読者です 読者をやめる 読者になる 読者になる

ボクココ

サービス開発を成功させるまでの歩み

RailsConf2012 04/23

Backbone.js & Rails


backbone is light javascript framework
put different types of code
not mvc
* models
*templates rails view
*views rails controller

JS Code Arrangement. Don't use backbone.js at the first time.
phase 1
first, use rails javascript helpers
it's owesome

phase 2 jquery plugin
call back & calback...
-> it's hard to write test

phase 3
Page object
$(function(){
MyApp.ImagesNeww.initialize();
})

function initialize {
~~.initialize();
~~.initialize();
~~.initialize();
}

phase 4 framework
backbone.js in many frameworks
+model mirrorng
+views that handle events

pattern first
Rails === API
first initialize backbone class and class
create navbar extend backbone object
NavBar = backbone.extend({
classname:
initialize:
render:
})

var myApp = {
myapp.navbar = new Navbar...
}

there were many codes that I cannot understand completely..


Backbone works fine bt consider alternatives
converting and existing app to have more client side behavior

Coffee Script for Rubyst


book: programming in coffee script

Programming Histroy...
PROGRESS.. COBOL -> C -> Java -> CoffeesScript/Ruby?

Syntax
$ ->
success = (data) ->
if data.erros?

else

$.get('/user')..

- nosemicoon
- curly braces
sometimes no brases make compile error
- no function keyword
- relaxed parenses
- whitespace format

withArg = [(arg)] ->

Condition
something() if,unless true

Object
someObject =
conf: "rails"
talk: "coffee script"

Range
a = [1..100]

Heredocs
html = """
html code
"""

console.og "Hello #{}" <- Coffee Scrit

splats: multiple argment handling

loops
for key,value of object
for somename in some Array
dosomething for number in numbers <- one liner!!

Class
class Employee extends...
constructor: (@options = {}) ->
super
options.salary ?= "$55000"

emp = new Employee()
emp.firstName = "mark"

salary ?= "$25000"

**Bound Functions**
log = (callback)->
console.log,,
callback();
console.log,,

Existential Operator
if foo?
console?.log "foo"
if currentUser?.firstName?

Mobile Rage


problem areas
landing
bottom read
advertising
don't popup
navigation
enough white space
forms
for smart phone...
text_field with auto_complete => off auto_capitalize => off
use url_field
use phone_field
use email_field


Progressive Enhancement on the Mobile Web


johnbender

Vagrant is owesome

Smart Phone Browsers
major browsers support
8 books

-markup: nojs -> js
-history : hash -> state
it optimizes each browsers
-toolbars: abs, -> fixed
-orientation
-tap vs click
click includes scroll if smartphone..
android is new IE!

Jqm on Rails
sample in jonbender's github
-setup
add viewport meta tag
meta name="viewport" content="width=device-widthm initial-scale=1"
<%= stylesheet_link_tag %>
<%= javascript_link_tag %>
script jquery
script jquery-mobile

jquery-rails
div data-role="page"
div data-role"header"

body
yield
/body

use layout partial
<$ render :layout => 'shared.oage',

application.js
$(document).on("mobilinit",function(){
$.mobile.ns "foo-";
})

android back button..
data-dom-cache="true"

debug
include_tag debug/
onLoadFailed event call

responsive design
asset pipeline


Securing your site


SQL Injection
find condition = params is danger!
use find_by
use where("email=?", params[:email])
XSS
cookies(:secure_cookie, :httponly => true, :secure => true)
use raw if you want to use raw html
Session management
rails session_store
Rails.application.config.fore_ssl = true
Allow logout(reset_session), Timeout = 45.minutes
Account lockout
no large objects!!

Mass Assignment
X User.create(params[:user])
O User.create(user_params)
def user_params
params[user].slice(:email)
end
use Model attr_protected :admin
attr_accessible :email

Direct object reference
Find user from session at first
use user.notes.create...
/users/:id/
@user = find session:user_id
@user.notes.create...

@note.editable_by>(@user)

Redirection
def login
login_business
redirect_to params[:form]
↑ it has security hole
-sanitise file names
def cleanup_filename
-sanitaize file type validates_attatchments :content_type => ..

Prosecc asynchronously

Resources
guides.rubyonrails.org/security.html
www.rorsecurity.info
brakemanscanner.org
github.com/relevance/tarantula
www.owasp.org