Use ruby to automate the tedious task of updating your Ghost blog! Take a look at this gist!
Automatically Update your Ghost Blog
Use ruby to automate the tedious task of updating your Ghost blog! Take a look at this gist!…
Use ruby to automate the tedious task of updating your Ghost blog! Take a look at this gist!
Use ruby to automate the tedious task of updating your Ghost blog! Take a look at this gist!…
A static, never-changing API key poses a security risk - it's essentially an obsfucated primary key - say for some sort of User. If this API key is ever leaked - for example, in a log file or you accidentally use HTTP - then anyone can act on behalf of you indefinetly until the API key is changed.
We can use the JSON Web Token standard (make sure to read that link before you continue!) to create limited use API authorization tokens that last for a short period of time (for example, 2 seconds). This gives us plenty of time to make a complete HTTP request, yet causes any previous tokens to become useless.
Say we have some sort of blog API service where a user can make blog posts using an API. With a traditional API key, you might have a User
model with an api_key
field.
Using JWT, you would have an api_secret
field. Unlike the API key method, this secret is never sent between the client and the API.
To make this transaction successful, both the client and the API server need to know the following:
The client-side implementation might look something like this:
The API server might have an implementation that looks similar to this. Note some checks (such as checking for the presence of an Authorization
header are ommited)
You can assign an unique one-time use jti
field to your JWT payload. Using some redis magic, you can completely remove the possibility of a replay attack - meaning if your JWT token is compromised, it can never be used again.
This takes some inspiration from the Zendesk JWT implementation.
We can modify the set_current_user_from_jwt_token
from earlier:
A static, never-changing API key poses a security risk - it's essentially an obsfucated primary key - say for some sort of User. If this API key is ever leaked - for example, in a log file or you accidentally use HTTP - then anyone can act on behalf of…
Making an API in rails can become very ugly if not done correctly. Odds are, your API requirements include something like the following:
Let's start with the easiest part: authorization.
We clearly see that the @user = User.find_by(api_key: request.authorization)
is repeated twice. Let's move that into a before_action
.
To follow best practices, we will make the following changes:
ApiController
for other API controllers to inherit @user
object as current_user
.The ApiController
will be the base for our future API controllers.
Finally, we can inherit from the ApiController
and all of our actions will be protected:
An easy way to render your models is to use the to_json method. However, it can prove to be painful if you wish to use only specific fields, especially if they're nested. For example:
The solution is to bring the V back into MVC for your APIs using a tool like jbuilder. Your controller method will look very light and simple:
And your view will look like this:
It may be tempting to follow the traditional flow of rails model saving:
By using the rescue_from method, you can significantly DRY up your code. Let's add to our ApiController
:
Now the rest of your controllers can become incredibly DRY:
For DRY and useful API error messages, you can also use StrongParameters to your advantage:
And now in your other controllers:
Now your end user will automatically be given a descriptive error message if they forget a parameter!
Making an API in rails can become very ugly if not done correctly. Odds are, your API requirements include something like the following: Authentication CRUD operations Useful error messages Authorization Let's start with the easiest part: authorization. We clearly see that the @user = User.find_by(api_key: request.authorization)…
Ever find it ugly to validate httparty responses? Now there's a super simple way to validate your HTTP responses using the httpfiesta gem.
The gem allows you to validate any response using a single line of code in a very DRY manner:
response = HTTParty.get 'http://example.com'
response.assert.status(200).content_type(:json)
Check out the GitHub repository repository for more information!
Ever find it ugly to validate httparty responses? Now there's a super simple way to validate your HTTP responses using the httpfiesta gem. The gem allows you to validate any response using a single line of code in a very DRY manner: response = HTTParty.get 'http://example.com' response.assert.…
Finding your dream tech job isn’t determined solely by how well you did in college. Nor does having a high GPA guarantee that you will get the job of your dreams.
Here’s something they don’t tell you in school - finding your dream job begins before you graduate.
A quote I remember hearing this quote my freshman year:
A Computer Science degree is one of the last things an employer will be looking for on your resume.
Just go through your Computer Science (or related major) courses and do the bare minimum. Never do anything outside of classes. Don’t find an internship.
Ending up in a mediocre job is the likely option if you are majoring in Computer Science (or a related major) without achieving outside of the classroom. Academia is very different from the tech industry; though what you will learn from a CS degree is still valuable, it will only help you so much in finding a job.
A CS degree focuses on math, basic programming and theoretical Computer Science. While all of these are helpful, it’s not enough to find your dream job. Academic skills alone will start you at the bottom of the barrel when finding your first job out of college.
Find a beginner tech book that interests you and read it. You would be surprised how well written these books can be. In school, you’re required to buy a $100+ textbook that you probably will never read again. On the contrary, books you purchase at a bookstore (or Amazon) make money by people who actually want to read them and usually cost no more than $40. Read some reviews and find the best one for you!
A good book can increase your skill level from beginner to intermediate, or from intermediate to advanced.
The For Dummies series is a good beginner book. O’Reilly Media books are also an excellent choice.
You are competing against all of your classmates for jobs when you graduate and you want to stand out amongst your peers. Doing projects outside of the classroom during your spare time is one of the easiest ways to do this. Even better, find a group of people to do a project with. This is even an excellent opportunity to learn how to use version control, such as git. For bonus points, put the project on GitHub for future employers to see!
Doing side projects alone isn’t really enough, but it will help you with the most important part of finding your dream job.
This is the most important step to land an awesome job after college. An internship is an amazing way to learn real-world skills that employers love. As a bonus, often times people with years of professional experience will mentor you during your time at an internship.
An internship is one of the best deals you could possibly find while in college. In school, you pay a lot of money to be in a large classroom while a professor lectures you on stuff, 80% of which might not be applicable to your next job. In an internship, 80%+ of the things you learn will be applicable to your next job and you might even get mentoring from a professional in the field.
An internship does not have to be a large company, such as Google, Amazon or Microsoft. In fact, working with a smaller, local company can be just as good, or even better! What’s important is that you have real world experience, which is what will make landing your first job so much easier.
Stick with an internship throughout your college career and you can graduate with 2+ years experience on your resume!
Finding your dream tech job isn’t determined solely by how well you did in college. Nor does having a high GPA guarantee that you will get the job of your dreams. Here’s something they don’t tell you in school - finding your dream job begins before you…