Thread-Safety

http://railscasts.com/episodes/365-thread-safety?view=asciicast

Rack::Lock => make sure thread safe

def threadsafe!
  @preload_frameworks = true
  @cache_classes      = true
  @dependency_loading = false
  @allow_concurrency  = true
  self
end

sometimes on production rails will remove Rack::Lock => because Web server will handle it => unicorn, Fusion Passenger => single thread

puma => multi thread 

Rails Middleware Walkthrough

http://railscasts.com/episodes/319-rails-middleware-walkthrough?view=asciicast

ActionDispatch::Static => provide static file on public

Rack::Lock => lock the app down to a single thread

ActiveSupport::Cache::Strategy::LocalCache::Middleware => cache method based on ActiveSupport::Cache::FileStore

easy to use by Rails.cache.read or Rails.cache.write

Rack::Runtime => sets an X-Runtime response header to show spending time

Rack::MethodOverride => if set params[:_method], could reset http method, ex put, delete on form

ActionDispatch::RequestId => set unique request id

Rails::Rack::Logger => log when request start, and request end

ActionDispatch::ShowExceptions & ActionDispatch::DebugExceptions => rescue error, and custom format

ActionDispatch::RemoteIp => detect ip attack

ActionDispatch::Reloader => reload classes in development mode

ActionDispatch::Callbacks =>  We can call before or after methods on this and pass in a block which will then be triggered on each request.

ActiveRecord::ConnectionAdapters::ConnectionManagement => clear db connections

ActiveRecord::QueryCache => active record query cache

ActionDispatch::Cookies, Session::CookieStore and Flash =>  set cookie, sessions

ActionDispatch::ParamsParser => prepare params

ActionDispatch::Head => transfer head request to get

Rack::ConditionalGet and Rack::ETag => set ETag header based on the response body, conditional => if not changed, not process => only send 304

ActionDispatch::BestStandardsSupport => add recommend browser to client 

LOG TAGGING IN RAILS

https://wearestac.com/blog/log-tagging-in-rails

My::Application.config.log_tags = [ :uuid ]

Now you can filter the log content by a particular request ID to see all output related to a single request 

Clickjacking

http://cyrilwang.pixnet.net/blog/post/31798436-%5B%E6%8A%80%E8%A1%93%E5%88%86%E4%BA%AB%5D-clickjacking

http://blog.miniasp.com/post/2008/10/11/The-latest-cross-browser-exploit-Clickjacking.aspx

Kidnap your click, to create unexpected behavior:

ex: use invisible iframe to controller your click

user X-FRAME-OPTIONS to prevent it 

How key-based cache expiration works

https://signalvnoise.com/posts/3113-how-key-based-cache-expiration-works

1. The cache key is fluid part and the cache content is the fixed part
2. key is calculated from the content
3. when key changes, simply write the new content to new key
4. will generate a lot of cache garbage => don’t care => Memcached will automatically evict the oldest keys first when it runs out of space
5. You deal with dependency structure by tying the model object together on updates
6. The caching itself then happens in the views based on partials rendering the objects in question

ActiveRecord::Observer

http://api.rubyonrails.org/v3.2.0/classes/ActiveRecord/Observer.html

callback, but not very related to model

we can use observer

class AuditObserver < ActiveRecord::Observer
  observe :account, :balance

  def after_update(record)
    AuditTrail.new(record, "UPDATED")
  end
end

Storing Observers in Rails

If you’re using Active Record within Rails, observer classes are usually stored in app/models with the naming convention of app/models/audit_observer.rb.

Configuration

In order to activate an observer, list it in the config.active_record.observers configuration setting in yourconfig/application.rb file.

config.active_record.observers = :comment_observer, :signup_observer

Observers will not be invoked unless you define these in your application configuration. 

how to build a virtual dom tree

如何實現一個Virtual DOM算法

https://github.com/livoras/blog/issues/13

1. use javascript object to present the structure of dom, and use it to build a real dom tree, then insert to document
2. when state updated, recreate a object tree, and then compare old tree and new tree, and record the diff
3. use 2.) diff to 1.) real dom tree

2.1. how to compare:

1.Depth-first search for new and old tree, and add unique mark

2.diff type: REPLACE, REORDER, PROPS, TEXT

3.compare list: ex => abcdefghi =>abchdfgij