Tweet
Tweet

Slide 1

Slide 1 text

Web Dev best / common practices

Slide 2

Slide 2 text

Code flow

Slide 3

Slide 3 text

Git + Github + Heroku

Slide 4

Slide 4 text

~Github flow with CI server

Slide 5

Slide 5 text

https://guides.github.com/introduction/flow/

Slide 6

Slide 6 text

https://codeship.com

Slide 7

Slide 7 text

No content

Slide 8

Slide 8 text

No content

Slide 9

Slide 9 text

~100 % test coverage

Slide 10

Slide 10 text

Test

Slide 11

Slide 11 text

● Unit tests (#methods) ● Request tests (requests/responses) ● Feature tests (behavior)

Slide 12

Slide 12 text

Check your test coverage

Slide 13

Slide 13 text

github.com/colszowka/simplecov

Slide 14

Slide 14 text

No content

Slide 15

Slide 15 text

No content

Slide 16

Slide 16 text

On the beneficial effects of TDD

Slide 17

Slide 17 text

Use RSpec

Slide 18

Slide 18 text

Libraries

Slide 19

Slide 19 text

● Devise (authentication) ● Cancancan (authorization) ● Sidekiq (background jobs) ● RSpec (testing) ● Figaro (ENV variables) ● …

Slide 20

Slide 20 text

Style

Slide 21

Slide 21 text

consistency prevents surprises

Slide 22

Slide 22 text

Martin Fowler, Refactoring: Improving the Design of Existing Code, 1999

Slide 23

Slide 23 text

github.com/bbatsov/ruby-style-guide

Slide 24

Slide 24 text

Check for style offenses

Slide 25

Slide 25 text

github.com/bbatsov/rubocop

Slide 26

Slide 26 text

No content

Slide 27

Slide 27 text

developer.mozilla.org/en-US/docs/Mozilla/Developer_guide/Coding_Style

Slide 28

Slide 28 text

Security

Slide 29

Slide 29 text

Remove keys and tokens from committed code (and use ENV vars)

Slide 30

Slide 30 text

# Your secret key is used for verifying the integrity of signed cookies. # If you change this key, all old signed cookies will become invalid! development: secret_key_base: '04b10ac58bc552cd69ca04374fb39c63a2737367ad64fc9cc' test: secret_key_base: 'bba42c0a3010eff12fe90b88992879f0278373996f2c480e6' production: secret_key_base: '67ad64fc9ccc0f3da5e9098431fc0ff6fe9eebba42c0a3010' /config/secrets.yml

Slide 31

Slide 31 text

# Your secret key is used for verifying the integrity of signed cookies. # If you change this key, all old signed cookies will become invalid! development: secret_key_base: <%= ENV["SECRET_KEY_BASE"] %> test: secret_key_base: <%= ENV["SECRET_KEY_BASE"] %> production: secret_key_base: <%= ENV["SECRET_KEY_BASE"] %> /config/secrets.yml

Slide 32

Slide 32 text

/config/application.yml development: SECRET_KEY_BASE: '04b10ac58bc552cd69ca04374fb39c63a2737367ad64fc9cc' test: SECRET_KEY_BASE: 'bba42c0a3010eff12fe90b88992879f0278373996f2c480e6' production: SECRET_KEY_BASE: '67ad64fc9ccc0f3da5e9098431fc0ff6fe9eebba42c0a3010'

Slide 33

Slide 33 text

github.com/laserlemon/figaro $ figaro heroku:set -e production

Slide 34

Slide 34 text

Follow the rails way for your queries (or you’ll get SQL injections)

Slide 35

Slide 35 text

No content

Slide 36

Slide 36 text

User.where("name = ? AND password = ?", params[:name], params[:password]) User.where(name: params[:name], password: params[:password])

Slide 37

Slide 37 text

rails-sqli.org

Slide 38

Slide 38 text

Check for security holes

Slide 39

Slide 39 text

github.com/presidentbeef/brakeman

Slide 40

Slide 40 text

No content

Slide 41

Slide 41 text

guides.rubyonrails.org/security.html

Slide 42

Slide 42 text

github.com/ankane/secure_rails

Slide 43

Slide 43 text

links

Slide 44

Slide 44 text

http://rails-bestpractices.com

Slide 45

Slide 45 text

http://betterspecs.org

Slide 46

Slide 46 text

github.com/thoughtbot/guides