Ruby on rails. Pay to post articles - ruby-on-rails

I am have been using rails for about a week now and have created a website/app which for simplicity's sake we can call a job board. Users can create listings which other users can then apply for. Everything is working as desired. The next thing that I want to set up is the ability to charge users to create the listings.
After extensive searching, I can't find any tutorials that explain this process, just the typical cart and checkout for selling physical products.
I have been pondering solutions but I wanted to consult here for pro advice.
For the payment process (at least for now) I will most likely use active merchant and Paypal as I am based in Europe.
My current doubts are with setting up the modeling.
Would it be better to create a new model eg. 'credits', have users purchase 'credits', then run a variable when trying to create a 'job', eg. if_user_has_credits post the job else link to buy_credits_path, or is there a more direct way of achieving this through the already functional user and jobs models?
Any advice on setting up this functionality would be greatly appreciated.
Thanks.

I would try to create a credit system, so users just have to purchase credits and you can just drive the user to purchase credits in case they do not have enough for create a listing:
Simple one: Store the user' credit as balance field in the database, and all actions ("add", "deduct") are logged but not used to compute the latest balance. The balance-based way gives you fast access to the current amount
History based: Don't store the balance in database. The balance is computed by looking at the history of transactions, e.g. ("add", "deduct"). The history-based way gives you auditing. The history table should store the transaction, a timestamp, the balance before the transaction happened, and ideally a way to track the funds' source/destination.
You can use both. See the Ruby toolbox for bookeeping and Plutus
I recommend also using logging, and ideally read about secure log verification and provable timestamp chaining.
For logging details see techniques for ensuring verifiability of event log files

Related

Is it okay to allow orders to be placed in rails web app without session data or users class

I have a question for a project I am working on. I am working on a RoR project in which a site is selling a single type of item, a book. The person I am creating this for does not want to deal with users creating user account to check out as the sales season is very short for this product, the purchases are done once per year, and the site only sells a single item.
I am wondering if there is something wrong with the implementation I am thinking of. What I was envisioning was a single database class called Orders. visitors to the site would simple fill out an order form with payment details through stripe and click submit. If they payment clears, the order with all the Orders information would be persisted to the DB. If the payment fails then it is not persisted and the relevant error information is displayed in using flash.
I suppose the meat of my question is; is there anything inherently 'wrong' about implementing this model without a users class and just having visitors to the site place orders?
I am a fairly new developer and this is my first big project so any feedback is appreciated!
If your requirements say that it is okay, then it is okay, if your requirements say it is not okay, then it is not okay.
There's not more to say, since only you know what your requirements are.

Best way to build a feed notification system like Facebook in Rails?

I'm a new junior developer joining to this awesome community. I'm developing my first big personal project, and I'm stuck with this specific part.
I would like to build a feed notification system like Facebook with the following features:
Track different models and relationships, for example: new badges earned, new comments in subscribed models, new posts by followed users, new comments on my posts, new likes on my posts...
Group the activities, for example, instead of have 400 activities for each likes in my post, has just one notification that says "User X and 399 more likes your post"
Be possible to mark notifications as readed to don't see them again, at least you explore past notifications.
Scalability, good perfomance, and possible integration in the future in an APP developed for example with Iconic framework.
Push notifications are optional, it's ok if the user need to refresh the page to see the new notifications.
So for that, I have readed a lot of. I have watched some Railcast Videos, followed tutorials, but still I'm not really sure how to begin.
I have considered the following methods:
Use public_activity gem, adding a new a new field "readed" to the migration. And thinking how to manage grouped activites. But I have seen a lot of complains about perfomance. I'm expecting to have around 50000 users in my website in the first month (I already have the users), with peaks of 500-1000 users online. So maybe this is not the best way to go... as I would have a lot of activities, a lot of "notifications" and a lot of users.
Use a system like https://getstream.io/ because they also have integrations available for RoR and Ruby. The main concern here is about pricing, because checking it, if I'm not wrong, with that number of users, with around 10 notifications per user per day, I would be paying probably more than 200$ month, and always keep growing as the users grow.
Build my own system, maybe using Redis. But maybe this would be too complex and require a lot of time for a good, efficient and working code.
So still, considered these option, I don't know which one is best for me, or if it's another possibilities.
If someone have asked before these questions, please let me know your thoughts and what you think is the correct way to go.
Thank you !! :)

Visual data from logs

I have an app I'm working on that is a credits system for a store. A customer brings in items and receives a credit and then can turn around and use that credit towards certain goods in the store. I've set it up so every time a credit holder or credit is created,updated, or destroyed the event is logged. I'm wondering if there is an easy way to use the event data from the logs to create a dashboard displaying things such as X number of credits created and Y number of credits used today. This may not be the right way to go about doing this at all and if so feel free to guide me in another direction. Thanks in advance!
You should save the information into a database (in addition) to the log and operate on it in this fashion.
So for example, maybe you have a User it should be a Model and have credits which should be an integer. You can modify this value every time a transaction happens.
You can also create an associated model 'transactions' which belong_to the user and to find out transactions that happened on a certain day, you would be able to pull up all of the transactions of that user in a certain time range.
If your credits work similar to dollars and money. And your transactions are like orders, you may want to look into using the Spree gem. https://github.com/spree/spree
You definitely do not want to be reading from the logs to do very usual actions like you're describing.

Paypal recurring payments with variable amount

First, notice I have read many post regarding this topic, but the info provided is not enough for me or is not accurate.
I´m developing a website with AngularJS and Ruby on Rails that offers different services. Users can subscribe to these services (one or many) and they get a Paypal Recurring Payment (through a profile) to pay these services (using merchant API). For a fixed amount the service is working ok for me.
The problem is, the amount can be different from one period to another, depending on the number of services the user is subscribed.
I have read Paypal docs, but It´s still not clear to me what is the right approach.
My approaches are:
Once a user subscribes a new service, I can remove the existing recurring payment profile (with fixed amount) and create a new one. This would be ok, but I have read I can´t delete a profile automatically from my application. I can only create. In order to delete an existing profile, I have to do it manually, by login in my business paypal account and delete it. If true, then this is not a solution for me, because I can´t do all flow automatically. However, this is quite strange for me. Is this true? If not, could you please let me know how to do it?
Although, I have not read deep on it, I read on a post I can use Reference transactions to implement this. Is this right?
UPDATE
https://developer.paypal.com/docs/classic/express-checkout/integration-guide/ECReferenceTxns/#recurringreftxns
As far as I understood, Reference transactions let me vary the amount to get from the buyer when I run it, but the problem is that this operation does not executes recurring (managed by Paypal). I should keep the logic in order to execute it from my application. Right?
Any other approach or clarification is welcome.
UPDATE
My first approach is to create just one variable recurring payment with the amount of all services subscribed. But, maybe the solution is to create a recurring payment profile per each service?
1) This is true if you're using Standard Subscription buttons, but if you're working with the Recurring Payments API you can cancel the profile using ManageRecurringPaymentsProfileStatus.
2) Yes, with reference transactions you can charge any amount you need to at any time, but it would be left up to you to build your own recurring payments system, basically, utilizing reference transactions. You could have a script run each day that goes through all your accounts and processes due payments accordingly.
Another option would be to have your users create a Preapproval profile and then use the Pay API to process payments using the preapproval keys. This is very similar to reference transactions.

Handling user abuse in rails

I've been working on a web app that could be prone to user abuse, especially spam comments/accounts. I know that RECAPTCHA will take care of bots as far as fake users are concerned, but it won't do anything for those users who create an account and somehow put their spam comments on autopilot (like I've seen on twitter countless times).
The solution that I've thought up is to enable any user to flag another user and then have a list of flagged users (boolean attribute) come up on a users index action only accessible by the admin. Then the users that have been flagged can become candidates for banning(another boolean attribute) or unflagging. Banned users will still be able to access the site but will have greatly reduced privileges. For certain reasons, I don't want to delete users entirely.
However, when I thought of it, I realized that going through a list of flagged users to decide which ones should be banned or unflagged could be potentially very time consuming for an admin. Short of hiring someone to do the unflagging/banning of users, is there a more automated and elegant way to go about this?
I would create a table named abuses, containing both the reported user and the one that filed the report. Instead of the flagged boolean field, I suggest having a counter cache column such as "abuse_count". When this column reaches a predefined value, you could automatically "ban" the users.
Before "Web 2.0", web sites were moderated by administrators. Now, the goal is to get communities to moderate themselves. StackOverflow itself is a fantastic case study. The reputation system enables users to take on more "administrative" tasks as they prove themselves trustworthy. If you're allowing users to flag each other, you're already on this path. As for the details of the system (who can flag, unflag, and ban), I'd say you should look at various successful online communities (like StackOverflow) to see how they work, and how successful they are. In the end it will probably take some trial and error, since all communities differ.
If you want to write some code, you might create a script that looks for usage patterns typical of spammers (eg, same comment posted on multiple pages), though I think the goal should be to grow a community that does this for you. This may be more about planning than programming.
Some sophisticated spammers are happy to spend their time breaking your captcha if they feel that the reward is high enough. You should also consider looking at a spam server such as akismet for which there's a great rails plugin (https://github.com/joshfrench/rakismet).
There are other alternatives such as defensio (https://github.com/thewebfellas/defensio-ruby) as well as a gem that I found once which worked pretty well at detecting common blog spam, but I can't for the life of me find it any more.

Resources