I'm making a tool for a website thats under contruction that makes linkbuilding easier. This site is written in Ruby On Rails. Now that i'm learning RoR, i don't know were to start to make a function that searches a external site, which URL has been saved, to check that my url exist on that particular site. If so => display, if not: set URL non-active
So my questions:
Can I search a site from my application?
What is the best way to do this?
How often would you make such a script run?
It sounds like you are trying to verify a URL is active.
Answers to your questions:
Yes you can make HTTP requests to another URL.
For making HTTP requests look at the Nestful gem or you can use Net::HTTP from the standard lib.
You don't give clear information about your requirements, so it is hard to say what is right, but you could run the check when the author submits the form. If you worry about slow responses use delayed_job to make the check asynchronous.
Related
I´m mainly a coder but for a project I've got to do some more with RoR. I've been working with RoR for some projects but mainly on the front-end side. I understand it a basic level, but for this project I have to dive in the deep.
What I want to create is an app where a user can search for movies and add them to their account. I want to use theMovieDb api for this, but I can't find a screencast or tutorial that shows the beginning of how to connect your app with someone else's api. So I was hoping the StackOverflow people could point me in the right direction.
This is kind of a big question, but it seems you have two parts here. First is how to make a request from inside your application. The second is how to interact with an API.
I've set up somethings similar where I had to make API requests from inside a controller using Net::HTTP. The answer to this question helped a lot. From inside the controller, I processed the request response as needed, i.e. putting it into a relational database, or displaying it to the user.
How make a HTTP request using Ruby on Rails?
The second part about interacting with the database. The movie database API is described at
http://docs.themoviedb.apiary.io/reference
You need to reference this API documenation. The first thing, for instance, = is they require you to get an API key for instance. You will also need to be aware that they limit the rate at which you can make requests. Without knowing more specifics its hard to give more detail about how to construct the queries.
Hope this helps.
Security code for PHP
I'm trying to find same tutorial for ruby enviroment.
May be someone knows one?
Security on this level (as mentioned in article) is built into Rails so deeply you don't even have to think about it. You can read more in Rails Guides
Just to mention one of the features highlighted in the article - referrer checking (it makes me laugh someone want's to secure app in such a way)
In Rails, to secure possibly destructible requests (POST, GET and DELETE) we use authenticity token. It is a one use string that get's saved in session when a form is generated and allows to verify that user actually displayed the form before performing a request.
(I know a good answer should be more elaborate but I don't think it makes sense to copypaste Guides here...)
This might be a nonsensical question, but I have this task to create a rails app that shares session information, specifically login/authorization info, with an installation of a phpBB that some other person has customized to be more than just a BB.
Basically I need to rely on the user's phpBB login to authorize access to the rails app. I really don't want to have the user maintain two logins to use this conceptual single app.
I read a lot of documentation on phpBB and didn't find anything like exposed services or an API, but I'm hoping I just missed something obvious.
I've been considering adding a method to expose some hash or something to link the two applications rather than try to squeeze possibly different implementations of session.
Quick context, this work needs to be done fast and cleanly and I've never developed in php and rails is super fast so I am investigating the idea of integrating the two sides.
I might be off in the weeds, so don't be afraid to say so :)
thanks!
Have you checked phpbb-auth?
https://github.com/mattfawcett/phpbb-auth
I am a rails developer working on a cakephp site. The more work they send me, the more php code I write and thus the more dependence on php we introduce. What I want is to stop writing new features in php and start writing them in rails. Our resources are limited and the existing php site is huge so a full port from cake to rails is not possible.
Is there some way to write new features in a rails app while maintaining and allowing access to all the functionality of the old php (and vice-versa)?
It seems I would need a route aware app to traffic requests to either php or rails, but then we run into the issue of, for example, existing user functionality written in php not being available to the rails app and vice-versa.
What about something to translate ruby into php? That way I could start writing my model stuff in ruby/rails rather than php.
I feel like my question is muddled by the fact I do not know how to ask the questions I want to answer, so hopefully this is understood.
As always, thanks in advance!
One approach that you may find useful is to leverage the power of your web-server to properly re-write and delegate requests to two different systems. If you can design your new Rails application to use the same database records as the old one, with models mapping to the old tables directly, and ensuring that sessions established by one are valid in the other, you have a lot of latitude in how you go about doing this.
Apache has a very full-featured URL rewriting and proxying system that can be configured to direct "legacy" parts of your site to an existing set of PHP scripts while directing all other traffic to the new Rails application. You will need to be careful to ensure the design of both applications are nearly identical or it may seem strange to users.
Another approach that helps ensure a consistent appearance is to strip out a lot of the theme from your PHP application. By creating very bare-bones pages that only expose the required functionality on each page, Rails can fetch these by passing through any relevant session authentication information and re-frame them in the right layout.
This way you can preserve existing functionality and have it embedded inside your new application. You can use something as simple as open-uri or the curb gem to handle this HTTP-level delegation.
You would end up with controllers that look like this:
class PaymentController < ApplicationController
def index
#content = fetch_legacy_url('/payments/index.php'))
end
end
The fetch_legacy_url method would create an HTTP fetch request that includes the required headers, cookies, and so forth, and return the response body. Your view then ends up looking something like this:
<%= #content =>
From there you can shunt parts of the PHP layout over to the Rails app piece by piece. For instance, ripping out large chunks of static HTML and putting them in the Rails template would reduce the amount of actual PHP code you have to port.
It's a bit messy to maintain two applications in parallel, but as you point out the alternative is to keep accumulating technical debt and making the inevitable re-write that much more significant an undertaking.
The first step would be to experiment and see if you can create a Rails environment that uses your existing data, or at least the data relevant to the new functionality you intend to build out.
This is probably a stupid question but I'll go ahead and humble myself.
The Ruby code in my controllers and models are interpreted so that a HTML result is sent to the browser. Ok, I get that part.
But is there any way for a mailicious user to somehow take a peek at the Ruby code in the controllers and models by bypassing the process that converts or interprets that code before it is sent to the browser?
The reason I'm concerned is I am planning on doing some order processing in my app and if a malicious user was able to do that, they might be able to figure out how to do all kinds of unpleasant things.
Side tip: make sure you use html_escape or h to escape user data and prevent someone from injecting code into your site. For example, use
<%= h(person.name) %> so that someone can't put javascript in the name field and have it run when people view that page.
Nope. Try and navigate to the file yourself in the browser, you won't be able to see it. Your biggest worry should be someone trying to fake out GETs and POSTs because they know how REST works.
Assuming you have things set up correctly, then the web server in front of Rails is pointed to the /public directory. So anything in that directory may be open to direct attack. However, the web server intercepts the HTTP call based on certain criteria and redirects it to Rails for processing.
The architecture of Rails makes it impossible for model and controller code to be exposed to the public. There is a possibility that view code is viewable, but ONLY if you seriously mess up the code (I think). I have never managed to expose code to the client by accident, and I have never deliberately attempted to do so.