https://ruby-china.org/charlie_hsieh Charlie en-us <ul> <li> <p>安全性更高，功能完整 不用东拼西凑，搞出 enterprise 安全功能。</p> <ul> <li><a href="https://github.com/janko/rodauth-rails" rel="nofollow" target="_blank">https://github.com/janko/rodauth-rails</a></li> </ul> </li> <li> <p>一样功能完整，更接近 hey.com</p> <ul> <li><a href="https://github.com/lazaronixon/authentication-zero" rel="nofollow" target="_blank">https://github.com/lazaronixon/authentication-zero</a></li> </ul> </li> <li> <p>上述缺点，就是，使用人数都没有 devise 多。</p> <ul> <li>devise + authtrail + devise-security 三个 gems 才能凑出 enterprise 高资安需求。</li> </ul> </li> </ul> <p>请问有没有其他想法或心得可以分享？</p> charlie_hsieh Mon, 13 Jun 2022 15:36:02 +0800 https://ruby-china.org/topics/42454 https://ruby-china.org/topics/42454 <p>又爱又恨的 devise~~</p> <p><a href="https://rails-hosting.com/2022/" rel="nofollow" target="_blank">https://rails-hosting.com/2022/</a></p> <p><img src="https://l.ruby-china.com/photo/charlie_hsieh/eddad531-678f-443b-bd2e-a871c70e34bc.png!large" title="" alt=""></p> charlie_hsieh Fri, 10 Jun 2022 09:54:43 +0800 https://ruby-china.org/topics/42449 https://ruby-china.org/topics/42449 <p>请问 <code>dartsass-rails</code>，这个该不会是要来替换掉 sprockets-rails 的吧...??</p> <p><img src="https://l.ruby-china.com/photo/charlie_hsieh/6b0c85bd-4e4d-4ed4-abb4-95017209a684.png!large" title="" alt="dartsass-rails"></p> charlie_hsieh Sat, 22 Jan 2022 15:42:44 +0800 https://ruby-china.org/topics/42100 https://ruby-china.org/topics/42100 <p>请问有人遇到过这个 warning ?</p> <pre class="highlight shell"><code>DEPRECATION WARNING: Initialization autoloaded the constant ApplicationHelper </code></pre> <p>貌似 很多 code 都有受到影响。</p> <p><a href="https://guides.rubyonrails.org/autoloading_and_reloading_constants.html" rel="nofollow" target="_blank">https://guides.rubyonrails.org/autoloading_and_reloading_constants.html</a></p> <pre class="highlight ruby"><code><span class="no">In</span> <span class="n">order</span> <span class="n">to</span> <span class="nb">autoload</span> <span class="n">safely</span> <span class="n">at</span> <span class="n">boot</span> <span class="n">time</span><span class="p">,</span> <span class="n">please</span> <span class="n">wrap</span> <span class="n">your</span> <span class="n">code</span> <span class="k">in</span> <span class="n">a</span> <span class="n">reloader</span> <span class="n">callback</span> <span class="n">this</span> <span class="ss">way: </span><span class="no">Rails</span><span class="p">.</span><span class="nf">application</span><span class="p">.</span><span class="nf">reloader</span><span class="p">.</span><span class="nf">to_prepare</span> <span class="k">do</span> <span class="c1"># Autoload classes and modules needed at boot time here.</span> <span class="k">end</span> </code></pre> charlie_hsieh Thu, 04 Nov 2021 17:21:04 +0800 https://ruby-china.org/topics/41850 https://ruby-china.org/topics/41850 <p><a href="https://apply.workable.com/basecamp/j/4F0031E0AF/" rel="nofollow" target="_blank">https://apply.workable.com/basecamp/j/4F0031E0AF/</a></p> <p><img src="https://l.ruby-china.com/photo/charlie_hsieh/eb4d1c81-30c2-4947-bfad-a13f87643961.png!large" title="" alt=""></p> charlie_hsieh Thu, 28 Oct 2021 11:18:09 +0800 https://ruby-china.org/topics/41813 https://ruby-china.org/topics/41813 <p>请问，类似 ruby-china 这样大流量的 rails site, 会使用类似这类的 gem: rack-attack 吗？</p> <p>还是会依赖阿里云 的 waf solution？</p> charlie_hsieh Sat, 23 Oct 2021 18:11:47 +0800 https://ruby-china.org/topics/41795 https://ruby-china.org/topics/41795 <p>我发现 CSS: scroll-behavior: smooth + hotwired: turbo</p> <p>整个画面，都会滑来滑去，目前的 ruby-china 应该也是这样。 大家会喜欢这样的效果吗？</p> <p>还是其实是会眼花撩乱？</p> <p>我在抉择，我要不要留着 scroll-behavior:smooth 还是改回去传统 auto，不要让他滑来滑去。</p> <p>smooth: 滑来滑去，才有 SPA 的感觉，不会觉得换页面的网页，但是感觉会头晕。</p> <p>auto: 不滑来滑去，感觉比较流畅，但是，感觉就少了点 SPA 的感觉。</p> <p>大家觉得呢？</p> charlie_hsieh Sat, 23 Oct 2021 07:28:53 +0800 https://ruby-china.org/topics/41792 https://ruby-china.org/topics/41792 <p>今天意外看到这个。觉得太便利了。试用看看</p> <p><a href="https://stimulus-components.netlify.app/docs/stimulus-rails-autosave/" rel="nofollow" target="_blank">https://stimulus-components.netlify.app/docs/stimulus-rails-autosave/</a></p> charlie_hsieh Tue, 14 Sep 2021 14:08:49 +0800 https://ruby-china.org/topics/41684 https://ruby-china.org/topics/41684 <p>请问有人发现，carrierwave content_type default 是使用 filename extension 来的？ 我尝试 <code>mv test.pdf test.jpg</code> 没想到 test.jpg (pdf file) 居然可以 upload, 即使我有如下的设定</p> <pre class="highlight ruby"><code><span class="k">def</span> <span class="nf">content_type_allowlist</span> <span class="p">[</span><span class="sr">/image\/(jpg|jpeg|gif|png)+/</span><span class="p">]</span> <span class="k">end</span> </code></pre> <p>原始 <code>carrierwave/lib/carrierwave/sanitized_file.rb</code> 取得 content_type 的顺序，有点奇怪</p> <pre class="highlight ruby"><code><span class="k">def</span> <span class="nf">content_type</span> <span class="vi">@content_type</span> <span class="o">||=</span> <span class="n">existing_content_type</span> <span class="o">||</span> <span class="n">marcel_magic_by_mime_type</span> <span class="o">||</span> <span class="n">marcel_magic_by_path</span> <span class="k">end</span> </code></pre> <p>最终解法，有点丑陋.. 但至少，可以有效防止 ImgeTragick</p> <pre class="highlight ruby"><code><span class="k">class</span> <span class="nc">ImageUploader</span> <span class="o">&lt;</span> <span class="no">CarrierWave</span><span class="o">::</span><span class="no">Uploader</span><span class="o">::</span><span class="no">Base</span> <span class="kp">include</span> <span class="no">CarrierWave</span><span class="o">::</span><span class="no">MiniMagick</span> <span class="n">before</span> <span class="ss">:process</span><span class="p">,</span> <span class="ss">:check_file_type_whitelist</span> <span class="k">def</span> <span class="nf">content_type_allowlist</span> <span class="p">[</span><span class="sr">/image\/(jpg|jpeg|gif|png)+/</span><span class="p">]</span> <span class="k">end</span> <span class="kp">private</span> <span class="k">def</span> <span class="nf">check_file_type_whitelist</span><span class="p">(</span><span class="n">new_file</span><span class="p">)</span> <span class="k">return</span> <span class="k">unless</span> <span class="n">content_type_allowlist</span> <span class="n">content_type</span> <span class="o">=</span> <span class="no">Marcel</span><span class="o">::</span><span class="no">MimeType</span><span class="p">.</span><span class="nf">for</span> <span class="no">Pathname</span><span class="p">.</span><span class="nf">new</span> <span class="n">new_file</span><span class="p">.</span><span class="nf">path</span> <span class="k">if</span> <span class="o">!</span><span class="n">whitelisted_content_type?</span><span class="p">(</span><span class="n">content_type</span><span class="p">)</span> <span class="k">raise</span> <span class="no">CarrierWave</span><span class="o">::</span><span class="no">IntegrityError</span><span class="p">,</span> <span class="no">I18n</span><span class="p">.</span><span class="nf">translate</span><span class="p">(</span><span class="ss">:"errors.messages.content_type_whitelist_error"</span><span class="p">,</span> <span class="ss">content_type: </span><span class="n">content_type</span><span class="p">,</span> <span class="ss">allowed_types: </span><span class="no">Array</span><span class="p">(</span><span class="n">content_type_allowlist</span><span class="p">).</span><span class="nf">join</span><span class="p">(</span><span class="s2">", "</span><span class="p">),</span> <span class="ss">default: :"errors.messages.content_type_allowlist_error"</span><span class="p">)</span> <span class="k">end</span> <span class="k">end</span> <span class="k">end</span> </code></pre> <p>以上不知道，我有没有哪里理解错误？</p> charlie_hsieh Sun, 12 Sep 2021 20:44:37 +0800 https://ruby-china.org/topics/41676 https://ruby-china.org/topics/41676 <p>刚刚试着 count contributors，发现，Sam Stephenson 贡献了大部分的 hotwire 代码。</p> <p>Basecamp 这样可以说是痛失英才了～～??</p> <pre class="highlight plaintext"><code>turbo (main) (14 hours ago) Ⓡ ✔ # git shortlog -s -n --no-merges | head -10 266 Sam Stephenson 48 Jeffrey Hardy 47 David Heinemeier Hansson 46 sstephenson 43 Sean Doyle 41 Javan Makhmali 17 Kirill Platonov 13 Dom Christie 7 Nate Berkopec 5 Sjors Baltus </code></pre><pre class="highlight plaintext"><code>stimulus (main) (5 days ago) Ⓡ ✔ # git shortlog -s -n --no-merges | head -10 399 Sam Stephenson 301 Javan Makhmali 27 Adrien Poly 21 Marco Roth 19 dependabot[bot] 14 David Heinemeier Hansson 8 Matt Swanson 4 Matthew Lindfield Seager 3 Jeremy Daer 2 Alex Ghiculescu </code></pre> charlie_hsieh Wed, 08 Sep 2021 16:48:41 +0800 https://ruby-china.org/topics/41665 https://ruby-china.org/topics/41665 <p>请问，在这种前后端分裂的时代 (<a href="https://chloerei.com/2018/01/07/front-end-split/" rel="nofollow" target="_blank">https://chloerei.com/2018/01/07/front-end-split/</a>)，<br> 还有人在花时间探索好用的 Rails Gems (<a href="https://github.com/hothero/awesome-rails-gem" rel="nofollow" target="_blank">https://github.com/hothero/awesome-rails-gem</a>) 吗？<br> 感觉，原本的共享 Gems 优良传统，正在逐步消退，挺可惜的。 <br> 取而代之，各自在前后端分离世界重新打造自己的轮子。</p> charlie_hsieh Mon, 07 Sep 2020 10:56:55 +0800 https://ruby-china.org/topics/40374 https://ruby-china.org/topics/40374 <p>請問大家，現在 自架設一個 redmine 還是個好選擇嗎？ redmine 還是一個好工具嗎？ 就 PM 或者 ticket system，大家還會推薦 redmine 嗎？還是大家都用雲服務了，redmine 純粹參考 redmine 的 coding design pattern？</p> charlie_hsieh Thu, 12 Dec 2019 12:31:45 +0800 https://ruby-china.org/topics/39322 https://ruby-china.org/topics/39322 <p>不知道有没有人试用过 basecamp 个人版</p> <p><img src="https://l.ruby-china.com/photo/2019/fe6d266f-0733-4f09-8412-88913782fb3b.png!large" title="" alt=""></p> charlie_hsieh Thu, 14 Nov 2019 16:28:04 +0800 https://ruby-china.org/topics/39251 https://ruby-china.org/topics/39251