Rate limiting using Redis in a Rails app

The web is a weird place. You go to sleep thinking that you have a perfectly functional web application and the next day when you wake up, you might find yourself staring at a sudden huge spike in the number of requests. Either your app got popular overnight or you were just a victim of a DOS attack trying to bring your app server down. Usually, it's the latter. There are some popular gems like rack-attack and rack-throttle which work quite well and provides a lot of flexibility. But if you're looking to write your custom logic with minimum dependencies,

Everything you need to know about Serialization in Ruby on Rails: Part II

In the previous article of the Serialization in Ruby on Rails series, we became familiar with various serialization formats provided by the Ruby libraries. In this article, we will see how the YAML and JSON formats are used by Rails to store Ruby objects in a database. Serialization in Rails for Storage Rails framework allows complex objects to be stored in a database column via the ActiveRecord::Serialization module. But understanding when to store serialized data in a column is more crucial than knowing how to do it. Through this article, we will first learn "when" to store serialized data

ActiveRecord attribute encryption in Ruby on Rails for better security compliance

Data Encryption has never been so important to modern-day applications as it is today. Storing personal data in plain-text format makes the application open to data theft. Not only users' personal data is at risk, but even the application becomes subject to scrutiny when it falls under General Data Protection Regulation (GDPR) norms. In this blog post, we will explore a quick way to encrypt & decrypt model attributes using Rails handy ActiveSupport::MessageEncryptor class to ensure compliance such as GDPR. Let's start with some basics on PII and GDPR mandates. Personally Identifiable Information (PII) examples as per GDPR PII

How to prevent race condition in Ruby on Rails applications?

Race conditions are always surprising, which can occur in production and are difficult to reproduce. They can cause duplication of records in the database. Most of the time the locking mechanism is taken care of by the Rails framework. Users don't have to manage it; especially optimistic locking using the lock_version column. In case of transactions and race around conditions, we can prevent these issues with Pessimistic Locking in ActiveRecord. It locks a record immediately as soon as the lock is requested(uses database row-level locking). Race conditions happen when two users read and update a record at the

Identifying and Removing Dead Code from a Ruby on Rails Legacy Application

Dead code is code that is never executed. It can be a commented out block of code, a method that's no longer called, or an unreachable return statement. It often reflects functionality that no longer exists. Dead code has absolutely no upside and it costs us money, time, and maintenance headaches. It's possible to identify the unused block of code in smaller projects. But in larger projects, it is not as straightforward. It is a delicate process and requires absolute surety of the deadness status to avoid any unexpected breakdowns. A few tools are present that can aid us in

Everything You Need to know about Serialization in Ruby on Rails - Part I

It was the day we were moving. I was observing how the "Packers and Movers" professionals packed our furniture. For example, the King size bed shown below had to be accommodated within a space of about 6-7 inches inside a van. While I kept wondering how they'd manage this, they dismantled the bed. And in went the camel through the needle's eye very neatly. That's when I realized the computing world is not very different from the real world. They dismantled the bed for transportation and then reassembled at the destination. Similarly, in the computing world, we deconstruct objects or

Sign API request using Postman pre-request scripts

When we are about to test a dynamic API request via Postman and realize that we need to pass a freshly generated signature in the headers, what do we generally do? For each request, we generate the signature using server-side code and copy-paste it in the headers. Sounds like a tedious job, doesn’t it? We faced a similar situation in our application where we had to pass a signature in the headers while testing an API. The signature was generated by encoding all the request parameters using the user's secret key. If any of the request parameters changed, we

Building Rails 5 application with Angular 5

This article shows the very basic application set up required to host a rails application with Angular 5 framework Angular - Is a modern javascript framework for building web application in javascript,html and type script(super script of javascript) Such kind of working will have two separate servers. One server will be hosting rails part and the second server will be hosting the angular part. The HTTP request raised will have a different origin header, than that of the server hosted, and hence the request will fail. A cross-origin HTTP request (CORS) is used when the request is raised

Scaling Enterprise SaaS Platform with Microservices

Spoiler Alert: This article is not about Microservices architecture or how microservices works. In this article, I will share what we have learned in scaling one of the large SaaS platform, our ongoing improvements and how Microservices architecture is playing a key role in scaling this SaaS platform. This SaaS Platform has experienced tremendous growth in the past 18 months. It has now become one of the leading CRMs in North America. Everyone’s definition of “scale” and “growth” can differ based on specific numbers or metric a company is targeting i.e. revenue, user base, or others. We are

Distributed indexing and searching with Apache SolrCloud

Since quite some time, we use Apache Solr in one of our project for indexing data to search it faster from Solr server instead of always searching it from main database and creating bottleneck. We use Sunspot gem which is ruby library for rails application to implement Apache solr. Recently we thought to implement Apache SolrCloud architecture in same application to manage our daily growing Solr data more efficiently with this powerful feature of Apache Solr. In brief, you can consider it as a another database where your data is indexed and stored as xml documents. You can query this