Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us money per month for bills, and since we don't believe in showing ads to our users, we try to make the money back through forum registrations.
The Something Awful Forums > Discussion > Serious Hardware/Software Crap > The Cavern of COBOL > Ruby on Rails Love-In
 
  • Post
  • Reply
Space Kimchi
Jan 7, 2007

by Peatpot
I've been trying to learn Ruby on Rails on and off for a while, and I'm back on an ON kick again. :)

I'm working on something that I'd want to have a forums auth for; I've written one in PHP before and it requires setting a cookie and setting your own HTML headers and everything (you can't view profiles without being logged in). How would I even begin to try this in RoR?

Also a lot of the AJAX stuff is nice but good lord is it black magic. I follow little tutorials on how to do stuff and it just says "put this here" and I do but I have no idea WHY. I've written AJAX applications by hand before, writing my own xmlhttprequests and response scripts, so I get the mechanics of it but I am having a hard time figuring out how to get to the point in RoR where I can say, "ok I want an AJAX thing to do this, so I'd have to write code with this structure and syntax:".

* # ¿ Aug 29, 2007 23:21
  • Quote
Adbot
ADBOT LOVES YOU

# ¿ May 8, 2024 07:21
  • Quote
Space Kimchi
Jan 7, 2007

by Peatpot

Anal Wink posted:

Start with using the rjs templates and what not. Then start to actually learn Javascript and Prototype. I'm on the second step currently, and while I might not be the best javascript guy, I know what's going on and it doesn't feel like black magic anymore.

And if you ever are wondering why something works the way it does in rails, start reading the rails source code. It's not that scary, I promise. :)

It's more like, I don't get the logic at all behind the requests and responses. Indeed, I probably need to "get" Prototype more. I'll just have to play with it a bit, I think last time I was messing with it I started examining the xmlhttprequests and everything and figured out what it was doing and it started to make SOME sense.

* # ¿ Aug 30, 2007 02:43
  • Quote
Space Kimchi
Jan 7, 2007

by Peatpot

savetheclocktower posted:

If you aren't using Firebug, start. That's step one, step two, and step three.

You mean there's another way to do that? ;D

And god dammit, I never thought that my problem writing an SA auth would be more with "how do i functioned ruby" than "how do i grabbed something with cookies"

For the curious, here's what I have so far. The page nabbing works great, but I wanted to test my newly-added logic and whatnot. Note that the cookie is copied and pasted directly from the Cookie: line in the HTTP headers when I normally visit a page, on SA all of them. When I wrote a PHP one, I discovered that being selective doesn't work too well. Of course since you could use that to log in as me, I have removed it :v:

code:
module AuthHelper
  
  def authprofile(username, authstring, mode)
    username = CGI.escape(username)
    @cookie = "THIS IS MY COOKIE. THERE ARE MANY LIKE IT, BUT THIS ONE IS MINE."
    http = Net::HTTP.new('forums.somethingawful.com', 80)
    http.start do |http|
      request = Net::HTTP::Get.new('/member.php?action=getinfo&username='+username)
      request.add_field 'Cookie', @cookie
      response = http.request(request)
      response.value
      @page = response.body
    end
    
    if @page.include? authstring
      if mode=="there"
        return true
      else
        return false
      end
    else
      if mode=="there"
        return true
      else
        return false
      end
    end
    
  end
end
The wacky logic at the end is for my future plans to have a "now remove this from your profile" portion and all that, and just have one function handle all of it.

Now I'd love to test it on my ruby script/console deal, but I can't figure out how to invoke it :( Should this kind of thing be in Helpers? Oh god MVC :psyduck:

Edit: fixed some syntax after I had a chance to test it, I have to include the helper in script/console :v: Now I just have to figure out why it returns true no matter what now when it worked before!

Space Kimchi fucked around with this message at 10:14 on Aug 30, 2007

* # ¿ Aug 30, 2007 08:19
  • Quote
Space Kimchi
Jan 7, 2007

by Peatpot

crazysim posted:

This is just wild guessing and from playing with ruby.

code:
irb(main):055:0> mode = "there"
=> "there"
irb(main):056:0> authprofile(user,authstring,mode)
=> true
irb(main):057:0> mode = "smell"
=> "smell"
irb(main):058:0> authprofile(user,authstring,mode)
=> false
I don't know what you want to do with mode though.

Yeah I got rid of mode, it was a dumb idea.

code:
module AuthHelper
  
  def authprofile(username, authstring)
    username = CGI.escape(username)
    @cookie = "MY COOKIE"
    http = Net::HTTP.new('forums.somethingawful.com', 80)
    http.start do |http|
      request = Net::HTTP::Get.new('/member.php?action=getinfo&username='+username)
      request.add_field 'Cookie', @cookie
      response = http.request(request)
      response.value
      @page = response.body
    end
    
    return @page.include?(authstring)
    
  end
end
This seems to work. My only concern is, coming from a PHP background, would this leave any room for the user to put in something stupid and break my app or get me banned without any further filtration?

Edit: Also I must say, I'm impressed. I remember the equivalent PHP code being bigger, clunkier, and a bigger pain in the rear end to figure out; I had to send a WHOLE raw HTTP request, if I recall, or at least I remember it took a while to figure out it wasn't working because of the lack of the proper number of newlines after the Cookie: line, heh.

Edit2: And I confess I mostly lifted the net code from some tutorial or snippet I found and figured out how to add cookies and adjusted it to my nefarious means. In other words, don't ask me what response.value is or what it does, as I don't know. Or even EXACTLY why it's in a do|| loop, as I can only vaguely guess.

Space Kimchi fucked around with this message at 11:04 on Aug 30, 2007

* # ¿ Aug 30, 2007 10:57
  • Quote
Space Kimchi
Jan 7, 2007

by Peatpot

Space Kimchi posted:


This seems to work. My only concern is, coming from a PHP background, would this leave any room for the user to put in something stupid and break my app or get me banned without any further filtration?

Just to make it clear, I'm really hoping for more response to this, as I'm used to being Fort Knox with PHP and I'm not sure what I have to do or how careful I have to be in Rails.

And thanks Wink, making it a Model class sounds like a good idea. RESTzis can pretty much suck it imo, I'm keeping my verbs god dammit. I never liked the stateless nature of HTTP anyway. If you do, that's great, I just don't care and am going to use all the goddamned verbs and session cookies I please.

* # ¿ Aug 30, 2007 19:54
  • Quote
Space Kimchi
Jan 7, 2007

by Peatpot

brb buddy posted:

restful_authentication

OK I am really starting to wonder what the hell.

I decided to look up how this REST crap goes with logging in, since session cookies are EVIL. I came up with:

http://www.berenddeboer.net/rest/authentication.html

what. the. hell. It's pages long and :words:, and I don't get what all that effort really gets you. Less flexibility and more regular expressions, hey my two favorite things in the whole wide world!

Seriously it's like Ruby on Rails made web development too easy so someone dragged out a quote by Tim Berners-Lee or whomever the hell from 1996 and made a "what if" game to play while coding RoR applications. "What if all the cool new features of modern browsers to make up for the lovely statelessness of the original HTTP1.0 were REMOVED and we COULDN'T USE THEM?" Because developing web applications just isn't a huge enough timesink, I guess we need to triple our effort and put arbitrary limitations on which standard web browser features we can use. Awesome. Also, no verbs.

If someone wants to waste their time on this crap, knock yourself out, I guess. I'll be over here making stuff that works and just worrying about the normal lovely timesinks involved in web dev, like cross-browser CSS compliance and having the w3c inspector not poo poo bricks when I send my site through it to please some dude in IRC who swears my problems with something unrelated has to do with not using & for link strings with an ampersand in them.

Space Kimchi fucked around with this message at 22:39 on Sep 8, 2007

* # ¿ Sep 8, 2007 22:37
  • Quote
Space Kimchi
Jan 7, 2007

by Peatpot
Some good replies here about REST, and I'm glad there's nobody being an insane zealot about it and having a rational discussion. Times like this it makes the $10 (times how ever many times I've been banned and bought/rebought features :v:) so worth it :)

And yeah the statelessness of HTTP is why it became popular in a way. It's just less resources and easy to set up, but I think in applications. You just can't have an application without states, it's impossible. REST is great for like blogs and wikis and stuff but I'm interested in interactive web applocations, and awesome uses of AJAX. Some things just have to be verbed, and some things just have to have states.

When I have time to blow on doing more RoR I'm basically trying to make a multi-user game that is played over a web interface. There are enough challenges without worrying about REST. I see the value in developing large apps but ugh, still. HTTP authentication makes your site look like it's a piece of poo poo from 1994.

If they find ways to make REST a natural-feeling part of Rails I won't complain, but only if it does't make me have to hack stuff to get it to work. In the meantime, I like my verbs and session cookies. :)

* # ¿ Sep 11, 2007 03:57
  • Quote
Adbot
ADBOT LOVES YOU

# ¿ May 8, 2024 07:21
  • Quote
Space Kimchi
Jan 7, 2007

by Peatpot

Al Azif posted:

The trick is to keep the state on the client side; AJAX actually makes this very easy.

Have you taken a look at continuation-based web frameworks like Seaside at all? Seems like it would be right up your alley.

Yeah well, you know what they say about clients and how much you can trust them. I've never really had issues with cookie authentication because it's relatively hack-proof. Aside from people somehow getting other people's session cookies (if they can there are usually much more serious problems to work with, and you can do things like tying them to IP addresses if you REALLY need something secure) you can't tamper with individual data items. If you're doing some kind of online game, this is ideal. You want the game to handle any logic or transactional things, NOT the client. See: any Korean MMORPG ever made.

What I have in mind for my project is something like at http://vse.marketwatch.com though with some important differences. The details are secret for now, as I am no John Romero and I'm not sure if this thing is ever even going to get made yet, but needless to say there will be lots of privately generated pages that aren't public, and will update frequently, and just won't work well in a REST situation. You don't WANT to be able to copy and paste URLs from some parts and expect things to work.

I'll look at REST when I want to create Wordpress on Rails or whatever because we don't have enough blogging platforms, but for a game? :v:

* # ¿ Sep 11, 2007 09:00
  • Quote
  • 1
  • 2
  • 3
  • 4
  • 5
  • Post
  • Reply
The Something Awful Forums > Discussion > Serious Hardware/Software Crap > The Cavern of COBOL > Ruby on Rails Love-In