Ruby on Rails,ROR,Ruby, Rails tips

Parallel Processing in Ruby On Rails

2012-02-10T04:17:00.000-08:00

To process big data(i,e sending millions of bulk emails), you can use fork to create N independent sub processes depending on your Machine's number of Processors. And thus you can get your Rails App more expedited.


fork do
  for i in 0..200000
    puts "I am in sub process-1"
  end
  exit
end

fork do
  for i in 0..200000
    puts "I am in sub process-2"
  end
  exit
end

....

fork do
  for i in 0..200000
    puts "I am in sub process-N"
  end
  exit
end

N processes will be managed by your machine's OS and Processors
I tested it on UBUNTU 11, Ruby 1.9.2, Rails 3.0.10

argument out of range and 0.0 issue on rails

2011-12-16T08:01:00.000-08:00

Argument out of range Exception on windows7 with Rails3 and model fields class type is float(0.0). Actually I was trying to use mysql2 gem on windows7 in Rails3.

How I fixed it in my case:

My system was x86 typed(windows7) and I had 32 bit mysql client installed in my machine with Rails 3.1 and Ruby 1.9.2
I downloaded libmysql.dll (32 bit) and placed it on windows/system32 and ruby/bin folder
I restarted my laptop and FIXED!

This is nothing but libmysql.dll version related issue with system!

Dynamic Image from text/string in Rails

2010-02-27T01:36:00.000-08:00

Image will be generated dynamically from string or text:

Use - require 'RMagick' in your class

def draw_image
#Image parameters
options = {:img_width => 300, :img_height => 250, :text_color => "#FF0000", :font_size => 36,
:text => "This is text", :bg_color => "#EFEFEF"}

#Initialize a container with it's width and height
container=Magick::Image.new(options[:img_width],options[:img_height]){
self.background_color = options[:bg_color]
}

#Initialize a new image
image=Magick::Draw.new
image.stroke('transparent')
image.fill(options[:text_color])
image.font='/var/lib/defoma/x-ttcidfont-conf.d/dirs/TrueType/Verdana_Italic.ttf'
image.pointsize=options[:font_size]
image.font_weight=Magick::BoldWeight
image.text(0,0,options[:text])
image.text_antialias(false)
image.font_style=Magick::NormalStyle
image.gravity=Magick::CenterGravity

#Place the image onto the container
image.draw(container)
container=container.raise(3,1)

# To test the image(a pop up will show you the generated dynamic image)
container.display

# generated image will be saved in public directory
#container.write("public/image.gif")
end

Pre-requisite : You must have rmagick and Imagemagick installed.
Details: http://www.simplesystems.org/RMagick/doc/draw.html

How to develop rails plugin from scratch?

2010-02-22T04:05:00.001-08:00

Generate Plugin with command: ruby script/generate plugin hello_world
It will create file system as bellow:
- lib
    - hello_world.rb
- tasks
    - hello_world_tasks.rake
- test
    - hello_world_test.rb
- init.rb
- install.rb
- uninstall.rb
- README
- Rakefile
- MIT-LICENSE

init.rb will be executed every time when your application runs. Generally hook code is to be included here like you want to make all methods of your plugin available in your app’s models, controllers, views and helpers

Example:
#All methods in module HelloWorld will be available in all #model’s object
ActiveRecord::Base.class_eval do
    include HelloWorld
end

#All methods in module HelloWorld will be available in all controllers
ActionController::Base.class_eval do
    include HelloWorld
end

#All methods in module HelloWorld will be available in all views and all helpers
ActionView::Base.class_eval do
    include HelloWorld
end

lib/ hello_world.rb :

Example:
# All methods in this library will be available in all models, controllers, views and helpers if you write code as init.rb above

module HelloWorld
    def say_hello
        return "Hello World"
    end
    def hello_text
        return “this is text”
    end
end

Now you need to do unit test your plugin’s methods. To do so follow:
test/hello_world_test.rb:

Example:
require 'test/unit'
require File.join(File.dirname(__FILE__),'../lib/hello_world.rb')

class HelloWorldTest < Test::Unit::TestCase
    include HelloWorld # includes your library methods to test

    def test_this_plugin
        hello_world = say_hello
        assert_equal hello_world, "Hello World"
        assert_not_nil hello_world
    end

    def test_another
        assert_equal true,true
    end
end

To run these test cases, go to your plugin’s directory with command prompt and run like: ruby test/hello_world_test.rb

You are done actually with plugin!

Install.rb: It will be executed only once when the plugin is being installed.

Uninstall.rb: This will be executed when you do uninstall your plugin

README: In this file, you should write easy documentation of your plugin with examples. Also you may highlight yourself here.

Security of rails Application on WEB

2010-02-13T02:19:00.000-08:00

Session Fixation:
1. In the figure(http://guides.rubyonrails.org/images/session_fixation.png), suppose a hacker login to the server with his own credential

2. Server will store his information into session against client’s _session_id (server generates this id if there is no session id already created). Next time when this client requests this session information, server will response against that _session_id.

3. Now suppose hacker becomes able to execute a script like hacker wrote a comment with following script to client’s blog post: <script>document.cookie="_session_id=16d5b78abb28e3d6206b60f22a03c8d9";</script>.

4. Suppose client refreshes his blog post page. Now client’s session id becomes equal with hacker’s session id!!!.

5. Now any one from client or hacker will get client’s credential from session!!!

6. Thus hacker will get client’s credential and do all as client

Protection:
Reset all session before login and store session information for login request like:

reset_session
Session[:user] = User from DB

SQL Injection:
Suppose we have
User.first(:conditions=>["username= #{params[:username]} AND password= #{params[:password]}"])

Will generate:
SELECT * FROM users where username=params[:username] AND password=params[:password] limit 1

What if you pass params[:password]=' OR '1'='1 ???

Will generate:
SELECT * FROM users where username=‘abc’ AND password=‘’ OR ‘1’=‘1’
The query is true and now hacker is logedin!!! For the first user credential

Protection:
Use ? In string like:
User.first(:conditions=>["username=? AND pass=?",params[:username],params[:pass]])

Use place holder like
User.first(:conditions=>"username=:username AND pass=:pass",{:username=>params[:username], :pass=> params[:pass]})

Use Hash like:
User.first(:conditions => {:username => params[:username], :password => params[:pass]})

Use to_i for integer type data
User.find(params[:id].to_i)

Phishing(1):
If a hacker writes HTML code in comment like:
<img src="http://www.domain.com/projects/destroy/1" >
than this img tag will request for an image source. Actually this src will make a request to projects controller, destroy method. Generally we check when destroy anything like:

def destroy
project = Project.find(params[:id])
if(session_user && session_user.id == project.user_id)
project.destroy()
end
end

IF CONDITION will be true and hacker will be able to destroy client’s projects!!!

Protection:
Verify requested method whether it is GET or POST in controller and in view use h() method before the comment body like
<%= h blog.comments.first.body %>
[Actually don’t trust user given input data]

Phishing(2):
If hacker writes HTML code of site’s login form into his comment like:

<div class="login_form" >
<form action="http://www.hackar.com/hack">
Username: <input type="text" name="username" >
Password: <input type="password" name=”password”>
</form>
</div>

And the fool client fills out his username and password with this injected login form than hacker will be able to grab client’s credential!

Protection:
call protect_from_forgery method from ApplicationController
which will generates a hidden field with a token into all html form like

<input name=“authentecity_token" value=“d8192312u3n123123091" type=“hidden" >

When user submits this form server will check the submitted token against generated token.

Mass assignment:
Suppose we have users table with a column name role_id. If role id is 1 then the user will be Admin than our conventional registration/profile form will be like:

<form action="/users/create" method="post">
Username: <input name="[user][username]" type="text">
Password: <input name="[user][password]" type="text">
Email: <input name="[user][email]" type="text" >
First Name: <input name="[user][first_name]" type="text" >
Last Name: <input name="[user][last_name]" type="text" >
</form>

Using FIREBUG if I push <input nanme="user[role_id]" value="1" type="hidden" > into this form then any user will be able to become Admin!

Protection:
Make role_id protected in user model which will be nil when user object is created

To update this field from admin follow:
model.rol_id = 1
model.save(false)

File Upload & Download:
Do not place file in Rails/public if it is Apache’s home directory because it may be executed (like file.php) when requested

Always use send_file method for download
Check file type when upload

Log file:
All rails generated SQL, error report, responses are logged in log file

In ApplicationController use the method bellow:
filter_parameter_logging :password

Part of Log File:
Parameters: {"commit"=>"Save", "action"=>"create", "controller"=>"[FILTERED]", “user"=>{“password"=>"[FILTERED]", “username"=>“abc"}}

Don’t use eval with params:
Eval(params[:model]).find(1)
What’s happened if you pass params[:model] = “User.destroy_all”

It will become:
Eval(“User.destroy_all”).find(1) !!!!!!!

Protection:
params[:model].constantize.find(1)

Reference: http://guides.rubyonrails.org/security.html

Simple Math-Logic-IQ-Captcha in Ruby On Rails

2009-12-12T09:42:00.001-08:00

This is controller based rails plugin for Ruby On Rails Application

Features:
1. It requires no migration, no file system management and no table
2. Question will be rendered as Image, so no script can crawl or scan it
3. Captcha result will be stored as encrypted in session
4. No Configuration - You just have to have rmagick installed
5. Try to develop on unix platform(I used UBUNTU 9.10, Rails 2.3.2, Ruby 1.8.7, Ruby Gems 1.3.5)

Screen shots:

Download link(Please see README file for usage): http://www.4shared.com/file/230676461/13dad068/eqn_captcha.html

Caching with rails

2009-12-06T00:47:00.000-08:00

http://guides.rubyonrails.org/caching_with_rails.html

AJAX with Rails, Rails RJS

2009-12-04T21:17:00.000-08:00

AJAX in Rails application with RJS
RJS - Ruby JavaScript - Generates and executes javascript code from your controller in AJAX request to process your Ruby code as well as updates your page's html DOM finally. To see details of how it works lets start

1. Suppose you have an ajax request call with an anchor tag in your view file like:
<%= link_to_remote('Click Me to show RJS',{:url => {:controller => 'experiment', :action => 'rjs'}, :loading => "", :complete => ''},{}) %>

this is content

And you want to update div of id 'id1' then
2. In Controller :
def rjs
    #you may have ROR stuff here
    render :update do |page|
        page.replace_html 'id1', 'This is content after AJAX call' # div with id1 will be replaced with the string
    end
end

Now click on the anchor then div of id ‘id1’ will be replaced by controller’s action’s method rjs’s response
Thats all of RJS basic with only 2 steps

Now if you want to replace div of id1 with another file’s content then you can do it like:
page.replace_html 'id1', :partial => "experiment/parts/part1", :locals => {:p1 => 1, :p2 => 2}
# part1 is your partial file (located in views/experiment/parts/_part1.html.erb)
# And you may pass parameters with locals p1, p2, …. pn
# you can catch this params in _part1.html.erb file like : <%= p1 %>
# You can also update more than 1 div in your view file with the same ajax request like:
page.replace_html 'id1', :partial => "experiment/parts/part1"
page.replace_html 'id2', ‘Another String’

page.remove ‘remove_div_id’
page << “js_mehtod()” # where js_mehtod() is the javascript function which resides in your view.

Now AJAX call with form submit event

this is content

<% form_remote_tag :url => {:controller => 'experiment', :action => 'rjs'}, :loading => '', :complete => '', :html => {:method => :post} do %>

<%= text_field :name %>

<%= submit_tag(Submit) %>

<% end %>

To know more visit: http://www.developer.com/lang/print.php/10924_3668331_2

How to execute SQL Query in rails Application

2009-12-02T19:50:00.000-08:00

connection = ActiveRecord::Base.connection();

Example :
1. connection.execute(any_sql_query)

2.
results = connection.execute("select * from users")
results.each do |row|
puts row[0]
end

Extending Rails ActiveRecord::Base Class

2009-12-02T19:49:00.000-08:00

Example:
1. Create a file(suppose init.rb) into your project's config/initializers folder

2. Paste the following code :
ActiveRecord::Base::class_eval do
def self.your_method
return 'Now I am in ActiveRecord'
end
end

3. Now you can call your_method from any Model of your application, i,e you are adding your_mothod(it will static method) to all your application's models

4. You can call it like :
User.your_method()
Post.your_method() etc...

Ruby open class in Rails application, extending Fixnum,Array,Date,String Class

2009-12-01T01:32:00.000-08:00

1. Make a library file(suppose "your_extension.rb") into your project's lib folder

2. require File.join(RAILS_ROOT,'lib/your_extension.rb')
- Add the above line at the End of environment.rb file

3.Suppose you want to extend Ruby Fixnum Class with your mehtods(named prime?) then PASTE the following code into "your_extension.rb"

class Fixnum
  def prime?
    n = self
    counter = 0
    1.step(n,1) {|i|
      if(n%i == 0)
        counter += 1
      end
      }
    if(counter == 2)
      return true
    else
      return false
    end
  end
end

4. Restart your Rails application and you are done!
5. Now you can call prime? method from anywhere of your Rails application like
2.prime? -- returns true
5.prime? -- returns true
10.prime? -- returns false

Pass and catch parameters with RAKE command in Rails Application

2009-11-30T20:17:00.000-08:00

1. Create a rake file(suppose pass_catch_rake_params.rake) into your project's lib/tasks folder

2. Edit this rake file with the following code:
task :rake_task => :environment do
    puts ENV['param1'] # You are catching param1
    puts ENV['param2'] # You are catching param2
end

3. Run the Rake command like this:
  rake rake_task param1=10 param2='This is a string'

Where rake_task is the rake task name and param1,param2 are the parameters name
In your rake task you will get param1 and param2 with their assigned value