Activity
Rack Attack is still useful for safelists and blocklists, but the rate limiting / throttling feature is pretty much the same as what's built into Rails now.
The Rails rate limit feature is a bit more friendly since you get all the Rails features, while Rack Attack requires you to write your own Rack responses without any Rails helpers.
Both use the Rails cache store by default, so you won't need to reach for Rack Attack unless you want to setup safelists, blocklists, or another feature.
Posted in Wrapping Up Our URL Shortener Discussion
Glad you enjoyed it Tony!
Shoutout to the folks at Honeybadger for being awesome. 🫡
What have you tried?
Using Rails main, betas, or release candidates are great ways to find bugs and contribute to Rails itself. 🎉
Posted in Today I Learned!
I thought it would be fun to start a thread where we can post the things we've learned recently.
Today I learned that __dir__
returns a full path while File.dirname(__FILE__)
returns a relative path thanks to Xavier's recent commit in Rails: https://github.com/rails/rails/commit/de4d8744744acab2dd9db0683ccf784ea45810b2
Have you used GitHub Action Inputs for any other cool things?
Posted in Rubygems Trusted Publishing Discussion
As more and more vulnerabilities like "xz" with Linux happen, reproducible builds and releasing processes like Trusted Publishing that the Rubygems team has built will be critical. I mean, how many of us actually check the code that is downloaded by bundler to ensure it's secure? Probably very few of us!
Posted in How do I start from the very beginning?
Follow the GoRails Learning Path.
Posted in Tutorial on verifalia gem
Cloudflare as a proxy could help block the malicious user. They can block requests from known bots and present barriers to stop them.
They also run hCaptcha that you can implement in the sign up process to protect from bots. We have a lesson on that here: https://gorails.com/episodes/how-to-usehcaptcha-with-ruby-on-rails
I also like using invisible_captcha which is similar and doesn't require a third-party service (although it's not quite as good).
I don't see this feature used often in Rails apps, but it's super powerful for things like this. An easy way of creating Ruby objects like this allows you to really organize functionality instead of stuffing it all in models.
Posted in Scraping Web Pages with Ruby Discussion
Keep watching. Nokogiri is just an HTML parser, but you need to write code to interact with it, which is why we create the Scraper class.
You may not want / need that to be accessible by everyone, in which case you don't want to add it to the ActiveRecord class, just the association.
Maybe we'll start a new series on metaprogramming. 👍
Posted in Amazon S3 in blog tutorial error
Make sure you added the credentials to the right credentials file (using rails credentials:edit --environment development
) and that you've added it to all of the ones you need.
You can also open up the Rails console and use Rails.application.credentials
to confirm they're loaded properly.
You can either check the class with is_a?
or check methods if with respond_to?
Yes, it's fixed. https://github.com/basecamp/mission_control-jobs/pull/47
No different than html.erb views. Both just generate the HTML independently of the JavaScript.
I feel like components in Ruby are super duper handy for arguments and other complex helper methods. Phlex takes it a step further with the HTML helper methods so you don't even really have to leave Ruby while you're coding. Pretty cool stuff!
I'm not sure if anyone's using Litestack, but SQLite is ready to go. You'll just want to set the SQLite database location to the shared directory so it isn't lost between deploys. I think Rails has changed it's default location to /storage which is automatically symlinked on deploy (just make sure the folder is not in your repo), so it may be good to go as-is.