Thread-Safety

http://railscasts.com/episodes/365-thread-safety?view=asciicast

Rack::Lock => make sure thread safe

def threadsafe!
  @preload_frameworks = true
  @cache_classes      = true
  @dependency_loading = false
  @allow_concurrency  = true
  self
end

sometimes on production rails will remove Rack::Lock => because Web server will handle it => unicorn, Fusion Passenger => single thread

puma => multi thread 

Rails Middleware Walkthrough

http://railscasts.com/episodes/319-rails-middleware-walkthrough?view=asciicast

ActionDispatch::Static => provide static file on public

Rack::Lock => lock the app down to a single thread

ActiveSupport::Cache::Strategy::LocalCache::Middleware => cache method based on ActiveSupport::Cache::FileStore

easy to use by Rails.cache.read or Rails.cache.write

Rack::Runtime => sets an X-Runtime response header to show spending time

Rack::MethodOverride => if set params[:_method], could reset http method, ex put, delete on form

ActionDispatch::RequestId => set unique request id

Rails::Rack::Logger => log when request start, and request end

ActionDispatch::ShowExceptions & ActionDispatch::DebugExceptions => rescue error, and custom format

ActionDispatch::RemoteIp => detect ip attack

ActionDispatch::Reloader => reload classes in development mode

ActionDispatch::Callbacks =>  We can call before or after methods on this and pass in a block which will then be triggered on each request.

ActiveRecord::ConnectionAdapters::ConnectionManagement => clear db connections

ActiveRecord::QueryCache => active record query cache

ActionDispatch::Cookies, Session::CookieStore and Flash =>  set cookie, sessions

ActionDispatch::ParamsParser => prepare params

ActionDispatch::Head => transfer head request to get

Rack::ConditionalGet and Rack::ETag => set ETag header based on the response body, conditional => if not changed, not process => only send 304

ActionDispatch::BestStandardsSupport => add recommend browser to client 

LOG TAGGING IN RAILS

https://wearestac.com/blog/log-tagging-in-rails

My::Application.config.log_tags = [ :uuid ]

Now you can filter the log content by a particular request ID to see all output related to a single request 

Clickjacking

http://cyrilwang.pixnet.net/blog/post/31798436-%5B%E6%8A%80%E8%A1%93%E5%88%86%E4%BA%AB%5D-clickjacking

http://blog.miniasp.com/post/2008/10/11/The-latest-cross-browser-exploit-Clickjacking.aspx

Kidnap your click, to create unexpected behavior:

ex: use invisible iframe to controller your click

user X-FRAME-OPTIONS to prevent it 

How key-based cache expiration works

https://signalvnoise.com/posts/3113-how-key-based-cache-expiration-works

1. The cache key is fluid part and the cache content is the fixed part
2. key is calculated from the content
3. when key changes, simply write the new content to new key
4. will generate a lot of cache garbage => don’t care => Memcached will automatically evict the oldest keys first when it runs out of space
5. You deal with dependency structure by tying the model object together on updates
6. The caching itself then happens in the views based on partials rendering the objects in question

ActiveRecord::Observer

http://api.rubyonrails.org/v3.2.0/classes/ActiveRecord/Observer.html

callback, but not very related to model

we can use observer

class AuditObserver < ActiveRecord::Observer
  observe :account, :balance

  def after_update(record)
    AuditTrail.new(record, "UPDATED")
  end
end

Storing Observers in Rails

If you’re using Active Record within Rails, observer classes are usually stored in app/models with the naming convention of app/models/audit_observer.rb.

Configuration

In order to activate an observer, list it in the config.active_record.observers configuration setting in yourconfig/application.rb file.

config.active_record.observers = :comment_observer, :signup_observer

Observers will not be invoked unless you define these in your application configuration. 

how to build a virtual dom tree

如何實現一個Virtual DOM算法

https://github.com/livoras/blog/issues/13

1. use javascript object to present the structure of dom, and use it to build a real dom tree, then insert to document
2. when state updated, recreate a object tree, and then compare old tree and new tree, and record the diff
3. use 2.) diff to 1.) real dom tree

2.1. how to compare:

1.Depth-first search for new and old tree, and add unique mark

2.diff type: REPLACE, REORDER, PROPS, TEXT

3.compare list: ex => abcdefghi =>abchdfgij 

css 原理

 http://kb.cnblogs.com/page/125663/

from right to left effect:

DIV#divBox p span.red{color:red;} => find class ‘red’, then find span, then find p ….

in order to filter some unrelated 元素 quickly

how to optimize css

1. 不要在ID选择器前使用标签名
   一般写法：DIV#divBox
   
   
   　　更好写法：#divBox
   　　解释：因为ID选择器是唯一的，加上div反而增加不必要的 CSS 匹配。
2. 不要在 class 选择器前使用标签名
   一般写法：span.red
   更好写法：.red
   解释：同第一条，但如果你定义了多个.red，而且在不同的元素下是样式不一样，则不能去掉，比如你css文件中定义如下：
   
   

   　　p.red{color:red;}
   　　span.red{color:#ff00ff}
   
   

   　　如果是这样定义的就不要去掉，去掉后就会混淆，不过建议最好不要这样写
3. 尽量少使用层级关系
   一般写法：#divBoxp.red{color:red;}
   更好写法：.red{..}
4. 使用 class 代替层级关系
   一般写法：#divBox ul li a{display:block;}
   更好写法：.block{display:block;}
5. 在 CSS 渲染效率中 id 和 class 的效率是基本相当的
   class 会在第一次载入中被缓存，在层叠中会有更加好的效果，在根部元素采用id会具有更加好（id有微妙的速度优势）。

how browser work

http://ued.ctrip.com/blog/how-browsers-work-i-basic-knowledge.html

http://ued.ctrip.com/blog/how-browsers-work-rendering-engine-html-parsing-series-ii.html

ruby object

https://ruby-china-files.b0.upaiyun.com/photo/2015/812ac64bfcaa3869dd842d8e929f66f9.png

http://ningandjiao.iteye.com/blog/1869447

• ruby中，一切皆對象
• 理解ruby對像模型
• 了解ruby查找方法的方式

描述了Ruby中方法調用的過程，“向左一步進入該對象的類，然後沿著祖先鏈一直查找方法，找到方法之後，根據自身的綁定執行該方法”。 因此，對象本身只有一組綁定，而方法定義都是在類中。那麼上面說到的單件方法和類宏應該在什麼地方定義呢？單件方法肯定不能定義在類中，否則將會影響該類的所有實例對象。類本身也是對象，類的方法不能定義在自身，因為對象的方法必須定義在對象的類中，而類對象的類是Class，如果把類方法定義到Class上，那麼所有的類對像都會擁有該方法。這一切迷思的答案都來源於一個Ruby中的高級概念，Eigenclass Eigenclass在Ruby中，當調用obj.class向一個對象索要它的類的時候，編譯器並沒有告訴大家全部的真相，你得到的類並不是你看到的類，你得到的是一個對象特有的隱藏類，這就是該對象的Eigenclass，雖然Object#class方法想把關於Eigenclass的信息隱藏起來，但是，存在即存在，總會被人挖出來的。 

Eigenclass是一個類，但是是一個很特殊的類，它只能有一個實例，且不能被繼承，但是其自身可以繼承其它類。因此，所有的對像都有一個自己的Eigenclass，單件方法就定義在該對象的Eigenclass中，類宏定義在該類對象的Eigenclass中

為了區分普通類和Eigenclass，Ruby會使用“#"表明該類是一個Eigenclass。 

*一個實例對象的Eigenclass的父類是該對象的類 

*一個類對象的Eigenclass的父類是該類對象的父類的EigenClass。 

singleton_method

singleton_method means object’s specific method

when we define method on specific object, will insert the singleton class between object and his class.

1. puts example2. class  
2.   
3. class  << example2  
4.   puts  self  
5. end  

輸出結果：

1. ExampleClass  
2. #<Class:#<ExampleClass:0x28305d>>  

And if we add class method on class just like add singleton method on class 

instance_eval 與class_eval

instance_eval’s receiver must be an instance. and if an instance call instance_eval => mean you can define this instance’s singleton_method.

and because class is a instance of Class => so class also can call instance_eval => define this class’s singleton_method => class method

class_eval’s receiver must be an class. and if class call class_eval => you can define this class’s instance_method

instance_eval must be call by instance, use to define singleton_methods

class_eval must be call by class, use to define instance_methods 

Rails 啟動過程

1 啟動！

1. call ruby rails in RVM folder => railties/bin/rails => require "rails/cli"
2. railties/lib/rails/app_rails_loader.rb : find ‘bin/rails’
3. bin/rails: require_relative '../config/boot and require 'rails/commands'
4. config/boot.rb: setting Bundler, Gemfile
5. rails/commands.rb: setting aliases, require 'rails/commands/commands_tasks'
6. rails/commands/command_tasks.rb: run command, => rails/commands/server => require ‘fileutils, ‘optparse', ‘action_dispatch’, require 'rails'
7. actionpack/lib/action_dispatch.rb: response routes
8. rails/commands/server.rb: inherited from Rack::Server: call Rack::Server’s initialize。
9. Rack: lib/rack/server.rb: provide interface for app on rack base, => setting options
10. config/application.rb: app settings
11. Rails::Server#start: still will call Rack::Server.start
12. config/environment.rb
13. config/application.rb => require ‘rails/all'

2 載入 Rails

1. railties/lib/rails/all.rb
2. config/environment.rb
3. railties/lib/rails/application.rb: initialize!
4. Rack: lib/rack/server.rb

oauth 2.0 work flow

http://coding.anyun.tw/2012/03/13/oauth-2/

https://blog.yorkxin.org/posts/2013/09/30/oauth2-1-introduction/

oAuth want to replace traditional user/password flow, more security.

User don’t need to provide his user/password to third party( like small game on FB), when want to play small game, 

will flow oauth work flow to get your permission to get access token to share your data with small game

U:  User (resource owner)

C:  Client (application)

A:  Authorization server

R:  Resource server

1. C register on A, apply clientID & Secret, and also need to set redirect_url
2. when user want to use his resource to do something, through C
3. if not login in,
   1. 1) C set Authorization Request to U
   2. 2) U response Authorization Grant to C
   3. 3) C set Authorization Grant to A
   4. 4) A response Access Token to C
   5. 5) C use Access token to R to get resource
   6. 6) R response Protected Resource to C

some variable:

response_type => code or token, if code, have next phase authorization

                                                      if token, will response token directly

client_id => C register on A

redirect_uri => just for know response to where

scope => set protected what resources

state => any word you want to sent

code => when response_type set code, will append on redirect_uri

client_secret => C register on A

grant_type => for validate code available

access_token => use this to get api

the max different between oAuth1.0a and oAuth 2.0 is scope