Tuesday, 22 March 2011

Ruby on Rails 3 - Installing Devise authentication on Heroku

A few days ago I decided to add authentication to my Rails 3 app. I came across a few alternatives but in the end opted for Devise as this seems to be the newest and from the documents I found apparently the easiest to implement.
I needed users to be able to register new users, sign in and out and to have special admin users who could access restricted areas of the site, Devise hit all these requirements.

So I found a couple of good tutorials including https://github.com/plataformatec/devise and associated wiki https://github.com/plataformatec/devise/wiki/_pages and found these really good at getting me up and going quickly.

I got everything working locally but then when I pushed my git repo to Heroku I got the error when using the register page: We're sorry, but something went wrong. We've been notified about this issue and we'll take a look at it shortly.


so to the command line 'Heroku logs' revealed this error:
2011-03-21T14:03:09-07:00 app[web.1]: NameError (uninitialized constant Devise::Encryptors::Bcrypt):

It took me a while but after searching around any trying all sorts of things i hit the answer. and as usual it was simple, if you are deploying to heroku you need to add bcrypt-ruby to your gemfile like so:

gem 'devise', '1.1.8'
gem 'bcrypt-ruby', '2.1.4'


Also remember to generate and commit your new gemfile.lock into git and send this to heroku as well as the new gemfile or you will get the following error, as i did:

You have modified your Gemfile in development but did not check
the resulting snapshot (Gemfile.lock) into version control
You have added to the Gemfile:
* bcrypt-ruby (= 2.1.4)
FAILED: http://docs.heroku.com/bundler
Heroku push rejected, failed to install gems via Bundler


My Devise Authentication Implementation
I've added the following to the top of all my admin controller classes to ensure that only administrators can access them

before_filter :authenticate_user!
before_filter :authorise_user!


The method :authenticate_user! is a helper method built into Devise
The method :authorise_user! is my own declared in ApplicationController as follows:

def authorise_user!
  if ! current_user.try(:admin?)
    flash[:alert] = "Unauthorised"
    redirect_to ''
  end
end


where admin is a boolean field on the devise created user table. (I used option 2 from this wiki page)

For controllers which none admin users have access to I want to restrict them so that they can only see resources that they created. So for example, bob created an order-x, you don't want James to be able to access that order-x it belongs to bob not James.

For this I've created methods similar to:

def authorise_as_owner!
  order = Order.find(params[:id])
  unless current_user.try(:admin?) || order.user_id == current_user.id
    flash[:alert]  = "Not your order!"
    redirect_to ''
  end
end

Friday, 11 March 2011

The DZone effect (how blog aggregation can affect traffic)

I recently used DZone for the first time to publicise my latest blog post to a wider audience. Oh my ... it worked rather well.

So im on blogspot which gives some nice google analytics for free which i look at now and then to try and see what is popular and being read by other people.

My blog is not all that widely read to be honest, it has a fair number of hits though, approximately 250 a month mainly coming from google searches, most traffic goes to a couple of my better/more interesting posts. But then i tried out submitting a post to dzone, mainly to see what happens.

The result was instant, i got over 600 views in 2 days, for me thats a big number, was it the nature of the post (it was a little provocative) and maybe the summary on dzone made people want to see what i was on about, either way i got a large increase in my traffic %300 :-)

Im not really hung up on loads of people seeing my posts, but its nice to know your are read :-) And dzone certainly seems to deliver.

Monday, 7 March 2011

Appharbor, scripting sql server table creation using ado.net

So ive got a simple appharbor installation running, but need a database.
I was half expecting a nice API I could use similar to herokus that would let me run my scripts against the hosted DB and thus deploy my DB at the command line, but not.

What you need to do is connect to your DB through SQL server management studio (if using sql server) and do your DB work through that. All good and easy, but at work our corporate firewalls prevent us from getting out, or from external sources getting in, makes sense, and i as a lowly developer will never be able to change that, not that i would want to, it would be quite dangerous.

So what to do?
well i decided to write a page in my MVC app that (given the right credentials) will run a script that has been checked in, Here are the basics:
  • Create a DB on appharbor (use the web interface to create it, really simple)
  • Copy the connection settings and paste them into your web.config, here are mine (details changed to protect the innocent)

<connectionstrings>
    <add connectionstring="Server=db002.appharbor.net;Database=db1234;User ID=db1234;Password=lotsofrandomcharacters" name="mydb"></add>
</connectionstrings>


  • now we need a controller with an action
public ActionResult RunTheScript(string filename)
{
    try
    {
        string connStr = ConfigurationManager.ConnectionStrings["mydb"].ToString();
        using (var conn = new SqlConnection(connStr))
        {
            conn.Open();
            string filePath = Server.MapPath("\\databasescripts\\" + filename);
            FileInfo fileInfo = new FileInfo(filePath);

            string script = fileInfo.OpenText().ReadToEnd();

            SqlCommand cmd = new SqlCommand(script, conn);
            cmd.ExecuteNonQuery();
            conn.Close();
        }

        return View();
    }
    catch (Exception e)
    {
        return View("ExceptionView", e);
    }
}

  • Dont forget your routes in global.asax, Add the following before the default route.

routes.MapRoute(
    "admin_runthescript",
    "admin/runthescript/{filename}",
    new { controller = "admin", action = "runthescript" } // Parameter defaults
);


And add a couple of views (your know how to do that), one for success and one for an exception.
Yes there are better ways of doing this but its a quick and dirty demo, i expect people to use properly designed code when doing this live (Please dont mix your DB logic into your controllers people...)

A note on the exception handling, you had better do this properly too as appharbor will not give you any logging out of the box, and will not spit back helpful errors to the user, not errors that can be used to debug anyway..
  • Almost there, add a script, and save it in your databasescripts folder

CREATE TABLE [dbo].[locations](
    [id] [int] IDENTITY(1,1) NOT NULL,
    [name] [nvarchar](256) NOT NULL
) ON [PRIMARY]

INSERT INTO [dbo].[locations] ([name]) VALUES ('London')
INSERT INTO [dbo].[locations] ([name]) VALUES ('Manchester')
INSERT INTO [dbo].[locations] ([name]) VALUES ('Bristol')
INSERT INTO [dbo].[locations] ([name]) VALUES ('Bath')


  • Now add all the files to your git repo
  • commit
  • git push appharbor master
  • Run the migration through your web app using the url Controller/Action/Filename (scripts/runthescript/add_location_table.sql)
Thats pretty much it, its upto you to secure the page that can be used to create and destroy your db,dont blame me if someone gets in an messes with unsecured pages,

Maybe there is something in the pipeline at app harbor that will help us out when scripting databases, but one thing is for sure using the management studio for building your applications database is not the way forward in the long run.

The true cost of TFS, is it really "free"?

You say you've got MSDN premium, so TFS is free, good for you, it is developed and supported by Microsoft, should be a great product then??

Anyway in my personal opinion, it sucks, but try telling that to none technical people, its actually really hard, and they still insist you use it because its designed for enterprise use, isn't it?

So i thought id do a 'back of the napkin' calculation of how much it actually costs.

Our dev team is apparently worth ~40k a month, consisting of 4 devs, designer, tester, db admin, tester, ba,
10 people, for arguments sake ~4 grand each per month.
So if you take a dev pair thats 8 grand a month, or 2 grand a week.

Where is the waste (source control)?
Check-ins :- We check in 7 to 10 times a day, each time it should be instant, but mostly TFS cant quite manage it, it needs user interaction to resolve the easiest of changes, some times it cant even manage to insert new lines. So estimate 3 minutes extra per check-in thats 20 minutes a day extra, or 2 hours per week. (Caveat, if you are working in the same area of code as another pair be prepared for this to at least double, ive had some awful merges in the past even when the conflicts weren't really that hard)

Get latest :- Sometimes get latest doesn't even get the latest, leaving files out or just getting it wrong?? how?? so now and then we need to sort it out, usually after wondering what on earth is going on and trying to debug your code only to find out my source is not up to date (10 - 20 mins per day on average, 1 hr per week)

Get specific :- So, often you start using get specific instead of get latest, this is slow so we try not to do it all the time, only when we think there might be a problem, the code base is big so this takes a lot longer than a get latest 2-3 minutes extra per check in, but only done 2-3 times a day (7 minutes per day, 30 mins per week)

Merge to main (feature branching) :-
Depending on how often you merge to main, and how many other teams you have also checking into main that is going to hit you quite hard. if you are a lone team with out any teams changing your code base you have it easy and can discount this step. for me its at least a 4 hour job of doing the merge to main once every month)

Where is the waste (Build management)?
MSBuild and TFS :- This is complex, significantly more complex than the same projects built with nant and cruse control, Team city, Go, et al. it sucks a lot of our time when we need to change the builds, its hard to say how much worse it is, our code base is quite old and complex, lots of build dependencies, this needs fixing, lets be conservative and say it only takes 1 hour extra per week to maintain TFS over any of the others.

Total Waste
2 hrs + 1hr + .5 hrs + 1hr = 5.5 hours of waste a week, lets call it 5 for now, I like round numbers.

So a pair of devs is on 2 grand a week, 35 hours = £60 per hour
5 hours waste = £60 * 5 = £300 per week per pair
2 pairs in our team = £600 per week * 4 = £2,400 per month on a £40,000 dev team

Thats just a 2 pair team, if you have even a moderate size team of 4 pairs you are going to get even more pain, with developers effecting each others check ins.

Oh and what about that merge to main hell we discussed (if you are feature branching), add 4 hrs * £60 per month = £240 extra.

Summary :-
your "free" version control and build agent is not looking so "free" any more.
Its costing us at least 25 grand a year... that sounds wrong? can you please check my math...

How much is it costing you?

Disclaimer:-
In my opinion I've been quite lenient in my estimates, but when you say the numbers and add it all up it sounds awful, but it is.
Also the numbers above don't take into account other teams costs, if you have 3 dev teams (like ours) all working on the same source code, merging every month (feature branch style), all having the same pain, the figures quickly become a big drain on the business.

Problems :-
The main problem I have is how to quantify the waste, often its small things here and there, they just add up, not all the time, but especially if the team is doing TDD properly and going through refactor cycles frequently, which we are.
Any ideas on how to quantify the waste better would be appreciated.


Amendments (11-03-2011)
Thanks to my reviewers (kat, skain) for pointing out my grammatical and spelling errors (now corrected). But i did just knock out this article in the gaps i had whilst waiting for TFS, i guess its good for something. Joking apart though this does lead me to something i didnt mention and that is context switching inefficiencies. So every now and then you get 5 minutes to do other tasks, email, ect, but this is a big context switch for the pair, it takes a little time to get back into the flow again, this cost is not accounted for in the above monetary costs.

Thursday, 3 March 2011

Heroku - Installing your app and sqlite3

So ive just installed a dummy rails app to Heroku to test it out, its very very similar to appharbor, unsupprising since appharbor was inspired by heroku.

all went well untll i added a scaffold for my first admin page, when i tried to deploy this i got he error:


Application Error

An error occurred in the application and your page could not be served. Please try again in a few moments.
If you are the application owner, check your logs for details.


so i did check the logs 'heroku logs' (you need the logging add-on instaled for your app) and this is what i saw:

2011-03-03T01:24:00-08:00 heroku[web.1]: State changed from crashed to created
2011-03-03T01:24:00-08:00 heroku[web.1]: State changed from created to starting
2011-03-03T01:24:01-08:00 heroku[web.1]: State changed from crashed to created
2011-03-03T01:24:01-08:00 heroku[web.1]: State changed from created to starting
2011-03-03T01:24:08-08:00 app[web.1]: /usr/ruby1.8.7/lib/ruby/gems/1.8/gems/bundler-1.0.7/lib/bundler/runtime.rb:64:in `require': no such file to load
-- sqlite3 (LoadError)
2011-03-03T01:24:08-08:00 app[web.1]: from /usr/ruby1.8.7/lib/ruby/gems/1.8/gems/bundler-1.0.7/lib/bundler/runtime.rb:64:in `require'
2011-03-03T01:24:08-08:00 app[web.1]: from /usr/ruby1.8.7/lib/ruby/gems/1.8/gems/bundler-1.0.7/lib/bundler/runtime.rb:62:in `each'

...
...
2011-03-03T01:24:08-08:00 app[web.1]: from /home/heroku_rack/heroku.ru:1:in `new'
2011-03-03T01:24:08-08:00 app[web.1]: from /home/heroku_rack/heroku.ru:1
2011-03-03T01:24:08-08:00 heroku[web.1]: State changed from starting to crashed

so what went wrong? well looked like it was a problem loading sqlite3
stackoverflow to the rescue :-)

just make sure the references to sqlite3 are wrapped up as per the following line of code in your gemfile

group :development do
   gem 'sqlite3-ruby', :require => 'sqlite3'
end


and that is it, just do a 'heroku rake db:migrate' to get your database on heroku and your should be good to go.