Recent frustrations have led me to flee back to Ruby/Rails, and so I updated everything the other day (gems, rails, etc.), bought myself a github account, and started to tinker with some web app ideas I’ve had floating around for awhile. In doing so, I revisited a lot of old plugins and gems I used in the olden days (in railsworld, that means 2006), and tried to find out what the Rails community had moved towards in the interim.
User Authentication
Thanks to some advice from the MadRailers group, I first investigated AuthLogic for user authentication. Back in the day I remember using Salted Login Generator, which I had a tough time getting to work just because it generated so much damn code. It was hard to see the plugins’ philosophy from afar (though likely more about my inexperience with Ruby/Rails than having specifically to do the plugin.) As the Railscast superbly explains, AuthLogic doesn’t generate much code at all which leaves you to implement the lion’s share of the functionality. That’s good! By hooking up all the wires, you learn about how the module works and it’s easier to extend and customize it.
User Authorization
Authentication vs. Authorization
Briefly, authentication is the process of figuring out if the user is who they represent themselves as. Authorization is determining what, if any, permissions the user has once we know who they are. Subtle, but important difference. Here’s a link chosen at random from the net that explains a little more.
Once authentication was tapped down, it was time to turn to authorization. This I had very little experience with, since I didn’t explore it much way back when. Suggestions abounded, but I ended up exploring padlock_authorization, which was incredibly easy to setup and get working right away. Since my solution’s roles were heavily resource-based (this widget may have an owner, several readers, and an editor), this worked really well for me out of the box.
App Invites
I wanted to be able to have an owner of a resource be able to issue an invite to a non-user to be able to sign-up and automatically be added to the resource in a default role. If there’s one thing I know about things like security and randomness, it’s that I’m not smart enough to devise my own solution. Mostly because common sense only gets you so far in things like that. I’d rather be able to generate truly random tokens to hand out to invitees than make my own random_string() function. As usual, I found a great gem that did exactly what I wanted. The uuid library is easy to install, and really easy to use. From there I set up a simple SiteInvites model/controller and use the uuid.generate(:compact) method to populate the token field. Works good so far!
Development UI
My main priorities at this point are to get the underlying models and interactions working. However, I like to have at least a skeleton UI to work from until such a time as it becomes a priority. To that end, ryanb’s nifty-generators were a godsend. They set up some new script/generate targets to allow you do simple prototyping and skeleton work with prese-generated styles. It’s great for getting something halfway-decent looking up and running quickly.
Summary
The four above gems and plugins have really been awesome in the pursuit of laying down a good foundation for a couple of the apps I’m writing. Check them out, and donate to the authors if you really like them! I’ll be continuing to blog about things I run into as I develop my apps.
Post a Comment