Rails Note and Cheatsheet

Catastrophic Consequence of Prepared Statement in Rails < 5

Rails 5 Routes: Nest resources and shallow option

resources :users do 
resources :payments, only: %i(create), shallow: true
resources :users do
resources: :payment, only: %i(create), shallow: true
user_payments POST /users/:user_id/payments(.:format) payments#create

present? vs any? vs exist?

  • In Rails 4, present? retrieves all records. any? counts record. exists? retrieves one record. Always use exists? though.
  • any? and exists? in Rails 5 is the same thing.

Postgresql Time Zone

  • Always use timezone across database server as UTC and don’t dare to switch time zone to anywhere else even even you change database location. With this golden rule, you don’t have to care if you use timestamp or timestamptz.
  • No matter how many applications you access to database server, no matter how you config time zone at application server, always persist timestamp in UTC.

How to start conversation. First what is your timezone? Is it in UTC? Otherwise, conversation is terminated.

includes and eager_load

Two kind of strategies to store session in Rails

  1. Cookie store: store all data in the cookie
  2. Everything else (memory store and database store): Store a pointer to data in the cookie

The user of `:inverse_of`

  • Memory optimization, no necessary query to database
  • Creating child nest attributes with the validation of presence of its parent
  • Auto creating join model in has_many :through

Request caching > object memoization

Rails Funny and Weird Learning

Rails App Optimization

Rails has a great love to RESTful web service

  • give API for free
  • simplicity and convenience
  • turn code into resource
  • HTTP verbs
  • use PUT to replace resource
  • use PATCH to update resource
  • Rails uses PATCH rather than PUT
  • 1xx : information
  • 2xx: success
  • 3xx: redirect
  • 4xx: client error
  • 5xx: server error
  • use namespace to keep controllers organized (module API….)
  • write API integration test with ActionDispatch::IntegrationTest
  • status: 200 == status: ok
  • Try CURL
  • Try JBuilder gem
  • Try http_accept_languae gem
  • We should use empty session because REST API is stateless:
  • protect_from_forgery with: :null_session
  • URL versioning: namespace on route
  • test with assert_generate (ActionDispatch::IntegrationTest)
  • module on controller
  • Try versionist gem
  • 2 ways to version API:
  1. Add version to URL
  2. Add version to request header
  • Basic Auth: Basic + base64 encoding (not encrypted)
  • use authenticate_with_http_basic method
  • custom realm
  • http token: it is more secure and flexible than basic auth because it can be expired or generated base on client user.
  • In the header: token = abc123…789xyz
  • digest authentication: work like basic auth but the user name and password are encrypted during communication.
  • Oauth (Open Authorization): is better because it works same as user login/out. Oauth with Doorkeeper or Oauth2. Allow provider to give access to users without exchange of credentials. User does not have problem when provider changes password. Oauth has client_id, token_secret, access_token. Try omni_auth gem: use at client application. Try oauth2 gem
  1. A client (third party, mobile app) requests a token.
  2. An issuer issues a token.
  3. A resource server consumes a token (has a trust relationship with the issuer).

Service Object in Rails

A service object’s job is to hold the code for a particular bit of business logic. ~ DAVE COPELAND, from Anatomy of a Rails Service Objects.



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store