Our Blog

Implementing Basic HTTP Authentication in Rails

By Kevin Campusano
January 26, 2023

Nowadays it’s rather unusual to deploy HTTP Basic Authentication in a production web application. However, the need came up recently from a client. In a nutshell, due to integration requirements with a third party system, we had to provide a web app which expected credentials supplied via Basic HTTP Auth and validated against an external web service.

Luckily for us, like a great many other things, this is very easy to implement with Ruby on Rails.

Setting up a new Rails project

If you want to work along with me, and you like Docker and VS Code, take a look at this blog post to learn about the easiest way to set up an environment for development with Ruby on Rails in a container.

If not, you can follow the official docs for installing Ruby.

Once you have your environment with Ruby ready, we can go ahead and create a new Rails project to demonstrate how to set up Basic HTTP Auth.

Creating the new project

First, install the rails gem:

$ gem install rails

Then, make sure you are located in the directory where you want to create the new project and do:

$ rails new . --minimal -O

--minimal is a new option to rails new added in version 6.1 that disables a lot of default features …

Bypassing a CDN to browse a website directly on your origin host

By Seth Jensen
January 20, 2023

Using a content distribution network (CDN) has many advantages over serving a website directly, and for any reasonably large website, you should use one. Those advantages include:

• Caching at each of the CDN’s PoPs (points of presence).
• Often thousands of PoPs around the world, so traffic will be quick for everyone regardless of how far away they are from your origin server.
• Blocking of some Bad Guys automatically at the edge, including DDoS (distributed denial of service attacks) mitigation help.
• Origin IP address insulation. Hiding the origin IP address is useful to protect against DDoSes, since CDNs are generally well-defended against DDoS and your origin server probably is not as much.

You should generally be cautious about revealing your websites’ origin IP address. We serve other sites from our origin directly, so we don’t worry too much about sharing it here.

Straight to the source

Sometimes, though, you need to bypass your CDN and test your website directly on its origin server. For example, if you need to test that your website would still work if the CDN goes down, or to sidestep CDN caching or content modification when troubleshooting a problem.

It …

Using Devise for Authentication in Rails Without Database Stored Accounts

By Kevin Campusano
January 19, 2023

We can pretty much say that thanks to the venerable Devise gem, the authentication problem has been solved in Ruby on Rails. There are some instances however, when the requirements veer a little further away from convention and some customization needs to happen.

Such was the case of a recent project where we had to implement authentication and session management on a small web application that would serve as an API gateway into other system components. The interesting part was that there was no database to store accounts, and credentials would have to be validated against an external web service.

Luckily for us, the Devise gem is customizable enough to be able to fulfill this requirement via custom authentication strategies. With custom authentication strategies, one can implement completely bespoke authentication logic while still enjoying a lot of the features that Devise offers out of the box.

In this article, we’re going to walk through doing just that. Let’s get started.

To learn more about this capability of Devise, and how it relates to the underlying Warden concepts, here are some interesting sources:

• Remote authentication with devise
• Devise authentication …

Developing Rails Apps in a Dev Container with VS Code

By Kevin Campusano
January 13, 2023

One of the great gifts from the advent of Docker and containers is the ability to get a good development environment up and running very quickly. Regardless of programming language or tech stack, there is probably an image in DockerHub or elsewhere that you can use to set up a container for development, either verbatim or as a basis for more complex setups.

Moreover, even if your development environment is complex, once you have containerized it, it’s easy to replicate for new team members.

VS Code, one of the most popular editors/IDEs today, with help from the Dev Containers extension, makes the task of setting up a container for software development easier than ever.

To demonstrate that, we’re going to walk through setting up such an environment for developing Ruby on Rails applications.

Setting up a Ruby Dev Container

As I alluded to before, all we need is Docker, VS Code, and the extension. Once you have those installed, we can easily create a new Docker container ready for Ruby on Rails development and have VS Code connect to it, resulting in a fully featured development environment.

Creating the configuration file

To get started, create a new directory and open …

Updating Ruby on Rails

By Couragyn Chretien
January 12, 2023

Updating your app to the latest versions of the framework it was built on, and dependencies it uses, is an important part of the development process. It may seem like a waste to invest time and money into it, but it can bring as much value as a new feature.

One good thing about using a framework like Ruby on Rails is that security features are baked in. This saves development time as the developer doesn’t have to re-create the wheel for logins, permissions, authentication, etc. There are many users of the framework who work together to can catch and patch vulnerabilities. Unfortunately, this means if your app hasn’t been updated its weaknesses become more obvious. A black hat attacker has easy access to a list of past Rails vulnerabilities.

Have you ever been to a website that hasn’t been updated for a while and found that everything moves slower than you’re used to? As technology improves and functions are optimized application processing time can be reduced. Most releases come with a performance update that can help your application keep up with the best of them.

The gems your application uses also come out with updates to add new features and …

Kubernetes environment variables, ConfigMaps and Secrets

By Jeffry Johar
January 10, 2023

Photo by Jeffry Johar

There are 3 ways to set environment variables for the container in the Kubernetes Pod: hard-coding, ConfigMaps, and Secrets, each with its own use case.

For those who are taking the Certified Kubernetes Administrator exam, you need to know all of these by heart. These skills fall under the domain of workloads and scheduling, which is 15% of the exam.

Let’s go over how to create environment variables based on these methods.

Hard-coding

This is the method that enables us to define the environment variables in the containers section of the Pod manifest. When using this method the environment variables will be visible when we describe the Pod. The following is an example of defining the environment variables PET01=cat and PET02=dog in an nginx container.

As with most Kubernetes resources, there are 2 ways of creating Pods. You can use either one of them. The first way is the imperative way, using the kubectl CLI. This is the preferred method for the CKA exam because it is convenient, fast, and saves time. The second way is the declarative way which requires you to build the YAML file and apply it.

The imperative

kubectl run mynginx --image=nginx …

How to write end-to-end & component tests with Cypress in Vue.js

By Edgar Mlowe
December 10, 2022

Is writing tests painful for you? In this tutorial, I explain how to handle UI testing with Cypress and hope to convince you that writing tests is not always so tedious and expensive, but can be fun instead.

Cypress is a purely JavaScript-based front-end testing tool built for the modern web. it can test anything that runs in a browser and has built-in support for testing modern frameworks such as Vue.js, React, and Angular. See the full list of front-end frameworks Cypress supports.

As an example we are going to use a to-do app built using Vue. We will learn:

• How to install and set up Cypress.
• How to create a simple to-do app with Vue 3.
• How to write end-to-end tests.
• How to write component tests.

How to install and set up Cypress

1. First let’s create a new Vue project using the Vue CLI.

   Install Vue CLI if you don’t have it in your machine:

   npm install -g @vue/cli
   

2. Create a project (pick the Vue 3,babel,eslint preset):

   vue create todo-app
   

3. cd into the todo-app project and install Cypress:

   npm install cypress --save-dev
   

   No dependencies, extra downloads, or changes to your code are required!

4. Edit package.json. In the scripts section, add a command, …

Nevada State EpiTrax Launch

By Katrease Hale
December 1, 2022

Photo by Adrien Drj

If COVID-19 has taught us anything, it is that the public health landscape can change quickly, and we need a disease surveillance system that is adaptable to support our ever-evolving climate.

Having access to surveillance data for purposes of contact tracing, following trends, and monitoring evolving disease conditions allows health departments to be agile in response. This is a critical component in providing communities with a robust public health infrastructure.

For all these reasons and many more, the State of Nevada embarked on a journey to migrate away from their surveillance system, NBS, to the open-source EpiTrax system created by the Utah Department of Health. Ultimately, the Nevada decisionmakers made this change because they needed to be on one state-wide system and wanted autonomy to customize the system.

Nevada had been exploring this change for a while but due to unforeseen problems the window of time for implementation was incredibly narrow. In the first four months of End Point’s partnership with Nevada, the team was able to accomplish what was believed to be impossible in so short a time.

The Four Month Sprint

Some of the major …