with QEWD, Part 5
EWD 3 Training Course Part 41: Building a React.js application with QEWD, Part 5EWD 3 Training Course Part 41: Building a React.js application with QEWD, Part 5
EWD 3 Training Course Part 41: Building a React.js application with QEWD, Part 5Rob Tweed
 
webcomponents (Jfokus 2015)
webcomponents (Jfokus 2015)webcomponents (Jfokus 2015)
webcomponents (Jfokus 2015)Hendrik Ebbers
 
Predictable Web Apps with Angular and Redux
Predictable Web Apps with Angular and ReduxPredictable Web Apps with Angular and Redux
Predictable Web Apps with Angular and ReduxFITC
 

What's hot (20)

Hackathon - Building vaadin add on components
Hackathon - Building vaadin add on componentsHackathon - Building vaadin add on components
Hackathon - Building vaadin add on components
 
Workshop: Building Vaadin add-ons
Workshop: Building Vaadin add-onsWorkshop: Building Vaadin add-ons
Workshop: Building Vaadin add-ons
 
Java Web Application Security with Java EE, Spring Security and Apache Shiro ...
Java Web Application Security with Java EE, Spring Security and Apache Shiro ...Java Web Application Security with Java EE, Spring Security and Apache Shiro ...
Java Web Application Security with Java EE, Spring Security and Apache Shiro ...
 
Os Johnson
Os JohnsonOs Johnson
Os Johnson
 
Java REST API Comparison: Micronaut, Quarkus, and Spring Boot - jconf.dev 2020
Java REST API Comparison: Micronaut, Quarkus, and Spring Boot - jconf.dev 2020Java REST API Comparison: Micronaut, Quarkus, and Spring Boot - jconf.dev 2020
Java REST API Comparison: Micronaut, Quarkus, and Spring Boot - jconf.dev 2020
 
10 Laravel packages everyone should know
10 Laravel packages everyone should know10 Laravel packages everyone should know
10 Laravel packages everyone should know
 
GlobalLogic Test Automation Online TechTalk “Playwright — A New Hope”
GlobalLogic Test Automation Online TechTalk “Playwright — A New Hope”GlobalLogic Test Automation Online TechTalk “Playwright — A New Hope”
GlobalLogic Test Automation Online TechTalk “Playwright — A New Hope”
 
Grails Spring Boot
Grails Spring BootGrails Spring Boot
Grails Spring Boot
 
Reconciling ReactJS as a View Layer Replacement (MidwestJS 2014)
Reconciling ReactJS as a View Layer Replacement (MidwestJS 2014)Reconciling ReactJS as a View Layer Replacement (MidwestJS 2014)
Reconciling ReactJS as a View Layer Replacement (MidwestJS 2014)
 
MidwestJS 2014 Reconciling ReactJS as a View Layer Replacement
MidwestJS 2014 Reconciling ReactJS as a View Layer ReplacementMidwestJS 2014 Reconciling ReactJS as a View Layer Replacement
MidwestJS 2014 Reconciling ReactJS as a View Layer Replacement
 
Developing Modern Java Web Applications with Java EE 7 and AngularJS
Developing Modern Java Web Applications with Java EE 7 and AngularJSDeveloping Modern Java Web Applications with Java EE 7 and AngularJS
Developing Modern Java Web Applications with Java EE 7 and AngularJS
 
What's New in JHipsterLand - Devoxx Poland 2017
What's New in JHipsterLand - Devoxx Poland 2017What's New in JHipsterLand - Devoxx Poland 2017
What's New in JHipsterLand - Devoxx Poland 2017
 
Hack the Future
Hack the FutureHack the Future
Hack the Future
 
Building fast and performant apps
Building fast and performant appsBuilding fast and performant apps
Building fast and performant apps
 
How to Build ToDo App with Vue 3 + TypeScript
How to Build ToDo App with Vue 3 + TypeScriptHow to Build ToDo App with Vue 3 + TypeScript
How to Build ToDo App with Vue 3 + TypeScript
 
How to Implement Basic Angular Routing and Nested Routing With Params in Angu...
How to Implement Basic Angular Routing and Nested Routing With Params in Angu...How to Implement Basic Angular Routing and Nested Routing With Params in Angu...
How to Implement Basic Angular Routing and Nested Routing With Params in Angu...
 
Marvel of Annotation Preprocessing in Java by Alexey Buzdin
Marvel of Annotation Preprocessing in Java by Alexey BuzdinMarvel of Annotation Preprocessing in Java by Alexey Buzdin
Marvel of Annotation Preprocessing in Java by Alexey Buzdin
 
EWD 3 Training Course Part 41: Building a React.js application with QEWD, Part 5
EWD 3 Training Course Part 41: Building a React.js application with QEWD, Part 5EWD 3 Training Course Part 41: Building a React.js application with QEWD, Part 5
EWD 3 Training Course Part 41: Building a React.js application with QEWD, Part 5
 
webcomponents (Jfokus 2015)
webcomponents (Jfokus 2015)webcomponents (Jfokus 2015)
webcomponents (Jfokus 2015)
 
Predictable Web Apps with Angular and Redux
Predictable Web Apps with Angular and ReduxPredictable Web Apps with Angular and Redux
Predictable Web Apps with Angular and Redux
 

Viewers also liked

RVM and Ruby Interpreters @ RSC Roma 03/2011
RVM and Ruby Interpreters @ RSC Roma 03/2011RVM and Ruby Interpreters @ RSC Roma 03/2011
RVM and Ruby Interpreters @ RSC Roma 03/2011Marcello Barnaba
 
Zarządzanie zamianami w relacyjnych bazach danych
Zarządzanie zamianami w relacyjnych bazach danychZarządzanie zamianami w relacyjnych bazach danych
Zarządzanie zamianami w relacyjnych bazach danychMarcinStachniuk
 
Полный цикл разработки на Python + Django
Полный цикл разработки на Python + DjangoПолный цикл разработки на Python + Django
Полный цикл разработки на Python + DjangoAzamat Tokhtaev
 
Liquibase - Zarządzanie zmianami w relacyjnych bazach danych
Liquibase - Zarządzanie zmianami w relacyjnych bazach danychLiquibase - Zarządzanie zmianami w relacyjnych bazach danych
Liquibase - Zarządzanie zmianami w relacyjnych bazach danychMarcinStachniuk
 
Failcon Atlanta - A Post-mortem of a healthcare startup
Failcon Atlanta - A Post-mortem of a healthcare startupFailcon Atlanta - A Post-mortem of a healthcare startup
Failcon Atlanta - A Post-mortem of a healthcare startupClassPass
 

Viewers also liked (7)

RVM and Ruby Interpreters @ RSC Roma 03/2011
RVM and Ruby Interpreters @ RSC Roma 03/2011RVM and Ruby Interpreters @ RSC Roma 03/2011
RVM and Ruby Interpreters @ RSC Roma 03/2011
 
Zarządzanie zamianami w relacyjnych bazach danych
Zarządzanie zamianami w relacyjnych bazach danychZarządzanie zamianami w relacyjnych bazach danych
Zarządzanie zamianami w relacyjnych bazach danych
 
Полный цикл разработки на Python + Django
Полный цикл разработки на Python + DjangoПолный цикл разработки на Python + Django
Полный цикл разработки на Python + Django
 
Liquibase - Zarządzanie zmianami w relacyjnych bazach danych
Liquibase - Zarządzanie zmianami w relacyjnych bazach danychLiquibase - Zarządzanie zmianami w relacyjnych bazach danych
Liquibase - Zarządzanie zmianami w relacyjnych bazach danych
 
Retrospekcja warsztat Agile3M
Retrospekcja warsztat Agile3MRetrospekcja warsztat Agile3M
Retrospekcja warsztat Agile3M
 
Failcon Atlanta - A Post-mortem of a healthcare startup
Failcon Atlanta - A Post-mortem of a healthcare startupFailcon Atlanta - A Post-mortem of a healthcare startup
Failcon Atlanta - A Post-mortem of a healthcare startup
 
Penetrationtestinglovesfreesoftware libreplaner2017-christianfernandez-hispag...
Penetrationtestinglovesfreesoftware libreplaner2017-christianfernandez-hispag...Penetrationtestinglovesfreesoftware libreplaner2017-christianfernandez-hispag...
Penetrationtestinglovesfreesoftware libreplaner2017-christianfernandez-hispag...
 

Similar to Panmind at Ruby Social Club Milano

Building Mobile Friendly APIs in Rails
Building Mobile Friendly APIs in RailsBuilding Mobile Friendly APIs in Rails
Building Mobile Friendly APIs in RailsJim Jeffers
 
Hackazon realistic e-commerce Hack platform
Hackazon realistic e-commerce Hack platformHackazon realistic e-commerce Hack platform
Hackazon realistic e-commerce Hack platformIhor Uzhvenko
 
Rails antipattern-public
Rails antipattern-publicRails antipattern-public
Rails antipattern-publicChul Ju Hong
 
Quick Start: ActiveScaffold
Quick Start: ActiveScaffoldQuick Start: ActiveScaffold
Quick Start: ActiveScaffoldDavid Keener
 
Rails antipatterns
Rails antipatternsRails antipatterns
Rails antipatternsChul Ju Hong
 
using Mithril.js + postgREST to build and consume API's
using Mithril.js + postgREST to build and consume API'susing Mithril.js + postgREST to build and consume API's
using Mithril.js + postgREST to build and consume API'sAntônio Roberto Silva
 
DevOps on AWS: Accelerating Software Delivery with the AWS Developer Tools
DevOps on AWS: Accelerating Software Delivery with the AWS Developer ToolsDevOps on AWS: Accelerating Software Delivery with the AWS Developer Tools
DevOps on AWS: Accelerating Software Delivery with the AWS Developer ToolsAmazon Web Services
 
Automate Your Automation | DrupalCon Vienna
Automate Your Automation | DrupalCon ViennaAutomate Your Automation | DrupalCon Vienna
Automate Your Automation | DrupalCon ViennaPantheon
 
Python from zero to hero (Twitter Explorer)
Python from zero to hero (Twitter Explorer)Python from zero to hero (Twitter Explorer)
Python from zero to hero (Twitter Explorer)Yuriy Senko
 
Probo.ci Drupal 4 Gov Devops 1/2 day Presentation
Probo.ci Drupal 4 Gov Devops 1/2 day Presentation Probo.ci Drupal 4 Gov Devops 1/2 day Presentation
Probo.ci Drupal 4 Gov Devops 1/2 day Presentation Zivtech, LLC
 
Fix me if you can - DrupalCon prague
Fix me if you can - DrupalCon pragueFix me if you can - DrupalCon prague
Fix me if you can - DrupalCon praguehernanibf
 
Porting Rails Apps to High Availability Systems
Porting Rails Apps to High Availability SystemsPorting Rails Apps to High Availability Systems
Porting Rails Apps to High Availability SystemsMarcelo Pinheiro
 
Effizientere WordPress-Plugin-Entwicklung mit Softwaretests
Effizientere WordPress-Plugin-Entwicklung mit SoftwaretestsEffizientere WordPress-Plugin-Entwicklung mit Softwaretests
Effizientere WordPress-Plugin-Entwicklung mit SoftwaretestsDECK36
 
Front End Development for Back End Developers - vJUG24 2017
Front End Development for Back End Developers - vJUG24 2017Front End Development for Back End Developers - vJUG24 2017
Front End Development for Back End Developers - vJUG24 2017Matt Raible
 
Using advanced C# features in Sharepoint development
Using advanced C# features in Sharepoint developmentUsing advanced C# features in Sharepoint development
Using advanced C# features in Sharepoint developmentsadomovalex
 
Front End Development for Back End Developers - UberConf 2017
Front End Development for Back End Developers - UberConf 2017Front End Development for Back End Developers - UberConf 2017
Front End Development for Back End Developers - UberConf 2017Matt Raible
 
Vue micro frontend implementation patterns
Vue micro frontend implementation patternsVue micro frontend implementation patterns
Vue micro frontend implementation patternsAlbert Brand
 
Multi-tenancy with Rails
Multi-tenancy with RailsMulti-tenancy with Rails
Multi-tenancy with RailsPaul Gallagher
 

Similar to Panmind at Ruby Social Club Milano (20)

Building Mobile Friendly APIs in Rails
Building Mobile Friendly APIs in RailsBuilding Mobile Friendly APIs in Rails
Building Mobile Friendly APIs in Rails
 
Basic Rails Training
Basic Rails TrainingBasic Rails Training
Basic Rails Training
 
Hackazon realistic e-commerce Hack platform
Hackazon realistic e-commerce Hack platformHackazon realistic e-commerce Hack platform
Hackazon realistic e-commerce Hack platform
 
Rails antipattern-public
Rails antipattern-publicRails antipattern-public
Rails antipattern-public
 
Quick Start: ActiveScaffold
Quick Start: ActiveScaffoldQuick Start: ActiveScaffold
Quick Start: ActiveScaffold
 
Rails antipatterns
Rails antipatternsRails antipatterns
Rails antipatterns
 
using Mithril.js + postgREST to build and consume API's
using Mithril.js + postgREST to build and consume API'susing Mithril.js + postgREST to build and consume API's
using Mithril.js + postgREST to build and consume API's
 
DevOps on AWS: Accelerating Software Delivery with the AWS Developer Tools
DevOps on AWS: Accelerating Software Delivery with the AWS Developer ToolsDevOps on AWS: Accelerating Software Delivery with the AWS Developer Tools
DevOps on AWS: Accelerating Software Delivery with the AWS Developer Tools
 
Automate Your Automation | DrupalCon Vienna
Automate Your Automation | DrupalCon ViennaAutomate Your Automation | DrupalCon Vienna
Automate Your Automation | DrupalCon Vienna
 
Python from zero to hero (Twitter Explorer)
Python from zero to hero (Twitter Explorer)Python from zero to hero (Twitter Explorer)
Python from zero to hero (Twitter Explorer)
 
Devise and Rails
Devise and RailsDevise and Rails
Devise and Rails
 
Probo.ci Drupal 4 Gov Devops 1/2 day Presentation
Probo.ci Drupal 4 Gov Devops 1/2 day Presentation Probo.ci Drupal 4 Gov Devops 1/2 day Presentation
Probo.ci Drupal 4 Gov Devops 1/2 day Presentation
 
Fix me if you can - DrupalCon prague
Fix me if you can - DrupalCon pragueFix me if you can - DrupalCon prague
Fix me if you can - DrupalCon prague
 
Porting Rails Apps to High Availability Systems
Porting Rails Apps to High Availability SystemsPorting Rails Apps to High Availability Systems
Porting Rails Apps to High Availability Systems
 
Effizientere WordPress-Plugin-Entwicklung mit Softwaretests
Effizientere WordPress-Plugin-Entwicklung mit SoftwaretestsEffizientere WordPress-Plugin-Entwicklung mit Softwaretests
Effizientere WordPress-Plugin-Entwicklung mit Softwaretests
 
Front End Development for Back End Developers - vJUG24 2017
Front End Development for Back End Developers - vJUG24 2017Front End Development for Back End Developers - vJUG24 2017
Front End Development for Back End Developers - vJUG24 2017
 
Using advanced C# features in Sharepoint development
Using advanced C# features in Sharepoint developmentUsing advanced C# features in Sharepoint development
Using advanced C# features in Sharepoint development
 
Front End Development for Back End Developers - UberConf 2017
Front End Development for Back End Developers - UberConf 2017Front End Development for Back End Developers - UberConf 2017
Front End Development for Back End Developers - UberConf 2017
 
Vue micro frontend implementation patterns
Vue micro frontend implementation patternsVue micro frontend implementation patterns
Vue micro frontend implementation patterns
 
Multi-tenancy with Rails
Multi-tenancy with RailsMulti-tenancy with Rails
Multi-tenancy with Rails
 

Recently uploaded

Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Mark Goldstein
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPathCommunity
 
All These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDFAll These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDFMichael Gough
 
WomenInAutomation2024: AI and Automation for eveyone
WomenInAutomation2024: AI and Automation for eveyoneWomenInAutomation2024: AI and Automation for eveyone
WomenInAutomation2024: AI and Automation for eveyoneUiPathCommunity
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality AssuranceInflectra
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Hiroshi SHIBATA
 
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS:  6 Ways to Automate Your Data IntegrationBridging Between CAD & GIS:  6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integrationmarketing932765
 
Digital Tools & AI in Career Development
Digital Tools & AI in Career DevelopmentDigital Tools & AI in Career Development
Digital Tools & AI in Career DevelopmentMahmoud Rabie
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesKari Kakkonen
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfNeo4j
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityIES VE
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Alkin Tezuysal
 
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks  and Compliance Requirements i...Abdul Kader Baba- Managing Cybersecurity Risks  and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...itnewsafrica
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfIngrid Airi González
 
A Glance At The Java Performance Toolbox
A Glance At The Java Performance ToolboxA Glance At The Java Performance Toolbox
A Glance At The Java Performance ToolboxAna-Maria Mihalceanu
 
React Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkReact Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkPixlogix Infotech
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentPim van der Noll
 
Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#Karmanjay Verma
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...Nikki Chapple
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch TuesdayIvanti
 

Recently uploaded (20)

Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to Hero
 
All These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDFAll These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDF
 
WomenInAutomation2024: AI and Automation for eveyone
WomenInAutomation2024: AI and Automation for eveyoneWomenInAutomation2024: AI and Automation for eveyone
WomenInAutomation2024: AI and Automation for eveyone
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024
 
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS:  6 Ways to Automate Your Data IntegrationBridging Between CAD & GIS:  6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
 
Digital Tools & AI in Career Development
Digital Tools & AI in Career DevelopmentDigital Tools & AI in Career Development
Digital Tools & AI in Career Development
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examples
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdf
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a reality
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
 
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks  and Compliance Requirements i...Abdul Kader Baba- Managing Cybersecurity Risks  and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdf
 
A Glance At The Java Performance Toolbox
A Glance At The Java Performance ToolboxA Glance At The Java Performance Toolbox
A Glance At The Java Performance Toolbox
 
React Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkReact Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App Framework
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
 
Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
 

Panmind at Ruby Social Club Milano

  • 1. /vendor/plugins/panmind Spinoffs from a large Rails Application Ruby Social Club night @MIKAMAI
  • 2. Why? ‣ Code you write in /app will be obsolete soon ‣ Code you write in /lib will be obsolete less soon (maybe) ‣ Code you you share with the Open Source community could live really long and beyond your expectations ‣ It’s a sane engineering principle to write reusable code ‣ Sharing the code makes you write good documentation Ruby Social Club night @MIKAMAI
  • 3. How? ‣ gem uninstall -f copy-paste ide-tools ‣ Abstract early, abstract often ‣ Create temporary modules in your models, helpers, controllers ‣ Move those modules away in /lib[1] - SOON ‣ Decouple ‘em from the app assumptions, logic and configuration ‣ Move ‘em in /vendor/plugins ‣ [1]: Optional but recommended: config.load_once_paths.push((Rails.root+'lib').to_s) Ruby Social Club night @MIKAMAI
  • 4. A real world example http://github.com/Panmind/bigbro/commits/master ‣ Write code in /lib, include the rusty module(s) in your app ‣ Decouple configuration: - def account - Config[:id] + attr_accessor :account + def self.set(options = {}) + self.account = options[:account] ‣ Remove initialization code and put it in init.rb ‣ Rename the module and move code around ‣ Write documentation ‣ Release (Git is your friend: co, cherry-pick and rebase -i) ‣ Present at a Ruby event so someone else will write tests ;-) Ruby Social Club night @MIKAMAI
  • 5. Compatibility checklist ‣ Ruby 1.9.1-p378 ‣ Rails 2.3.8 ‣ rails_xss plugin ‣ Patches to support older versions of Ruby/Rails and/or without the rails_xss plugin more than welcome! (it’s just an .html_safe after all :-) Ruby Social Club night @MIKAMAI
  • 6. Release #1: SSLHelper - What http://github.com/Panmind/ssl_helper ‣ require_ssl / ignore_ssl / refuse_ssl DSL for your controllers (simple wrap of a before_filter) ‣ Named route helpers (ssl_ / plain_ relatives) and test helpers (with_ / without_ssl, use_ / forget_ssl) generation redirect_to ssl_login_url <%= link_to “Sign up”, ssl_signup_url %> <% form_tag plain_search_url do %> ... <% end %> without_ssl do get :show, :id => @project.id assert_redirected_to ssl_project_url(@project.id) end Ruby Social Club night @MIKAMAI
  • 7. Release #1: SSLHelper - How ‣ Checks HTTPS / X-Forwarded-Proto variables via Rails’ request.ssl? ‣ Includes the controller DSL straight into ActionController::Base ‣ Inserts into Rails’ router initialization by extending ActionController::Routing::Routes and overriding the reload! method (returning super do ... end) ‣ Generates ssl_ and plain_ wrappers of every named route helper defined in your app and puts them into an anonymous Module ‣ Includes it in ActionView::Base and in ActionController:: {Base,Integration::Session,TestCase} Ruby Social Club night @MIKAMAI
  • 8. Release #2: BigBro - What http://github.com/Panmind/bigbro ‣ Google Analytics -- let’s get it straight (and async) ‣ Optimizes GA’s protocol check (it’s http://www. or https://ssl.?) ‣ Generates <noscript> tracking code ‣ Contains an embryo of a jQuery GA toolkit (in the js/ directory) <%= analytics %> or <%= analytics :track => false %> context “an user” should “be aware to live in 1984” get :index assert_analytics end end Ruby Social Club night @MIKAMAI
  • 9. Release #2: BigBro - How ‣ A submodule contains view helpers, another one test helpers ‣ The top-level module singleton class holds the initialization method and the GA account into an instance variable: class << self attr_accessor :account def set(options = {}) ... end end ‣ View helpers are included in ActionView::Base ‣ Test helpers are included in ActionController::TestCase ...Whoops, the plugin currently adds ‘em in ActiveSupport:: TestCase! who’ll be the first to send out a pull request? :-) Ruby Social Club night @MIKAMAI
  • 10. Release #3: ReCaptcha - What http://github.com/Panmind/recaptcha ‣ Embeds ReCaptcha JS / Generates <noscript> code ‣ Provides a require_valid_captcha controller class method ‣ Chats with ReCaptcha HTTP service - handling timeouts ‣ AJAX validation via a custom jQuery plugin (untied to this one) <%= recaptcha :label => 'Human?', :theme => 'clean' %> require_valid_captcha :only => :create def invalid_captcha @user.errors.add_to_base('Captcha failed') render :new, :layout => 'login' end Ruby Social Club night @MIKAMAI
  • 11. Release #3: ReCaptcha - Test Using mocha -- gem install it if you don’t have it context ‘a guest’ do should ‘insert a valid captcha’ mock_invalid_captcha post :signup, :email => ‘vjt@openssl.it’, ... assert_response :precondition_failed # 412 mock_valid_captcha post :signup, :email => ‘vjt@openssl.it’, ... assert_redirected_to root_url # 302 end end Ruby Social Club night @MIKAMAI
  • 12. Release #3: ReCaptcha - How ‣ Controller, View and Test helpers live in separate modules ‣ The top-level module singleton class contains the initialization method and the ReCaptcha keys class << self attr_accessor :private_key, :public_key, ... def set(options = {}) ... end end ‣ Controller methods included in ActionController::Base, and self.included() adds the require_valid_captcha method ‣ View helpers are included in ActionView::Base ‣ Test helpers are included in ActionController::TestCase Ruby Social Club night @MIKAMAI
  • 13. Release #3: ReCaptcha - AJAX ‣ ReCaptchas can be validated only once ‣ The jquery.ajax-validate plugin calls a controller action (Metal is better) that returns different HTTP status codes ‣ If successful, a flag is saved in the flash ‣ When the form is submitted, if the flag is true, ReCaptcha validation is skipped ‣ Unless your session cookies can be tampered with, the code is not vulnerable to replay attacks ‣ Older versions used a DB table first, memcached after.. but the flash is the best choice -- see the commit history for details :-) Ruby Social Club night @MIKAMAI
  • 14. Release #4: Zendesk - What http://github.com/Panmind/zendesk ‣ Zendesk? The best support platform / CRM in town ‣ View helpers to generate the trendy “feedback” button code ---> and to generate links that display the feedback form ‣ Route and controller methods to implement Zendesk’s remote authentication: your users won’t have to register and log in on the support forum ‣ View helpers to generate links to the support forum <%= zendesk_dropbox_tags %> <%= zendesk_link_to ‘Support’ %> map.zendesk ‘/support’, :controller => :sessions Ruby Social Club night @MIKAMAI
  • 15. Release #4: Zendesk - How ‣ View helpers are included into ActionView::Base ‣ The route generation method is included into ActionController::Routing::RouteSet::Mapper ‣ This time, you have to include the controller methods into your login controller: in development mode they would be lost because of ActiveSupport’s reloading (solutions welcome!) ‣ Too much configuration is needed to make it work; your login action must implement a redirect_to params[:return_to] -- does anyone want to help? Ruby Social Club night @MIKAMAI
  • 16. Release #4: Zendesk - Flow 1. Guest clicks on zendesk_link_to(‘Support’) 2. Guest is taken to the support forum 3. Guest clicks ‘login’ in the support forum 4. Guest is redirected to the login page by the zendesk_handle_guests filter of the zendesk_login action 5. User is redirected to the zendesk_login action 6. User is redirected to zendesk’s remote authentication endpoint with a set of query string parameters (hash, timestamp, ...) and logged in ---------------------------------------------------------- 1. User clicks on zendesk_link_to(‘Support’) 2. GOTO 5 Ruby Social Club night @MIKAMAI
  • 17. Release #5: Leaker Don’t use this plugin. It’s an example of how plugins can be evil. Even if written elegantly. If you’re really curious why you shouldn’t, read the documentation on GitHub - http://github.com/Panmind/leaker You have been warned :-p Ruby Social Club night @MIKAMAI
  • 18. Where is the live demo? SSLHelper: curl -I http://panmind.org/login -> 301 BigBro: have a look at the source of any panmind.org page, and search for ga.js ReCaptcha: https://panmind.org/signup input wrong data first and then sign up Zendesk: try the “Support” link in the footer and the “feedback” -> button on the right of every page - both before and after logging in Leaker: no way! :-) Ruby Social Club night @MIKAMAI
  • 19. Thank you! :-) @vjt - vjt@openssl.it http://panmind.org/ Ruby Social Club night @MIKAMAI