Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Varnish+Redis - Russ Smith

Las Vegas Ruby Group
July 16, 2014
1
73

Varnish+Redis - Russ Smith

Las Vegas Ruby Group

July 16, 2014
Tweet

More Decks by Las Vegas Ruby Group

See All by Las Vegas Ruby Group
Ruby ISO Standard - David Grayson
lvrug
0
92
Windows Automation - Howard Feldman
lvrug
0
37
Separating Your Application from Rails - Brian Hughes
lvrug
0
70
SWIG and Ruby - David Grayson
lvrug
0
39
Practical Object-Oriented Design in Ruby - Charles Jackson
lvrug
3
96
The Hamster Gem - Ryan Mulligan
lvrug
1
70
Lambdas and Pops - Jan Hettich
lvrug
0
38
Making Good Use of Fonts - Russ Smith
lvrug
1
53
Writing Files - Ryan Mulligan
lvrug
0
31

Featured

See All Featured
Bash Introduction
62gerente
604
210k
The Pragmatic Product Professional
lauravandoore
25
5.8k
Code Review Best Practice
trishagee
55
15k
Stop Working from a Prison Cell
hatefulcrawdad
266
19k
4 Signs Your Business is Dying
shpigford
175
21k
[Rails World 2023 - Day 1 Closing Keynote] - The Magic of Rails
eileencodes
2
1.3k
How STYLIGHT went responsive
nonsquared
92
4.8k
Optimizing for Happiness
mojombo
370
69k
"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)
danielanewman
221
21k
The Cult of Friendly URLs
andyhume
74
5.7k
Automating Front-end Workflow
addyosmani
1356
200k
How GitHub (no longer) Works
holman
304
140k

Transcript

  1. Varnish + Redis

  2. None

  3. Redis is a key value store. ! key => value

    set key value get key # value

  4. Redis can also store hashes as a value. ! key

    => hash hset user:12345 access active hget user:12345 access # active

  5. Varnish is a high-performance HTTP accelerator.

  6. Why use Varnish? Fast, stable, low overhead. 20k+ requests per

    second. Stop hitting your slow backend.

  7. Why put them together?

  8. Paywalls Varnish uses a hash key to store request objects.

    ! /path/to/content.html /path/to/content.html + myhost.com + user_access_level ! Multiple responses for a single url.

  9. Generalize Users The simple idea is to put your users

    into different groups based on certain business logic in your application.

  10. Putting it all together

  11. Warden::Manager.after_set_user do |user, auth, opts| auth.cookies[:user] = user.id auth.cookies[:railsapp_token] =

    OpenSSL::HMAC.hexdigest( ‘sha256’, RailsApp::Application.config.secret_token, user.id.to_s + RailsApp::Application.config.secret_token) end ! Warden::Manager.after_authentication do |user, proxy, opts| $redis.hset("user:#{user.id}", 'access', user.access_level) end ! Warden::Manager.before_logout do |user, auth, opts| auth.cookies[:user] = nil auth.cookies[:railsapp_token] = nil end

  12. import redis; import digest; ! sub vcl_init { redis.init_redis('127.0.0.1', 6379,

    200); } ! sub vcl_hash { hash_data(req.url); hash_data(req.http.host); ! if (req.request != "GET") { return(hash); } else { if (req.request == "GET" && req.http.Cookie ~ "rails_app_token=") { # Grab the user id from cookies set req.http.X-RailsApp-User = regsub(req.http.Cookie, "^.*?user=([^;]*);*.*$", "\1"); ! # Grab the token from cookies set req.http.X-RailsApp-Token = "0x" + regsub(req.http.Cookie, "^.*?rails_app_token=([^;]*);*.*$", "\1"); ! # Sign the secret token with the user id set req.http.X-RailsApp-Signed = digest.hmac_sha256("<%= RailsApp::Application.config.secret_token %>”, req.http.X-RailsApp-User + "<%= RailsApp::Application.config.secret_token %>"); ! # Check if the signed request equals the cookie token # If so, we have a valid request if (req.http.X-RailsApp-Signed == req.http.X-RailsApp-Token) { set req.http.X-RailsApp-Auth = "<%= RailsApp::Application.config.secret_token %>"; # Grab the access level from redis and use that as a part of the hash set req.http.X-RailsApp-Access = redis.call("HGET user:" + req.http.X-RailsApp-User + " access"); hash_data(req.http.X-RailsApp-Access); } } } ! unset req.http.Cookie; unset req.http.Authorization; ! return(hash); }

  13. import redis; import digest; ! sub vcl_init { redis.init_redis('127.0.0.1', 6379,

    200); }

  14. sub vcl_hash { hash_data(req.url); hash_data(req.http.host); ! if (req.request != "GET")

    { return(hash); } else { … } ! unset req.http.Cookie; unset req.http.Authorization; ! return(hash); }

  15. if (req.request == "GET" && req.http.Cookie ~ "rails_app_token=") { #

    Grab the user id from cookies set req.http.X-RailsApp-User = regsub(req.http.Cookie, "^.*? user=([^;]*);*.*$", "\1"); ! # Grab the token from cookies set req.http.X-RailsApp-Token = "0x" + regsub(req.http.Cookie, "^.*?rails_app_token=([^;]*);*.*$", "\1"); ! # Sign the secret token with the user id set req.http.X-RailsApp-Signed = digest.hmac_sha256("<%= RailsApp::Application.config.secret_token %>”, req.http.X-RailsApp- User + "<%= RailsApp::Application.config.secret_token %>"); ! # Check if the signed request equals the cookie token # If so, we have a valid request if (req.http.X-RailsApp-Signed == req.http.X-RailsApp-Token) { set req.http.X-RailsApp-Auth = "<%= RailsApp::Application.config.secret_token %>"; # Grab the access level from redis and use that as a part of the hash set req.http.X-RailsApp-Access = redis.call("HGET user:" + req.http.X-RailsApp-User + " access"); hash_data(req.http.X-RailsApp-Access); } }

  16. How this looks in Rails

  17. class ArticleController < ApplicationController def show @article = Article.find(params[:id]) render(template_for_show)

    end ! def template_for_show # Not signed in, so show them a signup page or something. return :show_excerpt unless user_signed_in? ! # Getting a request from Varnish, use it's access level. if request.headers.key?('HTTP_X_RAILSAPP_ACCESS') return request.headers['HTTP_X_RAILSAPP_ACCESS'].to_sym end ! # Fallback and for development. "show_#{current_user.access_level}".to_sym end end