Rate limiting using Redis in a Rails app

The web is a weird place. You go to sleep thinking that you have a perfectly functional web application and the next day when you wake up, you might find yourself staring at a sudden huge spike in the number of requests. Either your app got popular overnight or you were just a victim of a DOS attack trying to bring your app server down. Usually, it's the latter. There are some popular gems like rack-attack and rack-throttle which work quite well and provides a lot of flexibility. But if you're looking to write your custom logic with minimum dependencies,

Sync files to a remote location using rsync linux command and Ruby

Note: The entire approach highlighted in this blog about using the rsync command with Ruby is only applicable on Linux-based systems and won't be available on Windows. In this article, we will explore how to use rsync in Ruby to sync files from local to a remote location, how to improve its error logging and how rsync is better than scp. Let's first understand what is rsync: rsync is a Linux command to sync files from one location to another. We can run this command on the terminal and it will copy files from one directory to another, either locally

ActiveRecord attribute encryption in Ruby on Rails for better security compliance

Data Encryption has never been so important to modern-day applications as it is today. Storing personal data in plain-text format makes the application open to data theft. Not only users' personal data is at risk, but even the application becomes subject to scrutiny when it falls under General Data Protection Regulation (GDPR) norms. In this blog post, we will explore a quick way to encrypt & decrypt model attributes using Rails handy ActiveSupport::MessageEncryptor class to ensure compliance such as GDPR. Let's start with some basics on PII and GDPR mandates. Personally Identifiable Information (PII) examples as per GDPR PII

How to prevent race condition in Ruby on Rails applications?

Race conditions are always surprising, which can occur in production and are difficult to reproduce. They can cause duplication of records in the database. Most of the time the locking mechanism is taken care of by the Rails framework. Users don't have to manage it; especially optimistic locking using the lock_version column. In case of transactions and race around conditions, we can prevent these issues with Pessimistic Locking in ActiveRecord. It locks a record immediately as soon as the lock is requested(uses database row-level locking). Race conditions happen when two users read and update a record at the

Identifying and Removing Dead Code from a Ruby on Rails Legacy Application

Dead code is code that is never executed. It can be a commented out block of code, a method that's no longer called, or an unreachable return statement. It often reflects functionality that no longer exists. Dead code has absolutely no upside and it costs us money, time, and maintenance headaches. It's possible to identify the unused block of code in smaller projects. But in larger projects, it is not as straightforward. It is a delicate process and requires absolute surety of the deadness status to avoid any unexpected breakdowns. A few tools are present that can aid us in

The Many Faces of Ruby's Top-level

In the previous post, we looked at how Ruby's top-level acts as a wrapper of the Object class. And that the definitions you put in the top-level act as if they were put in the Object class itself. But, there was one thing that I left out in that blog post, because it deserves its own attention. Module extensionIf you have a module: module Foo def bar :bar end endand you extend it in the top-level: extend Fooyou'd expect that it would extend the Object class because of what we saw in that previous post. But you'd be wrong! Object.

Everything You Need to know about Serialization in Ruby on Rails - Part I

It was the day we were moving. I was observing how the "Packers and Movers" professionals packed our furniture. For example, the King size bed shown below had to be accommodated within a space of about 6-7 inches inside a van. While I kept wondering how they'd manage this, they dismantled the bed. And in went the camel through the needle's eye very neatly. That's when I realized the computing world is not very different from the real world. They dismantled the bed for transportation and then reassembled at the destination. Similarly, in the computing world, we deconstruct objects or

Adding Two-Factor Authentication(2FA) to ActiveAdmin auth in a Ruby on Rails web application

To enhance the security of a web application having a user authentication workflow, we use a security method called 2FA. It is also known as Two Factor Authentication(type of Multi-Factor Authentication). In this blog post, we will see how to implement email-based 2FA in ActiveAdmin auth of a Ruby on Rails application. In the email-based 2FA approach, when logging in with an email and password, an OTP will be sent on a registered email address. Upon entering the OTP, it will successfully authenticate and the session will be started. Also, we will see the following additional functionality and customizations

Identifying and avoiding Tautological tests in Ruby on Rails applications

Writing unit tests is more of an art than a skill, and understanding what to test for comes with experience and/or mistakes. We look for the percentage of test coverage for examining the health of an application. However, the "coverage percentage" might be misused or overlooked. In particular, it falls victim to Goodhart’s law, which says: “When a measure becomes a target, it ceases to be a good measure”. Whenever we start writing test cases for the sake of improving the code coverage, we miss the whole point of testing and rather introduce Tautological Tests - poorly designed

Ruby's Global Scope is Not Really Global

Ruby does not have any entry point to the code it is executing. Compare that to other languages like C, C++, Java, etc., which has a main() method in some way. And this main() is the entry point to the code. But in Ruby, we can open a file with a .rb extension and write our code at the top-level like: foo = 'Great Scott!' puts foo # => Great Scott!... and Ruby will execute the file for us. You'll get introduced to this top-level scope as global scope throughout most tutorials. Even though the intention is correct, the terminology as