rubyonrails   69541

« earlier    

Deconstructing the Monolith: Moduliarising Shopify's Rails monolith
Shopify is one of the largest Ruby on Rails codebases in existence. It has been worked on for over a decade by more than a thousand developers. It encapsulates a lot of diverse functionality from billing merchants, managing 3rd party developer apps, updating products, handling shipping and so on. It was initially built as a monolith, meaning that all of these distinct functionalities were built into the same codebase with no boundaries between them. For many years this architecture worked for us, but eventually, we reached a point where the downsides of the monolith were outweighing the benefits. We had a choice to make about how to proceed.

Microservices surged in popularity in recent years and were touted as the end-all solution to all of the problems arising from monoliths. Yet our own collective experience told us that there is no one size fits all best solution, and microservices would bring their own set of challenges. We chose to evolve Shopify into a modular monolith, meaning that we would keep all of the code in one codebase, but ensure that boundaries were defined and respected between different components.

Each software architecture has its own set of pros and cons, and a different solution will make sense for an app depending on what phase of its growth it is in. Going from monolith to modular monolith was the next logical step for us.
rubyonrails  ruby  monolith  architecture  softwarearchitecture  modules  refactoring  flux 
13 days ago by jevon
Rails Trace
Rails Trace
What it shows
What it doesn't show
What code runs when you request a page from a Ruby on Rails application?

Here is an annotated trace showing every method call within Rails and it's dependencies. It is for an example application that loads a blog post from the database and renders a page containing the post's title.

Show key
Scroll to see the trace
RubyOnRails  visualisation  Debugging  Performance 
16 days ago by cnk
Ruby on Rails Content-Security-Policy (CSP) | Rails security by bauland42
Updated 2018: The full Content Security Policy guide for Rails 5.2 (and earlier) apps.

How to add a Content Security Policy (CSP) to Rails?
The CSP HTTP header is a set of rules for the browser. You can use it to whitelist sources for scripts, styles, embedded content, and more. I.e. all other sources are disallowed.

CSP is a great way to reduce or completely remove Cross-Site-Scripting (XSS) vulnerabilities. That would wipe out the number 1 web app security problem. Why? Because an effective CSP disallows inline scripts. It only allows scripts in separate files from trusted sources.

Here's how the header looks like if you want to allow scripts only in files from the same origin and from G* Analytics:
ContentSecurityPolicy  Security  RubyOnRails 
4 weeks ago by cnk
I told myself a few months ago that it would be great to build a gem to replace Rails’ ActiveResource since it was barely maintained (and now removed from Rails 4.0), lacking features and hard to extend/customize. I had built a few of these REST-powered ORMs for client projects before but I decided I wanted to write one for myself that I could release as an open-source project.

Most of Her’s core concepts were written on a Saturday morning of April 2012 (first commit at 7am!).
RubyOnRails  WebServices  RESTful 
5 weeks ago by cnk

« earlier    

related tags

2018  academia  actioncable  activerecord  activesupport  activitypub  after  apache_kafka  api  archeology  architecture  article  authorea  avro  aws  background  basecamp  basics  blacklight  blog  books  build  bundle  byebug  capybara  cheatsheet  chrome  ci  class  cms  code  coding  commit  company  config  configuration  conflict  connect  consistency  console  consulting  contentsecuritypolicy  course  courses  culture  custom  data  data_engineering  database  datamining  datavisualization  dc  debugging  delegate  deployment  devel  development  devise  docker  documentation  driver  duration  editor  elixir  engineering  engines  entrepreneur  erlang  event  eventdriven  example  fast  fediverse  flux  forwardable  free  gem  gems  gfr-week-links  git  github  golang  graphql  guide  heroku  history  howto  http  https  ide  improve  install  javascript  job  jobs  json  kafka  lambda  learn  learning  linux  localhost  login  logout  london  memory  methods  migration  module  modules  monolith  multiple  netbeans  ocaml  october  online  oop  optimization  optimize  page  parallel  performance  phoenix  platform  plugin  postgresql  postmortem  programming  project_blackcat  pry  puma  queue  rails  react  reactjs  reasonml  redirect  redis  refactoring  reference  reload  reset  resque  rest  restful  ror  routes  rspec  ruby  security  selenium  setup  shopify  sidekiq  signin  signout  slow  soa  software  softwarearchitecture  speed  ssl  store  sublimetext  system  talk  tdd  testing  testingtools  thoughtbot  thread  time  tolearn  travis  turbogears  tutorial  tutorials  usage  video  videos  virginia  visualisation  web  webdev  webdevelopment  webdriver  webserver  webservices  websocket  wordpress  write  wysiwyg 

Copy this bookmark: