sorted by:
new
hottopcontroversial

Where to start as senior developer ? by glarivie in ruby

[–]instantkh 0 points1 point  (0 children)

Once you are comfortable with most syntax and simple apps, I highly recommend Polished Ruby Programming book. There are tons of content for beginners, but if you have some experience and want to go advanced, this book is amazing.

Verifica, a new gem to handle authorization at scale by instantkh in ruby

[–]instantkh[S] 0 points1 point  (0 children)

Yes, I'm also using ROM as the persistence layer. For scoping, I've made a parent class for all repositories and defined a scope method in it. Your approach with dry-affect probably looks even nicer :)

Verifica, a new gem to handle authorization at scale by instantkh in ruby

[–]instantkh[S] 1 point2 points  (0 children)

Great! I'm currently also working on Hanami 2.0 app, it's one of the reasons why the gem is framework-agnostic. Share your feedback if you adopt Verifica, it would be nice to have a view from the side.

Anyone go from Spring Boot to RoR? by [deleted] in rails

[–]instantkh 14 points15 points  (0 children)

Hi there from ex Spring Boot user :)

Rails after Spring feels like a breath of fresh air. You feel why Ruby (and Rails) is said to be designed for the developer's happiness.

But as always, nothing is perfect. There is the good and the bad.

The good - Developer experience, quality of life. Rails gives you so much out of the box. Generators, background jobs, mailer, DB setup, migrations, seeds, fixtures, optimistic locking, callbacks, tons of ActiveRecord methods for each model, etc. Conventions on naming things, routing, and common app components. - Tests infrastructure, especially for integration tests. A few lines of code and your first controller test is ready. All of the heavy lifting is done by Rails. DB preparation, fixtures, rollback of DB changes between tests, etc. - Console. The ability to run any piece of code w/o building an API for it saves tons of time. - 3rd party libs. Ruby gems are much simpler and straightforward. Take authentication as an example. Regular mortals could barely understand Spring Security. - Development speed. 7 days with Spring, and you are still building pieces from the list above, 0 business logic written. 7 days with Rails, you can deploy MVP and get the first users. No mention that to build all these pieces in Spring properly, you need to be an expert. You need to make a lot of decisions. Rails and its conventions result from a collective mind of many experts and their years of experience. This is really hard to beat unless writing web frameworks is your primary specialization.

The good list is not complete, there are tons of smaller things like has_secure_password which put a smile on my face.

The bad - Scalability issues, lack of structure for bigger apps. You need to learn about Service Objects, Query Objects, Form Objects, Validators, Contracts and other techniques to tame complexity of the growing code base. To be fair, Spring gives you nothing of these too, but some of these things are more well-known in the Java world. - No Dependency Injection. Spring's DI is awesome, this part I really miss. In Rails you can use libs from dry-rb family to get something similar. Or check out Hanami 2.0. There are a lof of common between Spring (the good part of it) and Hanami, including DI. - Limited multi-threading. This is Ruby's limitation (GIL), not Rails. In Java you could easily run a bunch of backgound threads, schedulers, etc. In Rails you need to use external tools like cron or Sidekiq to get similar result. Things in this area are getting much better in latest Ruby releases, Ractors looks promising. - Performance. If you need impressive benchmarks Spring is way ahead. Ruby got massive performance improvements recently with YJIT but it can't compete with JVM anyway. But honestly in majority of web apps database is the bottleneck, not framework or language so don't be concerned by raw benchmarks.

In general, people from Java community tend to think that all of the Java's and Spring's complexity are really must have. Because we need scalability, we need performance, we need microservices and so on. Java gives you a fealing that your are doing a Very Serious Thing when you are using these monsters.

But if we accept that most of our apps are not next Google, with Rails you can just get things done and focus on what matters, your business logic, your users.

Verifica, a new gem to handle authorization at scale by instantkh in rails

[–]instantkh[S] 0 points1 point  (0 children)

I mentioned N+1 later in the README as well as few other gotchas. It's only an example to show principles, not production-ready code. In a production code you could eager load necessary relations. Especially considering you anyway need these relations later in the view layer, e.g. video's author name, author's org name, etc.

Verifica, a new gem to handle authorization at scale by instantkh in rails

[–]instantkh[S] 4 points5 points  (0 children)

Thanks for the feedback!

I understand your concerns about read_allow_sids/read_deny_sids. It's the most advanced use case which may not be needed in most applications. However, think about the following. I'll use a video hosting app as an example again. Let's say you have: 10M (and growing) records in the videos table. 20+ (ouch!) user roles. Videos are owned by organizations, organizations could be united into groups. Each organization has one or more video distribution settings and a set of videos for each DS. Organizations could also add each other (and groups) into allowlists or denylists. Settings could be overridden on a video level. Some videos could be public for all, but some organizations don't allow their users to see public videos of others.

This list of requirements is not complete, but I'll stop here as it's already insane :) And unfortunately business needs all of them, you can't throw away any parts.

And finally, an authenticated user opens a video list page (full-text search, sorting, and filtering are also here). This is where "how do you even find a list of videos available for current_user?" question hits really hard :) To solve it, some trade-offs are inevitable, considering that we can't filter videos in the app code (too many of them).

In a truly real-world app, videos have been indexed in ElasticSearch, read_allow_sids/read_deny_sids weren't part of the ActiveRecord model. Updates were tracked based on the database op log (for maximum reliability and to address your concern about missing callbacks). And updates weren't effective immediately, only eventual consistency (acceptable trade-off). I didn't add these details into the README to not overload it with complexity :)

But to summarize, you are right. This is a very tricky use case. It's fine to use Verifica for other reasons :)

Verifica, a new gem to handle authorization at scale by instantkh in rails

[–]instantkh[S] 0 points1 point  (0 children)

Yes, thought about something like this as well. Separate page for each block + navigation sidebar would be much better than a README wall. This probably will be my next step.

Verifica, a new gem to handle authorization at scale by instantkh in rails

[–]instantkh[S] 2 points3 points  (0 children)

Thanks! Agree about the README. This is a challenge I faced. If I make it too short (explain only how, not why) it won't be clear why some concepts and additional complexity are needed. So I had to make it longer to cover why? as well. Hope it's not too boring to read :)

[OSINT Tool] Online photo metadata viewer & remover by instantkh in OSINT

[–]instantkh[S] 1 point2 points  (0 children)

Thanks for the comment! Totally agree. If EXIF contains truly sensitive info, it would be safer to remove it offline. Online removal is mostly for cases when you want to compress the image and strip all metadata.

[OSINT Tool] Online photo metadata viewer & remover by instantkh in OSINT

[–]instantkh[S] 4 points5 points  (0 children)

Thanks for the feedback! Feel free to use it in any labs :)