Aiken00

HTMX 火了，Rails 的熱度會有所改變嗎？

Aiken00 — Thu, 19 Oct 2023 20:17:12 +0800

這種後端主導的框架，將會把很多東西拉回後端

使用 Rails 這種強後端型框架將會有很大的優勢所以會火起來嗎？

pragmaticstudio 的 Hotwire 課程要來了

Aiken00 — Tue, 01 Feb 2022 10:58:04 +0800

周三正式開賣因為這個出版社的出品質量一直很高，值得推介 https://pragmaticstudio.com/courses/hotwire-rails

Rails 因為 mimemagic 炸了

Aiken00 — Thu, 25 Mar 2021 10:51:26 +0800

https://github.com/rails/rails/issues/41750

mimemagic 由於授權原因 yanked 了所有現有 0.3.5 以前的版本使很多大型系統，如 Rails 都不能正常運行 bundle install

2020 年了 Sinatra 最好的 Server 還是 Thin 嗎？

Aiken00 — Sat, 29 Aug 2020 22:43:55 +0800

如題？

99 bottles of OOP 第二版來了

Aiken00 — Tue, 14 Jul 2020 15:18:25 +0800

第一版買家然而還未收到 coupon code...

Ruby 的 bcrypt 對於文本有沒有長度限制？

Aiken00 — Mon, 13 Jul 2020 21:03:45 +0800

如題最近才發現 bcrypt 的算法一般只計對長度 50~71 以下的文本

Ruby 的 Bcrypt 又是否一樣？

國內還能使用 Firebase 嗎？

Aiken00 — Fri, 14 Feb 2020 09:15:54 +0800

如題

現在還有人在用 Sinatra 嗎？

Aiken00 — Fri, 25 Oct 2019 08:15:18 +0800

最近工作需要接觸 Sinatra 好奇一下 Sinatra 做 hot reload 真的那麼困難嗎？

想問一下源碼以外還有什麼資料/書藉推介？

你們的 REST JSON API 有遵從某一個標準嗎？

Aiken00 — Sat, 02 Feb 2019 10:42:58 +0800

看了一看有幾個熱門的例如 JSON:API, HAL 跟 SIREN 大家都選哪一個？還是沒有直接輸出？

Rails Asset Pipeline Directory Traversal Vulnerability

Aiken00 — Wed, 20 Jun 2018 07:57:49 +0800

Impact

Specially crafted requests can be used to access files that exists on the filesystem that is outside an application's root directory, when the Sprockets server is used in production.

All users running an affected release should either upgrade or use one of the work arounds immediately.

Releases

The 4.0.0.beta8, 3.7.2 and 2.12.5 releases are available at the normal locations.

Workarounds

In Rails applications, work around this issue, set config.assets.compile = false and config.public_file_server.enabled = true in an initializer and precompile the assets.

This work around will not be possible in all hosting environments and upgrading is advised.

Patches

To aid users who aren't able to upgrade immediately we have provided patches for the three supported release series. They are in git-am format and consist of a single changeset.

4-0-fix-path-traversal.patch - Patch for the 4.0.x release series
3-7-fix-path-traversal.patch - Patch for the 3.7.x release series
2-12-fix-path-traversal.patch - Patch for the 2.12.x release series

https://groups.google.com/forum/#!topic/rubyonrails-security/ft_J--l55fM

Pagy - 比 Kaminari 快五百多倍的分頁處理插件

Aiken00 — Fri, 25 May 2018 21:09:46 +0800

現在 Gem 也開始比速度了嗎。。。

https://github.com/ddnexus/pagy

Features

Straightforward code

Pagy is just ~100 lines of simple ruby, organized in 3 flat modules very easy to understand and use it produces its own HTML, URLs, pluralization and interpolation with its own specialized and fast code 100% of its methods are public API, accessible and overridable right where you use them (no need of monkey patching or subclassing) Totally agnostic

it doesn't need to know anything about your models, ORM or Storage, so it doesn't add any code to them it works with all kinds of collections, even pre-paginated, records, Arrays, JSON data... and just whatever you can count it works with all Rack frameworks (Rails, Sinatra, Padrino, ecc.) out of the box it works with any possible non-Rack environment by just overriding one or two one-liner methods Easy to use

You can use pagy in a quite familiar way:

Paginate your collection in some controller:

@pagy, @records = pagy(Product.some_scope) Render the navigation links with a super-fast helper in some view:

<%== pagy_nav(@pagy) %> Or - if you prefer - render the navigation links with a template:

<%== render 'pagy/nav', locals: {pagy: @pagy} %>

ActionView 的組件有安全問題，請趕快更新 rails-html-sanitizer，並確定是否已經是 1.0.4 或以上

Aiken00 — Thu, 22 Mar 2018 23:55:02 +0800

Loofah 有 security 的問題，這個 gem 是 rails-html-sanitizer 的一部分

然而 rails-html-sanitizer 是 actionview 的一部分

所以，可以的話盡快更新最新版本吧。。。

更新後請確定你的 rails-html-sanitizer 版本是否 1.0.4

https://github.com/flavorjones/loofah/issues/144

This issue has been created for public disclosure of an XSS / code injection vulnerability that was responsibly reported by the Shopify Application Security Team.

Netflix 發佈的 JSON Serializer，比 Active Model Serializer 的快二十多倍

Aiken00 — Sat, 03 Mar 2018 09:23:13 +0800

Fast JSON API

A lightning fast JSON:API serializer for Ruby Objects.

Performance Comparison

We compare serialization times with Active Model Serializer as part of RSpec performance tests included on this library. We want to ensure that with every change on this library, serialization time is at least 25 times faster than Active Model Serializers on up to current benchmark of 1000 records. Please read the performance document for any questions related to methodology.

Benchmark times for 250 records

$ rspec
Active Model Serializer serialized 250 records in 138.71 ms
Fast JSON API serialized 250 records in 3.01 ms

https://github.com/Netflix/fast_jsonapi

寫 RoR 的人要求特別高？

Aiken00 — Thu, 01 Mar 2018 10:04:45 +0800

最近有求職者這樣跟我說要求跟其他寫 NodeJS PHP 的公司很不一樣說寫 RoR 好像什麼都要懂似的

想想身邊寫 RoR 新手的確比較少心裏也有點同意

不知道各位有認同的嗎？

使用 Docker 為 Rails 系統作橫向擴展？

Aiken00 — Tue, 20 Feb 2018 14:01:14 +0800

作為 Docker 以及 Ngnix 的配置新手我卡關了

我在嘗試以 docker 來 scale up Rails 系統在沒有 Ngnix 時我是能夠成夠運行 Rails 系統的

但當使用 nginx-proxy 後及 Scale up 後我發現 rails 不能再指定某個 port 了而且 proxy 也不能指向 Rails 系統群作 load balancing

同時有沒有關於 Ngnix 配置的常數作參考？我的docker-compose.yml配置如下

version: '3'
services:
  db:
    container_name: 'postgresql'
    image: postgres
    ports:
      - '5432:5432'
  redis:
    container_name: 'redis'
    image: 'redis:4.0.8-alpine'
    command: redis-server --requirepass yourpassword
    ports:
      - '6379:6379'
    volumes:
      - 'redis:/data'
  web:
    build: .
    command: bash -c "rm -f tmp/pids/server.pid && bundle exec rails s"
    volumes:
      - .:/mapAPI
    env_file:
      - '.env'
    depends_on:
      - db
      - redis
  sidekiq:
    depends_on:
      - 'db'
      - 'redis'
    build: .
    command: bundle exec sidekiq -C config/sidekiq.yml
    volumes:
      - '.:/mapAPI'
    env_file:
      - '.env'
  proxy:
    image: jwilder/nginx-proxy:latest
    ports:
      - "80:80"
    volumes:
      - "/var/run/docker.sock:/tmp/docker.sock"
volumes:
  redis:
  postgres:

在 Ruby 使用多綫程

Aiken00 — Sun, 11 Feb 2018 16:19:33 +0800

最近想研究一下 Ruby 的多綫程

發現除文檔以外相關資料好像不算很多少部分資料也只集中寫 threading

MonitorMixin Semaphore 的近乎沒有

想知道 Ruby China 內有沒有相關的文章或者推介？

關於 Activejob 的幾個問題

Aiken00 — Sun, 15 Oct 2017 18:12:32 +0800

說來慚愧，用了這麼多年 Rails 一直使用 Sidekiq 沒有認真看過 ActiveJob 那一缺最近在做小練習時有點不懂，希望能找到答案。

倘若不使用 Sidekiq, Resque (Redis based Caching)，是否只能在 ActiveJob 內使用 Delayed Job?
倘若使用 Delayed Job, 有沒有些像 Cron 那樣的時間設定？(例子，每 X 分鐘運行一次）
在 Heroku 使用 Delayed Job，除了運行 worker 以後還需要額外的設定嗎？（主要是不想把信用卡綁上戶口）