ruby

ruby
require "loofah"

class HtmlSanitizer
  ALLOWED_TAGS  = %w[p br a strong em ul ol li blockquote code pre h2 h3].freeze
  ALLOWED_ATTRS = %w[href title].freeze
  SAFE_SCHEMES  = %w[http https mailto].freeze

Safer HTML Sanitization Pipeline

rails security xss
by codesnips 4 tabs
ruby
class ExternalApiClient
  def fetch_user_data(user_id)
    ActiveSupport::Notifications.instrument(
      'api.external_service',
      service: 'user_service',
      operation: 'fetch_user',

API monitoring with custom instrumentation

rails observability monitoring
by Alex Kumar 2 tabs
ruby
class ActivityPanelController < ApplicationController
  def show
    @project = Project.find(params[:project_id])
    @events = @project.events.order(created_at: :desc).limit(50)

    latest = @events.maximum(:updated_at)

ETag + last_modified for expensive Turbo Frame endpoints

rails hotwire turbo
by Henry Kim 2 tabs
ruby
class Comment < ApplicationRecord
  belongs_to :post
  belongs_to :author, class_name: 'User'

  # Automatically broadcast changes to all subscribers of this post
  after_create_commit -> { broadcast_append_to post, target: "comments" }

Turbo Stream broadcasts for real-time collaboration

hotwire turbo-streams actioncable
by Jordan Lee 3 tabs
ruby
class UserNotificationJob < ApplicationJob
  queue_as :default

  # Retry up to 5 times with exponential backoff
  retry_on StandardError, wait: :exponentially_longer, attempts: 5

Background jobs with Sidekiq and ActiveJob

ruby rails sidekiq
by Sarah Mitchell 3 tabs
ruby
class DashboardWidget < ApplicationRecord
  broadcasts_refreshes
end

Broadcasts refreshes for complex pages (less target wiring)

rails hotwire turbo
by Henry Kim 2 tabs
ruby
module Webhooks
  class StripeController < ApplicationController
    skip_before_action :verify_authenticity_token

    def create
      payload = request.body.read

Webhook signature verification

rails security webhooks
by Alex Kumar 1 tab
yaml
production:
  primary:
    adapter: postgresql
    database: app_production
    username: app
    password: <%= ENV["PRIMARY_DB_PASSWORD"] %>

Read Replica Routing for GET-Heavy Endpoints

rails activerecord postgres
by codesnips 4 tabs
ruby
class AddSoftDeleteToDocuments < ActiveRecord::Migration[7.0]
  disable_ddl_transaction!

  def change
    add_column :documents, :marked_for_deletion_at, :datetime, null: true

Safer Time-Based Deletes with “mark then sweep”

rails reliability activerecord
by codesnips 4 tabs
ruby
module MyApp
  class Application < Rails::Application
    config.load_defaults 6.1

    # API-only mode
    config.api_only = true

Rails API-only app setup for React frontend

rails react api
by Maya Patel 2 tabs
ruby
secret = ROTP::Base32.random
current_user.update!(otp_secret: secret)

totp = ROTP::TOTP.new(secret, issuer: 'CodeSnips')
provisioning_uri = totp.provisioning_uri(current_user.email)

TOTP based multi factor authentication for sensitive actions

mfa totp authentication
by Kai Nakamura 1 tab
ruby
require 'rails_helper'

RSpec.describe 'Tasks', type: :request do
  it 'renders turbo stream on create' do
    post tasks_path,
         params: { task: { title: 'New task' } },

Request spec: Turbo Stream template is rendered

rails hotwire turbo
by Henry Kim 2 tabs