generic question from someone trying to learn the Rails framework. I have a web app that I need to implement a login system into (not authentication, just login). I have multiple pages within my app, each with separate tables and stuff that needs to be saved to each particular user. I know I need to use the sessions resource somehow, but I'm not entirely clear on what I need to add. I know it's not a very specific question, so any info at all on how to get started would be greatly appreciated.
Related
I want to create a web application in which the main application shall be built using a PHP Framework or RoR. However, there are some sections only, that need real time updates (e.g., collaborative editing, real time feeds) etc. Is it possible that if a user is authenticated on the PHP/RoR app, the user session data can be passed on to the meteor app ? Can the 2 applications share the same database? Any insight on how do I go about implementing this ?
While it is possible to do what you've asked you should possibly ask yourself if you can't achieve your goals with one tech stack. Having multiple tech stacks like Meteor and RoR / PHP means anyone that wants to work on your codebase needs to know all of these frameworks. Additionally you might be able to achieve your requirements around collaborative editing and real time feeds using PHP or RoR.
Since you have not posted your requirements it is hard to make concrete recommendations but maybe you should list your requirements use the least complicated tech stack to implement it.
Are you aware that RoR 4 has built in support for streaming: http://tenderlovemaking.com/2012/07/30/is-it-live.html
You might be able to implement your collabaration requirements using a JS library liek Angular or Ember JS which uses Ajax to keep the users screen in sync with what other users are doing.
Also, this blog post on how Trello is implemented might give you some ideas. They have a great web interface for collaboration: http://blog.fogcreek.com/the-trello-tech-stack/
With regards to your questions:
Two applications implemented in two different technologies can share the same database. You will need to choose a database that is supported by both technology stacks that you want to use. After that, point both applications at the same database.
If you authenticate a user in PHP/RoR app, you can then set a cookie for the user. Assuming your Meteor app is served from the same domain, you can then read in this cookie which might contain some kind of identifier for the authenticated users session. Your Meteor app could then check the db to see if this is a valid session for an authenticated user.
Is it possible to use a preexisting Rails app (preferably one that only has the user authentication system already setup) as a template by changing it to do what you want it to do?
I was hoping that there is something like wordpress is for php, that I can add to to make it do what I want it to do. Wordpress already has the user authentication and other important things built in. I can then go in and make it do what I want.
This question might reveal a fundamental misunderstanding of the framework concept, but I had to ask.
p.s. - Another way to ask this question could be "Can I take a basic Rails app with user authentication and then refactor it and add my own models?"
These two solutions appear to be what I am looking for:
https://github.com/RailsApps/rails-composer/
and
http://blog.bryanbibat.net/2011/01/03/starting-a-professional-rails-app-with-haml-rspec-devise-and-web-app-theme/
I will go through the tutorials and report back.
This might be a nonsensical question, but I have this task to create a rails app that shares session information, specifically login/authorization info, with an installation of a phpBB that some other person has customized to be more than just a BB.
Basically I need to rely on the user's phpBB login to authorize access to the rails app. I really don't want to have the user maintain two logins to use this conceptual single app.
I read a lot of documentation on phpBB and didn't find anything like exposed services or an API, but I'm hoping I just missed something obvious.
I've been considering adding a method to expose some hash or something to link the two applications rather than try to squeeze possibly different implementations of session.
Quick context, this work needs to be done fast and cleanly and I've never developed in php and rails is super fast so I am investigating the idea of integrating the two sides.
I might be off in the weeds, so don't be afraid to say so :)
thanks!
Have you checked phpbb-auth?
https://github.com/mattfawcett/phpbb-auth
First, my obligatory "I'm new to rails" statement: I'm new to rails.
Sorry for the following long-winded expository stuff, but I want to make sure I'm asking my question clearly. I'm building a sample manager for a small analytical lab. So far I have built the core user stuff using devise to manage sessions (Basically so I can use all of Devise's nice helper methods throughout my app). The users don't need to be securely separated, so there is no sign in form, it just automatically signs them in for whatever action the user wishes to do.
I would like to put a front door on the website for macro-security that signs in to either the user version of the site (described above) or the admin version. I understand how to implement this using Devise, however, I am unsure as to whether Rails allows this sort of double-session where there's a macro-security session on constantly while a bunch of internal sessions are created and destroyed. Again, sorry for the long-windedness and thanks for your time and help!
Decided to just give it a shot and it turns out it worked. I have to test to see if there are any kinks in the functionality, but as it stands it works well as a front-door while allowing the internal transient sessions.
In my rails app I'd like to let users submit custom "themes" to display data in various ways.
I think they can get the data in the view using API calls and I can create an authentication mechanism for this. Also an authenticated API to save data. So this is probably safe.
But i'm struggling with the best way to let users upload/submit their own code for the theme.
I want this to work sort of like Wordpress themes/plugins where people can upload the thing. But there are some security risks. For example, if I take the uploaded "theme" a user submits and put it in it's own directory somewhere inside the rails app, what are the risks of this?
If the user inserts any rails executable code in their theme, even though it's the view they have full access at that point to all the models, everyone's data, etc. Even from other users. So that is not good.
I need some way to let the uploaded themes exist in a sandbox of the rails app, but I haven't seen a good way to do this. Any ideas?
You could try Liquid (http://www.liquidmarkup.org/), which was developed to allow users to create their own themes for Shopify. Liquid themes aren’t real Ruby code, so you shouldn’t have to worry about users trying to access things they shouldn’t.
Another option is Ruby’s concept of “tainted” objects, which could be used to implement secure themes/plugins while still allowing users to write actual Ruby code. You can read more about it here. I can’t vouch for how secure it is as I’ve never used it.
It looks like this might have potential:
http://flouri.sh/2007/10/27/safely-exposing-your-app-to-a-ruby-sandbox
I'm also thinking about letting users submit their own sinatra apps and then running them from within rails. It looks like with Rack routing this is possible. I haven't been able to find any data on how/if the sinatra app is sandboxed from the rails app though. If anyone has info please let me know!