Ruby on Rails

Rails AntiPatterns in Models – and How to Fix Them Rails encourages clean separation of concerns, but it’s easy to let logic leak into the wrong layer. The model is meant to encapsulate business rules and domain behavior, yet many applications end up with fat controllers, bloated views, or overly complex models. Below are common anti-patterns in Rails models and their solutions, with code. 1. View Logic Belongs in the Model A common mistake is putting conditional business logic directly in views. ...

Prerequisites This tutorial follows my previous post on handling Rails API authentication with React frontend. You can follow along without it, but I assume: You’re using Ruby on Rails with a React frontend You’ve implemented cookie‑based authentication How it works After login, the browser stores a secure cookie that’s automatically appended to every client request. An attacker’s site can forge requests on the user’s behalf, and they’ll be authenticated. Attack vector: Another site issues requests to your site while pretending to be the user. ...

Overview In this tutorial, you’ll learn how to implement cookie-based authentication with Rails 8. Rails offers many authentication methods—even DIY ones—but cookies are secure, easy to use, and handled automatically by browsers. While many tutorials use JWT, it has a major drawback: where do you store it? Local storage is insecure and easily exploited. Though you can secure JWTs with extra effort, it’s still a relatively new technology. If your primary API consumer is the browser, cookie-based authentication is safer and simpler. ...