Ruby On Rails
Ruby on Rails
Currently, my cohort is wrapping up our Flatirons software engineer program journey. We just finished phase 4 of the curriculum which is centered around Ruby on Rails. Rails is a model-view-controller (MVC) framework that provides default structures for a database, a web service, and web pages. A framework, defined by Code Institute is a “platform that provides a foundation for developing software applications. A template of a working program that can be selectively modified by adding code”
For our phase 4 projects, we were tasked to build a full-stack application with a React frontend and a Rails backend. The application would need two resources on the backend. One of those resources would need to have full CRUD actions. We would also need to implement authentication/authorization as well.
For this project, I wanted to do something different than I’ve done before. In phase 2, I built a mock-up of a shopping site which some CRUD actions. I wanted to do something different than a mock of a social media site or another e-commerce site. I wanted to do something that could be a continuous project I could work on far after I finish Flatiron and as my skill set grows.
I love plants. I also forget to water plants, where I planted them, how much sun they need, and Inevitably… kill the said plant. Plants usually come with a tag or a seed packet. This tag usually has general care instructions, when to plant them, the germination rate, how much sun they need. I ALWAYS lose those tags/seed packets. So I wanted a create an application where I could store all this information in one place, to take the guessing work out of all this. A reference to keep track of when I watered, when I planted them, and when they will bloom, or when to harvest them. So I did just that.
When you log into the app, you choose from 3 different categories, house, garden, and vegetable. I decided to make them separate because the care for these 3 categories is completely different. Once you create a plant, you are taken to its page with all the information for care.
Building the database and building out the backend of the application was pretty simple. My biggest hurdle was the Authentication/Authorization portion of this project. The user would need to be authenticated to access any of the application’s resources. I decided to use JSON web tokens for this task. (JWT). When the user logs in, a token is generated. When the user makes a request, they submit their token with the request as well. The backend will then decode the token and make sure that the user has access to these resources.
JWT has some benefits and some cons. But for simplicity’s sake, JWT tokens are self-contained and the information is needed such as the header, payload, and signature.
I would need a few gems to be able to use JWT authentication. The JWT gem and the Bcrypt gem. Bcrypt allows us to salt users’ passwords before running them through a one-way hashing function.
To start, the application needed to generate a token when a user logs in. These methods are typically kept in the application controller and are provided by the JWT gem. JWT.encode takes a payload to encode, the secret of the user’s choice, and an optional third hash. It then returns a JWT as a string JWT.decode then takes that JWT string and decodes it.
The token is issued in two different controller actions, UserController#create and AuthController#create. These are responsible for when a user signs up for the first time and an already existing user.
In the AuthController#create action, We find the user by the username, and using the authenticate method provided by Bcrypt, encode_token is then called from the Application Controller passing in the user’s ID in a payload and a JSON response is rendered along with accepted status. On the front end of the application, we store the token in localStorage. Then when we make a request later, we call localStorage to Authorize the request.
In the UserController#create action, where a user is signing up for the first time, a User is created if the data is validated check passes, a token is encoded and JSON is rendered like before.
The UsersController#profile ensures that a user stays logged in if the page is refreshed or if a user does not log out.
Although this post does not give a full tutorial on how to create an Authentication for your next project. It does highlight some of the methods I used in my project to enable JWT Auth. There is much more that can be done to protect users’ data and prevent vulnerability. For me, this was a good starting point in understanding the basics of it.
Now on to phase 5 the final phase of Flatiron!
