INFUSED

In just about every Rails project I’ve worked on over the last several years we’ve needed track the user who creates and updates database records. The most popular solution seems to be DeLynn Berry’s userstamp plugin and, until recently, that’s what we’ve always chosen to use too. But after fighting incompatibility with newer versions of Rails I decided to write my own plugin. Enter Blame.

Blame automatically userstamps create and update operations if the table has columns named created_by and/or updated_by.

Installation:

ruby script/plugin install git://github.com/infused/blame.git

Blame assumes that you are using restful-authentication and expects User.current_user to return the current user. You can override this behavior by overriding the default userstamp_object method in ActiveRecord::Base or in any of your models. For example, maybe you just want to find the current user bases on the a session variable:

# In environment.rb
class ActiveRecord::Base
  def userstamp_object
    User.find(session[:user_id])
  end
end

Maybe you don’t like the default column names of created_by/updated_by. You can customize the column names globally or for individual models:

# Globally in environment.rb
ActiveRecord::Base.created_userstamp_column = :creator_id

# In a model definition
class Subscription
  self.created_userstamp_column = :creator_id
  self.updated_userstamp_column = :updater_id
end

Automatic userstamping can be turned off by setting record_userstamps:

# Globally in environment.rb
ActiveRecord::Base.record_userstamps = false

# In a model definition
class Subscription
  self.record_userstamps = false
end

Blame also adds a migration helper which will add the created_by and updated_by columns (or your custom column names) to your table:

create_table :widgets do |t|
  t.string :name
  t.timestamps
  t.userstamps
end

When using Rails’ verify method to protect your ActionController actions, you should return a list of the allowed HTTP methods in the response headers.

Let’s say you have an action called update that you want to protect from anything but a POST. I like to do it like this:

verify :method => :post, 
  :only => :update, 
  :render => {:text => '405 HTTP POST required', :status => 405}, 
  :add_headers => {'Allow' => 'POST'} 

Now if someone tries to hit the update action with anything other than a POST, an error message will be displayed and the response headers will contain (among other things):

{"Status" => "405 Method Not Allowed", "Allow" => "POST"}

In my opinion, this is a better way to go than redirecting to another action because the use of an improper HTTP method is most likely the result of either programmer error or malicious intent. By redirecting to another page, you are making it much easier to for somebody to take your site down with a denial of service attack and if it’s a programming error, you’ll locate the problem faster.

You should also make sure that you have a functional test for this behavior:

def test_invalid_update_methods
  [:get, :put, :delete].each do |http_method|
    send http_method, :update
    assert_response 405
    assert_equal 'POST', @response.headers['Allow']
    assert_equal '405 HTTP POST required', @response.body
  end
end

Additional Resources

• HTTP 1.1: Status Code Definitions
• HTTP 1.1: Header Field Definitions
• Rails API Documentation: Verification

RailsConf

Registration just opened a couple of hours ago. This year the registration fee is higher and the venue is a lot larger so it probably won’t sell out as quickly as last year. But, if you want to go, I would sign up soon. I already did.

Updates:

• 7 hours later: I’m glad I bought mine early, because they might sell out faster than last year.
• 3 days later: RailsConf '07 sells faster than any other O'Reilly conference
• 9 days later: close to 75% of the tickets have now been sold.
• 22 days later: Sold out

I have my own dedicated server running Ensim on which I run quite a few sites. Most of these are either static HTML or PHP sites, but I also host a couple of Rails apps on the same box using Lighttpd. That has turned out not to be the most reliable setup. After a year of killing hung dispatchers I decided to give mongrel_cluster and Pound a try. This is how I did it.

Note that these instructions are specific to Redhat ES4 with Ensim, though most of this stuff should work on other flavors of *nix with some slight modifications.

Prerequisites

The only prerequisite for Pound that I am aware of is pcre. You probably already have it installed, but if you don’t, install in via up2date, yum, or whatever.

Installing Pound

Download, configure and install Pound. There are stable and experimental versions to choose from. I’m using the latest experimental release:

wget http://www.apsis.ch/pound/Pound-2.1.8.tgz
tar vxzf Pound-2.1.8.tgz
cd Pound-2.1.8
./configure
make
make install

Test Configuration

I don’t like the default location for Pound’s configuration file, so I’ve created mine file here: /etc/pound/pound.cfg

In order to make sure everything is working as expected, we’re going to start with a test configuration. Something simple. Put this in your /etc/pound/pound.cfg file for now:

LogLevel 0
Alive 30

ListenHTTP
  Address 0.0.0.0
  Port 81

  Service
    BackEnd
      Address YOUR SERVER'S EXTERNAL IP
      Port 80
    End
  End

End

This configuration will proxy all inbound requests to port 81 over to Apache running on port 80. Now try to start up pound:

pound -v -f /etc/pound/pound.cfg

If it started properly, you’ll get no output. You should get an error if it couldn’t start up. Use

ps -ef | grep pound

to see if it’s running. If so, try to browse to one of the sites on your server using port 81. For example: http://www.infused.org:81. If it works we’re in business, so we’ll create a pound start-up script and configure it to start up on boot.

Setup Pound daemon

Create a /etc/init.d/pound file with the following contents:

#!/bin/sh
. /etc/rc.d/init.d/functions

# To add to services:
# chkconfig --add pound

# Enable automatic start on boot
# chkconfig pound on

### BEGIN INIT INFO
# Provides:       pound
# Required-Start: $network $syslog
# Required-Stop:
# Default-Start:  3 5
# Default-Stop:
# Description:    Starts pound reverse proxy
### END INIT INFO

if [ -z "$POUND_CONF_PATH" ]; then
        POUND_CONF_PATH="/etc/pound/pound.conf"
fi

prog="pound"
pound="/usr/local/sbin/pound"
RETVAL=0

start() {
        echo -n $"Starting $prog: "
        daemon $pound -f $POUND_CONF_PATH
        RETVAL=$?
        echo
        [ $RETVAL -eq 0 ] && touch /var/lock/subsys/$prog
        return $RETVAL
}

stop() {
        echo -n $"Stopping $prog: "
        killproc $pound
        RETVAL=$?
        echo
        [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/$prog
        return $RETVAL
}

reload() {
        echo -n $"Reloading $prog: "
        killproc $pound -HUP
        RETVAL=$?
        echo
        return $RETVAL
}

case "$1" in
        start)
                start
                ;;
        stop)
                stop
                ;;
        restart)
                stop
                start
                ;;
        condrestart)
                if [ -f /var/lock/subsys/$prog ]; then
                        stop
                        start
                fi
                ;;
        reload)
                reload
                ;;
        status)
                status $pound
                RETVAL=$?
                ;;
        *)
                echo $"Usage: $0 {start|stop|restart|condrestart|reload|status}"
                RETVAL=1
esac

exit $RETVAL

Now you can configure Pound as a service and set it to start on boot:

chmod +x /etc/init.d/pound
chkconfig --add pound
chkconfig pound on

Use the ps command again to find and then kill the pound instance you started earlier. You will probably see to instances running. Kill the first one, and the other will die with it. Once the test instance is dead, you can start, stop, and restart Pound like any other service. To start it up as a service:

service pound start

The Real Deal

Test it by browsing to a site on port 81 again. If everything looks good, it’s time to do this thing for real. Edit /etc/pound/pound.cfg and swap the ports between the proxy and the backend server. The file should now look like this:

LogLevel 0
Alive 30

ListenHTTP
  Address 0.0.0.0
  Port 80

  Service
    BackEnd 
      Address 67.15.198.2
      Port 81
    End
  End

End

Log into your Ensim control panel as the Appliance Administrator and click on the Web Server link. Change port 80 to 81 and click Update Configuration.

With the appliance updated, we now need to restart Apache and Pound to pick up their new configurations:

service pound stop
service httpd restart
service pound start

All your sites should now be accessible on port 80. Try them out. If you don’t see any problems, there is one important step left to do.

Fix Apache Logging

Right now, all the Apache logs will show you server’s IP address as the remote address. To fix this, you need to swap out %h for "%{X-Forwarded-for}i" in any LogFormat line in /etc/httpd/conf/httpd20_app.conf

You may have LogFormat lines in other files too, such as /etc/httpd/conf/httpd.conf. Change those too.

My LogFormat directive now looks like this (on one line):

LogFormat "%v:\"%{X-Forwarded-for}i\" %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" ecombined

Restart Apache again and you’re done.

service httpd restart

Subversion

If you are running Subversion under Apache, you’ll also need to tell Pound to allow the proper HTTP verbs. Add the following line to /etc/pound/pound.cfg, right under ListenHTTP:

xHTTP 2

By the way, this also tells Pound to allow the PUT and DELETE verbs, which you’ll need if you’re using the map.resources stuff in Rails.

Additional Resources

• Official Pound site
• Deploying Rails with Pound in Front of Mongrel, Lighttpd, and Apache

Coming Up

The stage is now set for Part 2, where I set up Pound to proxy to several Rails apps which are running under mongrel_cluster. Stay tuned.

Three weeks ago I left the security of my job of the last 8 years to pursue a new career as a freelance consultant/programmer.

I’ve been freelancing part-time for several years and it was always a nice supplement to my income, but I was afraid of going it alone. What if I couldn’t make enough to support my family? What if I’m not good enough? What if I fail and have to go find a job? What will people think of me then?

Earlier this year I came to the realization that there is no reason to fear failing. Would it be the end of the world if I did fail? Hardly. Would I be embarrassed? Probably. But, embarrassed or not, I can always change gears or find another job. I could even give up and just lay around watching TV all day while my wife supports me.

So, now I’m doing what I really love: Developing the best software that I’m able, using Ruby and Ruby on Rails. I also plan to spend more time working on my own software and writing about Ruby and Ruby on Rails. I’m even considering doing some speaking on the subject.

Are you looking for an experienced Ruby or Ruby on Rails developer? Maybe you’re just looking for some mentoring or guidance on a project?

Send me an email at keithm at infused.org. I’m always looking for exciting new projects.