├── swift
    ├── Swift.md
    ├── Swift - Getting Started.md
    └── Swift - Router.md
├── capistrano.md
├── images
    ├── mail-dns-records.png
    ├── s3-iam-user-policy.png
    ├── xcode
    │   ├── tabbar_segues.png
    │   ├── unstyled
    │   │   ├── setup_pods.png
    │   │   ├── screenhero_login.png
    │   │   └── sreenhero_signup.png
    │   ├── create_a_new_xcode_project.png
    │   ├── create_a_new_project_with_options.png
    │   └── create_a_new_single_view_application.png
    ├── s3-iam-create-new-users.png
    ├── keychain
    │   ├── allow_access_token.png
    │   └── allow_access_secret.png
    └── setting-up-a-dev-machine
    │   ├── macvim-find.png
    │   └── macvim-new-tab.png
├── unformatted
    ├── swift2.md
    ├── healthkit.md
    ├── docker.md
    ├── agile.md
    ├── bash.md
    ├── setting-up-a-git-server.md
    ├── phoenix.md
    ├── shopify_application_proxy_sessions.md
    ├── swift.md
    ├── resque.md
    ├── security_and_oauth_links.md
    ├── shopify-theme-development.md
    ├── social_sharing.md
    ├── elixir-phoenix-dokku.md
    ├── rails_security.md
    ├── shopify_forms.md
    ├── sidekiq.md
    ├── dokku.md
    └── doorkeeper.md
├── gems.md
├── chef_default_attributes.md
├── heroku.md
├── xcode_and_ios.md
├── rails_development_environment.md
├── Untitled.md
├── Elixir.md
├── digital_ocean.md
├── shopify_api_interaction.md
├── README.md
├── vagrant.md
├── Elixir Deployment.md
├── mobile_app_and_rails_communications.md
├── checkinstall.md
├── unformatted.md
├── advanced_bootstrapping.md
├── creating-an-inverted-mask-layer-osx.md
├── upload-direct-to-s3-with-processing.md
├── scripts
    └── sshd_config
├── javascript_popups.md
├── git.md
├── shopify_embedded_app.md
├── keychain.md
├── ssl.md
├── setting_up_a_new_dev_machine.md
├── uploading.md
└── asus_wl520gu.md


/swift/Swift.md:
--------------------------------------------------------------------------------
1 | # Swift
2 | 
3 | Getting Started
4 | 


--------------------------------------------------------------------------------
/capistrano.md:
--------------------------------------------------------------------------------
1 | # Deploying with Capistrano
2 | 
3 | 
4 | 


--------------------------------------------------------------------------------
/images/mail-dns-records.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jeffrafter/howto/HEAD/images/mail-dns-records.png


--------------------------------------------------------------------------------
/images/s3-iam-user-policy.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jeffrafter/howto/HEAD/images/s3-iam-user-policy.png


--------------------------------------------------------------------------------
/images/xcode/tabbar_segues.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jeffrafter/howto/HEAD/images/xcode/tabbar_segues.png


--------------------------------------------------------------------------------
/images/s3-iam-create-new-users.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jeffrafter/howto/HEAD/images/s3-iam-create-new-users.png


--------------------------------------------------------------------------------
/images/keychain/allow_access_token.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jeffrafter/howto/HEAD/images/keychain/allow_access_token.png


--------------------------------------------------------------------------------
/images/xcode/unstyled/setup_pods.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jeffrafter/howto/HEAD/images/xcode/unstyled/setup_pods.png


--------------------------------------------------------------------------------
/unformatted/swift2.md:
--------------------------------------------------------------------------------
1 | # Swift
2 | 
3 | https://www.raywenderlich.com/113388/storyboards-tutorial-in-ios-9-part-1
4 | 
5 | 
6 | 


--------------------------------------------------------------------------------
/images/keychain/allow_access_secret.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jeffrafter/howto/HEAD/images/keychain/allow_access_secret.png


--------------------------------------------------------------------------------
/images/xcode/create_a_new_xcode_project.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jeffrafter/howto/HEAD/images/xcode/create_a_new_xcode_project.png


--------------------------------------------------------------------------------
/images/xcode/unstyled/screenhero_login.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jeffrafter/howto/HEAD/images/xcode/unstyled/screenhero_login.png


--------------------------------------------------------------------------------
/images/xcode/unstyled/sreenhero_signup.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jeffrafter/howto/HEAD/images/xcode/unstyled/sreenhero_signup.png


--------------------------------------------------------------------------------
/images/setting-up-a-dev-machine/macvim-find.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jeffrafter/howto/HEAD/images/setting-up-a-dev-machine/macvim-find.png


--------------------------------------------------------------------------------
/images/setting-up-a-dev-machine/macvim-new-tab.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jeffrafter/howto/HEAD/images/setting-up-a-dev-machine/macvim-new-tab.png


--------------------------------------------------------------------------------
/images/xcode/create_a_new_project_with_options.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jeffrafter/howto/HEAD/images/xcode/create_a_new_project_with_options.png


--------------------------------------------------------------------------------
/images/xcode/create_a_new_single_view_application.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jeffrafter/howto/HEAD/images/xcode/create_a_new_single_view_application.png


--------------------------------------------------------------------------------
/unformatted/healthkit.md:
--------------------------------------------------------------------------------
1 | # HealthKit
2 | 
3 | * [http://www.shinobicontrols.com/blog/posts/2014/08/04/ios8-day-by-day-day-12-healthkit](http://www.shinobicontrols.com/blog/posts/2014/08/04/ios8-day-by-day-day-12-healthkit)


--------------------------------------------------------------------------------
/gems.md:
--------------------------------------------------------------------------------
1 | # Gems
2 | 
3 | When creating a gem it is useful to start with a template from `bundler`:
4 | 
5 |   bundle gem YOUR_GEM_NAME
6 |   
7 | This will create a folder and stub out the `gemspec` and version information.
8 | 
9 | 


--------------------------------------------------------------------------------
/unformatted/docker.md:
--------------------------------------------------------------------------------
1 | Docker and CoreOS
2 | 
3 | https://coreos.com/docs/launching-containers/building/getting-started-with-docker/
4 | https://www.digitalocean.com/community/tutorials/how-to-set-up-a-coreos-cluster-on-digitalocean
5 | https://coreos.com/docs/distributed-configuration/etcd-security/


--------------------------------------------------------------------------------
/unformatted/agile.md:
--------------------------------------------------------------------------------
 1 | # Agile
 2 | 
 3 | * IPM
 4 | * Daily Standup
 5 | * Weekly individual checkins
 6 | * Retro every other week
 7 | 	- Spend five minutes making cards
 8 | 	- Spend five minutes voting
 9 | 	- :), :|, :(, -> 
10 | * Demo!
11 | 
12 | ## How do you handle this
13 | 
14 | * Long term planning?
15 | * Reactions and bugs?
16 | 


--------------------------------------------------------------------------------
/chef_default_attributes.md:
--------------------------------------------------------------------------------
1 | * __Default attributes__: this loads the information from the default data bag and merges the values into our current node.
2 | 
3 | 
4 |    ## Default attributes
5 |     #
6 |     default_data_bag = data_bag_item("default", "sample")
7 |     node.default_attrs = Chef::Mixin::DeepMerge.merge(node.default_attrs, default_data_bag.to_hash)


--------------------------------------------------------------------------------
/heroku.md:
--------------------------------------------------------------------------------
 1 | # Heroku
 2 | 
 3 | ```
 4 | git remote add heroku HEROKU_REPO_URL
 5 | git push heroku master
 6 | heroku login
 7 | heroku pg:reset --app APP_NAME DB_NAME
 8 | heroku run --app APP_NAME rake db:migrate
 9 | heroku restart
10 | heroku run rails console
11 | heroku config:set `cat .env`
12 | 
13 | ```
14 | 
15 | Upgrading the database
16 | ----------------------
17 | https://devcenter.heroku.com/articles/upgrading-heroku-postgres-databases#upgrade-with-pgbackups-transfer-default


--------------------------------------------------------------------------------
/xcode_and_ios.md:
--------------------------------------------------------------------------------
 1 | # Xcode and iOS
 2 | 
 3 | 
 4 | Create a new Xcode Project
 5 | 
 6 | ![Create a new XCode Project](./images/xcode/create_a_new_xcode_project.png)
 7 | 
 8 | When you create the project choose a _Single View Application_:
 9 | 
10 | ![Choose a Single View](./images/xcode/create_a_new_single_view_application.png)
11 | 
12 | Setup the project options:
13 | 
14 | ![Setup project options](./images/xcode/create_a_new_project_with_options.png)
15 | 
16 | 
17 | ## Follow the Parse quick start guide
18 | 
19 | [https://www.parse.com/apps/quickstart#parse_data/mobile/ios/native/existing](https://www.parse.com/apps/quickstart#parse_data/mobile/ios/native/existing)
20 | 
21 | 
22 | 


--------------------------------------------------------------------------------
/rails_development_environment.md:
--------------------------------------------------------------------------------
 1 | # Rails development environment
 2 | 
 3 | 
 4 | -- Lots to do here
 5 | 
 6 | # Update rbenv to get the latest ruby
 7 | 
 8 | You might have installed rbenv/ruby-build in one of three ways (on OSX):
 9 | 
10 | As a git repo (old method):
11 | 
12 | ```
13 | cd ~/.rbenv
14 | git pull
15 | rbenv install -l
16 | rbenv install 2.1.1
17 | ```
18 |     
19 | Installed via Homebrew:
20 | 
21 | ```
22 | brew update
23 | brew upgrade rbenv ruby-build
24 | rbenv install -l
25 | rbenv install 2.1.1
26 | ```
27 | 
28 | Installed with ruby-build as a plugin (currently the recommended way):
29 | 
30 | ```
31 | cd ~/.rbenv/plugins/ruby-build
32 | git pull
33 | rbenv install -l
34 | rbenv install 2.1.1
35 | ```
36 | 


--------------------------------------------------------------------------------
/unformatted/bash.md:
--------------------------------------------------------------------------------
 1 | # Bash
 2 | 
 3 | [http://www.kfirlavi.com/blog/2012/11/14/defensive-bash-programming/?utm_content=bufferbb394&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer](http://www.kfirlavi.com/blog/2012/11/14/defensive-bash-programming/?utm_content=bufferbb394&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer)
 4 | 
 5 | * Try to keep globals to minimum
 6 | * UPPER_CASE naming
 7 | * `readonly` declaration
 8 | * Use globals to replace cryptic `$0`, `$1`, etc.
 9 | * Globals I always use in my programs:
10 | 
11 | 
12 | Additionally:
13 | 
14 | * Always quote all vars (use `"$var"` instead of `$var`)
15 | * Always use `set -e` on scripts to set error handling
16 | * Always use `-- -u` to require vars to be declared before using them


--------------------------------------------------------------------------------
/Untitled.md:
--------------------------------------------------------------------------------
 1 | 
 2 | App opens 
 3 | 
 4 | check if there is an access_token?
 5 | 
 6 | post to /v1/numbers
 7 |   find_or_create_number
 8 |   cancel other confirmations sent to this phone number?
 9 |   create a confirmation
10 |   send a text
11 |   
12 | user gets the text and inputs code
13 | 
14 | post to /v1/confirmations with number and code
15 |   confirmation is confirmed
16 |   find or create a user for the confirmed phone number
17 |   access_token is created and returned and stored
18 |   
19 |   
20 | user has an access_token and is "logged in"
21 | 
22 | adding contacts
23 | adding locations
24 | 
25 | 
26 | SecureRandom.hex(32)
27 | 
28 | 
29 |   
30 | user
31 |   number_id
32 |   confirmation_id
33 |   home_id
34 |   locations
35 |   contacts      
36 |   
37 | 


--------------------------------------------------------------------------------
/unformatted/setting-up-a-git-server.md:
--------------------------------------------------------------------------------
 1 | 
 2 | # Setting up a git server
 3 | 
 4 | See [http://gitolite.com/gitolite/gitolite.html#install](http://gitolite.com/gitolite/gitolite.html#install)
 5 | 
 6 | You need git:
 7 | 
 8 |     apt-get install git
 9 | 
10 | Add a user (using `sudo` or as root):
11 | 
12 |     useradd -D -s /bin/bash
13 |     useradd git
14 |     usermod -a -G ssh-user git
15 |     mkdir /home/git
16 |     mkdir /home/git/.ssh
17 |     chmod 700 /home/git/.ssh
18 |     chown git:git /home/git -R
19 | 
20 | Switch to the git user and install:
21 | 
22 |     su - git
23 |     mkdir -p /home/git/bin
24 |     git clone git://github.com/sitaramc/gitolite
25 |     gitolite/install -ln /home/git/bin        
26 | 
27 | You'll need your public key to setup the administrator account. From your local you can run `cat ~/.ssh/id_rsa.pub | pbcopy`. Then on the server:
28 | 
29 |     touch YOURNAME.pub
30 |     nano YOURNAME.pub
31 |     gitolite setup -pk YOURNAME.pub
32 | 
33 | You are setup. From your local:
34 | 
35 |    git clone git@YOURHOST:gitolite-admin
36 | 
37 | Now you can add new keys and you can configure the repos in the conf.
38 | 


--------------------------------------------------------------------------------
/Elixir.md:
--------------------------------------------------------------------------------
 1 | # Elixir
 2 | 
 3 | ## Mocks
 4 | 
 5 | ```elixir
 6 | defmodule Textmewhen.V1.NumberControllerTest do
 7 |   use Textmewhen.ConnCase, async: false
 8 |   
 9 |   import Mock
10 | 
11 |   alias Textmewhen.Number
12 | 
13 |   @valid_attrs %{phone_number: "9519020972"}
14 |   @invalid_attrs %{}
15 | 
16 |   setup %{conn: conn} do
17 |     app = Repo.insert!(Textmewhen.OauthApplication.changeset(%Textmewhen.OauthApplication{}, %{name: "App", redirect_uri: "a://b", scopes: "all"}))
18 | 
19 |     conn = conn
20 |     |> put_req_header("accept", "application/json")
21 |     |> put_req_header("x-application-id", app.uid)
22 | 
23 |     {:ok, conn: conn}
24 |   end
25 | 
26 |   test "creates and renders resource when data is valid", %{conn: conn} do
27 |     with_mock ExTwilio.Message, [create: fn (_) -> :ok end ] do
28 |       conn = post conn, v1_number_path(conn, :create), number: @valid_attrs
29 |       assert json_response(conn, 201)["data"]["id"]
30 |       assert Repo.get_by(Number, @valid_attrs)
31 |     end
32 |   end
33 | 
34 |   test "does not create resource and renders errors when data is invalid", %{conn: conn} do
35 |     conn = post conn, v1_number_path(conn, :create), number: @invalid_attrs
36 |     assert json_response(conn, 422)["errors"] != %{}
37 |   end
38 | end
39 | 
40 | ```
41 | 
42 | Genserver:
43 | https://blog.drewolson.org/understanding-gen-server/
44 | 


--------------------------------------------------------------------------------
/unformatted/phoenix.md:
--------------------------------------------------------------------------------
 1 | # Phoenix & Elixir
 2 | 
 3 | ## Pre-reqs
 4 | 
 5 | * Elixir 1.1.0 or greater
 6 | * Hex
 7 | * Postgres
 8 | * Node version 5.3.0 or greater
 9 | 
10 | ```    ​​
11 | ​​brew update
12 | brew install nodejs
13 | brew install postgres
14 | brew install elixir
15 | mix local.hex
16 | ```
17 | 
18 | ### Vim
19 | 
20 | For vim support you can use: https://github.com/elixir-lang/vim-elixir. If you're using `vim-elixir` then you should remove the support for elixir in syntastic.
21 | 
22 | You might want to add `_build` and `deps` to your custom ignore:
23 | 
24 | `let g:ctrlp_custom_ignore = '\v[\/](node_modules|target|dist|tmp|log|_build|deps)|(\.(swp|ico|git|svn))$'`
25 | 
26 | 
27 | ## Install Phoenix
28 | 
29 | Get the latest:
30 | 
31 | ```
32 | mix archive.install https://github.com/phoenixframework/archives/raw/master/phoenix_new.ez
33 | ```
34 | ​
35 | ## Hello World
36 | 
37 | ```
38 | mix​​ ​​phoenix.new​​ ​​hello​
39 | cd hello
40 | mix ecto.create
41 | mix ecto.migrate
42 | mix phoenix.server
43 | ```
44 | 
45 | > If you get the error **"\*\* (Mix) The database for Hello.Repo couldn't be created: FATAL (invalid_authorization_specification): role "postgres" does not exist"** then `createuser -s postgres`
46 | 
47 | 
48 | ## Run tests
49 | 
50 | ```
51 | mix test
52 | ```
53 | 
54 | # Questions
55 | 
56 | * What is scrub_params
57 | * Why is :empty deprecated
58 | 


--------------------------------------------------------------------------------
/digital_ocean.md:
--------------------------------------------------------------------------------
 1 | # Digital Ocean
 2 | 
 3 | 1. Setup your digital ocean account
 4 | 2. Add your ssh key
 5 |  
 6 | Next get the gem
 7 |    
 8 |     gem install knife-digital_ocean
 9 |     
10 | Change your knife.rb:
11 | 
12 |     cookbook_path    ["cookbooks", "site-cookbooks"]
13 |     node_path        "nodes"
14 |     role_path        "roles"
15 |     environment_path "environments"
16 |     data_bag_path    "data_bags"
17 | 
18 |     encrypted_data_bag_secret ".chef/encrypted_data_bag_secret"
19 | 
20 |     knife[:secret_file] = ".chef/encrypted_data_bag_secret"
21 |     knife[:berkshelf_path] = "cookbooks"
22 |     knife[:bootstrap_user] = "sample"
23 | 
24 |     knife[:digital_ocean_client_id] = "#{ENV['DIGITAL_OCEAN_CLIENT_ID']}"
25 |     knife[:digital_ocean_api_key]   = "#{ENV['DIGITAL_OCEAN_API_ID']}"
26 | 
27 | Create a droplet:
28 | 
29 |     DIGITAL_OCEAN_CLIENT_ID=XXXX DIGITAL_OCEAN_API_ID=YYYY knife \
30 |       digital_ocean droplet create -N <FQDN> \
31 |                                    -I <IMAGE ID> \
32 |                                    -L <REGION ID> \
33 |                                    -S <SIZE ID> \
34 |                                    -K <SSH KEY-ID(s), comma-separated> \
35 |                                    -B \
36 |                                    -r "<RUNLIST>"
37 |  
38 |   
39 |   
40 |   digital_ocean_creds = Chef::EncryptedDataBagItem.load("passwords", "digital_ocean")
41 | knife[:digital_ocean_client_id] = "#{ENV['DIGITAL_OCEAN_CLIENT_ID'] || digital_ocean_creds['digital_ocean_client_id']}"
42 | knife[:digital_ocean_api_key]   = "#{ENV['DIGITAL_OCEAN_API_ID'] || digital_ocean_creds['digital_ocean_api_id']}"


--------------------------------------------------------------------------------
/shopify_api_interaction.md:
--------------------------------------------------------------------------------
 1 | # Shopify API interaction
 2 | 
 3 | You'll want to talk to the API and the best way to do this is using the Shopify API gem. Add the following to your `Gemfile`
 4 | 
 5 |     gem 'shopify_api'
 6 |     gem 'rest-client'
 7 | 
 8 | Then `bundle`.
 9 | 
10 | ## API keys
11 | 
12 | In order to get started you are going to need to setup your application as a _Private Application_ on your shop. To do this, create a new private application: 
13 | 
14 |     https://YOURSHOP.myshopify.com/admin/apps/private/new
15 | 
16 | Once created, go to the application and find the API keys, add them to your `.env`:
17 | 
18 |     SHOPIFY_API_KEY="YOUR_API_KEY"
19 |     SHOPIFY_PASSWORD="YOUR_PASSWORD"
20 |     SHOPIFY_SHOP="YOUR_SHOP_NAME"
21 | 
22 | 
23 | Once you have the API keys in your `.env` you should import them into your `config/secrets.yml`:
24 | 
25 |     shopify_api_key: <%= ENV["SHOPIFY_API_KEY"] %>
26 |     shopify_password: <%= ENV["SHOPIFY_PASSWORD"] %>
27 |     shopify_shop: <%= ENV["SHOPIFY_SHOP"] %>
28 | 
29 | 
30 | ## Initializer
31 | 
32 | Once you've setup your API keys you'll want to preload them in an initializer. Create `/config/initializers/shopify.rb`:
33 | 
34 |     shopify_shop_url = "https://#{Rails.application.secrets.shopify_api_key}:#{Rails.application.secrets.shopify_password}@#{Rails.application.secrets.shopify_shop}.myshopify.com/admin"
35 |     ShopifyAPI::Base.site = shopify_shop_url
36 | 
37 | 
38 | ## Metafields
39 | 
40 | 
41 | product.add_metafield(ShopifyAPI::Metafield.new({
42 |    :description => 'Author of book',
43 |    :namespace => 'book',
44 |    :key => 'author',
45 |    :value => 'Kurt Vonnegut',
46 |    :value_type => 'string'
47 | }))


--------------------------------------------------------------------------------
/unformatted/shopify_application_proxy_sessions.md:
--------------------------------------------------------------------------------
 1 | # Shopify Application Proxy Sessions
 2 | 
 3 | **Problem:**
 4 | 
 5 | - Cookies are not passed for application proxy pages (eliminating cookie based sessions)
 6 | - There is no way in normal shopify pages to read params except via javascript 
 7 | - Params are lost after built-in redirects (eliminating url / param based sessions)
 8 | 
 9 | 
10 | 
11 | ## Using the customer
12 | 
13 | * When a customer is created you respond to a webhook and generate a secret token
14 | * All future interaction with the proxy passes the embedded customer_id and customer_token
15 | * The customer_id and customer_token can be embedded in forms throughout the store and can also be injected as metafields making AJAX easier
16 | * Serving get requests for pages means you have to add the parameters to the top url (which is ugly). This could be masked with a container page rendered as liquid and a sub page rendered with an iframe (same domain)
17 | 
18 | ### Downsides
19 | 
20 | * requires customer accounts :(
21 | * get requests require url params
22 | 
23 | ### Upside
24 | 
25 | * Requires way less adjustments to the rest of the store
26 | 
27 | ## Using a JavaScript cookie
28 | 
29 | 1. Check for app session cookie
30 | 2. If cookie does not exist you post to an `/a/session` route to get a secret token in the response 
31 | 3. Secret gets stored in session cookie via javascript
32 | 4. Subsequent requests can fetch the cookie via javascript and append `<iframe>` with the session token as a parameter in the iframed url
33 | 5. As an alternative, the extracted session cookie could be used to append onto urls throughout the system (i.e., on product pages)
34 | 
35 | 
36 | ### Downsides
37 | 
38 | * requires javascript and cookie interaction
39 | * requires a setup request
40 | * requires multiple requests per page (if using iframes)


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # How to
 2 | 
 3 | I've long been under the illusion that building websites is easy and that just about anyone can do it. I am still under that illusion of course (please see the previous sentence), but more and more I have found that doing it requires a lot of reference. This is a attempt at keeping all of my references and decisions in one place.
 4 | 
 5 | Please note: much of this should be considered wrong. Also, very much of it will be suboptimal. The goal is to build something that performs reasonably well while maximizing the ability to make changes.
 6 | 
 7 | Also, I break all of my own rules all the time.
 8 | 
 9 | ## Working with Ruby and Ruby on Rails
10 | 
11 | Here is the rough table of contents that I want to cover:
12 | 
13 | * Getting your development environment setup
14 | * [Starting a Rails app](starting_a_rails_app.md) Basic start and repository
15 | * [Git](git.md) Making changes and reviewing code
16 | * [Vagrant](vagrant.md) Testing server infrastructure locally
17 | * [Provisioning](provisioning.md) Chef, Berkshelf, knife, etc. etc.
18 | * The Cloud
19 | * Deploying to Heroku
20 | * Deploying to Linode
21 | * Deploying to AWS
22 | * The Asset Pipeline
23 | * Databases
24 | * Patterns (http://blog.codeclimate.com/blog/2012/10/17/7-ways-to-decompose-fat-activerecord-models/)
25 |   * Value Objects
26 |   * Service Objects
27 |   * Query Objects
28 |   * Form Objects
29 |   * View Objects
30 |   * Policy Objects
31 | * CDNs
32 | * Background jobs and workers
33 | * Cron
34 | * Errors
35 | * Authentication
36 | * Google, Twitter, Facebook, OAuth and you
37 | * Notifications
38 | * Mobile
39 | * Uploading things
40 | * Analytics
41 | * Performance (measure)
42 | * Monitoring
43 | * Backups
44 | * Google Analytics
45 | * Admin
46 | * SSL
47 | * A/B testing
48 | * Rollout features
49 | * Realtime Stuff
50 | 
51 | Style
52 | -----
53 | * Bootstrap and friends
54 | * Grids
55 | * Uikit
56 | * Responsive design
57 | 
58 | JavaScript
59 | ----------
60 | * jQuery
61 | * Backbone
62 | * Angular
63 | 
64 | Other
65 | -----
66 | * Feedback
67 | * Support
68 | * olark
69 | * Google Apps
70 | 
71 | 


--------------------------------------------------------------------------------
/vagrant.md:
--------------------------------------------------------------------------------
 1 | # Vagrant
 2 | 
 3 | Testing your cloud infrastructure and deployment scripts before you actually provision servers and deploy code is a good idea. [Vagrant](https://www.vagrantup.com/) makes this easy.
 4 | 
 5 | In order to use vagrant you will need to have VirtualBox installed. Once you've completed that you'll need to install Vagrant. Note: it is better to run the binary version of Vagrant. If you have a gem version, uninstall it, then []download it](http://www.vagrantup.com/downloads):
 6 | 
 7 | You can download and install a default box or you can start with a good `Vagrantfile` and use that to fetch the box you want. In your Rails root create a file called `Vagrantfile`:
 8 | 
 9 | 
10 |     # -*- mode: ruby -*-
11 |     # vi: set ft=ruby :
12 | 
13 |     Vagrant.configure("2") do |config|
14 |       # By default, I am using ubuntu because I prefer it
15 |       # Lots of people use centos instead
16 |       config.vm.box = "ubuntu"
17 | 
18 |       # Specifying the url means that if the box is not installed
19 |       # Vagrant knows where to get it. Here I am using a 64-bit
20 |       # version of 14.04 LTS (long-term support)
21 |       config.vm.box_url = "http://cloud-images.ubuntu.com/vagrant/trusty/current/trusty-server-cloudimg-amd64-vagrant-disk1.box"
22 |       
23 |       # Some basic config for later
24 |       config.vm.network "forwarded_port", guest: 80, host: 8080
25 |       config.vm.provider :virtualbox do |vb|
26 |         vb.customize ["modifyvm", :id, "--memory", 2048]
27 |       end
28 |     end
29 | 
30 | Now, you could have created this with `vagrant init` and that would give you a much better template with all of the options and documentation. Once you've got Vagrant and a Vagrantfile, you are going to need to start the box (this can take a while):
31 | 
32 |     vagrant up
33 | 
34 | Great, you should now have a running vagrant box. You can run `vagrant ssh` to test it. If you want to shut that box down:
35 | 
36 |     vagrant halt
37 | 
38 | ## Bootstrapping and Provisioning
39 | 
40 | This box is pretty boring at the moment. 
41 | 
42 | Now we need to prepare the box (which will setup chef and ruby)
43 | 
44 | 


--------------------------------------------------------------------------------
/Elixir Deployment.md:
--------------------------------------------------------------------------------
 1 | # Elixir Deployment
 2 | 
 3 | 
 4 | 
 5 | ## Resources
 6 | 
 7 | * [Phoenix Framework - Deployment](http://www.phoenixframework.org/v0.6.2/docs/deployment)
 8 | 
 9 | * [Phoenix Framework - Advanced Deployment](http://www.phoenixframework.org/docs/advanced-deployment)
10 | 
11 | * [Distillery](https://github.com/bitwalker/distillery)
12 | 
13 | * [Background jobs and deployment (thread)](https://elixirforum.com/t/background-jobs-and-deployment/2598)
14 | 
15 | * [How to Set up a Distributed Elixir Cluster on Amazon EC2](http://engineering.pivotal.io/post/how-to-set-up-an-elixir-cluster-on-amazon-ec2/) - One of the best
16 | 
17 | * [Cluster of dokku nodes running Elixir/Phoenix - Stackoverflow](http://stackoverflow.com/questions/40939179/cluster-of-dokku-nodes-running-elixir-phoenix) - Don't use dokku for multinode
18 | 
19 | * [Deploying a Phoenix application to Dokku](https://ashleyconnor.co.uk/2016/03/06/deploying-a-phoenix-application-to-dokku.html)
20 | 
21 | * [Deploying Phoenix on Dokku](https://gist.github.com/henrik/c70e32544e09c1a79841)
22 | 
23 | * [Complete Guide to Deploying Phoenix Applications using Dokku 0.4.0+](https://blog.praveenperera.com/deploying-phoenix-applications-using-dokku/)
24 | 
25 | * [Running Elixir and Phoenix projects on a cluster of nodes](https://dockyard.com/blog/2016/01/28/running-elixir-and-phoenix-projects-on-a-cluster-of-nodes)
26 | 
27 | * [Phoenix Channels vs Rails Action Cable](https://dockyard.com/blog/2016/08/09/phoenix-channels-vs-rails-action-cable)
28 | 
29 | * [Make Phoenix Even Faster with a GenServer-backed Key Value Store](https://robots.thoughtbot.com/make-phoenix-even-faster-with-a-genserver-backed-key-value-store)
30 | 
31 | 
32 | 
33 | 
34 | 
35 | https://substance.brpx.com/clustering-elixir-nodes-on-kubernetes-e85d0c26b0cf#.titne8cl4
36 | 
37 | http://learnyousomeerlang.com/distribunomicon
38 | 
39 | 
40 | https://github.com/miros/exreleasy
41 | 
42 | 
43 | https://medium.com/mint-digital/elixir-deployments-on-aws-ee787aa02a9d#.8pzo1no42
44 | 
45 | 
46 | 
47 | https://hexdocs.pm/distillery/phoenix-walkthrough.html#content
48 | https://medium.com/mint-digital/elixir-deployments-on-aws-ee787aa02a9d#.nqilrmvis
49 | 
50 | 
51 | 
52 | http://erlang.org/doc/efficiency_guide/users_guide.html
53 | 
54 | http://shop.oreilly.com/product/0636920024149.do
55 | 


--------------------------------------------------------------------------------
/unformatted/swift.md:
--------------------------------------------------------------------------------
 1 | http://www.objc.io/books/
 2 | http://nshipster.com
 3 | http://robots.thoughtbot.com/efficient-json-in-swift-with-functional-concepts-and-generics
 4 | 
 5 | 
 6 | 
 7 | 
 8 | 
 9 | 
10 | 
11 | 
12 | Swift:
13 | 
14 | http://matthewpalmer.net/blog/2014/06/21/example-ios-keychain-swift-save-query/
15 | 
16 | http://cdn1.raywenderlich.com/wp-content/uploads/2014/06/RW-Swift-Cheatsheet-0_5.pdf
17 | 
18 | http://stackoverflow.com/questions/24113313/adding-item-to-keychain-using-swift
19 | http://rshelby.com/2014/08/using-swift-to-save-and-query-ios-keychain-in-xcode-beta-4/
20 | https://github.com/jverdi/UICKeyChainStore/blob/master/Lib/UICKeyChainStore.m
21 | 
22 | https://medium.com/@aommiez/afnetwork-integrate-swfit-80514b545b40
23 | 
24 | ```
25 |     func signup() {
26 |         // POST signup
27 |         let manager = AFHTTPRequestOperationManager()
28 |         manager.requestSerializer.setValue(self.application, forHTTPHeaderField: "X-Application-Id")
29 |         var parameters = [
30 |             "signup": [
31 |                 "full_name": "Test User",
32 |                 "email": "test2@example.com",
33 |                 "password": "password",
34 |                 "password_confirmation": "password_confirmation",
35 |                 "birthdate": NSDate(),
36 |                 "weight_in_pounds": 150
37 |             ]
38 |         ]
39 |         var success = { (operation: AFHTTPRequestOperation!, responseObject: AnyObject!) -> Void in
40 |             println("JSON: " + responseObject.description)
41 |             let responseDict = responseObject as Dictionary<String, AnyObject>
42 |             let token : String? = (responseDict["token"] as AnyObject?) as? String
43 |             let refreshToken : String? = (responseDict["refresh_token"] as AnyObject?) as? String
44 |             let derp : String? = (responseDict["derp"] as AnyObject?) as? String
45 | 
46 |             println("Token: \(token)")
47 |             println("Refresh Token: \(refreshToken)")
48 |             println("Derp: \(derp)")
49 |         }
50 |         var failure = { (operation: AFHTTPRequestOperation!,error: NSError!) -> Void in
51 |             println("Error: " + error.localizedDescription)
52 |         }
53 |         manager.POST("\(self.url())/signup", parameters: parameters, success: success, failure: failure)
54 |     }
55 | ```


--------------------------------------------------------------------------------
/mobile_app_and_rails_communications.md:
--------------------------------------------------------------------------------
 1 | # Mobile app and Rails Communications
 2 | 
 3 | If there is only one client (not multiple users of an API) then all you need is the ability to sign messages. If there is more than one user of the API you will need to maintain all of the signing secrets and an app id to look them up. 
 4 | 
 5 | These values are stored directly in the code of the iOS application, For example, connecting to the parse API looks like this:
 6 | 
 7 | 
 8 |     [Parse setApplicationId:@"Mp39HeDYI8b2rMp39HeDYI8b2Mp39HeDYI8b2"
 9 |                   clientKey:@"y27vlU54XO4DTTlRf7ARetbyC8AYaSA4KD8CXQEQ"];
10 |               
11 | 
12 | This is placed in the `AppDelegate` method `didFinishLaunchingWithOptions`.
13 | 
14 | The basic flow is:
15 | 
16 | * Login/Signup request is made
17 |   * The request is signed, and the signature is verified
18 |   * Login credentials are checked
19 |   * A user token is created and returned
20 |   * User token is stored in Keychain (not in NSUserDefaults)
21 | 
22 | Logged in users can communicate in two ways:  
23 | 
24 | * Subsequent logged in requests are made
25 |   * The requests are signed, but in the payload the user token is added
26 |   * The requests are signed using the user token and the user id or email is passed. This allows a user lookup followed by a secure compare.
27 | 
28 | 
29 | 
30 | 
31 | # On the Rails side
32 | 
33 | You need a controller that acts as your primary interface point:
34 | 
35 |     # Note that this is not descended from ApplicationController
36 |     class ApiController < ActionController::Base
37 |     end
38 |     
39 | You'll need to setup a secret
40 | 
41 | * secret   
42 |     
43 | Things you need:
44 | 
45 | * Signatures
46 | * Verify Signed Requests
47 | * Verify Tokens
48 | * User id token?
49 | * token_user
50 | * device_token
51 | * current_device
52 | * current_user
53 | * user_required
54 | * token_user_required
55 | 
56 | 
57 | # On the iOS Side
58 | 
59 | ConnectionManager
60 | 
61 | * Makes request
62 | * Calls delegates
63 | * Indicates network traffic via delegate
64 | 
65 | RawRequest
66 | 
67 | * Has a NSMutableURLRequest
68 | * Has an NSUrlConnection
69 | * When the request is created the params are decorated with additional info:
70 |   * User agent
71 |   * Device Id (from the MAC address not the UDID)
72 | * When the request is started the request manager is notified
73 | * Handles failing/completing/aborting
74 | 
75 | RequestHandler
76 | 
77 | * Has the ability to append user based token if there is one
78 | 
79 | 
80 | 
81 | APIConnectionManager
82 | APIRequest
83 | APIHandler
84 | APISession
85 | APIError
86 | 
87 | 
88 | # RESOURCES
89 | 
90 | http://keighl.com/post/secure-api-request-from-ios-to-rails/


--------------------------------------------------------------------------------
/unformatted/resque.md:
--------------------------------------------------------------------------------
 1 | # Resque
 2 | 
 3 | To create a job:
 4 | 
 5 |     Resque.enqueue(JobClass, arg)
 6 | 
 7 | ## With Active Job
 8 | 
 9 | > From [https://quickleft.com/blog/getting-started-with-active-job/](https://quickleft.com/blog/getting-started-with-active-job/)
10 | 
11 | In `config/initializers/resque.rb`:
12 | 
13 |     Resque.redis = Redis.new(url: Rails.application.secrets.redis_url)
14 |     # Should this be (https://gist.github.com/defunkt/238999#comment-581899)
15 |     # Resque.after_fork = Proc.new { ActiveRecord::Base.verify_active_connections!  }
16 |     # Resque.after_fork = Proc.new { ActiveRecord::Base.clear_active_connections! }
17 |     Resque.after_fork = Proc.new { ActiveRecord::Base.establish_connection }
18 |     
19 |     # https://github.com/resque/resque/wiki/FAQ#how-do-you-make-a-resque-job-wait-for-an-activerecord-transaction-commit
20 |     require 'ar_after_transaction'
21 |     require 'resque'
22 |     Resque.class_eval do
23 |       class << self
24 |         alias_method :enqueue_without_transaction, :enqueue
25 |         def enqueue(*args)
26 |           ActiveRecord::Base.after_transaction do
27 |             enqueue_without_transaction(*args)
28 |           end
29 |         end
30 |       end
31 |     end
32 | 
33 | Now that you have your initializer you need some secrets; in `config/secrets.yml`:
34 | 
35 |     defaults: &defaults
36 |       redis_url: <%= ENV["REDIS_URL"] || "redis://localhost:6379" %>
37 | 
38 | In `lib/tasks/resque.rake` you need to require the rake tasks:
39 | 
40 |     require 'resque/tasks'
41 |     require 'resque/scheduler/tasks'
42 | 
43 |     namespace :resque do
44 |       task :setup => :environment do
45 |         require 'resque'
46 |         require 'resque-scheduler'
47 |       end
48 |     end
49 | 
50 | In `config/application.rb` you need to require the correct railtie (unless you have already required `rails/all`:
51 | 
52 |    require "active_job/railtie"
53 | 
54 | 
55 | In `config/initializers/active_job.rb`
56 | 
57 |    ActiveJob::Base.queue_adapter = :resque
58 | 
59 | ## On Heroku
60 | 
61 | Heroku [waits 10 seconds after sending SIGTERM to send SIGKILL](https://devcenter.heroku.com/articles/error-codes#r12-exit-timeout), so be sure to use a RESQUE_TERM_TIMEOUT value less than 10.
62 | 
63 | > From [https://devcenter.heroku.com/articles/queuing-ruby-resque](https://devcenter.heroku.com/articles/queuing-ruby-resque)
64 | 
65 | In your `Procfile`:
66 | 
67 |     resque: env TERM_CHILD=1 RESQUE_TERM_TIMEOUT=7 QUEUE=* bundle exec rake resque:work
68 | 
69 | You'll need to add Redis to go for the above config values to work.
70 | 
71 | You'll want to make sure you have a resque worker:
72 | 
73 |     heroku scale web=1 resque=1
74 | 


--------------------------------------------------------------------------------
/checkinstall.md:
--------------------------------------------------------------------------------
 1 | # Provisioning and CheckInstall
 2 | 
 3 | Often in your cookbooks you have recipes that compile packages from source. Doing this for multiple boxes repeatedly can take a long time. For instance, when we cook our box for the first time the process takes a while (maybe 10-20 minutes). 
 4 | 
 5 | The `ruby-build` and `node` compilation steps take the longest. This is why tools like Packer exist, so that you can build a base box without needing to recompile everything. If you have a couple of dependencies (ruby, nginx, node) that don't change frequently (or that you have locked to a specific version) you can actually create a package from the source package using [CheckInstall](http://asic-linux.com.mx/~izto/checkinstall/). 
 6 | 
 7 | > After you ./configure; make your program, CheckInstall will run make install (or whatever you tell it to run) and keep track of every file modified by this installation, using the excelent installwatch utility written by Pancrazio 'Ezio' de Mauro (p@demauro.net). 
 8 | 
 9 | > When make install is done, CheckInstall will create a Slackware, RPM or Debian compatible package and install it with Slackware's installpkg, "rpm -i" or Debian's "dpkg -i" as appropriate, so you can view it's contents with pkgtool ("rpm -ql" for RPM users or "dpkg -l" for Debian) or remove it with removepkg ("rpm -e"|"dpkg -r"). Aditionally, this script will leave you a copy of the installed package in the source directory so you can install it wherever you want, which is my second motivation: I don't have to compile the same software again and again every time I need to install it on another box :-). 
10 | 
11 | These can be used in a recipe as follows:
12 | 
13 |     libjpeg = "jpegsrc.v8b.tar.gz"
14 |     libtiff = "tiff-4.0.1.tar.gz"
15 | 
16 |     dpkg_package "jpeg" do
17 |       case node[:platform]
18 |       when "debian","ubuntu"
19 |         package_name "jpeg"
20 |         source "/var/chef-solo/cookbooks/packages/jpeg_8b-1_amd64.deb"
21 |       end
22 |       action :install
23 |       only_if do
24 |         File.exists?("/var/chef-solo/cookbooks/packages/jpeg_8b-1_amd64.deb")
25 |       end
26 |     end
27 | 
28 |     dpkg_package "tiff" do
29 |       case node[:platform]
30 |       when "debian","ubuntu"
31 |         package_name "tiff"
32 |         source "/var/chef-solo/cookbooks/packages/tiff_4.0.1-1_amd64.deb"
33 |       end
34 |       action :install
35 |       only_if do
36 |         File.exists?("/var/chef-solo/cookbooks/packages/tiff_4.0.1-1_amd64.deb")
37 |       end
38 |     end
39 | 
40 | Generally you should not store the large `.deb` packages in your mainline repository. Instead create a new repository and keep them there. You can then download the files using `wget` or `curl` as part of your recipe.


--------------------------------------------------------------------------------
/unformatted/security_and_oauth_links.md:
--------------------------------------------------------------------------------
 1 | Resource Owner Password Credentials
 2 | 
 3 | 
 4 | # Security and OAuth Links
 5 | 
 6 | * http://tools.ietf.org/html/rfc6749
 7 | * http://oauth.net/2/
 8 | * Oauth2 Flow: https://aaronparecki.com/articles/2012/07/29/1/oauth2-simplified#mobile-apps
 9 | * Obfuscation: http://stackoverflow.com/questions/4028883/storing-oauth-keys-in-code-for-iphone-apps
10 | * Obfuscation: https://sites.google.com/site/greateindiaclub/mobil-apps/ios/securelystoringoauthkeysiniosapplication
11 | * http://stackoverflow.com/questions/1934187/oauth-secrets-in-mobile-apps?rq=1
12 | 
13 | * http://railscasts.com/episodes/352-securing-an-api?view=asciicast
14 | 
15 | 
16 | This outlines the oauth2 spec pretty well https://aaronparecki.com/articles/2012/07/29/1/oauth2-simplified#mobile-apps
17 | 
18 | In all cases you do not need store a secret on the mobile device
19 | 
20 | For your own API you do not sign params, but the only non-authed request is an authorize request
21 | 
22 | anyone abusing the request (i.e., for non authorization purposes or crazy authorization purposes) can be blacklisted
23 | 
24 | once authorized all API communication is done on a per user basis
25 | 
26 | which can safely be revoked if misused
27 | 
28 | this does not explicitly prevent a user from Mitm attacks (or running a Mitm attack against themselves to inject things), but ideally serverside validation protects against that - instead certificate pinning prevents mitm
29 | 
30 | including rate-limiting actions and protecting against invalid requests
31 | 
32 | if you wanted to sign requests, you could use the user specific secret and access token to sign the requests on a per user basis, but given that those are stored in the keychain they are available
33 | 
34 | any effort to store a signing secret in the app binary is considered a lost cause though it does provide some level of defense in depth. Secure storage of signing secrets is limited to obfuscation approaches which are not cryptographically safe... but are daunting from a complexity standpoint
35 | 
36 | # Your app API
37 | 
38 | * Uses Oauth2 for access requiring "Resource Owner Password Credentials"
39 |   - [http://tools.ietf.org/html/rfc6749#section-1.3.3](http://tools.ietf.org/html/rfc6749#section-1.3.3)
40 |   
41 | * Use certificate pinning to prevent man in the middle attacks
42 |     - Use self signed certs for long lived certs
43 |     - Use public key pinning for certs that expire
44 |     
45 | * Store resulting access tokens in the Keychain
46 | 
47 | 
48 | 
49 | * https://developers.facebook.com/docs/facebook-login/security/
50 |     * Never include your App Secret in client-side or decompilable code.
51 |     * Sign all server-to-server Graph API calls with your App Secret.
52 |     * Use unique short-term tokens on clients.
53 |     * Don't trust that access tokens in use by your app were actually generated by your app.
54 |     * Use our official SDKs where possible.
55 |     * Reduce your app's attack surface area by locking down your Facebook app settings.
56 | * https://developers.facebook.com/docs/facebook-login/security/#tokenhijacking
57 | * https://developers.facebook.com/docs/facebook-login/access-tokens/#debug
58 | 


--------------------------------------------------------------------------------
/unformatted.md:
--------------------------------------------------------------------------------
 1 | # These are unformatted notes
 2 | 
 3 | ## Settings
 4 | 
 5 | * Make an `application.yml` and `database.yml`. 
 6 | * Make examples of the application and database settings by removing the important stuff and adding `.example` to the ends.
 7 | 
 8 | ## Initializers
 9 | 
10 | Bunch of initializers:
11 | 
12 | * `after_transaction.rb` Not sure why this is not part of rails but it should be. Bundling things to happen after transactions is important for things like Sidekiq.
13 | * `aws.rb` This was suggested by paperclip. This require really shouldn't be necessary.
14 | * `bitly.rb` If you are working with bitly you need to initialize the api
15 | * `cents_to_dollars.rb` Good little plugin to convert cents to dollars. Even when you have this you should always work with the *_in_cents fields as those are canonical (and numeric as opposed to formatted strings).
16 | * `omniauth.rb` All of your setup for omniauth goes here.
17 | * `paperclip.rb` Eventually this will be split into uploadkit. This is a set of defaults for naming and direct uploading to s3 (works with non-direct upload also).
18 | * `sidekiq.rb` Setup for background jobs.
19 | * `simple_admin.rb` Setup for admin work.
20 | 
21 | ## Lib files
22 | 
23 | Some crazy lib files (these could be gems, but then gem loading would be EVEN SLOWER):
24 | 
25 | * `auth_constraint.rb` Really useful lib for auth filtering in routes. Primarily used by sidekiq and simple admin.
26 | * `countries.rb` Just a central location of country names and continents. Hashed together. This is maybe out of date and maybe needs some useful i18n stuff.
27 | * `downcase_routes.rb` this is really controversial... it makes it easier on some servers to always use lowercased routes. When you have tokens this can mess everything up. Not currently using it.
28 | * `email_format_validator.rb` This is great if you want to test that emails are formatted like emails. It is not bulletproof...
29 | * `force_ssl.rb` there are plugins for this, but this is a little more lightweight. You shouldn't need it if you are handling the redirect in nginx. Unless you are parodying... then you might, but then it isn't necessary! So please do investigate. 
30 | * `full_name_splitter.rb` I hate the idea of this one... just ask given name and family name. Or first and last. But this attempts to split with a little bit of smarts.
31 | * `google_client.rb` This is a wrapper for the google client api. It handles key expiration.
32 | 
33 | 
34 | ## Heroku SSL
35 | 
36 | References:
37 | 
38 | * https://devcenter.heroku.com/articles/ssl-endpoint#upload-certificates
39 | * https://gist.github.com/RandomEtc/1222498
40 | * http://lsayers.blogspot.com/2012/08/setting-up-ssl-on-heroku.html
41 | 
42 | ## Local Resolvers
43 | 
44 | http://www.echoditto.com/blog/never-touch-your-local-etchosts-file-os-x-again
45 | 
46 | ernie
47 | in the server block:
48 | server_name  ~^.*?(?<domain>[^\.]+).dev$;
49 | root         /Users/ernie/Projects/$domain/public;
50 | you may want to use something other than "ernie" in that path. But you know, maybe not. :D
51 | anyway, install dnsmasq and set up localhost to be your resolver for .dev
52 | 
53 | Also, use Foreman
54 | 
55 | ## Checkout deploying using recap?
56 | 
57 | http://blog.codeclimate.com/blog/2013/10/02/high-speed-rails-deploys-with-git/
58 | 
59 | 
60 | https://developers.google.com/speed/pagespeed/module


--------------------------------------------------------------------------------
/advanced_bootstrapping.md:
--------------------------------------------------------------------------------
 1 | # Advanced Bootstrapping
 2 | 
 3 | When using chef and chef-solo to provision your server you need a couple of tools on the server: primarily ruby and chef. With these installed you can use chef recipes to install everything else. 
 4 | 
 5 | The knife solo command allows you to "prepare" a server:
 6 | 
 7 |     knife solo prepare vagrant@dev.sample.com -p 2222 -VV --identity-file ~/.vagrant.d/insecure_private_key
 8 | 
 9 | This will install a version of ruby and chef and output node information. In the [Provisioning](provisioning.md) how-to we pre-defined the node information and don't use the output anyway. 
10 | 
11 | Knife-solo allows you to define your own bootstrap template. To do this, create a new file in your `chef` folder called `bootstrap/ubuntu-12.04-lts.erb`
12 | 
13 |     bash -c '
14 |     <%= "export http_proxy=\"#{knife_config[:bootstrap_proxy]}\"" if knife_config[:bootstrap_proxy] -%>
15 | 
16 |     # THIS SCRIPT MUST BE RUN AS ROOT
17 | 
18 |     # Install chef (and ruby)
19 |     curl -O -L http://www.opscode.com/chef/install.sh
20 |     sh install.sh
21 | 
22 |     BOOTSTRAP_USER=<%= knife_config[:bootstrap_user] || ENV['BOOTSTRAP_USER'] %>
23 |     BOOTSTRAP_GROUP=<%= knife_config[:bootstrap_group] || ENV['BOOTSTRAP_GROUP'] || '$BOOTSTRAP_USER' %>
24 |     BOOTSTRAP_KEY=<%= knife_config[:bootstrap_key] || ENV['BOOTSTRAP_KEY'] || `cat ~/.ssh/id_rsa.pub`.chomp %>
25 | 
26 |     # Add admin group
27 |     (cat /etc/group | grep -E '\b$BOOTSTRAP_GROUP\b') || sudo groupadd $BOOTSTRAP_GROUP
28 | 
29 |     # Add admin user
30 |     (cat /etc/passwd | grep -E "\b$BOOTSTRAP_USER\b:x") || useradd -m -s /bin/bash $BOOTSTRAP_USER -g $BOOTSTRAP_GROUP
31 | 
32 |     # sudoless access for admin user
33 |     (cat /etc/sudoers | grep -E "^$BOOTSTRAP_USER\b.*NOPASSWD") || echo "$BOOTSTRAP_USER ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
34 | 
35 |     # Configure SSH
36 |     SSH_DIR=/home/$BOOTSTRAP_USER/.ssh
37 |     mkdir -p -m 700 $SSH_DIR
38 |     echo $SSH_KEY > $SSH_DIR/authorized_keys
39 |     chmod 600 $SSH_DIR/authorized_keys
40 |     chown -R $BOOTSTRAP_USER:$BOOTSTRAP_GROUP $SSH_DIR
41 | 
42 |     # Disable password access
43 |     sed -E -i "s/.*PasswordAuthentication.*/PasswordAuthentication no/" /etc/ssh/sshd_config
44 |     sed -E -i "s/.*ChallengeResponseAuthentication.*/ChallengeResponseAuthentication no/" /etc/ssh/sshd_config
45 |     restart ssh
46 | 
47 |     apt-get update
48 | 
49 |     # Specifying noninteractive mode gets past the grub-rc error on vagrant
50 |     DEBIAN_FRONTEND=noninteractive apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" dist-upgrade
51 |     DEBIAN_FRONTEND=noninteractive apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" upgrade --force-yes
52 | 
53 |     # Set firewall rules
54 |     ufw default deny
55 |     ufw allow ssh
56 |     ufw allow 80/tcp
57 |     ufw allow 443/tcp
58 |     echo y | ufw enable
59 | 
60 |     reboot now
61 |     '
62 | 
63 | You will also need to add an additional configuration item in your `.chef/knife.rb`:
64 | 
65 |     knife[:bootstrap_user] = "sample"
66 |     
67 | This user and group will be added by default and your public key will be added to the SSH authorized keys. You can override the group by specifying the `bootstrap_group` and you can override the key by specifying the `bootstrap_key`. 
68 | 
69 | 
70 |     knife solo prepare vagrant@dev.sample.com -p 2222 -VV --identity-file ~/.vagrant.d/insecure_private_key --template-file bootstrap/ubuntu-12.04-lts.erb
71 |     
72 |     
73 |     
74 |     
75 |     #!/bin/bash
76 | vagrant up
77 | knife bootstrap --template-file bootstrap/ubuntu-14.04-lts.erb -u vagrant dev.siren.com -p 2222 --identity-file ~/.vagrant.d/insecure_private_key
78 | echo '{"run_list":[]}' > nodes/dev.siren.com.json
79 | knife solo cook vagrant@dev.siren.com -p 2222 --identity-file ~/.vagrant.d/insecure_private_key
80 | 


--------------------------------------------------------------------------------
/unformatted/shopify-theme-development.md:
--------------------------------------------------------------------------------
  1 | # Shopify Theme Development 
  2 | 
  3 | Work on Shopify themes from a local copy with version control (and with panic modes if multiple developers are working).
  4 | 
  5 | ## Setup
  6 | 
  7 | Create a folder:
  8 | 
  9 | 
 10 |     mkdir ~/Projects/myshopname
 11 |     cd ~/Projects/myshopname
 12 |     
 13 | Then make that into a `.git` project:
 14 | 
 15 |     git init
 16 | 
 17 | Next you need a Gemfile so that you can use the custom `shopify_theme` gem (not the public one):
 18 | 
 19 | 
 20 |     source 'https://rubygems.org'
 21 | 
 22 |     gem 'shopify_theme', git: "git://github.com/jeffrafter/shopify_theme.git"
 23 | 
 24 | Now install:
 25 | 
 26 |     bundle install
 27 |     
 28 | Add a `.gitignore`:
 29 | 
 30 |     config.yml
 31 |     sync.json
 32 |     manifest.json
 33 | 
 34 | 
 35 | Great, you are ready to go. Next you need to make a `config.yml` for your configuration
 36 | 
 37 |     defaults: &defaults
 38 |       :api_key: YOUR_PRIVATE_APP_KEY
 39 |       :password: YOUR_PRIVATE_APP_PASSWORD
 40 |       :store: YOUR_SHOP_NAME.myshopify.com
 41 |       :whitelist_files:
 42 |       - assets/
 43 |       - config/
 44 |       - layouts/
 45 |       - snippets/
 46 |       - templates/
 47 |       :ignore_files:
 48 |       - .git
 49 |       - Gemfile
 50 |       - Gemfile.lock
 51 |       - README.md
 52 |       - sync.json
 53 |       - manifest.json
 54 |       - config.yml.example
 55 | 
 56 |     master:
 57 |       <<: *defaults
 58 |       :theme_id: YOUR_THEME_ID
 59 | 
 60 | 
 61 | In order for the theme tool to work you need a private app. Go to your Shopify Admin and:
 62 | 
 63 | * Click on the `Apps` tab on the left
 64 | * Click the `Private Apps` button on the upper right
 65 | * Click `Create a Private App`
 66 | * Give it a title like "Theme"
 67 | * Once you save it you should see your `API Key` and `Password`, put those into your config
 68 | 
 69 | To get your theme id, click on `Online Store` on the left nav, then `Themes`. If you click `Customize Theme` the theme will open up and the `id` will be the number in the URL. Stick that in your config. 
 70 | 
 71 | Once you are all set, you should commit:
 72 | 
 73 |     git add .
 74 |     git commit -a -m "Initial setup of my theme"
 75 |     
 76 | ## Importing    
 77 |     
 78 | Then you can grab the latest:
 79 | 
 80 |     bundle exec theme import
 81 |     
 82 | It will download every file locally and create a manifest.
 83 | 
 84 | ## Making changes
 85 | 
 86 | Make a change on shopify and see it from the console (this checks for remote changes):
 87 | 
 88 |     bundle exec theme changes
 89 | 
 90 | Get that change locally without re-downloading everything:
 91 | 
 92 |     bundle exec theme import
 93 | 
 94 | Ready to push your local changes up to the remote? Do an export with `dry-run`:
 95 | 
 96 |     bundle exec theme export --dry-run
 97 | 
 98 | Really ready?
 99 | 
100 |     bundle exec theme export
101 | 
102 | Are you trying to export but someone made remote changes? Running export would overwrite the changes and we won't let you do that! Stash your local changes, then use `import`. Then re-apply your stash and you can see the diff.
103 | 
104 | Want to do it live?
105 | 
106 |     bundle exec theme watch
107 | 
108 | This will remove any remote files you delete locally (unless you add `--keep-files`) and will upload new files and changed files. If there are remote changes the `watch` command will catch the conflict and not overwrite.
109 | 
110 | If you need to force overwrite everything you can use the `download` command or clear out your local and `import` again.
111 | 
112 |     bundle exec theme watch
113 |     
114 | Now as you make changes (add files, remove files, change files) the changes will be synced to your theme up on Shopify (usually in less than a second).
115 | 
116 | If someone makes a remote change or conflicts the system will stop and let you figure out what the problem is.
117 |     


--------------------------------------------------------------------------------
/unformatted/social_sharing.md:
--------------------------------------------------------------------------------
 1 | # Social Sharing
 2 | 
 3 | Sharing on social platforms is changing constantly. But for the moment you can customize links to share on social fairly easily. In most cases it makes sense to do so without embedding the social specific JavaScript.
 4 | 
 5 | 
 6 | ## Open Graph tags
 7 | 
 8 | Open graph tags are used by both Pinterest and Facebook:
 9 | 
10 | 
11 |     <meta property="og:type" content="website">
12 |     <meta property="og:title" content="A good title">
13 |     <meta property="og:image" content="http://exmaple.com/sample.jpg">
14 |     <meta property="og:image:width" content="1200">
15 |     <meta property="og:image:height" content="630">
16 |     <meta property="og:description" content="A long desc which is html escaped">
17 |     <meta property="og:url" content="http://example.com">
18 |     <meta property="og:site_name" content="A Friendly name for your site">
19 | 
20 | For facebook to pre-render your image in the popup, you must include the `og:image:width` and `og:image:height` tags. Ideally your shared images will be 1200 x 630;
21 | 
22 | More info Open Graph meta tags:
23 | 
24 | - [https://developers.facebook.com/docs/opengraph/using-objects/](https://developers.facebook.com/docs/opengraph/using-objects/)
25 | - [https://developers.pinterest.com/rich_pins/](https://developers.pinterest.com/rich_pins/)
26 | 
27 | Use the Facebook Open Graph Debugger for validation (and cache clearing):
28 | 
29 | - [https://developers.facebook.com/tools/debug](https://developers.facebook.com/tools/debug)
30 | 
31 | Validate your Pinterest rich pins:
32 | 
33 | - [https://developers.pinterest.com/rich_pins/validator/](https://developers.pinterest.com/rich_pins/validator/)
34 | 
35 | ## Twitter cards
36 | 
37 | Twitter has its own card style:
38 | 
39 |     <meta name="twitter:card" content="summary_large_image">
40 |     <meta name="twitter:site" content="@yourtwitter">
41 |     <meta name="twitter:creator" content="@yourtwitter">
42 |     <meta name="twitter:title" content="Your Title>
43 |     <meta name="twitter:description" content="Your description, html escaped">
44 |     <meta name="twitter:image" content="http://example.com/sample.jpg">
45 | 
46 | More info about twitter cards:
47 | 
48 | - [https://dev.twitter.com/cards/types/summary-large-image](https://dev.twitter.com/cards/types/summary-large-image)
49 | 
50 | 
51 | ## Linking to share
52 | 
53 | When passing the parameters via URL you must URL escape the text (it may contain reserved characters and spaces). The following sample uses liquid to render in the parameters. You can use anything:
54 | 
55 | Pinterest:
56 | 
57 |     <a class="icon-fallback-text" target="_blank" href="//www.pinterest.com/pin/create/button/?url={{ share_url | url_escape_text }}&media={{ share_image | url_escape_text }}&description={{ share_pinterest_text | url_escape_text }}" title="Share on Pinterest" onclick="window.open(this.href,'_blank', 'width=700, height=300'); return false">
58 |       <i class="fa fa-pinterest"></i>
59 |       <span class="fallback-text">Pinterest</span>
60 |     </a>
61 |     
62 | Twitter:
63 |     
64 |     <a class="icon-fallback-text" target="_blank" href="https://twitter.com/intent/tweet?text={{ share_twitter_text | url_escape_text }}&url={{ share_url | url_escape_text }}&via=snowehome" title="Share on Twitter" onclick="window.open(this.href,'_blank', 'width=585, height=261'); return false">
65 |       <i class="fa fa-twitter"></i>
66 |       <span class="fallback-text">Twitter</span>
67 |     </a>
68 |     
69 | Facebook:
70 |     
71 |     <a class="icon-fallback-text" target="_blank" href="http://www.facebook.com/share.php?u={{ share_url | url_escape_text }}&t={{ share_facebook_text | url_escape_text }}&v=4" title="Share on Facebook"  onclick="window.open(this.href,'_blank', 'width=585, height=368'); return false">
72 |       <i class="fa fa-facebook"></i>
73 |       <span class="fallback-text">Facebook</span>
74 |     </a>
75 | 
76 | This example also uses social icons which are leveraging font-awesome. You don't have to do that.
77 | 
78 |     {{ '//maxcdn.bootstrapcdn.com/font-awesome/4.3.0/css/font-awesome.min.css' | stylesheet_tag }}
79 | 


--------------------------------------------------------------------------------
/creating-an-inverted-mask-layer-osx.md:
--------------------------------------------------------------------------------
 1 | # Creating an inverted mask layer
 2 | 
 3 | * Also known as removing a path from layer.
 4 | 
 5 | There are several ways to accomplish this. In fact here are 5 of them: [http://www.cocoawithlove.com/2010/05/5-ways-to-draw-2d-shape-with-hole-in.html](http://www.cocoawithlove.com/2010/05/5-ways-to-draw-2d-shape-with-hole-in.html). Most solutions boil down to:
 6 | 
 7 | * Create the whole path yourself and wrap around (this is a pain and can bug out if there are multiple regions like a star)
 8 | * Do everything using a CGImageRef (this is just slow)
 9 | * Use cool tricks with "even-odd" rendering (this would work great if there weren't multiple overlapping regions)
10 | * Just use rectangles (obvious limitations)
11 | 
12 | My solution uses a subclass of a CAShapeLayer.
13 | 
14 | When you subclass a CAShapeLayer the most difficult challenge is getting it to display correctly. For a subclass to call `drawInContext` you must set the `bounds`. When you set the `bounds` the position freaks out. When you want to update... you need to update the `bounds` (which means you have to *change* the value).
15 | 
16 | Keeping this in mind, I created a subclass:
17 | 
18 |     @interface CAInvertedMaskLayer: CAShapeLayer
19 |     
20 |     @property (nonatomic, assign) CGPathRef invertedMask;
21 | 
22 |     @end
23 | 
24 |     @implementation CAInvertedMaskLayer
25 | 
26 |     - (void)drawInContext:(CGContextRef)ctx {
27 | 		// Custom drawing code goes here
28 |         NSColor *color = [NSColor redColor];
29 |         
30 |         // Draw the path of this layer first (draws everything)
31 |         CGContextSetFillColorWithColor(ctx, color.CGColor);
32 |         CGContextAddPath(ctx, self.path);
33 |         CGContextFillPath(ctx);
34 | 
35 | 		// Clear out the inverted portion
36 |         if (self.invertedMask) {
37 |             CGContextSetBlendMode(ctx, kCGBlendModeClear);
38 |             CGContextSetFillColorWithColor(ctx, [NSColor clearColor].CGColor);
39 |             CGPathRef path = self.invertedMask;
40 |             CGContextAddPath(ctx, path);
41 |             CGContextFillPath(ctx);
42 |         }
43 |     }
44 | 
45 |     - (BOOL)needsDisplayOnBoundsChange {
46 |         return YES;
47 |     }
48 | 
49 |     @end
50 | 
51 | So far so good. Unfortunately when I added my special drawing code, the inherited `CAShapeLayer` was still performing some actions, because of this you want to make sure you haven't set things like `fillColor` on the layer to the wrong value. Generally you want the layer `fillColor` to be `clearColor` otherwise the blending may be confusing.
52 |     
53 |     self.regionLayer = [[CAInvertedMaskLayer alloc] init];
54 |     self.regionLayer.fillColor = [NSColor clearColor].CGColor;
55 | 
56 | You have to set the position when we override `drawInRect`. Here I am just setting the position based on the bounds of the container (in this case my view).
57 | 
58 | 	// Set the position, because the origin defaults to center, center
59 |     [self.regionLayer setPosition:CGPointMake([self bounds].size.width/2, [self bounds].size.height/2)];
60 | 
61 | At this point you can simply set the `path` and update the `invertedMask` path.
62 | 
63 |     CGPathRef regPath = CGPathCreateWithRect(rect, &CGAffineTransformIdentity);
64 |     self.regionLayer.path = regPath;
65 |     CGPathRelease(regPath);
66 | 
67 |     CGMutablePathRef occlusionPath = CGPathCreateMutable();
68 |     CGAffineTransform transform = CGAffineTransformMakeScale(1, -1);
69 |     transform = CGAffineTransformTranslate(transform, 0, - self.bounds.size.height);
70 |     CGPathAddRect(occlusionPath, &transform, bounds);
71 |     self.regionLayer.invertedMask = occlusionPath;
72 |     CGPathRelease(occlusionPath);
73 | 
74 | Now the tricky part: to make the render happen you need to set the bounds of the layer. Again, my layer is full width so I am just using the bounds of my view. I set it to an empty rectangle and set it back.
75 | 
76 |     self.regionLayer.bounds = CGRectNull;
77 |     self.regionLayer.bounds = self.bounds;
78 | 
79 | # Future directions
80 | 
81 | Instead of using a path for the `invertedMask` you could use a whole `invertedMaskLayer`. Instead of rendering the path in your `drawInRect` code you could render the whole layer as clear. Using this you could end up with much more advanced masks.


--------------------------------------------------------------------------------
/upload-direct-to-s3-with-processing.md:
--------------------------------------------------------------------------------
 1 | # Uploading direct to S3
 2 | 
 3 | If you are trying to build a lightweight image uploader on your server you have a lot of options. Using Paperclip, you can accomplish most things without much trouble. However, if you want to use a very small server plan you can clog up your server waiting on multiple uploads.
 4 | 
 5 | Instead you can directly upload to S3 (which is where you probably want to upload your images anyway) with a little bit of work. The nice thing is that you get free upload scalability, so in many ways it is worth the trouble.
 6 | 
 7 | Here is the rough outline of the steps:
 8 | 
 9 | 1. Config
10 | 1. S3 config
11 | 1. upload_helper.rb
12 | 1. upload.js
13 | 1. using upload.js and waiting for processing
14 | 1. upload_controller.rb
15 | 1. ImageWorker
16 | 1. Specific Image Worker
17 | 1. ImageOptim 
18 | 1. Heroku custom buildpack
19 | 1. Cloudfront config
20 | 
21 | ## Config
22 | 
23 | Allowing arbitrary uploads to your S3 bucket can be dangerous and expensive. Because of this, it is generally a good idea to limit uploads based on specific requests. AWS allows you to create a _signed_ upload url which can expire after a specific amount of time. In order to generate the url you'll need your API key and secret which you'll need to setup in your config (they remain on your server, you don't publish these keys).
24 | 
25 | This assumes you are running your development environment with a `.env` and a tool like foreman.
26 | 
27 | First, create a new API key in Amazon's AWS console for [IAM](https://console.aws.amazon.com/iam/home?region=us-east-1#users). You should not use your personal user credentials for the upload. In the event that either your account or the upload account are compromised you want to be able to reset them without impact. Try to segregate your upload users and keys by server or bucket or domain.
28 | 
29 | Go to [IAM](https://console.aws.amazon.com/iam/home?region=us-east-1#users), click on "Users", then click on "Create New Users"):
30 | 
31 | ![Create a new user](./images/s3-iam-create-new-users.png)
32 | 
33 | Enter the user name (something like `yourdomain-upload` or `yourbucket-upload`) and make sure you have checked the box to generate an access key for each user, then click "Create". You should see the new users created and be given the option to download the credentials which you should do. Click the "close" link.
34 | 
35 | You should be able to find your user in the created list of users. Click the user, then click "Attach Policy". You can find the policy "AmazonS3FullAccess", check the checkbox and click "Attach Policy". The policy is not very restrictive:
36 | 
37 |     {
38 |       "Version": "2012-10-17",
39 |       "Statement": [
40 |         {
41 |           "Effect": "Allow",
42 |           "Action": "s3:*",
43 |           "Resource": "*"
44 |         }
45 |       ]
46 |     }
47 | 
48 | Using a less restrictive (default) policy may be okay, but if you want to lock down the security to a single bucket and specific actions, you can choose to generate an inline policy:
49 | 
50 | ![Create a custom policy](./images/s3-iam-user-policy.png)
51 | 
52 | The actions you'll want to include are:
53 | 
54 |     "s3:GetObject",
55 |     "s3:GetObjectAcl",
56 |     "s3:ListBucket",
57 |     "s3:PutObject",
58 |     "s3:PutObjectAcl"
59 | 
60 | To grant the permissions only for a specific bucket, you need to specify the resource using an `arn`. An S3 bucket arn follows the format `arn:aws:s3:::yourbucket/*`
61 | 
62 |     {
63 |         "Version": "2012-10-17",
64 |         "Statement": [
65 |             {
66 |                 "Effect": "Allow",
67 |                 "Action": [
68 |                     "s3:GetObject",
69 |                     "s3:GetObjectAcl",
70 |                     "s3:ListBucket",
71 |                     "s3:PutObject",
72 |                     "s3:PutObjectAcl"
73 |                 ],
74 |                 "Resource": [
75 |                     "arn:aws:s3:::yourbucket/*"
76 |                 ]
77 |             }
78 |         ]
79 |     }
80 | 
81 | ## S3 config
82 | 
83 | 
84 | ## upload_helper.rb
85 | ## upload.js
86 | ## using upload.js and waiting for processing
87 | ## upload_controller.rb
88 | ## ImageWorker
89 | ## Specific Image Worker
90 | ## ImageOptim 
91 | ## Heroku custom buildpack
92 | ## Cloudfront config


--------------------------------------------------------------------------------
/unformatted/elixir-phoenix-dokku.md:
--------------------------------------------------------------------------------
  1 | # Elixir and Phoenix on Dokku on Digital Ocean
  2 | 
  3 | Create a new Digital Ocean box:
  4 | 
  5 | * Ubuntu 16.04
  6 | * 10$ per month / 1GB / 1 CPU
  7 | * NY3
  8 | * Backups (do not choose IPv6)
  9 | * Add SSH key
 10 | 
 11 | ![](https://rpl.cat/uploads/LMEqcxZ0H2HhEfcdK2ojJKBe77PzGv7hD37FhvxkrH4/public.png)
 12 | 
 13 | Choose a hostname (if you want to send email you should make it match your domain as an FQDN: `yourappname.com`)
 14 | 
 15 | Launch the server. It is fast. Open an SSH session (you'll see the new IP when you launch the server):
 16 | 
 17 |     ssh root@111.222.333.444
 18 |     
 19 | Install the first five minutes security (https://github.com/jeffrafter/server):
 20 | 
 21 |     apt-get install git-core
 22 |     
 23 | Then:
 24 | 
 25 |     cd ${HOME}
 26 |     git clone git://github.com/jeffrafter/server.git server    
 27 |     cd ${HOME}/server
 28 |     cp scripts/env.sh.example scripts/env.sh
 29 |     nano scripts/env.sh
 30 | 
 31 | Run it:
 32 | 
 33 |     scripts/setup.sh
 34 |     
 35 | ### Setting up dokku    
 36 |     
 37 | Open a new SSH session as the `deploy` user:
 38 | 
 39 |     ssh deploy@111.222.333.444
 40 |         
 41 | Next install dokku (http://dokku.viewdocs.io/dokku/getting-started/installation/)
 42 | 
 43 |     wget https://raw.githubusercontent.com/dokku/dokku/v0.7.2/bootstrap.sh
 44 |     sudo DOKKU_TAG=v0.7.2 bash bootstrap.sh
 45 | 
 46 | This takes about 5 minutes. Once complete open a browser pointed at your IP. Change the hostname to match your hostname and create.
 47 | 
 48 | Next run these dokku commands (still SSH as `deploy`):
 49 |     
 50 |     dokku apps:create yourappname
 51 |     sudo dokku plugin:install https://github.com/dokku/dokku-postgres.git
 52 |     dokku postgres:create yourappname-database
 53 |     sudo dokku plugin:install https://github.com/dokku/dokku-redis.git redis
 54 |     dokku redis:create yourappname-redis
 55 |     dokku postgres:link yourappname-database yourappname
 56 |     dokku redis:link yourappname-redis yourappname    
 57 | 
 58 | Grant the `dokku` user ssh permission:
 59 | 
 60 |     sudo usermod -a -G ssh-user dokku
 61 |         
 62 | ## Phoenix setup
 63 | 
 64 | To deploy Phoenix to `dokku` you need three things:
 65 | 
 66 | * Elixir buildpacks
 67 | * A deployable `prod.secret.exs`
 68 | * A new `SECRET_KEY`
 69 | 
 70 | ### Buildpacks
 71 | 
 72 | Create a new file in your repo called `.buildpacks`:
 73 | 
 74 |     https://github.com/HashNuke/heroku-buildpack-elixir.git
 75 |     https://github.com/gjaldon/heroku-buildpack-phoenix-static.git
 76 | 
 77 | Also create `elixir_buildpack.config`:
 78 | 
 79 |     erlang_version=18.2.1
 80 |     elixir_version=1.3.1
 81 |     config_vars_to_export=(DATABASE_URL SECRET_KEY_BASE)
 82 | 
 83 | And `phoenix_static_buildpack.config`:
 84 | 
 85 |     node_version=5.3.0
 86 |     npm_version=2.10.1
 87 |     
 88 | > **Note**: you do not need the phoenix static buildpack if you do not have assets (i.e., this is a REST API or you compiled your assets elsewhere).    
 89 |     
 90 | ### Safe `prod.exs`    
 91 | 
 92 | ```elixir
 93 | config :textmewhen, Textmewhen.Endpoint,
 94 |   http: [port: {:system, "PORT"}],
 95 |   url: [host: "example.com", port: 80],
 96 |   cache_static_manifest: "priv/static/manifest.json",
 97 |   secret_key_base: System.get_env("SECRET_KEY_BASE")
 98 | 
 99 | # Do not print debug messages in production
100 | config :logger, level: :info
101 | 
102 | # Configure your database
103 | config :textmewhen, Textmewhen.Repo,
104 |   adapter: Ecto.Adapters.Postgres,
105 |   url: System.get_env("DATABASE_URL"),
106 |   pool_size: String.to_integer(System.get_env("POOL_SIZE") || "20"),
107 |   ssl: true
108 | ```
109 | 
110 | Delete the line: `import_config "prod.secret.exs"`
111 | 
112 | Remove the old file
113 | 
114 |     rm config/prod.secret.exs
115 | 
116 | Procfile:
117 | 
118 |     web: mix phoenix.server
119 | 
120 | From your app:  
121 |   
122 |     dokku config:set SECRET_KEY_BASE="`mix phoenix.gen.secret`"
123 |     dokku config:set MIX_ENV=prod
124 |     dokku config:set PORT=5000
125 |     dokku domains:add yourappname.com
126 |     
127 | 
128 | ## SSL 
129 | 
130 | Via ssh:
131 | 
132 |     sudo dokku plugin:install https://github.com/dokku/dokku-letsencrypt.git
133 | 
134 | From your app:
135 | 
136 | ```
137 | dokku domains
138 | dokku domains:add yourserver.com
139 | dokku domains:add api.yourserver.com
140 | dokku domains:add click.yourserver.com
141 | dokku letsencrypt:cron-job --add
142 | dokku config:set --no-restart DOKKU_LETSENCRYPT_EMAIL=your@email.tld
143 | dokku letsencrypt
144 | ```
145 | 
146 | 
147 | 
148 | ...
149 | 
150 | # Resources
151 | 
152 | https://github.com/phoenixframework/phoenix_guides/blob/master/deployment/E_heroku.md
153 | http://www.cspags.com/deploying-elixir-phoenix-to-heroku/
154 | http://philippkueng.ch/deploy-a-phoenix-application-on-heroku.html
155 | 


--------------------------------------------------------------------------------
/scripts/sshd_config:
--------------------------------------------------------------------------------
  1 | $ROOT_PASSWORD=
  2 | $DEPLOY_PASSWORD=
  3 | $ROOT_EMAIL="forward@example.com"
  4 | $OPS_EMAIL="forward@example.com"
  5 | $VIRTUAL_EMAIL="jeffrafter@gmail.com"
  6 | $DOMAIN="example.com"
  7 | $WILDCARD_DOMAIN="*.example.com"
  8 | 
  9 | setup_root_user() {
 10 |   passwd
 11 | }
 12 | 
 13 | setup_deploy_user() {
 14 |   useradd -D -s /bin/bash
 15 |   useradd deploy --shell /bin/bash
 16 |   mkdir /home/deploy
 17 |   mkdir /home/deploy/.ssh
 18 |   chmod 700 /home/deploy/.ssh
 19 |   cp /home/root/.ssh/authorized_keys /home/deploy/.ssh/authorized_keys
 20 | 
 21 |   passwd deploy
 22 | 
 23 |   usermod -a -G sudo deploy
 24 |   usermod -a -G ssh-user deploy
 25 | }
 26 | 
 27 | setup_automatic_updates() {
 28 |   apt-get -y update
 29 |   apt-get -y upgrade
 30 |   apt-get -y install unattended-upgrades
 31 | 
 32 |   echo "APT::Periodic::Update-Package-Lists "1";\nAPT::Periodic::Download-Upgradeable-Packages "1";\nAPT::Periodic::AutocleanInterval "7";\nAPT::Periodic::Unattended-Upgrade "1";" > /etc/apt/apt.conf.d/10periodic
 33 | }
 34 | 
 35 | setup_ssh() {
 36 |   groupadd ssh-user
 37 | }
 38 | 
 39 | setup_mail_aliases() {
 40 |   echo "root: $ROOT_EMAIL" >> /etc/aliases
 41 |   echo "ops: $OPS_EMAIL" >> /etc/aliases
 42 | 
 43 |   newaliases
 44 | }
 45 | 
 46 | setup_mail_opendkim() {
 47 |   apt-get install -y --force-yes opendkim opendkim-tools
 48 | 
 49 |   echo "AutoRestart Yes\nAutoRestartRate 10/1h\nSyslogSuccess Yes\nLogWhy Yes\n\nCanonicalization relaxed/simple\n\nExternalIgnoreList refile:/etc/opendkim/TrustedHosts\nInternalHosts refile:/etc/opendkim/TrustedHosts\nKeyTable refile:/etc/opendkim/KeyTable\nSigningTable refile:/etc/opendkim/SigningTable\n\nMode sv\nPidFile /var/run/opendkim/opendkim.pid\nSignatureAlgorithm rsa-sha256\n\nUserID opendkim:opendkim\n\nSocket inet:12301@localhost" >> /etc/opendkim.conf
 50 |   echo "SOCKET="inet:12301@localhost"" >> /etc/default/opendkim
 51 | 
 52 |   echo "milter_protocol = 6\nmilter_default_action = accept\nsmtpd_milters = inet:localhost:12301\nnon_smtpd_milters = inet:localhost:12301"
 53 | 
 54 |   echo "127.0.0.1\nlocalhost\n192.168.0.1/24\n$WILDCARD_DOMAIN" >> /etc/opendkim/TrustedHosts
 55 |   echo "mail._domainkey.$DOMAIN $DOMAIN:mail:/etc/opendkim/keys/$DOMAIN/mail.private" >> /etc/opendkim/KeyTable
 56 |   echo "*@$DOMAIN mail._domainkey.$DOMAIN" >> /etc/opendkim/SigningTable
 57 | 
 58 |   mkdir -p /etc/opendkim/keys/$DOMAIN
 59 |   cd /etc/opendkim/keys/$DOMAIN
 60 |   opendkim-genkey -s mail -d $DOMAIN
 61 |   chown opendkim:opendkim mail.private
 62 | 
 63 |   echo "Copy the p value and create a TXT DNS entry"
 64 |   cat mail.txt
 65 |   echo 'TXT mail._domainkey "v=DKIM1; k=rsa; p=YOUR_P_VALUE_HERE"'
 66 | 
 67 |   cd ~
 68 |   service postfix restart
 69 |   service opendkim restart
 70 | }
 71 | 
 72 | setup_mail_forwarding() {
 73 | 
 74 |   echo "virtual_alias_domains = $DOMAIN" >> /etc/postfix/main.cf
 75 |   echo "virtual_alias_maps = hash:/etc/postfix/virtual" >> /etc/postfix/main.cf
 76 | 
 77 |   echo "# you can add specific virtual emails here for specific forwarding" >> /etc/postfix/virtual
 78 |   echo "@$DOMAIN   $VIRTUAL_EMAIL " >> /etc/postfix/virtual
 79 | 
 80 |   postmap /etc/postfix/virtual
 81 |   service postfix reload
 82 | }
 83 | 
 84 | setup_mail() {
 85 |   debconf-set-selections <<< "postfix postfix/mailname string $HOSTNAME"
 86 |   debconf-set-selections <<< "postfix postfix/main_mailer_type string 'Internet Site'"
 87 |   DEBIAN_FRONTEND=noninteractive apt-get -y install postfix
 88 |   apt-get -y install mailutils
 89 | 
 90 |   # sed -e 's/inet_interfaces = all/inet_interfaces = localhost/g' /etc/postfix/main.cf > /etc/postfix/main.cf.bak && mv /etc/postfix/main.cf.bak /etc/postfix/main.cf
 91 |   service postfix restart
 92 | 
 93 |   setup_mail_aliases
 94 |   setup_mail_opendkim
 95 |   setup_mail_forwarding
 96 | }
 97 | 
 98 | setup_logwatch() {
 99 |   apt-get -y --force-yes install logwatch
100 |   mkdir /var/cache/logwatch
101 |   cp /usr/share/logwatch/default.conf/logwatch.conf /etc/logwatch/conf/
102 |   sed -e "s/--output mail/--mailto $OPS_EMAIL/g" /etc/cron.daily/00logwatch > /etc/cron.daily/00logwatch.bak && mv /etc/cron.daily/00logwatch.bak /etc/cron.daily/00logwatch
103 | }
104 | 
105 | setup_fail2ban() {
106 |   apt-get -y --force-yes install fail2ban
107 |   echo "[DEFAULT]\n ignoreip  = 127.0.0.1\n bantime   = 86400\n destemail = $OPS_EMAIL\n banaction = iptables-multiport\n action    = %(action_)s\n \n # JAILS\n [ssh]\n enabled   = true\n maxretry  = 3\n \n [pam-generic]\n enabled   = true\n banaction = iptables-allports\n \n [ssh-ddos]\n enabled   = true\n \n [apache]\n enabled = true\n \n [nginx-http-auth]\n enabled = true\n \n [postfix]\n enabled  = true\n maxretry = 1\n \n [dovecot-pop3imap]\n enabled = true\n filter = dovecot-pop3imap\n action = iptables-multiport[name=dovecot-pop3imap, port=\"pop3,imap,993,995\", protocol=tcp]\n logpath = /var/log/mail.log\n maxretry = 20\n findtime = 1200\n bantime = 1200\n" > /etc/fail2ban/jail.local
108 | }
109 | 
110 | setup_rootkits() {
111 |   apt-get -y --force-yes install lynis
112 |   apt-get -y --force-yes install rkhunter
113 | }
114 | 


--------------------------------------------------------------------------------
/javascript_popups.md:
--------------------------------------------------------------------------------
  1 | # JavaScript Popups
  2 | 
  3 | Creating modal popups in JavaScript is always complex. Here is a quick pattern for doing it.
  4 | 
  5 | ## Stylesheet
  6 | 
  7 | Start with the basic stylesheet `popup.css`:
  8 | 
  9 |     div.popup-background {
 10 |       z-index: 99999;
 11 |       display: none;
 12 |       position: fixed;
 13 |       top: 0;
 14 |       left: 0;
 15 |       width: 100%;
 16 |       height: 100%;
 17 |       background: #333333;
 18 |     }
 19 | 
 20 |     div.popup {
 21 |       z-index: 999999;
 22 |       display: none;
 23 |       position: absolute;
 24 |       top: 4em;
 25 |       width: 80%;
 26 |       max-width: 486px;
 27 |       left: 50%;
 28 |       margin-left: -243px;
 29 |       background-color: white;
 30 |       -moz-box-shadow: 0 8px 46px rgba(0, 0, 0, .5);
 31 |       -o-box-shadow: 0 8px 46px rgba(0, 0, 0, .5);
 32 |       -webkit-box-shadow: 0 8px 46px rgba(0, 0, 0, .5);
 33 |       box-shadow: 0 8px 46px rgba(0, 0, 0, .5);
 34 |     }
 35 | 
 36 |     div.popup p {
 37 |       padding: 1.2em;
 38 |     }
 39 | 
 40 |     div.popup form {
 41 |       margin: 0 auto;
 42 |       padding: 1.2em;
 43 |       margin-bottom: 1em;
 44 |       width: 100%;
 45 |     }
 46 | 
 47 |     div.popup a.close {
 48 |       position: absolute;
 49 |       top: 0.2em;
 50 |       right: 0.5em;
 51 |       font-size: 2em;
 52 |       font-weight: 300;
 53 |     }
 54 | 
 55 |     div.popup a.close:hover {
 56 |       border-color: #d2d2d2;
 57 |       color: #d2d2d2;
 58 |     }
 59 | 
 60 |     div.popup h2 {
 61 |       font-weight: 300;
 62 |       font-size: 1.6em;
 63 |       width: 100%;
 64 |       margin: 1em 0 0 0;
 65 |       padding: 0 0.8em;
 66 |       text-align: left;
 67 |     }
 68 | 
 69 | 
 70 | ## Popup code
 71 | 
 72 | Include the following `popup.js` in your assets:
 73 | 
 74 |     var Popup = function($template) {
 75 |       var self = this;
 76 | 
 77 |       this.showing = false;
 78 |       this.$template = $template;
 79 |       this.$background = $("<div class='popup-background'></div>")
 80 |       this.$background.click(function(e) {
 81 |         e.preventDefault();
 82 |         e.stopPropagation();
 83 |         self.hide();
 84 |       });
 85 |       $('body').append(this.$background);
 86 |     }
 87 | 
 88 |     Popup.prototype.show = function(options) {
 89 |       if (this.showing) return false;
 90 |       options = options || {};
 91 | 
 92 |       var self = this;
 93 |       this.$popup = this.$template.clone();
 94 |       this.$popup.find('a.close').click(function(e) {
 95 |         self.hide();
 96 |         e.preventDefault();
 97 |         e.stopPropagation();
 98 |         return false;
 99 |       });
100 | 
101 |       // Escape closes the popup
102 |       $('body').bind('keyup.popup', function(e) {
103 |         if (e.which === 27) {
104 |           e.preventDefault();
105 |           e.stopPropagation();
106 |           self.hide();
107 |         }
108 |       });
109 | 
110 |       // No scroll mobile
111 |       $('body').bind('touchmove.popup', function(e) {
112 |         e.preventDefault();
113 |         e.stopPropagation();
114 |       });
115 | 
116 |       if (options.before) {
117 |         options.before.apply(this.$popup, [])
118 |       }
119 | 
120 |       $('body').addClass('popup');
121 |       $('body').append(this.$popup);
122 |       this.$popup.css('top', $(window).scrollTop() + 50);
123 |       this.$popup.fadeIn(300);
124 |       this.$background.css({'opacity': '0.8'});
125 |       this.$background.fadeIn(300);
126 |       this.showing = true;
127 |     }
128 | 
129 |     Popup.prototype.hide = function() {
130 |       if (!this.showing) return false;
131 | 
132 |       var self = this;
133 | 
134 |       this.$background.fadeOut(300);
135 |       this.$popup.fadeOut(300, function() {
136 |         self.$popup.remove();
137 |         self.showing = false;
138 |       });
139 | 
140 |       $('body').removeClass('popup');
141 |       $('body').unbind('touchmove.popup'); // no scroll mobile unbind
142 |       $('body').unbind('keyup.popup'); // escape unbind
143 |     }
144 | 
145 | 
146 | 
147 | ## Usage
148 | 
149 | In order to use this you need a template for your popup in your HTML. You can put this just above the footer (or in a page specific template):
150 | 
151 |     <div class="popup sample">
152 |       <h2>Title</h2>
153 |       <div>
154 |         <p>Something about something</p>
155 |         <form action="#" onsubmit="false">
156 |           <button>Hide</button>
157 |         </form>
158 |       </div>
159 |       <a href="javascript:void(0)" class="close">&times;</a>
160 |     </div>
161 | 
162 | You'll also need a temporary lightbox background element. I include this in the application layout directly:
163 | 
164 |     <div id="lightbox-background"></div>
165 | 
166 | Then you need a small amount of JavaScript to register the popup and show it:
167 | 
168 |     <script type="text/javascript">
169 |       $(function() {
170 |         var samplePopup = new Popup($('.sample'));
171 | 
172 |         samplePopup.show({
173 |           before: function() {
174 |             var $popup = this;
175 |             $popup.find('button').click(function() {
176 |               samplePopup.hide();
177 |             });
178 |           }
179 |         });
180 |       });
181 |     </script>
182 | 


--------------------------------------------------------------------------------
/unformatted/rails_security.md:
--------------------------------------------------------------------------------
  1 | # Rails Security
  2 | 
  3 | * Run brakeman
  4 | * Keeping gems up to date (gemnasium)
  5 | * Rate limiting (rack attack)
  6 | * X-Content-Type headers (rack attack)
  7 | * CSP
  8 | * Reset the sessions/login
  9 | * Tracking the request
 10 | * Length masking
 11 | * Can a plugin limit SSL?
 12 | * Looking up tokens
 13 | * Responsible disclosure and security page
 14 | * Robots.txt
 15 | * Crossdomain.xml
 16 | * Preventing header injection
 17 | * Certificate pinning
 18 | * EU ePrivacy Directive / Do Not Track
 19 | 
 20 | ## Run brakeman
 21 | 
 22 | ## Keeping gems up to date using Gemnasium
 23 | 
 24 | ## Rate limiting
 25 | 
 26 | https://www.kickstarter.com/backing-and-hacking/rack-attack-protection-from-abusive-clients
 27 | 
 28 | https://github.com/kickstarter/rack-attack
 29 | 
 30 | Things you should rate limit:
 31 | 
 32 | * Login attempts
 33 | * Forgot password tries (email enumeration)
 34 | * Forgot password token tries
 35 | * Forgot password submissions
 36 | * Token authentication misses
 37 | * OAuth misses
 38 | * Items which generate emails (header injections)
 39 | * Long running items (DOS)
 40 | * Clients getting errors
 41 | 
 42 | Things you should not rate limit via rack attack
 43 | 
 44 | * API requests
 45 | 
 46 | Note: remember that some web-servers are set to proxy their requests. Make sure your HTTP X Forwarded For is right.
 47 | 
 48 | ### Be fail2ban friendly
 49 | 
 50 | How you raise errors should be friendly to fail2ban
 51 | 
 52 | Make a scanner-scanner?
 53 | 
 54 | ## Headers
 55 | 
 56 | X-Content-Type-Options
 57 | 
 58 | ## CSP
 59 | 
 60 | Use a content security policy which does not allow inline scripts and enumerates the possible asset sources. White-list third parties like Google Analytics.
 61 | 
 62 | https://github.com/blog/1477-content-security-policy
 63 | 
 64 | https://github.com/twitter/secureheaders
 65 | 
 66 | ### Google Analytics and CSP
 67 | https://stackmachine.com/blog/google-analytics-and-content-security-policy
 68 | 
 69 | ## Reset the sessions
 70 | 
 71 | You should be storing a list of all sessions that are logged in. In some cases all sessions should be reset:
 72 | 
 73 | * When the user changes the password
 74 | * When the user issues a forgot password request
 75 | 
 76 | Note this should also reset all existing password reset tokens.
 77 | 
 78 | 
 79 | ## Tracking the request
 80 | 
 81 | https://github.com/efficiency20/ops_middleware
 82 | 
 83 | Dangers of adding tracking headers to the request (identify the server and protocol)
 84 | 
 85 | Legal requirements about tracking in Europe
 86 | 
 87 | ## Length masking
 88 | 
 89 | BREACH and CRIME (breachattack.com)
 90 | 
 91 | breach and forgot-passwords (url encoded post reflected into body)
 92 | 
 93 | random length comment in each request
 94 | XOR masking on the CSRF token
 95 | 
 96 | https://github.com/meldium/breach-mitigation-rails
 97 | 
 98 | ## Can a gem limit the kinds of SSL used
 99 | 
100 | * Choose specific ciphers?
101 | * Also tracking SSL cert expiry?
102 | 
103 | ## Looking up tokens using params
104 | 
105 | * MySQL typecasting of packets [http://www.phenoelit.org/blog/archives/2013/02/05/mysql_madness_and_rails/index.html](http://www.phenoelit.org/blog/archives/2013/02/05/mysql_madness_and_rails/index.html)
106 | 
107 | ## Setup a responsible disclosure policy
108 | 
109 | PGP email
110 | Bug bounty
111 | T-shirts
112 | Respond immediately (example is the timing attack in Java)
113 | 
114 | ## Robots.txt
115 | 
116 | ## Crossdomain.xml
117 | 
118 | 
119 | ## Preventing header injection
120 | 
121 | http://homakov.blogspot.com/2014/01/header-injection-in-sinatra.html
122 | https://gist.github.com/rkh/befd7d127f4052d292d5
123 | 
124 | 
125 | ## Certificate pinning
126 | 
127 | Are you consuming an API from your Rails app? How are you preventing man in the middle attacks?
128 | 
129 | * Cloak
130 | * VPN
131 | * Socks proxy
132 | * Certificate pinning / Public Key pinning
133 | 
134 | For example: are you developing against the Shopify API? Are you doing that at this conference? How do you know someone isn't impersonating Shopify with a MitM.
135 | 
136 | Certificate pinning ensures against some privileged network position attacks.
137 | 
138 | 
139 | # Classes of vulnerabilities
140 | 
141 | * Timing attacks
142 | * Brute force protection
143 | * Token leaking
144 | * Open redirects (non-whitelisted)
145 | * Concurrency issues (multiple avatar uploads http://homakov.blogspot.com/2014/11/hacking-file-uploaders-with-race.html)
146 | 
147 | 
148 | # Legal
149 | 
150 | ## EU ePrivacy Directive
151 | 
152 | https://github.com/peter-murach/rack-policy
153 | http://en.wikipedia.org/wiki/Do_Not_Track (Roy Fielding)
154 | https://ico.org.uk/for-organisations/guide-to-pecr/cookies/
155 | 
156 | ## COPPA
157 | 
158 | http://www.coppa.org/comply.htm
159 | 
160 | ## CAN-SPAM
161 | 
162 | http://www.ftc.gov/tips-advice/business-center/guidance/can-spam-act-compliance-guide-business
163 | 
164 | ## PCI
165 | 
166 | https://www.pcisecuritystandards.org/
167 | 
168 | ## HIPPA
169 | 
170 | http://www.hhs.gov/ocr/privacy/
171 | 
172 | ## HITECH
173 | 
174 | http://www.hhs.gov/ocr/privacy/hipaa/administrative/enforcementrule/hitechenforcementifr.html
175 | 
176 | ## FTC digital advertising disclosure (online advertising)
177 | 
178 | http://www.ftc.gov/sites/default/files/attachments/press-releases/ftc-staff-revises-online-advertising-disclosure-guidelines/130312dotcomdisclosures.pdf
179 | 
180 | ## United Nations Convention on the International Sales of Goods
181 | 
182 | http://www.uncitral.org/pdf/english/texts/sales/cisg/V1056997-CISG-e-book.pdf
183 | 


--------------------------------------------------------------------------------
/unformatted/shopify_forms.md:
--------------------------------------------------------------------------------
  1 | <!-- Shopify flash errors (https://rpl.cat/sXQPYzsTMxYaJDwge1r92U7lYX32aC5PWgWnUtosPcM) -->
  2 | 
  3 |     <div class="row s-none">
  4 |       <div class="box errors">
  5 |         <h2>
  6 |           There was 1 error with this customer:
  7 |         </h2>
  8 |         <ul>
  9 |           <li>Customer must have a name or email address</li>
 10 |         </ul>
 11 |       </div>
 12 |     </div>
 13 | 
 14 | <!-- Shopify overall layout -->
 15 | 
 16 |     <div class="section overview">
 17 |       <div class="layout-content">
 18 |         <!-- Sections go here -->
 19 |       </div>
 20 |     </div>
 21 |     
 22 | 
 23 | <!-- Shopify left description (note, this goes with the overall layout) https://rpl.cat/ZlHb_vgYHwUf8nZBvVB3zPOnAsq338qLFk2a5gNeN-0 -->
 24 | 
 25 |     <div class="layout-content">
 26 |       <div class="layout-content__sidebar layout-content__first">
 27 |         <div class="section-summary">
 28 |           <h1>Customer overview</h1>
 29 |           <p>Some basic information about this customer.</p>
 30 |         </div>
 31 |       </div>
 32 | 
 33 |       <div class="layout-content__main">
 34 |         <div class="next-card">
 35 |           <div class="next-card__section">
 36 |             <div class="next-grid next-grid--no-outside-padding next-grid--inner-grid">
 37 |               <div class="next-grid__cell">
 38 |                 <div class="next-input-wrapper"><label class="next-label" for="customer_first_name">First Name</label><input bind="firstName" class="next-input" id="customer_first_name" name="customer[first_name]" size="30" type="text" value=""></div>
 39 |               </div>
 40 |               <div class="next-grid__cell">
 41 |                 <div class="next-input-wrapper"><label class="next-label" for="customer_last_name">Last Name</label><input bind="lastName" class="next-input" id="customer_last_name" name="customer[last_name]" size="30" type="text" value=""></div>
 42 |               </div>
 43 |             </div>
 44 |           </div>
 45 |         </div>
 46 |       </div>
 47 |     </div>
 48 | 
 49 | <!-- Shopify right side panels (use this instead of the overall layout if you want it)-->
 50 | 
 51 |     <div class="next-grid next-grid--outer-grid">
 52 |       <div class="next-grid__cell">
 53 |         <div class="next-card">
 54 |         </div>
 55 |       </div>
 56 |     </div>            
 57 |       
 58 |     <div class="next-grid__cell next-grid__cell--third">
 59 |       <div class="next-card next-card--aside visibility">
 60 |         <section class="next-card__section">
 61 |           <div class="next-grid next-grid--no-padding next-grid--vertically-centered">
 62 |             <div class="next-grid__cell">
 63 |               <h2 class="next-heading next-heading--no-margin">Visibility</h2>
 64 |             </div>
 65 |           </div>
 66 |         </section>
 67 |        <section class="next-card__section" style="padding-top: 15px; padding-bottom: 15px;">
 68 |           <div class="next-grid next-grid--compact next-grid--no-outside-padding next-grid--vertically-centered">
 69 |             <div class="next-grid__cell">
 70 |             </div>
 71 |           </div>
 72 |         </section>  
 73 |       </div>
 74 |     </div>      
 75 |      
 76 | 
 77 | <!-- Shopify input -->
 78 | 
 79 |     <div class="next-input-wrapper">
 80 |       <label class="next-label" for="customer_first_name">First Name</label>
 81 |       <input bind="firstName" class="next-input" id="customer_first_name" name="customer[first_name]" size="30" type="text" value="">
 82 |     </div>
 83 | 
 84 | 
 85 | <!-- Shopify checkbox -->
 86 | 
 87 |     <div class="next-input-wrapper">
 88 |       <label class="next-label next-label--switch" for="customer_accepts_marketing">Customer accepts marketing</label>
 89 |       <input name="customer[accepts_marketing]" type="hidden" value="0">
 90 |       <input class="next-checkbox" id="customer_accepts_marketing" name="customer[accepts_marketing]" type="checkbox" value="1">
 91 |       <span class="next-checkbox--styled"></span>
 92 |     </div>
 93 | 
 94 | 
 95 | <!-- Shopify select -->
 96 | 
 97 |     <div class="next-input-wrapper">
 98 |       <label class="next-label" for="customer_addresses_attributes_0_country">Country</label>
 99 |       <div class="next-select__wrapper next-input--has-content">
100 |       <select class="next-select js-country-select" id="customer_addresses_attributes_0_country" name="customer[addresses_attributes][0][country]">
101 |         <option value="">--</option>
102 |       </select>
103 |     </div>
104 | 
105 | 
106 | <!-- Shopify expanding textarea -->
107 | 
108 |     <div class="next-input-wrapper">
109 |       <label class="next-label next-label--is-focused" for="customer_note">Note</label>
110 |       <textarea class="next-textarea next-textarea--expanding" expanding="true" id="customer_note" name="customer[note]" placeholder="Add a note to this customer…" style="height: 112px;"></textarea>
111 |       <!-- Auto expanding textarea pieces here -->
112 |     </div>
113 | 
114 | 
115 | <!-- Shopify footer -->
116 | 
117 |     <div class="section section--no-border">
118 |       <div class="next-grid next-grid--right-aligned">
119 |         <div class="next-grid__cell next-grid__cell--no-flex">
120 |           <a class="btn" href="/admin/customers">Cancel</a>
121 |           <button class="btn js-btn-primary js-btn-loadable has-loading disabled" name="button" type="submit" disabled="disabled">Save customer</button>
122 |         </div>
123 |       </div>
124 |     </div>
125 | 
126 | 
127 | <!-- Shopify error -->
128 | 
129 |     <div class="next-input-wrapper next-input-wrapper--is-error">
130 |       <!-- ... -->
131 |     </div>
132 | 
133 | 
134 | As the form changes the save button becomes active. If the form returns to the original state the button deactivates.
135 | 
136 | 


--------------------------------------------------------------------------------
/git.md:
--------------------------------------------------------------------------------
  1 | # Git
  2 | 
  3 | Lots of folks have opinions on how you should use Git. I have used a lot of the different methods and prefer the method that Scott Chacon writes about [Github Flow](http://scottchacon.com/2011/08/31/github-flow.html).
  4 | 
  5 | He outlines it as follows:
  6 | 
  7 | 1. Anything in the master branch is deployable
  8 | 2. To work on something new, create a descriptively named branch off of master (ie: new-oauth2-scopes).
  9 | 3. Commit to that branch locally and regularly push your work to the same named branch on the server.
 10 | 4. When you need feedback or help, or you think the branch is ready for merging, open a pull request.
 11 | 5. After someone else has reviewed and signed off on the feature, you can merge it into master.
 12 | 6. Once it is merged and pushed to ‘master’, you can and should deploy immediately.
 13 | 
 14 | ## Usage
 15 | 
 16 | Go to your Rails root folder:
 17 | 
 18 |     git status
 19 | 
 20 | You should see the status of your repository which might look something like this:
 21 | 
 22 |     # On branch master
 23 |     nothing to commit, working directory clean
 24 | 
 25 | At this point your master branch is up to date and you are ready to start a new feature:
 26 | 
 27 |     git checkout -b my-new-feature
 28 | 
 29 | This will make a copy of master and checkout a new branch that you can modify without hurting the other branches (even though you haven't changed folders). Notice the `-b` option here tells git to **create** the branch.
 30 | 
 31 | If your prompt shows the current branch (it should!) then you'll see something like:
 32 | 
 33 |     /projects/sample [my-new-feature] $
 34 | 
 35 | Either way, checking the status again shows you where you are:
 36 | 
 37 |     git status
 38 | 
 39 | Where you'll see:
 40 | 
 41 |     # On branch my-new-feature
 42 |     nothing to commit, working directory clean
 43 | 
 44 | Now you can start working away, making changes and committing them. If you want to push them up to the remote server (for instance, Github) just:
 45 | 
 46 |     git push origin my-new-feature
 47 | 
 48 | At this point others can `git fetch` to get the branches and `git checkout my-new-feature` to see your changes.
 49 | 
 50 | ### What if `master` changes before I push?
 51 | 
 52 | If master is updated (it probably will be) there are a couple of options. You can merge in the changes or rebase. I prefer to **rebase**. Commit any changes on your current branch. Then go back to the `master` branch
 53 | 
 54 |     git checkout master
 55 | 
 56 | Get the latest (also using a rebase):
 57 | 
 58 |     git pull --rebase origin master
 59 | 
 60 | Now, this rebase is probably unnecessary. You shouldn't be making any changes on the master branch anyway. So this should pull down the latest code without issues. Now jump back to your branch:
 61 | 
 62 |     git checkout my-new-feature
 63 | 
 64 | Now lets rebase on top of master:
 65 | 
 66 |     git rebase master
 67 | 
 68 | At this point git will take all of the commits from your current branch and re-play them on top of the latest master. So if you added a file or deleted a line or replaced an image, git will do that again but will pretend that you just started doing it with the latest code.
 69 | 
 70 | This doesn't always go perfect. What if you made a change to a file that has now been deleted? When git tries to re-play that change it will see that the file is missing and give you a **conflict**.
 71 | 
 72 | You need to fix the conflict by deciding what the current state should be. You can keep the file deleted, add the file back in or fix the conflict lines (which will show in the files with the HEAD and version specific changes). Once you make the change add the file (here I cheat, by adding everything):
 73 | 
 74 |     git add .
 75 | 
 76 | Then continue the rebase
 77 | 
 78 |     git rebase --i continue
 79 | 
 80 | Now, technically, when you do this you are rewriting history. You didn't _actually_ make these commits after everything in master, you are just rewriting history to make it cleaner. This is a good thing, but it is also a bad thing. If you try to push up the changes from your freshly rebased branch you will get a conflict (if you have already pushed before). You can get around this by forcing the push:
 81 | 
 82 |     git push -f origin my-new-branch
 83 | 
 84 | But by doing so you rewrite the shared history, which is even worse! Anyone who has fetched your branch will probably get a conflict on their end. If they are simultaneously working on the same branch it can become very confusing. If they have pushed changes that you don't have you can overwrite their changes.
 85 | 
 86 | **You should never-ever force push to master**.
 87 | 
 88 | ## Pull Requests
 89 | 
 90 | Once you have finished all of the changes you should have them reviewed. Generally this is done with a Pull Request. On Github, switch to your branch and hit the pull request button. You should be able to create the pull request and someone on the team can review it. If you make a change and re-push the branch, Github will automatically update the pull request.
 91 | 
 92 | Once everything is reviewed and looks great (see also, continuous integration), the branch can be merged to master and the remote branch can be deleted.
 93 | 
 94 | When the branch is merged it is actually a merge: not a rebase. This is generally okay as the history would otherwise get very confusing as multiple teams members create code simultaneously.
 95 | 
 96 | Once you have merged you should delete the local copy of the branch as well:
 97 | 
 98 |     git checkout master
 99 |     git branch -D my-new-feature
100 | 
101 | And get the latest master:
102 | 
103 |     git pull --rebase origin master
104 | 
105 | Now you are ready to begin working on a new feature.
106 | 
107 | It should be noted that at this point the branch should be deployed (see also, deployment) and any feature tracking (pivotal, etc). Should be updated. There are ways to integrate these directly into the github flow.
108 | 
109 | ## Tagging versions
110 | 
111 | You probably don't need to tag things in your normal repositories. But if you are working on Gems you definitely should. Here's how:
112 | 
113 |     git tag -a v1.0.0 -m "Description for this version"
114 | 
115 | Once you tag a repo you can simply push to master and the tags will be pushed.
116 | 


--------------------------------------------------------------------------------
/unformatted/sidekiq.md:
--------------------------------------------------------------------------------
  1 | # Sidekiq
  2 | 
  3 | You'll need the gem in your Gemfile:
  4 | 
  5 |     gem 'sidekiq'
  6 | 
  7 | Next you'll need to install:
  8 | 
  9 |     bundle install
 10 |     
 11 | By default sidekiq assumes you are running redis on your localhost on port 6379. This should work well for development. If you have additional configuration you can set up the connection using an environment variable `REDIS_PROVIDER`. The value is the name of another environment variable used to get the configuration.
 12 | 
 13 | If it is your own configuration you can point `REDIS_PROVIDER` to your own custom `REDIS_URL` and then define your redis URL using that variable.
 14 |     
 15 | You can create a more advanced configuration using `config/initializers/sidekiq.rb` but you usually won't need to.    
 16 | 
 17 | ## Procfile
 18 | 
 19 | Make sure you are referencing Sidekiq in your `Procfile`
 20 | 
 21 |     worker: bundle exec sidekiq
 22 | 
 23 | 
 24 | ## On Heroku
 25 | 
 26 | 
 27 | First you need to get the `redistogo` addon:
 28 | 
 29 |     heroku addons:docs redistogo
 30 |     
 31 | Redis To Go has a free version (up to 5MB) which should handle everything you need for basic Sidekiq. As of version 3.0 you need to set the `REDIS_PROVIDER` environment variable to the provided URL. You can do this in the heroku config:
 32 |         
 33 |     heroku config:set REDIS_PROVIDER=REDISTOGO_URL
 34 |     
 35 | From there Heroku will do the right thing with the worker definition in your Procfile.
 36 | 
 37 | 
 38 | ## Image Resizing sample
 39 | 
 40 | To resize images in the background you should use ImageMagick. There is a simple gem layer over this called MiniMagick:
 41 | 
 42 |     gem 'mini_magick'
 43 |     
 44 | We'll store images on AWS S3, so you'll need the AWS SDK:
 45 |     
 46 |     gem 'aws-sdk'
 47 |     
 48 | Make sure your AWS config is initialized in `config/initializers/aws.rb`:
 49 | 
 50 |     require 'aws-sdk'
 51 | 
 52 |     AWS.config(
 53 |       access_key_id: ENV['AWS_ACCESS_KEY_ID'],
 54 |       secret_access_key: ENV['AWS_SECRET_ACCESS_KEY'])
 55 | 
 56 |     
 57 | Create a new worker file in `app/workers/image_worker.rb`:
 58 | 
 59 |     class ImageWorker
 60 |       include Sidekiq::Worker
 61 | 
 62 |       sidekiq_options :retry => false
 63 | 
 64 |       attr_reader :key
 65 | 
 66 |       def perform(key)
 67 |         @key = key
 68 |         return unless obj.exists?
 69 |         original = s3.buckets[bucket].objects[key_for('original')]
 70 |         return if original.exists?
 71 |         obj.copy_to(original, cache_options)
 72 |         process
 73 |       ensure
 74 |         tempfile.close
 75 |         tempfile.unlink
 76 |       end
 77 | 
 78 |       protected
 79 | 
 80 |       def process
 81 |         # Override if subclass
 82 |       end
 83 | 
 84 |       def bucket
 85 |         Rails.application.secrets.aws_bucket
 86 |       end
 87 | 
 88 |       def s3
 89 |         @s3 ||= AWS::S3.new
 90 |       end
 91 | 
 92 |       def obj
 93 |         @obj ||= s3.buckets[bucket].objects[key]
 94 |       end
 95 | 
 96 |       def ext
 97 |         @ext ||= File.extname(key)
 98 |       end
 99 | 
100 |       def etag
101 |         @etag ||= obj.etag.gsub(/"/, '')
102 |       end
103 | 
104 |       def tempfile
105 |         @tempfile ||= Tempfile.new([obj.etag, ext], Rails.root.join("tmp")).tap do |file|
106 |           file.binmode
107 |           obj.read do |chunk|
108 |             file.write(chunk)
109 |           end
110 |           file.close
111 |         end
112 |       end
113 | 
114 |       def key_for(style)
115 |         "#{File.dirname(key)}/#{etag}/#{File.basename(key, ext)}-#{style}#{ext}"
116 |       end
117 | 
118 |       def convert(style)
119 |         name = "#{etag}-#{style}"
120 |         output = Tempfile.new([name, ext], Rails.root.join("tmp"))
121 |         image = MiniMagick::Image.open(tempfile.path)
122 |         yield image
123 |         image.write output.path
124 |         upload(key_for(style), output)
125 |       ensure
126 |         output.close
127 |         output.unlink
128 |       end
129 | 
130 |       def upload(key, file)
131 |         dest = s3.buckets[bucket].objects[key]
132 |         return if dest.exists?
133 |         dest.write(Pathname.new(file.path), cache_options)
134 |       end
135 | 
136 |       def cache_options
137 |         {
138 |           acl: :public_read,
139 |           content_type: obj.content_type.to_s,
140 |           cache_control: "max-age=#{1.year.to_i}",
141 |           expires: 1.year.from_now.httpdate
142 |         }
143 |       end
144 |     end
145 | 
146 | 
147 | ## Sidekiq web
148 | 
149 | In order to support the built in web interface you need to add Sinatra to your `Gemfile`:
150 | 
151 |     gem 'sinatra', '>= 1.3.0', :require => nil
152 |     
153 | On Rails 5 you'll need the latest:
154 | 
155 |     gem 'sinatra', github: 'sinatra'
156 | 
157 | Then in your `config/routes.rb` you'll need to require it (at the top of the file):
158 | 
159 |     require 'sidekiq/web'
160 | 
161 | And mount it (at the end your routes):
162 | 
163 |     mount Sidekiq::Web => '/sidekiq', :constraints => AuthConstraint.new
164 | 
165 | Notice that we used a custom constraint for authentication. Using this you can limit the route visibility to logged in users. To make this work you'll need to create the contraint at `lib/auth_constraint.rb`:
166 | 
167 |     # Constraint used in routing for hosted routed apps
168 |     #
169 |     # https://github.com/mperham/sidekiq/wiki/Monitoring
170 |     #
171 |     class AuthConstraint
172 |       def matches?(request)
173 |         return false unless request.session[:user_id]
174 |         user = User.find request.session[:user_id]
175 |         user && user.admin?
176 |       end
177 |     end
178 | 
179 | See also: https://github.com/mperham/sidekiq/wiki/Monitoring#rails-http-basic-auth-from-routes
180 | 
181 | ```ruby
182 | Sidekiq::Web.use Rack::Auth::Basic do |username, password|
183 |   username == ENV["SIDEKIQ_USERNAME"] && password == ENV["SIDEKIQ_PASSWORD"]
184 | end if Rails.env.production?
185 | ```
186 | 
187 | ## Optimization
188 | 
189 | * https://github.com/toy/image_optim
190 | * https://github.com/mooktakim/image_optim_bin
191 | * https://www.petekeen.net/introduction-to-heroku-buildpacks
192 | * https://github.com/bobbus/image-optim-buildpack
193 | 


--------------------------------------------------------------------------------
/shopify_embedded_app.md:
--------------------------------------------------------------------------------
  1 | # Shopify embedded app
  2 | 
  3 | Start with a basic rails application. Then do the following:
  4 | 
  5 | * Setup the secrets for the embedded app
  6 | * Add the gems
  7 | * Setup omniauth
  8 | * 
  9 | 
 10 | 
 11 | ## Secrets
 12 | 
 13 | Edit your `config/secrets.yml`
 14 | 
 15 |     defaults: &defaults
 16 |       shopify_app_api_key: <%= ENV["SHOPIFY_APP_API_KEY"] %>
 17 |       shopify_app_api_secret: <%= ENV["SHOPIFY_APP_API_SECRET"] %>
 18 | 
 19 | Add the environment variables to the `.env`:
 20 | 
 21 |     SHOPIFY_APP_API_KEY=12345abcdef....
 22 |     SHOPIFY_APP_API_SECRET=12345abcdef....
 23 |     
 24 |     
 25 | ## Gems
 26 | 
 27 | Add the following to your `Gemfile`:
 28 | 
 29 |     gem 'shopify_api'
 30 |     gem 'omniauth'
 31 |     gem 'omniauth-shopify-oauth2', git: 'git://github.com/jeffrafter/omniauth-shopify-oauth2'
 32 |     
 33 | Then `bundle`.
 34 | 
 35 | ## Setup omniauth
 36 | 
 37 | Omniauth is middleware which is setup in an initializer. Create `config/initializers/omniauth.rb`:
 38 | 
 39 |     # See http://docs.shopify.com/api/tutorials/oauth for all scopes
 40 |     SHOPIFY_SCOPES = [
 41 |       'read_content',
 42 |       'write_content',
 43 |       'read_products',
 44 |       'write_products',
 45 |       'read_customers',
 46 |       'write_customers',
 47 |       'read_orders'
 48 |     ]
 49 | 
 50 |     Rails.application.config.middleware.use OmniAuth::Builder do
 51 |       provider :shopify,
 52 |         Rails.application.secrets.shopify_app_api_key,
 53 |         Rails.application.secrets.shopify_app_api_secret,
 54 |         :scope => SHOPIFY_SCOPES.join(', '),
 55 |         :setup => lambda {|env|
 56 |           params = Rack::Utils.parse_query(env['QUERY_STRING'])
 57 |           site_url = "https://#{params['shop']}"
 58 |           env['omniauth.strategy'].options[:client_options][:site] = site_url
 59 |         }
 60 |     end
 61 | 
 62 | 
 63 | ## Shopify Models
 64 | 
 65 |     rails g model shop_session shop_id:integer uid:string access_token:string ip:string user_agent:string access_at:datetime logout_at:datetime revoked_at:datetime
 66 | 
 67 | 
 68 |     class CreateShopSessions < ActiveRecord::Migration
 69 |       def change
 70 |         create_table :shop_sessions do |t|
 71 |           t.string :url
 72 |           t.string :uid
 73 |           t.string :access_token
 74 |           t.string :ip
 75 |           t.string :user_agent
 76 |           t.datetime :access_at
 77 |           t.datetime :logout_at
 78 |           t.datetime :revoked_at
 79 | 
 80 |           t.timestamps null: false
 81 |         end
 82 | 
 83 |         add_index :shop_sessions, [:uid, :access_token]
 84 |         add_index :shop_sessions, [:revoked_at, :logout_at, :access_at]
 85 |       end
 86 |     end
 87 |     
 88 |     
 89 |  Add a site method for the API
 90 |  
 91 |      def site
 92 |        "https://#{self.url}/admin"
 93 |      end
 94 |      
 95 |      def token
 96 |        self.access_token
 97 |      end
 98 | 
 99 | ## Shopify Controller
100 | 
101 | In order to handle the interactions in Shopify you will want a specific controller. Create `app/controllers/shopify_controller.rb`:
102 | 
103 | 
104 | https://gist.github.com/jeffrafter/5f3184de69d6737d2898
105 | 
106 | 
107 | # Shopify Layout
108 | 
109 | https://gist.github.com/jeffrafter/a4ac26761d6a5e0552ce
110 | 
111 | # Views
112 | 
113 | 
114 | New:
115 | 
116 |     Shopify new
117 | 
118 |     <div class="page-header" id="login-header">
119 |       <h1>Install This App</h1>
120 |       <h1><small>This app requires you to login to start using it.</small></h1>
121 |     </div>
122 | 
123 |     <div style="width:340px; margin:0 auto;">
124 |       <%= form_tag :shopify_login, method: :get, class: 'form-search' do %>
125 |         <%= text_field_tag 'shop', nil, placeholder: 'Shop URL', class: 'btn-large' %>
126 |         <%= submit_tag 'Install', class: 'btn btn-primary btn-large' %>
127 |       <% end %>
128 |     </div>
129 | 
130 |     <p align="center" style="margin-top:30px">
131 |       <%= image_tag 'shopify.png' %>
132 |     </p>
133 | 
134 | Welcome:
135 | 
136 | 
137 |     Shopify welcome!
138 |     <br>
139 |     <br>
140 |     [<%= shop_session.shop %>]
141 |     <br>
142 |     <br>
143 |     <strong><%= flash[:notice] %></strong>
144 | 
145 | 
146 | 
147 | 
148 | 
149 | 
150 | 
151 | # Routes
152 | 
153 |     Rails.application.routes.draw do
154 |       root "shopify#welcome"
155 | 
156 |       get '/shopify/welcome', to: 'shopify#welcome', as: :shopify_welcome
157 |       get '/shopify/products', to: 'shopify#products', as: :shopify_products
158 | 
159 |       get '/shopify/login', to: 'shopify#new', as: :shopify_login
160 |       post '/shopify/login', to: 'shopify#create'
161 |       get '/shopify/logout', to: 'shopify#destroy', as: :shopify_logout
162 |       get '/auth/shopify/callback', to: 'shopify#create', as: :shopify_callback
163 |     end
164 | 
165 | 
166 | 
167 | 
168 | 
169 | 
170 | Now go to this url:
171 | 
172 | https://snowe-shopify.herokuapp.com/shopify/login?shop=embedded-test
173 | 
174 | 
175 | https://docs.shopify.com/api/authentication/oauth
176 | 
177 | 
178 | 
179 | 
180 | 
181 | 
182 | 
183 | 
184 | 
185 | 
186 | 
187 | 
188 | 
189 | 
190 | 
191 | 
192 | 
193 | 
194 | 
195 | 
196 | http://embedded-test.myshopify.com/admin/admin/api_clients/new?shop=embedded-test
197 | 
198 | https://embedded-test.myshopify.com/admin/api_clients/new?shop=embedded-test&api_client[return_url]=http://snowe-shopify.herokuapp.com/shopify/login
199 | 
200 | 
201 | 
202 | https://embedded-test.myshopify.com/admin/oauth/authorize?client_id=9498a7cd6d0e1a56547c5c618bd8c004&scope=read_content,write_content,read_products,write_products, read_customers,write_customers,read_orders&redirect_uri=https://snowe-shopify.herokuapp.com/welcome
203 | 
204 | read_content,write_content,read_products,write_products, read_customers,write_customers,read_orders
205 | 
206 | 
207 | 
208 | 
209 | https://snowe-shopify.herokuapp.com/auth/shopify/callback?code=5bb8f92ff8c7da37eaba890020ed2f45&hmac=6dfa0f1e0b56bb3c4d8390c96634d693a699be896ba7c6e211e14f630d2d502d&shop=embedded-test.myshopify.com&signature=b80e78f1c664bca5dc2c2178905709cb&timestamp=1428965125
210 | 
211 | 
212 | # Safari and IE embedded IFrame Cookies
213 | 
214 | http://www.mendoweb.be/blog/internet-explorer-safari-third-party-cookie-problem/
215 | 
216 | 
217 | # Validating the HMAC
218 | 
219 | The problem is that in many requests the HMAC is blank. For example lets say you go to
220 | 
221 |     https://<your-site>/shopify/welcome
222 |     
223 | This will hit your controller and render the welcome page (without an HMAC). When this page renders it will render the JavaScript which runs the shopify app embed which will reframe your page within the Shopify Admin:
224 | 
225 |     https://<your-shop>.myshopify.com/admin/apps/<your-app-no>/shopify/welcome
226 |     
227 | This page will re-render your welcome page but this time with the shop and the hmac params included:
228 | 
229 |     https://<your-site>/shopify/welcome?hmac=12345&signature=12345&timestamp=12345&shop=<your-shop>.myshopify.com
230 |     
231 |     
232 |  


--------------------------------------------------------------------------------
/keychain.md:
--------------------------------------------------------------------------------
  1 | # Keychain access in Cocoa
  2 | 
  3 | When storing secure information like passwords or API tokens in your Mac application, you want to use the Keychain. The Keychain is a built in mechanism for securing information specific to applications and users in OSX. 
  4 | 
  5 | The problem? It really isn't clear how or when you should store items in the keychain and what the implications of those decisions are. Over the years Apple's documentation has improved but the workflows it describes still focus only on passwords.
  6 | 
  7 | > See also: [OS X Keychain Services Tasks](https://developer.apple.com/library/mac/documentation/security/conceptual/keychainServConcepts/03tasks/tasks.html)  in Apple's Keychain Services Programming Guide
  8 | 
  9 | 
 10 | ## Dialogs
 11 | 
 12 | ### When you access a keychain item you see a dialog
 13 | 
 14 | ![A confirmation dialog asking the user to allow access to the keychain item](./images/keychain/allow_access_token.png "Figure 1-1")
 15 | 
 16 | 
 17 | ![A confirmation dialog asking the user to allow access to the keychain item](./images/keychain/allow_access_secret.png "Figure 1-2")
 18 | 
 19 | ### When your application changes, you see a dialog
 20 | ### Differences in Keychain access on iOS and OSX
 21 | ### Signing your application
 22 | 
 23 | ### Working with the keychain
 24 | 
 25 |     - (void)setKeychainData:(NSString *)data forService:(NSString *)service andAccount:(NSString *)account
 26 |     {
 27 |         OSStatus err;
 28 |         SecKeychainItemRef item = nil;
 29 |         const char *dataUTF8 = [data UTF8String];
 30 |         const char *serviceUTF8 = [service UTF8String];
 31 |         const char *accountUTF8 = [account UTF8String];
 32 |         
 33 |         assert(strlen(serviceUTF8) <= 0xffffffff);
 34 |         assert(strlen(accountUTF8) <= 0xffffffff);
 35 |         assert(strlen(dataUTF8) <= 0xffffffff);
 36 |         
 37 |         err = SecKeychainFindGenericPassword(NULL, // use the default keychain
 38 |                                              (UInt32)strlen(serviceUTF8),
 39 |                                              serviceUTF8,
 40 |                                              (UInt32)strlen(accountUTF8),
 41 |                                              accountUTF8,
 42 |                                              NULL,
 43 |                                              NULL,
 44 |                                              &item);
 45 |         
 46 |         
 47 |         // Do not return from this error as a common outcome is "not found"
 48 |         if (err != noErr) {
 49 |             NSLog(@"%@", SecCopyErrorMessageString(err, NULL));
 50 |         }
 51 | 
 52 |         if (item) {
 53 |             err = SecKeychainItemModifyContent(item,
 54 |                                                NULL,
 55 |                                                (UInt32)strlen(dataUTF8),
 56 |                                                dataUTF8);
 57 |         }
 58 |         else {
 59 |             err = SecKeychainAddGenericPassword(NULL, // use the default keychain
 60 |                                                 (UInt32)strlen(serviceUTF8),
 61 |                                                 serviceUTF8,
 62 |                                                 (UInt32)strlen(accountUTF8),
 63 |                                                 accountUTF8,
 64 |                                                 (UInt32)strlen(dataUTF8),
 65 |                                                 dataUTF8,
 66 |                                                 &item);
 67 |         }
 68 |         
 69 |         if (item) CFRelease(item);
 70 |         
 71 |         if (err != noErr) {
 72 |             NSLog(@"%@", SecCopyErrorMessageString(err, NULL));
 73 |             return;
 74 |         }
 75 |     }
 76 | 
 77 | ...
 78 | 
 79 |     - (NSString *)getKeychainData:(NSString *)service andAccount:(NSString *)account
 80 |     {
 81 |         OSStatus err;
 82 |         SecKeychainItemRef item = nil;
 83 |         const char *serviceUTF8 = [service UTF8String];
 84 |         const char *accountUTF8 = [account UTF8String];
 85 |         
 86 |         assert(strlen(serviceUTF8) <= 0xffffffff);
 87 |         assert(strlen(accountUTF8) <= 0xffffffff);
 88 |         
 89 |         char *data = nil;
 90 |         UInt32 dataLength = 0;
 91 | 
 92 |         err = SecKeychainFindGenericPassword(NULL, // use the default keychain
 93 |                                              (UInt32)strlen(serviceUTF8),
 94 |                                              serviceUTF8,
 95 |                                              (UInt32)strlen(accountUTF8),
 96 |                                              accountUTF8,
 97 |                                              &dataLength,
 98 |                                              (void **)&data,
 99 |                                              &item);
100 | 
101 |         if (item) CFRelease(item);
102 | 
103 |         if (err != noErr) {
104 |             NSLog(@"%@", SecCopyErrorMessageString(err, NULL));
105 |             
106 |             return nil;
107 |         }
108 |         
109 |         NSString *dataString = [[NSString alloc] initWithBytes:data length:dataLength encoding: NSUTF8StringEncoding];
110 |         SecKeychainItemFreeContent(NULL, data);
111 |         
112 |         return dataString;
113 |     }
114 | 
115 | ...
116 | 
117 |     - (void)deleteKeychainData:(NSString *)service andAccount:(NSString *)account
118 |     {
119 |         OSStatus err;
120 |         SecKeychainItemRef item = nil;
121 |         const char *serviceUTF8 = [service UTF8String];
122 |         const char *accountUTF8 = [account UTF8String];
123 |         
124 |         assert(strlen(serviceUTF8) <= 0xffffffff);
125 |         assert(strlen(accountUTF8) <= 0xffffffff);
126 |         
127 |         err = SecKeychainFindGenericPassword(NULL, // use the default keychain
128 |                                              (UInt32)strlen(serviceUTF8),
129 |                                              serviceUTF8,
130 |                                              (UInt32)strlen(accountUTF8),
131 |                                              accountUTF8,
132 |                                              NULL,
133 |                                              NULL,
134 |                                              &item);
135 |         
136 |         
137 |         if (err != noErr) {
138 |             NSLog(@"%@", SecCopyErrorMessageString(err, NULL));
139 |             return;
140 |         }
141 |         
142 |         if (item) {
143 |             err = SecKeychainItemDelete(item);
144 |         }
145 | 
146 |         if (err != noErr) {
147 |             NSLog(@"%@", SecCopyErrorMessageString(err, NULL));
148 |             return;
149 |         }
150 |         
151 |         if (item) CFRelease(item);
152 |     }
153 | 
154 | 
155 | 
156 | ### Storing items in the keychain based on different service names
157 | ### Storing items in the keychain based on account names
158 | ### Storing data in the keychain
159 | ### When to suggest passwords and when to remove entries
160 | 
161 | ## Advanced
162 | 
163 | * Granting access to keychain items from other applications
164 | * Disabling keychain popups for server applications


--------------------------------------------------------------------------------
/ssl.md:
--------------------------------------------------------------------------------
  1 | # Setting up SSL
  2 | 
  3 | Setting up SSL can be a pain. But it will save you headaches down the road, so do it.
  4 | 
  5 | To start, make a temp folder ~/ssl:
  6 | 
  7 |     mkdir ~/ssl
  8 |     cd ~/ssl
  9 | 
 10 | Next, generate the RSA key you will use for the request:
 11 | 
 12 |     openssl genrsa -out YOURSITE.com.key 2048
 13 | 
 14 | 
 15 | Then generate the certificate signing request (CSR):
 16 | 
 17 |     openssl req -new -key YOURSITE.com.key -out YOURSITE.com.csr
 18 | 
 19 | Answer all of the questions. Common name is the name of the domain you are generating a request for. If it is for your root domain use "www.example.com" not just "example.com". If the request is for a wildcard cert then use "*.example.com"
 20 | 
 21 |     You are about to be asked to enter information that will be incorporated
 22 |     into your certificate request.
 23 |     What you are about to enter is what is called a Distinguished Name or a DN.
 24 |     There are quite a few fields but you can leave some blank
 25 |     For some fields there will be a default value,
 26 |     If you enter '.', the field will be left blank.
 27 |     -----
 28 |     Country Name (2 letter code) [AU]:US
 29 |     State or Province Name (full name) [Some-State]:YOUR STATE
 30 |     Locality Name (eg, city) []:YOUR CITY
 31 |     Organization Name (eg, company) [Internet Widgits Pty Ltd]:YOUR COMPANY NAME
 32 |     Organizational Unit Name (eg, section) []:Engineering
 33 |     Common Name (e.g. server FQDN or YOUR name) []:www.YOURSITE.com
 34 |     Email Address []:GENERIC EMAIL FROM YOUR COMPANY
 35 | 
 36 |     Please enter the following 'extra' attributes
 37 |     to be sent with your certificate request
 38 |     A challenge password []:
 39 |     An optional company name []:
 40 |     
 41 | I usually leave the password fields blank.
 42 | 
 43 | Now you have the Certificate request files. Go through a service (like [https://startssl.com](https://startssl.com) and use this request to get the actual certificate. Eventually you will save the result as `ssl.crt`. 
 44 | 
 45 | ## Startssl
 46 | 
 47 | Startssl is a good option to use because the generated certs are approved and you can get a free cert for a single domain. The website can be sluggish if it is overloaded, but that is only a problem when generating your request. They are also a great option for Wildcard and Verified certs if you need them.
 48 | 
 49 | **Note**: StartSSL will work for the root domain and 1 subdomain only for the free option.
 50 | 
 51 | Go to:
 52 | 
 53 |     http://www.startssl.com/
 54 |     
 55 | You should see a link for "Free" certificates. Click this, and it will take you to
 56 | 
 57 |     http://www.startssl.com/?app=1
 58 |    
 59 | At the bottom of the text block you'll see a link to the [Certificate Control Panel](http://www.startssl.com/?app=12). Once there, proceed through the "Express Lane" and create a new account.
 60 | 
 61 | You'll get a confirmation code you must copy and paste. Once complete, the site will generate a "Client key" to install in your browser. Once created you'll need to click "Install".
 62 | 
 63 | Once you get through all of this you need to validate that you are the owner of the domain. Note, you need to validate that you are the owner of the __root__ domain (i.e, example.com), even if you plan on generating a certificate for a subdomain. This will use the registered email on the DNS (which you might have setup, or you might have a catch-all). An email is sent with a token which you need to enter to continue.
 64 | 
 65 | > Note: you probably shouldn't use abuse@ or postmaster@ if you are using Google Apps. Google reserves these addresses. Use webmaster@ instead.
 66 | 
 67 | Once you download `ssl.crt` into the folder, you will need to combine it with a couple other root certificates:
 68 | 
 69 |     wget http://www.startssl.com/certs/sub.class1.server.ca.pem
 70 |     wget http://www.startssl.com/certs/ca.pem
 71 |     cat ssl.crt sub.class1.server.ca.pem ca.pem > YOURSITE.crt
 72 | 
 73 | Now you have everything that you need, but you need to get it in chef. These files should be kept private and safe and you can do this by encrypting them. In your `chef` folder create a new encrypted data bag:
 74 | 
 75 |     knife solo data bag create certs YOURSITE
 76 | 
 77 | Here you can just use the domain name (without the www, or .com) or the subdomain name. You can also use a simpler scheme and just call it "production".
 78 | 
 79 | The data bag is JSON, which doesn't allow for multi-line strings. You'll need to replace the line ends with "\n" (the literal string, not a new line character).
 80 | 
 81 | In your site cookbook default attributes:
 82 | 
 83 |     certs = Chef::EncryptedDataBagItem.load("certs", "production")
 84 |     default['sample']['certs'] = {
 85 |       :key => certs['key'],
 86 |       :crt => certs['crt']
 87 |     }
 88 | 
 89 | In your site cookbook default recipe:
 90 | 
 91 |     ## SSL
 92 |     #
 93 |     directory "#{shared_dir}/certs" do
 94 |       action :create
 95 |       owner node['sample']['user']
 96 |       group node['sample']['group']
 97 |       mode '0755'
 98 |       recursive true
 99 |     end
100 | 
101 |     file "#{shared_dir}/certs/YOURSITE.key" do
102 |       action :create
103 |       owner node['sample']['user']
104 |       group node['sample']['group']
105 |       mode '0600'
106 |       content node['sample']['certs']['key']
107 |     end
108 | 
109 |     file "#{shared_dir}/certs/YOURSITE.crt" do
110 |       action :create
111 |       owner node['sample']['user']
112 |       group node['sample']['group']
113 |       mode '0644'
114 |       content node['sample']['certs']['crt']
115 |     end
116 |    
117 | # Unformatted 
118 | 
119 | 
120 | ## Let's Encrypt!
121 | 
122 | Let's Encrypt is all the new new.
123 | 
124 | _On Ubuntu 14.04 for Nginx_ 
125 | 
126 | https://www.nginx.com/blog/free-certificates-lets-encrypt-and-nginx/
127 | 
128 | .[https://certbot.eff.org/#ubuntutrusty-nginx](https://certbot.eff.org/#ubuntutrusty-nginx)
129 | 
130 |     sudo su deploy
131 |     cd /home/deploy
132 |     mkdir ssl
133 |     cd ssl
134 |     wget https://dl.eff.org/certbot-auto
135 |     chmod a+x certbot-auto
136 |     sudo service nginx stop # takes down the server
137 |     ./certbot-auto certonly
138 |     sudo service nginx start
139 |     
140 |     
141 | Choose temporary webserver
142 | https://rpl.cat/mWC85ufneufIqsbyEisgcwVKI8F4Pqy4I5SCbozz7g0
143 | 
144 | Enter your email
145 | https://rpl.cat/OEkAKmJgS4-ZeqzlwRoFsc8fFoKfa11TuXwlHHCf9cU
146 | 
147 | 
148 | Enter domain names:
149 | https://rpl.cat/RySYznG66K65T1SUXxbvvXPACqyPlkDEn9ldUEUgDdE
150 | 
151 | 
152 | ## Certificate pinning / HSTS / etc
153 | 
154 | * http://stackoverflow.com/questions/16613081/ssl-pinning-with-afnetworking
155 | * https://www.owasp.org/index.php/Pinning_Cheat_Sheet
156 | * https://www.owasp.org/index.php/Certificate_and_Public_Key_Pinning
157 | * http://initwithfunk.com/blog/2014/03/12/afnetworking-ssl-pinning-with-self-signed-certificates/
158 | * http://stackoverflow.com/questions/15728636/how-to-pin-the-public-key-of-a-certificate-on-ios
159 | * https://github.com/AFNetworking/AFNetworking/issues/1852   
160 | 
161 | Certificate pinning has downsides (key rotation, key expiration and revocation). In such cases it is better to use public key pinning.
162 | 
163 | 
164 | 
165 | 
166 | 
167 | ```
168 | server {
169 |   listen      [::]:80;
170 |   listen      80;
171 |   server_name click.rpl.cat;
172 | 
173 |   location /.well-known/acme-challenge {
174 |     root /var/www/letsencrypt;
175 |   }
176 | 
177 |   return 301 https://click.rpl.cat$request_uri;
178 | }
179 | 
180 | server {
181 |   listen      [::]:80;
182 |   listen      80;
183 |   server_name api.rpl.cat;
184 |   
185 |   location /.well-known/acme-challenge {
186 |     root /var/www/letsencrypt;
187 |    }
188 |    
189 |    return 301 https://api.rpl.cat$request_uri;
190 | }  
191 | 
192 | server {
193 |   listen      [::]:443 ssl spdy;
194 |   listen      443 ssl spdy;
195 |   server_name api.rpl.cat;
196 |   server_name click.rpl.cat;
197 |   # ssl_certificate     /home/dokku/api.rpl.cat/tls/server.crt;
198 |   # ssl_certificate_key /home/dokku/api.rpl.cat/tls/server.key;
199 |   
200 |    ssl_certificate /etc/letsencrypt/live/api.rpl.cat/fullchain.pem;
201 |   ssl_certificate_key /etc/letsencrypt/live/api.rpl.cat/privkey.pem;
202 |   
203 |   
204 |   keepalive_timeout   70;
205 |   add_header          Alternate-Protocol  443:npn-spdy/2;
206 |   location    / {     
207 |     proxy_pass  http://api.rpl.cat;
208 |     proxy_http_version 1.1;
209 |     proxy_set_header Upgrade $http_upgrade;
210 |     proxy_set_header Connection upgrade;
211 |     proxy_set_header Host $http_host;
212 |     proxy_set_header X-Forwarded-Proto $scheme;
213 |     proxy_set_header X-Forwarded-For $remote_addr;
214 |     proxy_set_header X-Forwarded-Port $server_port;
215 |     proxy_set_header X-Request-Start $msec;
216 |   } 
217 |   include /home/dokku/api.rpl.cat/nginx.conf.d/*.conf;
218 | } 
219 | upstream api.rpl.cat { server 172.17.0.175:5000; }
220 | ```
221 | 
222 | 
223 | 
224 | 


--------------------------------------------------------------------------------
/swift/Swift - Getting Started.md:
--------------------------------------------------------------------------------
  1 | # Swift - Getting Started
  2 | 
  3 | Open XCode and start a new project. When starting choose a *Single View Application*:
  4 | 
  5 | ![Start a new project](https://rpl.cat/uploads/POd2YaOKDuqwh6wpO0-5OxvFoBujmtGWxiL01rLGUnM/public.png)
  6 | 
  7 | Choose an appropriate (and unique) bundle identifier and application name. For example:
  8 | 
  9 | ![Choose your project options](https://rpl.cat/uploads/EEI83eJzqzF8l2NUIn8cs2PDEVlC2YJWgOJ7iPIF28I/public.png)
 10 | 
 11 | Once your options are set, choose a folder for the project to live. XCode will automatically setup a git repository and make your first commit.
 12 | 
 13 | ## Setup a .gitignore
 14 | 
 15 | ```
 16 | # Created by http://www.gitignore.io
 17 | 
 18 | ### OSX ###
 19 | .DS_Store
 20 | .AppleDouble
 21 | .LSOverride
 22 | 
 23 | # Icon must end with two \r
 24 | Icon
 25 | 
 26 | 
 27 | # Thumbnails
 28 | ._*
 29 | 
 30 | # Files that might appear on external disk
 31 | .Spotlight-V100
 32 | .Trashes
 33 | 
 34 | # Directories potentially created on remote AFP share
 35 | .AppleDB
 36 | .AppleDesktop
 37 | Network Trash Folder
 38 | Temporary Items
 39 | .apdisk
 40 | 
 41 | 
 42 | ### Swift ###
 43 | # Xcode
 44 | #
 45 | build/
 46 | *.pbxuser
 47 | !default.pbxuser
 48 | *.mode1v3
 49 | !default.mode1v3
 50 | *.mode2v3
 51 | !default.mode2v3
 52 | *.perspectivev3
 53 | !default.perspectivev3
 54 | xcuserdata
 55 | *.xccheckout
 56 | *.moved-aside
 57 | DerivedData
 58 | *.hmap
 59 | *.ipa
 60 | *.xcuserstate
 61 | 
 62 | # CocoaPods
 63 | #
 64 | # We recommend against adding the Pods directory to your .gitignore. However
 65 | # you should judge for yourself, the pros and cons are mentioned at:
 66 | # http://guides.cocoapods.org/using/using-cocoapods.html#should-i-ignore-the-pods-directory-in-source-control
 67 | #
 68 | # Pods/
 69 | 
 70 | # You may only want to exclude Carthage/Checkouts if you are on Circle
 71 | Carthage/*
 72 | 
 73 | ### Xcode ###
 74 | build/
 75 | *.pbxuser
 76 | !default.pbxuser
 77 | *.mode1v3
 78 | !default.mode1v3
 79 | *.mode2v3
 80 | !default.mode2v3
 81 | *.perspectivev3
 82 | !default.perspectivev3
 83 | xcuserdata
 84 | *.xccheckout
 85 | *.moved-aside
 86 | DerivedData
 87 | *.xcuserstate
 88 | ```
 89 | 
 90 | ## RootViewController
 91 | 
 92 | Having a single root view controller makes controlling the direction of specific behavior easier. Create a new class called `RootViewController` which is a `UIViewController`. This should be a singleton.
 93 | 
 94 | To make it a singleton add the following (within your `RootViewController`):
 95 | 
 96 | ```swift
 97 | static let sharedInstance = RootViewController()
 98 | ```
 99 | 
100 | Within your `AppDelegate` add the following:
101 | 
102 | ```swift
103 | func application(application: UIApplication, didFinishLaunchingWithOptions launchOptions: [NSObject: AnyObject]?) -> Bool {
104 |     window = UIWindow(frame: UIScreen.mainScreen().bounds)
105 |     window!.backgroundColor = .whiteColor()
106 |     window!.rootViewController = RootViewController.sharedInstance
107 |     window!.makeKeyAndVisible()
108 |     RootViewController.sharedInstance.showViewControllerNeededForState()
109 |     
110 |     return true
111 | }
112 | 
113 | ```
114 | 
115 | Notice that this delegates the flow control to `showViewControllerNeededForState`. This can be as simple as:
116 | 
117 | ```swift
118 | func showViewControllerForState() {
119 |     if (state == 1) {
120 |         showConfirm()
121 |     } else {
122 |         showMain()
123 |     }
124 | }
125 | ```
126 | 
127 | Here the `state` is a basic variable. But this might be a more complex check to see if a user has logged in or has completed an optional setup. 
128 | 
129 | ## Storyboards for all of your controllers
130 | 
131 | In general, large storyboards can become unweildy and slow. Splitting them up helps. Create a new user interface file and call it "Confirm":
132 | 
133 | ![New user interface file](https://rpl.cat/uploads/DYrmcUouznl6gOZD65IdC2N7slEkkkA7cbk-klR4g0g/public.png)
134 | 
135 | Also create a new view controller:
136 | 
137 | ![New view controller](https://rpl.cat/uploads/HXbeX0Rj4wvPS4R4jXROXw3p_mTFBfRljvQI9199jrU/public.png)
138 | 
139 | ![Name the view controller](https://rpl.cat/uploads/DIIG_EU2r_vzuuOWyKr0YtRMIcUMMDPAdGlevJVG9Go/public.png)
140 | 
141 | Open the new storyboard and click on the view controller. Then in the Utilities panel set the identifier and class type:
142 | 
143 | ![Set the identifier and type](https://rpl.cat/uploads/xpL9OC8JFsLvKJnMooi8x0M8LLE1FMHxK43Qbx4dFIc/public.png)
144 | 
145 | Having the storyboard connected to your view controller makes things easy. But it would be even easier if you could initialize the storyboard directly. Add the following to your `ConfirmViewController`:
146 | 
147 | ```swift
148 | static let storyboardIdentifier = "ConfirmViewControllerStoryboard"
149 | 
150 | static func initFromStoryboard() -> ConfirmViewController? {
151 |     let storyboard = UIStoryboard(name: "Confirm", bundle: nil)
152 | 
153 |     return storyboard.instantiateViewControllerWithIdentifier(storyboardIdentifier) as? ConfirmViewController
154 | }
155 | ```
156 | 
157 | Now, return to your `RootViewController` and add the function that shows the appropriate storyboard:
158 | 
159 | ```swift
160 | func showConfirm() {
161 |     let confirmViewController = ConfirmViewController.initFromStoryboard()!
162 |     let confirmView = confirmViewController.view
163 |     addChildViewController(confirmViewController)
164 |     view.addSubview(confirmView)
165 |     confirmView.frame = view.frame;
166 |     confirmViewController.didMoveToParentViewController(self)
167 | }
168 | ```
169 | 
170 | You should be able to do the same for the `Main.storyboard` and the ViewController associated with it (which you can rename).
171 | 
172 | ## Adding a delegate to your controller
173 | 
174 | Because the `RootViewController` is a singleton with a `sharedInstance` you can call methods directly on it. However, in some cases you may want to use the delegate pattern instead. 
175 | 
176 | In your `ConfirmViewController` define a new protocol:
177 | 
178 | ```swift
179 | protocol ConfirmViewControllerDelegate: class {
180 |     func confirmViewControllerSucceeded(viewController: ConfirmViewController)
181 | }
182 | ```
183 | 
184 | Then based on an action you can call it:
185 | 
186 | ```swift
187 | @IBAction func confirmTouchUpInside(sender: AnyObject) {
188 |     self.delegate?.confirmViewControllerSucceeded(self)
189 | }
190 | ```
191 | 
192 | Your `RootViewController` will need to implement the protocol:
193 | 
194 | ```swift
195 | class RootViewController: UIViewController, ConfirmViewControllerDelegate {
196 |     
197 |     var state = 1
198 |     
199 |     // ... more code here
200 |     
201 |     func confirmViewControllerSucceeded(viewController: ConfirmViewController) {
202 |       print("Success");
203 |       state = 2
204 |       showViewControllerForState()
205 |     }
206 | }
207 | ```
208 | 
209 | ## Carthage
210 | 
211 | Carthage manages dependencies.
212 | 
213 | ```bash
214 | brew install carthage
215 | ```
216 | 
217 | Create a `Cartfile` in that folder that contains your "*.xcodeproj" that looks like:
218 | 
219 | ```
220 | github "Alamofire/Alamofire" == 2.0
221 | ```
222 | 
223 | Install:
224 | 
225 | ```bash
226 | carthage update --platform iOS
227 | ```
228 | 
229 | Once you've built the dependencies you'll want to add them into your application's **Embedded Binaries** by dragging them into the correct location:
230 | 
231 | ![XCode](https://rpl.cat/uploads/JkjAx6M6oqLmqQLlkPAKXo4t7wOW3bWCQHUxu8qme2Q/public.png)
232 | 
233 | ![Copy items](https://rpl.cat/uploads/9zlNE9I0nF5qWaK_L-HBrYAHO4E5ZL7X5S8gmFauXRo/public.png)
234 | 
235 | 
236 | > See also https://www.raywenderlich.com/109330/carthage-tutorial-getting-started
237 | 
238 | ## Reachability
239 | 
240 | In the AppDelegate:
241 | 
242 | ```swift
243 |  // MARK: Reachability
244 | 
245 |     private func initializeReachability() {
246 |         do {
247 |             reachability = try Reachability.reachabilityForInternetConnection()
248 |         } catch {
249 |             print("Unable to create Reachability")
250 |             return
251 |         }
252 | 
253 |         reachability?.whenReachable = whenReachable
254 |         reachability?.whenUnreachable = whenUnreachable
255 | 
256 |         do {
257 |             try reachability?.startNotifier()
258 |         } catch {
259 |             print("Unable to start notifier")
260 |         }
261 |     }
262 | 
263 |     private func whenReachable(reachability: Reachability) {
264 |         dispatch_async(dispatch_get_main_queue()) {
265 |             RootViewController.sharedInstance.showLoginOrAppAsNeeded()
266 |         }
267 |     }
268 | 
269 |     private func whenUnreachable(reachability: Reachability) {
270 |         dispatch_async(dispatch_get_main_queue()) {
271 |             RootViewController.sharedInstance.showNetworkUnavailable()
272 |         }
273 |     }
274 | ```    
275 | 
276 | ## Registering for notifications
277 | 
278 | In the AppDelegate:
279 | 
280 | ```swift
281 |     // MARK: Register notifications
282 | 
283 |     static func registerNotifications() {
284 |         registerUINotifications()
285 |         registerAllRemoteNotifications()
286 |     }
287 | 
288 |     private static func registerUINotifications () {
289 |         let types: UIUserNotificationType = [.Badge, .Alert, .Sound]
290 |         let settings = UIUserNotificationSettings(forTypes: types, categories: nil)
291 |         UIApplication.sharedApplication().registerUserNotificationSettings(settings)
292 |     }
293 | 
294 |     private static func registerAllRemoteNotifications () {
295 |         UIApplication.sharedApplication().registerForRemoteNotifications()
296 |     }
297 | ```
298 | 
299 | ## Managing child view controllers
300 | 
301 | ```
302 | func showViewController(newVC: UIViewController, animated: Bool) {        
303 |         let newView = newVC.view
304 |         addChildViewController(newVC)
305 |         view.addSubview(newVC.view)
306 |         // Set the frame of the new view, this is using Snapkit
307 |         newView.snp_remakeConstraints { $0.edges.equalToSuperview() }
308 |         newVC.didMoveToParentViewController(self)
309 | 
310 |     }
311 | ```    
312 | 


--------------------------------------------------------------------------------
/swift/Swift - Router.md:
--------------------------------------------------------------------------------
  1 | # Swift - Router
  2 | 
  3 | 
  4 | ## Router
  5 | 
  6 | A simple router:
  7 | 
  8 | ```swift
  9 | //
 10 | //  Router.swift
 11 | //  TextMeWhen
 12 | //
 13 | //  Created by Jeffrey Rafter on 8/10/16.
 14 | //  Copyright © 2016 TextMeWhen. All rights reserved.
 15 | //
 16 | 
 17 | import Foundation
 18 | import Alamofire
 19 | 
 20 | typealias JSON = [String:AnyObject]
 21 | 
 22 | enum ResultType<T> {
 23 |     case Success(T)
 24 |     case Error(String?)
 25 | }
 26 | 
 27 | enum Router: URLRequestConvertible {
 28 | 
 29 |     case SendPhoneConfirmation(phoneNumber: String)
 30 | 
 31 |     private static let host: String = "http://localhost:9292"
 32 |     
 33 |     private var method: Alamofire.Method {
 34 |         switch self {
 35 |         case .SendPhoneConfirmation:
 36 |             return .POST
 37 |         }
 38 |     }
 39 |     
 40 |     private var path: String {
 41 |         switch self {
 42 |         case .SendPhoneConfirmation:
 43 |             return "/v1/confirm"
 44 |         }
 45 |     }
 46 |     
 47 |     var URLRequest: NSMutableURLRequest {
 48 |         let url = NSURL(string: "\(Router.host)")!
 49 |         let mutableURLRequest = NSMutableURLRequest(URL: url.URLByAppendingPathComponent(path))
 50 |         mutableURLRequest.HTTPMethod = method.rawValue
 51 |         
 52 |         switch self {
 53 |         case .SendPhoneConfirmation(let phoneNumber):
 54 |             let parameters = [ "phone_number" : phoneNumber ]
 55 |             return Alamofire.ParameterEncoding.JSON.encode(mutableURLRequest, parameters: parameters).0
 56 |         }
 57 |     }
 58 | }
 59 | ```
 60 | 
 61 | 
 62 | 
 63 |  A more complex, namespaced version:
 64 |  
 65 | ```swift
 66 | //
 67 | //  Router.swift
 68 | //  TextMeWhen
 69 | //
 70 | //  Created by Jeffrey Rafter on 8/10/16.
 71 | //  Copyright © 2016 TextMeWhen. All rights reserved.
 72 | //
 73 | 
 74 | import Foundation
 75 | import Alamofire
 76 | 
 77 | typealias JSON = [String:AnyObject]
 78 | 
 79 | enum ResultType<T> {
 80 |     case Success(T)
 81 |     case Error(String?)
 82 | }
 83 | 
 84 | struct Router {}
 85 | 
 86 | extension Router {
 87 |     enum Routes: URLRequestConvertible {
 88 |         case SendPhoneConfirmation(phoneNumber: String)
 89 |     }
 90 | }
 91 | 
 92 | extension Router.Routes {
 93 | 
 94 |     private static let host: String = "http://localhost:9292"
 95 |     
 96 |     private var method: Alamofire.Method {
 97 |         switch self {
 98 |         case .SendPhoneConfirmation:
 99 |             return .POST
100 |         }
101 |     }
102 |     
103 |     private var path: String {
104 |         switch self {
105 |         case .SendPhoneConfirmation:
106 |             return "/v1/confirm"
107 |         }
108 |     }
109 |     
110 |     var URLRequest: NSMutableURLRequest {
111 |         let url = NSURL(string: "\(Router.Routes.host)")!
112 |         let mutableURLRequest = NSMutableURLRequest(URL: url.URLByAppendingPathComponent(path))
113 |         mutableURLRequest.HTTPMethod = method.rawValue
114 |         
115 |         switch self {
116 |         case .SendPhoneConfirmation(let phoneNumber):
117 |             let parameters = [ "phone_number" : phoneNumber ]
118 |             return Alamofire.ParameterEncoding.JSON.encode(mutableURLRequest, parameters: parameters).0
119 |         }
120 |     }
121 | }
122 | 
123 | ```
124 | 
125 | ## Auth
126 | 
127 | Create a new Swift file `Clients/Auth/Auth.swift`
128 | 
129 | ```swift
130 | import Foundation
131 | import Alamofire
132 | import Intercom
133 | 
134 | typealias AccessToken = String
135 | 
136 | enum UserDefaultsKey {
137 |     static let token = "user.token"
138 | }
139 | 
140 | enum AuthType {
141 |     case email(String,  String)
142 |     case facebook
143 |     case google
144 | }
145 | 
146 | enum OAuthProvider: String {
147 |     case facebook
148 |     case google
149 | }
150 | 
151 | // Auth is a wrapper around the networking layer trying to normalize the API
152 | // for different login options. All calls to login will result in either an 
153 | // error or an access token. The **only** state associated with Auth is
154 | // a Teespring access token stored in NSUserDefaults when login is successful.
155 | // This token is removed on logout
156 | struct Auth {
157 |     
158 |     static var token: String? {
159 |         get { return NSUserDefaults.standardUserDefaults().valueForKey(UserDefaultsKey.token) as? String }
160 |         set { NSUserDefaults.standardUserDefaults().setValue(newValue, forKey: UserDefaultsKey.token) }
161 |     }
162 |     
163 |     static func login(type: AuthType, completion: (ResultType<AccessToken>) -> Void) {
164 |         switch type {
165 |         case .email(let email, let password):
166 |             Analytics.trackEvent("email.login.initiated")
167 |             Auth.Email.login(email, password: password, completion: completion)
168 |         case .facebook:
169 |             Analytics.trackEvent("facebook.login.initiated")
170 |             Auth.Facebook.login(completion)
171 |         case.google:
172 |             Analytics.trackEvent("google.login.initiated")
173 |             Auth.Google.login(completion)
174 |         }
175 |     }
176 |     
177 |     static func logout() {
178 |         Auth.token = nil
179 |     }
180 |     
181 |     static func fetchAuthedUser(completion: ResultType<(User)> -> Void) {
182 |         Alamofire.request(Teespring.Router.GetMe).validate().responseJSON { response in
183 |             
184 |             guard let result = response.result.value as? JSON else {
185 |                 return
186 |             }
187 |             
188 |             guard response.result.isSuccess && result["error"] as? String == nil else {
189 |                 let errorMessage = (result["error"] as? String) ?? "Server error"
190 |                 completion(.Error(errorMessage))
191 |                 return
192 |             }
193 |             
194 |             guard let users = result["users"] as? [[String : AnyObject]],
195 |                 id = users.first?["id"] as? Int,
196 |                 email = users.first?["email"] as? String else {
197 |                     completion(.Error("Server error"))
198 |                     return
199 |             }
200 |             
201 |             User.currentUser.email = email
202 |             User.currentUser.id = id
203 | 
204 |             completion(.Success(User.currentUser))
205 |         }
206 |     }
207 |     
208 | }
209 | ```
210 | 
211 | ## That Phone extension
212 | 
213 | ```swift
214 | import Foundation
215 | import Alamofire
216 | 
217 | extension Auth {
218 |     struct Phone {
219 |         static func login(phoneNumber: String, completion: (ResultType<ConfirmationToken>) -> Void) {
220 |             Alamofire.request(Router.SendPhoneConfirmation(phoneNumber: phoneNumber)).validate().responseJSON { response in
221 |                 let result = Phone.handleResponse(response)
222 |                 
223 |                 switch result {
224 |                 case .Success(let token):
225 |                     Auth.token = token
226 |                     
227 |                     print("Phone login succeeded")
228 |                 case .Error(let message):
229 |                     print("Phone login failed: \(message)")
230 |                 }
231 |                 completion(result)
232 |             }
233 |         }
234 |         
235 |         static func handleResponse(response: Response<AnyObject, NSError>) -> ResultType<ConfirmationToken> {
236 |             guard let result = response.result.value as? JSON else {
237 |                 return .Error("Server error")
238 |             }
239 |         
240 |             guard response.result.isSuccess && result["error"] as? String == nil else {
241 |                 let errorMessage = (result["error"] as? String) ?? "Server error"
242 |                 return .Error(errorMessage)
243 |             }
244 |         
245 |             guard let token = result["token"] as? String else {
246 |                 return .Error("Invalid access token")
247 |             }
248 |         
249 |             return .Success(token)
250 |         }
251 |     }
252 | }
253 | ```
254 | 
255 | 
256 | ## Struct with func
257 | 
258 | ```swift
259 | import Foundation
260 | import Alamofire
261 | 
262 | extension Auth {
263 |     struct Email {
264 |         static func login(email: String, password: String, completion: (ResultType<AccessToken>) -> Void) {
265 |             Alamofire.request(Teespring.Router.GetAccessToken(email: email, password: password)).validate().responseJSON { response in
266 |                 let result = AuthResponse.parseTokenResponse(response)
267 |                 switch result {
268 |                 case .Success:
269 |                     Analytics.trackEvent("email.login.succeeded")
270 |                 case .Error:
271 |                     Analytics.trackEvent("email.login.failed")
272 |                 }
273 |                 completion(result)
274 |             }
275 |         }
276 |     }
277 | }
278 | ```
279 | 
280 | ## Caling it
281 | 
282 | Call the method:
283 | 
284 | ```swift
285 | @IBAction func loginWithEmail(sender: TSButton) {
286 |     guard let email = emailField.text, password = passwordField.text else { return }
287 |     showActivityIndicator()
288 |     Auth.login(.email(email, password), completion: handleLogin)
289 | }
290 | ```
291 | 
292 | Handle the result using a generic `ResultType` functionally:
293 | 
294 | ```swift
295 |     private func handleLogin(loginResult: ResultType<AccessToken>) {
296 |         hideActivityIndicator()
297 |         switch loginResult {
298 |         case .Success:
299 |             self.view.endEditing(true)
300 |             self.delegate?.loginViewControllerUserLoginSucceeded(self)
301 |         case .Error(let message):
302 |             guard let message = message else { return }
303 |             
304 |             let action = UIAlertAction(title: "Dismiss", style: .Default, handler: nil)
305 |             let alert = UIAlertController(title: message, message: nil, preferredStyle: .Alert)
306 |             alert.addAction(action)
307 |             
308 |             self.presentViewController(alert, animated: true, completion: nil)
309 |         }
310 |     }
311 | ```
312 | 
313 | ## App transport security exception
314 | 
315 | In Info.plist
316 | 
317 | ![Add the XML](https://rpl.cat/uploads/5oofhd2ZPPW2CP7yHCZHJk_eqI4uadp0TNzJOwhFG2Y/public.png)
318 | 
319 | 
320 | ```xml
321 | <key>NSAppTransportSecurity</key>
322 | <dict>
323 |    <key>NSExceptionDomains</key>
324 |    <dict>
325 |        <key>localhost</key>
326 |        <dict>
327 |         <key>NSTemporaryExceptionAllowsInsecureHTTPSLoads</key>
328 |            <false/>           
329 |            <key>NSIncludesSubdomains</key>
330 |            <true/>
331 |            <key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>
332 |            <true/>
333 |            <key>NSTemporaryExceptionMinimumTLSVersion</key>
334 |            <string>1.0</string>
335 |            <key>NSTemporaryExceptionRequiresForwardSecrecy</key>
336 |            <false/>
337 |        </dict>
338 |    </dict>
339 | </dict>
340 | ```
341 | 


--------------------------------------------------------------------------------
/setting_up_a_new_dev_machine.md:
--------------------------------------------------------------------------------
  1 | # Setting up a new dev machine
  2 | 
  3 | * Rename your computer
  4 | * Turn on Firewall
  5 | * Turn on FileVault
  6 | * Install 1Password
  7 | * Install XCode, accept the license agreement
  8 | * Install XCode command line tools
  9 | * Install XQuartz version of X11
 10 | * Install [Homebrew](http://brew.sh)
 11 | * Install [Macdown](https://macdown.uranusjr.com/)
 12 | * Install [Atom](https://atom.io/)
 13 | * Install [Gitx](https://github.com/rowanj/gitx/releases)
 14 | * Install [KeepingYouAwake](https://github.com/newmarcel/KeepingYouAwake)
 15 | * Install [ImageOptim](https://imageoptim.com)
 16 | * Get dotfiles
 17 | * Make color invert accessibility shortcuts work
 18 | * Remap capslock
 19 | * Install crashplan
 20 | * Turn off auto-correct (System Preferences | Keyboard | Text)
 21 | * Turn up key repeat
 22 | * Screen auto-off in 5 minutes
 23 | * Karabiner: (customize everything) https://pqrs.org/osx/karabiner/document.html.en
 24 | * XCode xvim https://github.com/XVimProject/XVim/blob/master/INSTALL_Xcode8.md
 25 | * Insomnia - https://insomnia.rest/download/#mac
 26 | 
 27 | ## 1Password?
 28 | 
 29 | When running 1Password for the first time you'll need to get it setup with another device. You can do this via iCloud but you must have iCloud Drive setup or you will receive an iCloud Error. 
 30 | 
 31 | Instead you can simply run a backup on your other device and transfer the backup to your new computer and start from there.
 32 | 
 33 | ## Mail
 34 | 
 35 | When you setup your Mail you'll want to create an [application specific password](https://security.google.com/settings/security/apppasswords).
 36 | 
 37 | ## Install XCode command line tools
 38 | 
 39 | Run this:
 40 | 
 41 |     xcode-select --install
 42 | 
 43 | Click "install" on the popup.
 44 | 
 45 | ## Install XQuartz version of X11
 46 | 
 47 | Find the latest release for your operating system: [https://xquartz.macosforge.org/trac/wiki/Releases](https://xquartz.macosforge.org/trac/wiki/Releases)
 48 | 
 49 | ## Install Homebrew
 50 | 
 51 | Homebrew is "The missing package manager for OSX". It allows you to quickly compile and install binaries.
 52 | 
 53 |     ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"
 54 | 
 55 | Once you have installed brew, 
 56 | 
 57 |     brew doctor
 58 |     
 59 | ## Install git bash completions
 60 | 
 61 |     brew install git bash-completion
 62 | 
 63 | ## Get Solarized
 64 | 
 65 | Make a link for Terminal:
 66 | 
 67 |     ln -s /Applications/Utilities/Terminal.app /Applications/Terminal.app
 68 | 
 69 | Solarized is an awesome color scheme you will like. There is a [terminal version](https://github.com/tamul/solarized-osx-terminal-colors):
 70 | 
 71 |     cd ~
 72 |     mkdir -p Examples
 73 |     cd Examples
 74 |     git clone https://github.com/tamul/solarized-osx-terminal-colors.git
 75 |     open solarized-osx-terminal-colors
 76 |     
 77 | Once the `Finder` window opens you should double click on the Terminal items in the `xterm-256color` color folder. Once you have opened these the themes are added to Terminal.app. Open the Preferences and choose the one you want and set it as default.
 78 | 
 79 | Once you have completed the install of the themes you can delete the created folder.
 80 | 
 81 | ## Setup an ssh key
 82 | 
 83 |     brew install openssl    
 84 |     
 85 | Follow [Github's Advice](https://help.github.com/articles/generating-ssh-keys). 
 86 | 
 87 |     ssh-keygen -t rsa -C "your_email@example.com"
 88 | 
 89 | Use 1Password to generate a password for the passphrase.
 90 | 
 91 |     eval `ssh-agent -s`
 92 |     ssh-add ~/.ssh/id_rsa
 93 |     
 94 | Add that password to your [Github account](https://github.com/settings/ssh):
 95 | 
 96 |     pbcopy < ~/.ssh/id_rsa.pub
 97 |     
 98 | Test the key:
 99 | 
100 |     ssh -T git@github.com
101 | 
102 | > Hi jeffrafter! You've successfully authenticated, but GitHub does not provide shell access.
103 | 
104 | ## Setup Ruby
105 | 
106 |     brew update
107 |     brew install rbenv ruby-build
108 |     
109 | Afterwards you'll still need to add `eval "$(rbenv init -)"` to your profile as stated in the caveats. You'll only ever have to do this once.
110 | 
111 |     rbenv install -l
112 |     rbenv install 2.1.5
113 |     rbenv rehash
114 |     
115 | When you install gems with binstubs you will need to rehash.
116 | 
117 | You can change your global ruby as well:
118 | 
119 |     rbenv global 2.1.5
120 | 
121 | ## Dotfiles
122 | 
123 | Setting up the your `~/.*` directory quickly makes your life better.
124 | 
125 |     curl -fsSL https://raw.github.com/jeffrafter/dotfiles/master/script/bootstrap | sh
126 |     
127 | Once you have done that you'll want to run the bootstrap:
128 | 
129 |     cd ~/.dotfiles
130 |     script/bootstrap
131 |     
132 | This is going to ask for sudo permission because some of the OSX config settings require sudo (which is generally a no-no). You can adjust the script if needed.   
133 |     
134 | Update the vim submodules:
135 | 
136 |     cd ~/.vim/bundle
137 |     git submodule init
138 |     git submodule update
139 |     
140 | You can use CtrlP to instead of command-t. It installs a bit manually:
141 | 
142 |     cd ~/.vim
143 |     git clone https://github.com/kien/ctrlp.vim.git bundle/ctrlp.vim    
144 |     
145 |     
146 | If you are using Command-T you might have trouble with the C extension of Command-T because of the ruby version used to compile it:
147 | 
148 |     cd ~/.vim/bundle/command-t/ruby/command-t
149 |     ruby extconf.rb
150 |     make    
151 |     
152 | ## Installing MacVim
153 | 
154 | You should install MacVim via Homebrew:
155 | 
156 |     brew install macvim
157 | 
158 | Replace the icons:
159 | 
160 |      sudo cp ~/.dotfiles/resources/MacVim.icns /Applications/MacVim.app/Contents/Resources/
161 |     
162 |      sudo cp ~/.dotfiles/resources/caffeine/*.png /Applications/Caffeine.app/Contents/Resources/
163 | 
164 | Something about a cooler icon [https://github.com/thilko/vim_config/blob/master/integrate_way_cooler_icon](https://github.com/thilko/vim_config/blob/master/integrate_way_cooler_icon):
165 |     
166 |     
167 |     MACVIM_TARGET=$(find /usr/local/Cellar -name MacVim.app 2> /dev/null | sort | tail -n 1)
168 |     MACVIM_PATH="$MACVIM_TARGET/Contents/Resources/"
169 |     cp ~/.dotfiles/resources/MacVim.icns $MACVIM_PATH
170 |     
171 | ## Make a shortcut for iOS similator
172 | 
173 | You know you want it:
174 |     
175 |     ln -s /Avpplications/Xcode.app/Contents/Applications/iPhone\ Simulator.app /Applications/iOS\ Simulator.app
176 | 
177 | ## Other things to brew
178 | 
179 |     brew install wget
180 |     brew install imagemagick
181 |     brew install ghostscript
182 |     brew install gh
183 | 
184 | ## Install Pow (optional)
185 | 
186 | Go to the website: [http://pow.cx/manual.html#section_1](http://pow.cx/manual.html#section_1)
187 | 
188 |     curl get.pow.cx | sh
189 |     
190 | Once you have that you'll need to symlink the current folder to pow.
191 | 
192 |     cd ~/.pow
193 |     ln -s ~/Projects/myapp
194 |     
195 | ## Install nginx (optional)
196 | 
197 | You can install `nginx` via `brew`:
198 | 
199 |     brew install nginx
200 |     
201 | Once you have `nginx` you can start it with `sudo nginx` or boot it at startup. Make sure your firewall is blocking incoming port 80 so that people outside of your computer cannot see your running application by typing in your local IP address.
202 | 
203 | You'll want to setup your Nginx config in `/usr/local/etc/nginx/nginx.conf`:
204 | 
205 |     worker_processes  1;
206 | 
207 |     error_log  /usr/local/var/log/nginx.error.log;
208 | 
209 |     events {
210 |         worker_connections  1024;
211 |     }
212 | 
213 |     http {
214 |         include       mime.types;
215 |         default_type  application/octet-stream;
216 |         sendfile        on;
217 |         keepalive_timeout  65;
218 |         access_log  /usr/local/var/log/nginx.access.log;
219 | 
220 |         upstream rails {
221 |           server 127.0.0.1:3000;
222 |         }
223 | 
224 |         upstream nodejs {
225 |           server 127.0.0.1:3700;
226 |         }
227 | 
228 |         # Any server configuration goes here
229 | 
230 |     }
231 | 
232 | For each project you will need to add a `server` declaration. For example, if you are just serving a static page, add the following:
233 | 
234 |         # Serving a static website
235 |         
236 |         server {
237 |           listen 80;
238 |           server_name static.dev;
239 |           root /Users/username/Projects/static;
240 |           try_files $uri/index.html $uri.html $uri;
241 |           index index.html;
242 |           location / {
243 |           }
244 |         }
245 | 
246 | If you are serving a Ruby on Rails website:
247 | 
248 |         # Serving a Ruby on Rails website
249 |         
250 |         server {
251 |           listen 80;
252 |           server_name rails.dev;
253 |           root /Users/username/Projects/rails_root;
254 | 
255 |           client_body_in_file_only clean;
256 |           client_body_buffer_size 32K;
257 |           client_max_body_size 100M;
258 |           sendfile on;
259 |           send_timeout 300s;
260 | 
261 |           index        index.html index.htm;
262 | 
263 |           try_files  $uri/index.html $uri.html $uri @rails;
264 | 
265 |           location @rails {
266 |             proxy_set_header  X-Real-IP        $remote_addr;
267 |             proxy_set_header  X-Forwarded-For  $proxy_add_x_forwarded_for;
268 |             proxy_set_header  Host             $http_host;
269 |             proxy_redirect    off;
270 |             proxy_pass        http://rails;
271 |           }
272 |           error_page   500 502 503 504  /50x.html;
273 |         }
274 | 
275 | If you are serving a Node.js website it is very similar to Rails:
276 | 
277 |         # Serving a Node.js website
278 |        
279 |         server {
280 |           listen 80;
281 |           server_name nodejs.dev;
282 |           root /dev/null;
283 |           location / {
284 |             proxy_set_header  X-Real-IP        $remote_addr;
285 |             proxy_set_header  X-Forwarded-For  $proxy_add_x_forwarded_for;
286 |             proxy_set_header  Host             $http_host;
287 |             proxy_set_header  Upgrade          $http_upgrade;
288 |             proxy_set_header  Connection       "upgrade";
289 |             proxy_redirect    off;
290 |             proxy_pass        http://nodejs;
291 |           }
292 |         }
293 | 
294 |     
295 | ## Install Postgres
296 | 
297 |     brew install postgresql
298 |     brew info postgresql
299 |     ln -sfv /usr/local/opt/postgresql/*.plist ~/Library/LaunchAgents
300 |     launchctl load ~/Library/LaunchAgents/homebrew.mxcl.postgresql.plist
301 |     
302 |     createdb `whoami`
303 |     psql
304 |     \q
305 |     
306 | ## Install redis
307 | 
308 |     brew install redis
309 |     ln -sfv /usr/local/opt/redis/*.plist ~/Library/LaunchAgents
310 |     launchctl load ~/Library/LaunchAgents/homebrew.mxcl.redis.plist
311 |         
312 | ## Make Safari show the full web address
313 | 
314 | You want to see the whole URL while you develop. But that is "advanced". Go to `Safari Preferences`, `Advanced`, and check `Show full website address`. [More info](http://osxdaily.com/2014/10/20/show-full-website-url-address-safari-mac-os-x/)
315 | 
316 | # Fix osx to make it secure
317 | 
318 | [https://fix-macosx.com](https://fix-macosx.com)
319 | 
320 | # Shortcuts
321 | 
322 | Open `System Preferences` go to `Keyboard` and click on `Shortcuts`. Once there, click on `App Shortcuts` and then you can click the plus icon to add a shortcut. 
323 | 
324 | ![New Tab](./images/setting-up-a-dev-machine/macvim-find.png)
325 | 
326 | ![Find...](./images/setting-up-a-dev-machine/macvim-new-tab.png)
327 | 


--------------------------------------------------------------------------------
/unformatted/dokku.md:
--------------------------------------------------------------------------------
  1 | # Dokku
  2 | 
  3 | [Dokku Docs](http://progrium.viewdocs.io/dokku/index)
  4 | 
  5 | ## On Digital Ocean
  6 | 
  7 | Create a new droplet on [Digital Ocean](https://www.digitalocean.com/?refcode=21447a91b37b) (10$ per month). You might opt for a larger plan but this will be enough to run Rails and Sidekiq. When you create the droplet you must give it a `hostname`. This can match your primary domain, or if this is a service for you main domain you can use a subdomain such as `admin.example.com`.
  8 | 
  9 | Generally I choose the following options:
 10 | 
 11 | * **Select Size**: 10$ per month
 12 | * **Select Region**: New York
 13 | * **Select Image** (Distribution): Ubuntu 16.04 x64
 14 | * **Select Image** (Applications): Dokku 0.4.2
 15 | * **Available Settings**: Backups
 16 | * **Add SSH Keys**: *Choose one of the SSH keys on your account*
 17 | 
 18 | > Note: Do not select the IPv6 as docker doesn't support it well.
 19 | 
 20 | Once you create the droplet (about 20 seconds) Digital Ocean immediately begins recording charges for your account. After the droplet has been created, the page will refresh and you can copy the IP address. You can use this address directly or you can setup DNS or just an an entry to your local `/etc/hosts`.
 21 | 
 22 | ### Complete the dokku install
 23 | 
 24 | Open the IP address in your browser.
 25 | 
 26 | Change the hostname to match the name of your droplet (i.e., `example.com` or `admin.example.com`). Then click `Finish Setup`.
 27 | 
 28 | ### First Five Minutes
 29 | 
 30 | By default the droplet is not very secure. There are numerous tutorials on how to setup an Ubuntu box in the first five minutes but I generally use a simple script. Login to the server from your local machine via SSH:
 31 | 
 32 |     ssh root@example.com
 33 | 
 34 | You'll be asked to trust the server; type `yes`. 
 35 | 
 36 | On the server:
 37 | 
 38 |     git clone git://github.com/jeffrafter/server.git
 39 |     cd server
 40 |     cp scripts/env.sh.example scripts/env.sh
 41 |     nano scripts/env.sh
 42 |    
 43 | Your settings should look like:
 44 | 
 45 |     ROOT_PASSWORD="SOME_PASSWORD"
 46 |     DEPLOY_PASSWORD="SOME_PASSWORD"
 47 |     ROOT_EMAIL="youremail@gmail.com"
 48 |     OPS_EMAIL="youremail@gmail.com"
 49 |     VIRTUAL_EMAIL="youremail@gmail.com"
 50 |     DOMAIN="$HOSTNAME"
 51 |     APPLICATION_NAME="$HOSTNAME"
 52 |     
 53 | Run the script:
 54 | 
 55 |     scripts/setup.sh
 56 |     
 57 | > Note: once you run this script your SSH will be reconfigured. You will no longer be able to SSH to the server as `root`, but instead must SSH using the `deploy` user. Additionally, the SSH signature of the server will be updated and will not match the `known_hosts` entry from your current login. When you next login (if you don't remove the `~/.ssh/known_hosts` entry) you will receive an error. 
 58 | 
 59 | Now that the server is secure you'll need to enable a couple of Dokku specific settings. First make the `dokku` user part of the `ssh-user` group:
 60 | 
 61 |     usermod -a -G ssh-user dokku
 62 |     
 63 | ### Create the app
 64 | 
 65 | 
 66 |     dokku apps:create yourappname
 67 | 
 68 | ### Plugins
 69 |   
 70 | Next you'll want to install any plugins you need (http://dokku.viewdocs.io/dokku/community/plugins/). You'll want to install these plugins on the server as root: This is my standard set:
 71 |   
 72 |     sudo dokku plugin:install https://github.com/dokku/dokku-postgres.git
 73 |     dokku postgres:create yourappname-database
 74 |     dokku postgres:link yourappname-database yourappname
 75 |     
 76 |     sudo dokku plugin:install https://github.com/dokku/dokku-redis.git redis
 77 |     dokku redis:create yourappname-redis
 78 |     dokku redis:link yourappname-database yourappname
 79 | 
 80 | > Note if you closed your previous SSH session you can reconnect as the `deploy` user and then switch the `root` user using `sudo` or prefix these commands with `sudo`.
 81 |     
 82 | ## Setting up your local machine SSH
 83 | 
 84 | There are some cases where you want to Request a TTY when you run `dokku` commands (this is generally the case, though it may interrupt some functionality like importing a database dump). To do this you need to modify your local `~/.ssh/config`. Add the following:
 85 | 
 86 |     Host yourserver.com
 87 |     RequestTTY yes
 88 | 
 89 | ## Making sure you have the dokku client
 90 | 
 91 | To install the bash client simply clone it into your home folder:
 92 | 
 93 |     git clone git://github.com/progrium/dokku.git ~/.dokku
 94 | 
 95 | In your `~/.bashrc` or `~/.bash_profile` you'll want the following alias:
 96 | 
 97 |     alias dokku='$HOME/.dokku/contrib/dokku_client.sh'
 98 |     
 99 | ## Deploying the application 
100 | 
101 | At this point you are ready to create your application. Within your project folder on your local machine you want to add a remote for `dokku`:
102 | 
103 |     git remote add dokku dokku@example.com:example.com
104 |     
105 | In this case the hostname (example.com) and the application name (example.com) are the same. Once added, push the application:
106 | 
107 |     git push dokku master
108 |     
109 | This should deploy the application, though you may need a couple more things before it is operational.        
110 | 
111 | ## Working with the database
112 | 
113 | From your local machine:
114 |   
115 |     dokku postgres:create example.com
116 |     
117 | And link it:
118 | 
119 |     dokku postgres:link example.com example.com
120 |     
121 | 
122 | Migrating your database is not automatic:
123 | 
124 |     dokku run bundle exec rake db:migrate  
125 | 
126 | To seed your database:
127 | 
128 |     dokku run bundle exec rake db:seed
129 |     
130 | ## Working with Redis    
131 |     
132 | From your local machine:
133 |     
134 |     dokku redis:create example.com
135 | 
136 | And link it:
137 | 
138 |     dokku redis:link example.com example.com
139 |     
140 | ## Domains
141 | 
142 | For some reason my app was deployed and there was no `VHOST` and therefore the default `nginx` configuration wasn't generated. To solve the problem, first ensure that the `NO_VHOST` setting is not set:
143 | 
144 |     dokku config
145 |     
146 | If it is set (`1`) then unset it:
147 | 
148 |     dokku config:unset NO_VHOST
149 | 
150 | Then add the domain:
151 | 
152 |     dokku domains:add example.com example.com
153 | 
154 | ## Config
155 | 
156 | I set my config up in one command from my local:
157 | 
158 |     dokku config:set `cat .env | grep -v RACK_ENV | grep -v PORT`
159 |     
160 | 
161 | 
162 | ================
163 | 
164 | 
165 | ### Firewalls, iptables and docker
166 | 
167 | > Note this did not seem to be needed as of 0.4.2?
168 | 
169 | Currently the state of the art is confusing. [This is the simplest tutorial](https://www.digitalocean.com/community/tutorials/the-docker-ecosystem-networking-and-communication). Docker has multiple networking modes but by default will allow everything to be open and accessible from the outside world.
170 | 
171 | Within docker networking there are generally four possible goals (with some overlap):
172 | 
173 | 1. Allow docker containers to speak to all other docker containers
174 | 2. Allow docker containers to speak to specific docker containers
175 | 3. Allow docker containers to speak to the outside world
176 | 4. Allow docker containers to listen to the outside world
177 | 
178 | Given that docker is generally running on a host (i.e., Ubuntu) it is possible that you also want to:
179 | 
180 | 1. Protect the host with a blanket DENY to prevent malicious connections
181 | 2. Set rules and bans when someone abuses connecting through to a container
182 | 
183 | Let's start with the basics. Imagine docker running on Ubuntu 14.04 with a `ufw` (Ubuntu's Uncomplicated Firewall) setup as follows:
184 | 
185 |     ufw default deny incoming
186 |     ufw allow 22
187 |     ufw allow 443
188 |     ufw allow 80
189 |     ufw enable
190 |     
191 | This will block all external incoming communications except SSH, HTTP and HTTPS. By default this applies to all interfaces including the `docker0` interface meaning that no inter-container communications will work. If you try to view your app in a browser you will probably see an `nginx` error:
192 | 
193 |     504 Gateway Timeout
194 | 
195 | The following rule allows you accept all inter-container communication coming in on the `docker0` interface and going back to the destination IP of your `docker0` inet (this address can change per host, to find yours `ifconfig docker0` and see the `inet addr`)
196 | 
197 |     # The answer:
198 |     ufw allow in on docker0 to 172.17.42.1
199 |     ufw reload
200 | 
201 | Without even running a `dokku ps:restart` your app should become available.
202 | 
203 | Apart from testing the website itself, it is useful to test one of the services. For example, if you are running redis, then by default, without the firewall enabled you should be able to telnet to your host on the mapped port (the port 6379 will not be published by default, it will be mapped, you can see the mapping by running `docker ps`)
204 | 
205 |      telnet yourhost.com 44444 # where 44444 is the mapped port
206 |      
207 | If it connects then Redis is exposed to the world. After enabling the firewall it should no longer be accessible. Once you add the `allow` rule for `docker0` you should verify that it is still protected (which it will be).     
208 | 
209 | #### Footnotes:
210 | 
211 | * [This answer](http://serverfault.com/questions/647822/security-implications-of-setting-ufw-default-forward-policy-to-accept) has a lot of really great insight into the problems.  
212 | * [Docker networking](https://docs.docker.com/articles/networking/)
213 | * [Connecting via docker links](https://docs.docker.com/userguide/dockerlinks/)
214 | * [Stop the firewall blocking](http://stackoverflow.com/questions/17394241/my-firewall-is-blocking-network-connections-from-the-docker-container-to-outside)
215 | 
216 | 
217 | 
218 | 
219 | 
220 | 
221 |     
222 | ## Seeing logs from rails
223 | 
224 | If you have centralized logging from your local machine you should be able to run:
225 | 
226 |     dokku logs -t
227 | 
228 | Otherwise:
229 | 
230 | 1. Make sure your `production.rb` has a log_level set to `debug`.
231 | 2. SSH to the machine
232 | 3. Run `docker ps`
233 | 4. Find the container id of the container that is running `web` and `docker attach <container_id>`
234 | 5. Watch the logs happen (these are the default logs as they pipe to STDOUT on the rails process)
235 | 6. To quit you need to type `^[` which on OSX is ALT+Enter.
236 |   
237 | 
238 | 
239 | 
240 | # Swap
241 | 
242 | If you are seeing this error:
243 | 
244 |     runtime: panic before malloc heap initialized
245 |     fatal error: runtime: cannot allocate heap metadata
246 | 
247 | You are running out of disk space. This is [fairly common](https://github.com/docker/docker/issues/1555) on smaller cloud instances, especially when deploying as the number of containers is doubled. To get around this you can add Swap for your memory, which will slow down your server, but keep it running.
248 | 
249 |     sudo dd if=/dev/zero of=/swapfile bs=1MB count=4096
250 |     sudo chmod 600 /swapfile
251 |     sudo mkswap /swapfile
252 |     sudo swapon /swapfile
253 |     
254 | Next you need to add this to `/etc/fstab`:
255 | 
256 |     /swapfile   none    swap    sw    0   0
257 |     
258 | You should tweak the swappiness lower and tweak the inode caching. In `/etc/sysctl.conf`:
259 | 
260 |     vm.swappiness=10
261 |     vm.vfs_cache_pressure=50
262 | 
263 | #### Footnotes
264 | 
265 | * [https://www.digitalocean.com/community/tutorials/how-to-add-swap-on-ubuntu-14-04](https://www.digitalocean.com/community/tutorials/how-to-add-swap-on-ubuntu-14-04)
266 | 
267 | ## SSL
268 | 
269 | Get your [SSL](../ssl.md) certificate.
270 | 
271 | Then:
272 | 
273 |     cp YOURSITE.com.key server.key
274 |     cp YOURSITE.com.crt server.crt
275 |     tar cf certs.tar server.key server.crt
276 |     
277 | Then from your dokku folder:    
278 | 
279 |     dokku nginx:import-ssl YOURAPP < certs.tar
280 |     
281 | Then you'll need to push your application to rebuild.
282 | 
283 | You'll also possibly want to disable VHOSTS
284 | 
285 |     dokku config:set "NO_VHOST=1"
286 | 
287 | 
288 | Test your ssl cert: https://www.ssllabs.com/ssltest/analyze.html?d=api.rpl.cat&latest
289 |   
290 | # TODO
291 |   
292 | ? Securing the droplet (see server security)
293 | ? SSL (there are dokku specific ways to do this, but also see Cloudflare)
294 | ? Surviving a docker process crash
295 | ? Surviving a reboot
296 | 
297 | ## Footnotes
298 | 
299 | * http://dev.housetrip.com/2014/07/06/deploy-rails-and-postgresql-app-to-dokku/
300 | * http://donpottinger.net/blog/2014/11/17/bye-bye-heroku-hello-dokku.html
301 | * http://donpottinger.net/blog/2014/11/22/bye-bye-heroku-hello-dokku-part-2.html
302 | * http://donpottinger.net/blog/2014/11/25/postgres-backups-with-dokku.html
303 | 
304 | ## Scratch
305 | 
306 | Some attempts at getting around the ufw problem:  
307 |       
308 |     # First try
309 |     ufw allow in on docker0 from 127.0.0.1
310 |     ufw allow out on docker0 to 127.0.0.1
311 |     ufw reload
312 | 
313 |     # Second try
314 |     ufw allow in on docker0 from 0.0.0.0
315 |     ufw allow out on docker0 to 0.0.0.0
316 |     ufw reload
317 |           
318 |     # Third try, the IP address for docker0: 172.17.42.1
319 |     ufw allow in on docker0 from 172.17.42.1
320 |     ufw allow out on docker0 to 172.17.42.1
321 |     ufw reload
322 | 
323 | ## Adding another SSH Key
324 | 
325 | Upload a public key to the server, then switch to root:
326 | 
327 |     # cat PUBKEYFILE.pub | sshcommand acl-add dokku
328 | 


--------------------------------------------------------------------------------
/unformatted/doorkeeper.md:
--------------------------------------------------------------------------------
  1 | Setting up an api with doorkeeper
  2 | =================================
  3 | 
  4 | Doorkeeper lets you to turn your Rails application into an OAuth2 provider. This allows you to serve API clients on an application by application basis. It also allows your mobile application to talk with your server in a standardized way.
  5 | 
  6 | If your application has no front-end and is only an API you may want to consider using [Rails-api](https://github.com/rails-api/rails-api).
  7 | 
  8 | ## Installing
  9 | 
 10 | In your Rails application add the following to your `Gemfile`:
 11 | 
 12 |     gem 'doorkeeper'
 13 |     
 14 | > Note: at the time of this writing you may want to point to the `master` branch as the newest versions of Doorkeeper have lots of changes.
 15 |     
 16 | Once you have added the gem, you'll need to run Bundler:
 17 | 
 18 |     bundle
 19 |     
 20 | Now that you have Doorkeeper you need to install the basics (this assumes you are using ActiveRecord to access your database):  
 21 | 
 22 |     bundle exec rails g doorkeeper:install
 23 |     bundle exec rails g doorkeeper:migration
 24 |     
 25 | Now run the migrations:    
 26 | 
 27 |     bundle exec rake db:migrate
 28 |     bundle exec rake RALS_ENV=test db:migrate
 29 |     
 30 | ## Configure
 31 | 
 32 | After installing Doorkeeper you'll want to adjust `config/initializers/doorkeeper.rb`.
 33 | 
 34 | Make sure that the ORM is set to `:active_record`:
 35 | 
 36 |     # Change the ORM that doorkeeper will use.
 37 |     # Currently supported options are :active_record, :mongoid2, :mongoid3, :mongo_mapper
 38 |     orm :active_record
 39 | 
 40 | For your own API clients (your mobile application for example) you'll want to support credential based logins (email and password). In Oauth2 this are specified in the "Resource Owner Password Credentials" flow
 41 |   - [http://tools.ietf.org/html/rfc6749#section-1.3.3](http://tools.ietf.org/html/rfc6749#section-1.3.3)
 42 | 
 43 |     # Support credential based logins
 44 |     resource_owner_from_credentials do |routes|
 45 |       email = "#{params[:username]}".downcase
 46 |       return if email.blank?
 47 |       user = User.where('email = ?', email).first
 48 |       user if user && user.authenticate(params[:password])
 49 |     end
 50 |     
 51 | If you are supporting a traditional web-based OAuth2 flow, access grants are based on the currently logged in user. This comes from your traditional session which may be provided by Warden, Devise or your own authentication (for example Authkit):
 52 | 
 53 |     # This block will be called to check whether the resource owner is authenticated or not.
 54 |     resource_owner_authenticator do
 55 |       return @current_user if defined?(@current_user)
 56 |       @current_user ||= User.where(id: session[:user_id]).first if session[:user_id]
 57 |       redirect_to(login_path) unless @current_user
 58 |     end
 59 | 
 60 | Or if you are using user sessions:
 61 | 
 62 |     # This block will be called to check whether the resource owner is authenticated or not.
 63 |     resource_owner_authenticator do
 64 |       return @current_user_session.user if defined?(@current_user_session)
 65 |       @current_user_session ||= UserSession.active.where(id: session[:user_session_id]).first if session[:user_session_id]
 66 |       redirect_to(login_path) unless @current_user_session
 67 |       @current_user_session && @current_user_session.usr
 68 |     end
 69 | 
 70 | This is required because Doorkeeper does not have access to your `current_user` method.
 71 | 
 72 | You need to enabled the `password` grant flow for your mobile application to work:
 73 | 
 74 |     grant_flows %w(password)
 75 | 
 76 | 
 77 | ## Base Controller
 78 | 
 79 | You probably don't want your API actions to behave in the same way your normal application does. Because of this, it is helpful to create a base `ApiController` to descend from. 
 80 | 
 81 | It is also helpful to version your API. There are lots of ways to do this effectively, but the simplest is to segregate your API versions by namespace. To do this create a new controller path:
 82 | 
 83 |     mkdir -p app/controllers/api/v1
 84 | 
 85 | Next create an `api_controller.rb`:
 86 | 
 87 |     # app/controller/api/v1/api_controller.rb
 88 |     module Api
 89 |       module V1
 90 |         class ApiController < ActionController::Base
 91 |           respond_to :json
 92 |           
 93 |           protected
 94 |           
 95 |           # Protected methods
 96 |           
 97 |         end
 98 |       end
 99 |     end
100 | 
101 | If you are using Rails-api you can descend instead from `ActionController::API`. 
102 | 
103 | >In controllers, any method that is not an action should be private or protected. Because we want descendent classes to be able to use the methods we should add the following in the `protected` area.
104 | 
105 | When using Doorkeeper it is helpful to define a `current_resource_owner` method which allows you treat the current OAuth user as you would a normal session user:
106 | 
107 |     def current_resource_owner
108 |       return @current_resource_owner if defined?(@current_resource_owner)
109 |       @current_resource_owner = User.find(doorkeeper_token.resource_owner_id) if doorkeeper_token
110 |     end
111 | 
112 | When API clients interact with our API they can include the application `uid` in a request header. Typically this is only used by known clients outside of the traditional OAuth workflow. We'll add a convenience method (which will simplify our specs):
113 | 
114 |     def application_id
115 |       request.headers["HTTP_X_APPLICATION_ID"]
116 |     end
117 | 
118 | In cases where we are specifying the application via a request header we want to be able to require it:
119 | 
120 |     def require_oauth_application
121 |       render(status: 403, nothing: true) unless oauth_application
122 |     end
123 | 
124 |     def oauth_application
125 |       return @oauth_application if defined?(@oauth_application)
126 |       @oauth_application = Doorkeeper::Application.find_by_uid(application_id)
127 |     end
128 | 
129 | Note that there is very little protection around this value and it can be easily spoofed.
130 | 
131 | ## Default application
132 | 
133 | When providing an API interface for your own mobile application you'll want to pre-approve the application for your own users. In fact, it is helpful to create a pre-approved application for each distinct mobile client (iOS and Android for example).
134 | 
135 | It is easiest to create the application in `rails console`:
136 | 
137 |     app = Doorkeeper::Application.where(
138 |       name: 'YOUR APP NAME iOS',
139 |       redirect_uri: 'https://api.example.com').first_or_create
140 | 
141 | Once created, you'll want to copy the `uid` and `secret` which were autogenerated:
142 |   
143 |     puts app.uid
144 |     puts app.secret
145 |         
146 | You'll want to store these values securely in your settings (and make them available in your environment or via `Rails.application.secrets.*`. You could make a second set of credentials for your development and test environments for consistency. 
147 | 
148 | Next in your `db/seeds.rb` file, you'll want to create the application with those values (or do this manually if your database is already seeded).
149 | 
150 |     Doorkeeper::Application.where(
151 |       name: 'YOUR APP NAME iOS',
152 |       redirect_uri: 'https://api.example.com',
153 |       uid: ENV['DOORKEEPER_IOS_UID'],
154 |       secret: ENV['DOORKEEPER_IOS_SECRET']
155 |     ).first_or_create
156 | 
157 | ## Signing up via the API
158 | 
159 | In many cases there is no website for your visitors to see. Still, new users need to sign up and this can be provided via your API. In `app/controllers/api/v1/signup_controller.rb` add the following:
160 | 
161 |     module Api
162 |       module V1
163 |         class SignupController < ApiController
164 |           before_filter :require_oauth_application, only: [:create]
165 | 
166 |           # POST /api/v1/signup
167 |           def create
168 |             @signup = Signup.new(signup_params)
169 | 
170 |             if @signup.save
171 |               access_token = Doorkeeper::AccessToken.create(
172 |                 application_id: oauth_application.id,
173 |                 resource_owner_id: @signup.user.id,
174 |                 use_refresh_token: Doorkeeper.configuration.refresh_token_enabled?,
175 |                 expires_in: Doorkeeper.configuration.access_token_expires_in)
176 | 
177 |               render json: {
178 |                 access_token: access_token.token,
179 |                 refresh_token: access_token.refresh_token
180 |               }
181 |             else
182 |               render json: { errors: @signup.errors }
183 |             end
184 |           end
185 | 
186 |           protected
187 | 
188 |           def signup_params
189 |             params.require(:signup).permit(
190 |               :email,
191 |               :password,
192 |               :first_name,
193 |               :last_name,
194 |               :phone_number,
195 |               :time_zone)
196 |           end
197 |         end
198 |       end
199 |     end
200 | 
201 | This assumes you have a Signup form (or model) which simplifies the controller. When the server receives a signup POST it creates a new user and immediately grants an access token. The access token is locked to the application that was specified in the request header.
202 | 
203 | Warning: The request header can be easily spoofed (in many cases it can be easily intercepted or extracted from your mobile binary via decompilation). Because of this, there is no way to guarantee that the client making the signup request is your application. A spoofed request will still return a valid access token. This may mean users can access your API via alternate clients. While this may be beneficial in many cases, your API must be created with this expectation.
204 | 
205 | If you need more control over which clients can access your API you may need to require that all signup be completed on your website.
206 | 
207 | You'll need to add a route for your action:
208 | 
209 |     namespace :api do
210 |       namespace :v1 do
211 |         post "signup", to: "signup#create"
212 |       end
213 |     end
214 | 
215 | ## Protecting controllers and actions
216 | 
217 | Once you have Doorkeeper setup, protecting actions is easy:
218 | 
219 |     # app/controllers/api/v1/users_controller.rb
220 |     module Api
221 |       module V1
222 |         class UsersController < ApiController
223 |           before_action :doorkeeper_authorize!
224 | 
225 |           def me
226 |             respond_with current_resource_owner
227 |           end
228 |         end
229 |       end
230 |     end
231 | 
232 | Doorkeeper's `before_action` allows you to authorize oauth users based on access tokens and scopes. Once authorized, you can access the authenticated user using `current_resource_owner`. 
233 | 
234 | In this example we respond directly with the object which will convert it to JSON. You probably don't want to return the entire User object like this. Instead you would want to use 
235 | [Active Model Serializers](https://github.com/rails-api/active_model_serializers) or
236 | [Rabl](https://github.com/nesquena/rabl) or
237 | [JBuilder](https://github.com/rails/jbuilder).
238 | 
239 | You'll need to add a route for your action:
240 | 
241 |     namespace :api do
242 |       namespace :v1 do
243 |         get "me", to: "users#me"
244 |       end
245 |     end
246 | 
247 | 
248 | ## Specs
249 | 
250 | ## Using Curl
251 | 
252 | To simulate your API you need three basic actions:
253 | 
254 | * Signup
255 | * Login
256 | * Logout
257 | * Me
258 | 
259 | ### Signup
260 | 
261 | To signup you will need to include the OAuth application id and the signup params:
262 | 
263 |     curl -X POST 'http://localhost:3000/api/v1/signup' \
264 |       --header 'X-Application-Id: YOUR APPLICATION ID' \
265 |       -d 'signup[first_name]=Example' \
266 |       -d 'signup[last_name]=User' \
267 |       -d 'signup[email]=test@example.com' \
268 |       -d 'signup[password]=password' \
269 |       -d 'signup[password_confirmation]=password'
270 | 
271 | You should see something like:
272 | 
273 |     {"access_token":"3210b5a33fc6728e7531cffbeed1d4004898343fa655bd826efa1df57a088779","refresh_token":null}
274 | 
275 | If you run it again you should see an error:
276 | 
277 |     {"errors":{"email":["has already been taken"]}}
278 | 
279 | ### Login
280 |     
281 | If you are connecting from mobile application you'll need to be able to obtain a grant using your credentials:
282 | 
283 |     curl -X POST 'http://localhost:3000/oauth/token' \
284 |       --header 'X-Application-Id: YOUR APPLICATION ID' \
285 |       -d 'username=test@example.com' \
286 |       -d 'password=password' \
287 |       -d 'grant_type=password'
288 | 
289 | This will give you something like:
290 | 
291 |     {"access_token":"d922e31c20c7014fa4359f67131d2322d3f3eabb7e3999837de0829cc7364f28","token_type":"bearer","expires_in":7200}
292 | 
293 | If you want to issue non-expiring tokens change the following in `config/initializers/doorkeeper.rb`:
294 | 
295 |     # Access token expiration time (default 2 hours).
296 |     # If you want to disable expiration, set this to nil.
297 |     access_token_expires_in nil
298 | 
299 | ### Logout
300 | 
301 | In some cases, logging out simply means forgetting the token. However, you can also revoke the token which will invalidate it across any clients and for force them to relogin:
302 | 
303 |     curl -X POST 'http://localhost:3000/oauth/revoke' \
304 |       --header 'Authorization: Bearer YOUR ACCESS TOKEN'
305 |  
306 | 
307 | ## AFNetworking
308 | 
309 | 
310 | 
311 | 
312 | # REMEMBER
313 | 
314 | * You must rate limit token failures
315 | * You must filter tokens from parameter logging
316 | 
317 | 
318 | 
319 | 
320 | https://github.com/doorkeeper-gem/doorkeeper/blob/ac4da86032f0e949dfe98753c57b3de1858ca062/lib/doorkeeper/rails/helpers.rb
321 | 
322 | 
323 | 


--------------------------------------------------------------------------------
/uploading.md:
--------------------------------------------------------------------------------
  1 | # Uploading Files in Rails
  2 | 
  3 | When you upload files in Rails. The main things you want to consider are:
  4 | 
  5 | * Upload size and timeouts
  6 | * Reliability of storage
  7 | * Post processing
  8 | * Importing
  9 | * Progress in the browser
 10 | 
 11 | In Rails, the generally accepted ways that people upload files are using Paperclip or CarrierWave (historically, attachment_fu was popular). 
 12 | 
 13 | ### Upload size and timeouts
 14 | 
 15 | Uploading large files takes a long time. While the upload is being transferred a connection is kept open and this can lead to resource starvation. If all of your users suddenly upload a large file simultaneously will you run out of Nginx connections? If the files are large, will Nginx timeout before the upload is completed (see client_max_body_size)? 
 16 | 
 17 | Once the file is uploaded, it is handed to Rails where rails parses the params, including the uploaded file. This takes still longer. If you need to process the uploaded file before returning a response you can end up with a very long request/response. 
 18 | 
 19 | In general, when you are first launching your site you don't need to worry about this. Small images for avatars won't bog down the server and users don't upload them very often. If you are working with large media, high res photos, or you are expecting lots of uploads then you should look at offloading the process.
 20 | 
 21 | #### Offload processing to Nginx
 22 | 
 23 | First you can **move the upload processing and progress to Nginx**. These modules are not standard and must be compiled in. In the chef section later, you'll see we include these already, just in case. With these in place, Nginx will handle the upload and dump the result to a /tmp file. It will parse the paramters (in C, not Ruby) and pass the parsed parameters Rails. This alone can result in 10X performance on uploads.
 24 | 
 25 | To use this...
 26 | 
 27 | #### Direct upload to S3
 28 | 
 29 | The second option is to not upload files to your server at all. Instead you can upload directly to S3. Most people use s3_direct_upload for this, but I use uploadkit because it is simpler (though less flexible). The general principle allows you server to generate a secure upload URL to your S3 bucket. This upload URL is signed and expires. Once the upload is complete your server may need to process the result. There are two strategies here:
 30 | 
 31 | 1. Use AJAX to upload the file, on completion post back to the server
 32 | 2. Override the uploaded filename and poll S3 for completion
 33 | 
 34 | I generally opt for the first. The workflow is:
 35 | 
 36 | 1. User navigates to the upload page, server includes a form for direct upload to S3.
 37 | 2. User uploads the file (handled via AJAX, with progress events).
 38 | 3. Upload completes, in the success handler a POST is made to the server with the completed file key (or the whole URL).
 39 | 4. Server creates the record, returns an immediate response with the record in "importing" state and destination URL (the URL of the object when importing and processing is completed).
 40 | 5. Background job imports the uploaded file from S3, processes the styles, and changes the state of the record.
 41 | 6. Browser polls S3 for the completed file, shows importing/processing image until the file is complete.
 42 | 
 43 | 
 44 | Paperclip initializer
 45 | 
 46 | ```
 47 | Paperclip::Attachment.default_options.merge!(
 48 |   restricted_characters: nil,
 49 |   escape_url:            false,
 50 |   storage:               :s3,
 51 |   default_url:           ':s3_default_url',
 52 |   url:                   ':s3_domain_url',
 53 |   path:                  '/system/:class/:style/:hash/:filename',
 54 |   hash_data:             ':class/:attachment/:id/:style/:uploaded_at',
 55 |   hash_secret:           '60532e36ecd55729de0ffda1df42c82dbbd73b3ea7c622cbf45ef9f75ec1663bb53a36f4b8845e5f35abe552cfee9fd188ba07cb31f628aa1249355d5177d808',
 56 |   s3_permissions:        :private,
 57 |   s3_protocol:           'https',
 58 |   s3_credentials:        {
 59 |     bucket:            ENV['aws_bucket'],
 60 |     access_key_id:     ENV['aws_access_key_id'],
 61 |     secret_access_key: ENV['aws_secret_access_key']
 62 |   }
 63 | )
 64 | 
 65 | # When importing, the updated_at key changes when the remote_url is
 66 | # actually imported, which changes the hash. If you use the time that
 67 | # the remote_url is set instead (attachment_uploaded_at) then you can still
 68 | # have a unique key that changes as the content changes.
 69 | Paperclip.interpolates :uploaded_at do |attachment, style_name|
 70 |   return attachment.instance.attachment_uploaded_at.to_i.to_s
 71 | end
 72 | 
 73 | Paperclip.interpolates :s3_default_url do |attachment, style_name|
 74 |   style_name = "thumb"
 75 |   classname = plural_cache.underscore_and_pluralize(attachment.instance.class.to_s)
 76 |   missing_path = "/images/#{classname}/#{style_name}/missing.png"
 77 |   return missing_path if attachment.nil? || attachment.instance.blank? || attachment.instance.remote_url.blank?
 78 |   uri = URI.parse(attachment.instance.remote_url) rescue nil
 79 |   return missing_path unless uri
 80 |   original_filename = File.basename(URI.decode(uri.path))
 81 |   basename = original_filename.gsub(/#{Regexp.escape(File.extname(original_filename))}$/, "")
 82 |   extension = ((style = attachment.styles[style_name.to_s.to_sym]) && style[:format]) || File.extname(original_filename).gsub(/^\.+/, "")
 83 |   filename = [basename, extension].reject(&:blank?).join(".")
 84 |   hash = attachment.hash_key(style_name)
 85 |   path = "system/#{classname}/#{style_name}/#{hash}/#{filename}"
 86 |   if attachment.s3_permissions(style_name) == "public-read"
 87 |     UploadHelper.aws_bucket_url + "/" + path
 88 |   else
 89 |     # We still get an authenticated url for the path, it is just based on the destination rather than the current
 90 |     UploadHelper.aws_url_for(path)
 91 |   end
 92 | end
 93 | ```
 94 | 
 95 | Upload Helper:
 96 | 
 97 |     # Allow direct uploads to Amazon S3. Uploads are segmented by the
 98 |     # Everything is uploaded into an separate paths based on the current user
 99 |     # so that files are not overwritten when multiple people upload different
100 |     # files with the same name.
101 |     #
102 |     # In order to use this helper you must have the following environment
103 |     # variables set:
104 |     #
105 |     #   aws_access_key_id
106 |     #   aws_secret_access_key
107 |     #   aws_bucket
108 |     #
109 |     # Configure the AWS bucket with the following CORS policy
110 |     #
111 |     #   <CORSConfiguration>
112 |     #     <CORSRule>
113 |     #       <AllowedOrigin>http://0.0.0.0:3000</AllowedOrigin>
114 |     #       <AllowedOrigin><%= ENV['domain'] %></AllowedOrigin>
115 |     #       <AllowedMethod>GET</AllowedMethod>
116 |     #       <AllowedMethod>POST</AllowedMethod>
117 |     #       <AllowedMethod>PUT</AllowedMethod>
118 |     #       <MaxAgeSeconds>3600</MaxAgeSeconds>
119 |     #       <AllowedHeader>*</AllowedHeader>
120 |     #     </CORSRule>
121 |     #   </CORSConfiguration>
122 |     #
123 |     module UploadHelper
124 | 
125 |       # Use this as part of the XHR data params for the upload form
126 |       # Options include:
127 |       #
128 |       #   expires_at: defaults to 1 hour from now
129 |       #   max_file_size: defaults to 5GB (not currently used)
130 |       #   acl: defaults to authenticated-read
131 |       #   starts_with: defaults to "uploads/#{h(current_user.to_param)}/#{SecureRandom.hex}"
132 |       #
133 |       def aws_upload_params(options={})
134 |         expires_at = options[:expires_at] || 1.hours.from_now
135 |         max_file_size = options[:max_file_size] || 5.gigabyte
136 |         acl = options[:acl] || 'authenticated-read'
137 |         hash = "#{SecureRandom.hex}"
138 |         starts_with = options[:starts_with] || "uploads/#{hash}"
139 |         bucket = ENV['aws_bucket']
140 |         # This used to include , but it threw Server IO errors
141 |         policy = Base64.encode64(
142 |           "{'expiration': '#{expires_at.utc.strftime('%Y-%m-%dT%H:%M:%S.000Z')}',
143 |             'conditions': [
144 |               ['starts-with', '$key', '#{starts_with}'],
145 |               ['starts-with', '$hash', '#{hash}'],
146 |               ['starts-with', '$utf8', ''],
147 |               ['starts-with', '$x-requested-with', ''],
148 |               ['eq', '$success_action_status', '201'],
149 |               ['content-length-range', 0, #{max_file_size}],
150 |               {'bucket': '#{bucket}'},
151 |               {'acl': '#{acl}'},
152 |               {'success_action_status': '201'}
153 |             ]
154 |           }").gsub(/\n|\r/, '')
155 | 
156 |         signature = Base64.encode64(
157 |                       OpenSSL::HMAC.digest(
158 |                         OpenSSL::Digest::Digest.new('sha1'),
159 |                         ENV['aws_secret_access_key'], policy)).gsub("\n","")
160 | 
161 |         return {
162 |           "key" => "#{starts_with}/${filename}",
163 |           "hash" => "#{hash}",
164 |           "utf8" => "",
165 |           "x-requested-with" => "",
166 |           "AWSAccessKeyId" => "#{ENV['aws_access_key_id']}",
167 |           "acl" => "#{acl}",
168 |           "policy" => "#{policy}",
169 |           "signature" => "#{signature}",
170 |           "success_action_status" => "201"
171 |         }
172 |       end
173 | 
174 |       # Use aws_upload_tags when embedding the upload params in a form.
175 |       # For example:
176 |       #
177 |       #   <form action="<%= aws_upload_url %>" method="post" enctype="multipart/form-data" id="avatar_form">
178 |       #     <input type="file" name="file" id="avatar_attachment">
179 |       #     <%= aws_upload_tags %>
180 |       #   </form>
181 |       #
182 |       def aws_upload_tags
183 |         aws_upload_params.each do |name, value|
184 |           concat text_field_tag(name, value)
185 |         end
186 |         nil
187 |       end
188 | 
189 |       # The destination host for the upload always uses https even though it can be slower.
190 |       # Safe and sure wins the race
191 |       def aws_bucket_url
192 |         UploadHelper.aws_bucket_url
193 |       end
194 | 
195 |       def self.aws_bucket_url
196 |         "https://#{ENV['aws_bucket']}.#{ENV['aws_region'] || 's3'}.amazonaws.com"
197 |       end
198 | 
199 |       # Authenticated url for S3 objects with expiration. By default the URL will expire in
200 |       # 1 day. The path should not include the bucket name.
201 |       def aws_url_for(path, expires=nil)
202 |         UploadHelper.aws_url_for(path, expires)
203 |       end
204 | 
205 |       def self.aws_url_for(path, expires=nil)
206 |         path = "/#{path}" unless path =~ /\A\//
207 |         path = URI.encode(path)
208 |         expires ||= 1.day.from_now
209 |         string_to_sign = "GET\n\n\n#{expires.to_i}\n/#{ENV['aws_bucket']}#{path}"
210 |         signature = Base64.encode64(OpenSSL::HMAC.digest(OpenSSL::Digest::Digest.new('sha1'), ENV['aws_secret_access_key'], string_to_sign)).gsub("\n","")
211 |         query_string = URI.encode_www_form("AWSAccessKeyId" => ENV['aws_access_key_id'], "Signature" => signature, "Expires" => expires.to_i)
212 |         "#{aws_bucket_url}#{path}?#{query_string}"
213 |       end
214 |     end
215 | 
216 | Avatar model:
217 | 
218 |     class Avatar < ActiveRecord::Base
219 |       has_attached_file :attachment,
220 |         styles: {thumb: "200x200#"},
221 |         s3_permissions: 'public-read',
222 |         s3_headers: {"Cache-Control" => "max-age=#{1.year.to_i}", "Expires" => 1.year.from_now.httpdate}
223 | 
224 |       before_validation :prepare_import
225 |       validates :attachment, attachment_presence: true, unless: :attachment_importing?
226 |       after_save :async_import
227 | 
228 |       def as_json(options = {})
229 |         super({
230 |           methods: [:url]
231 |         }.merge(options))
232 |       end
233 | 
234 |       def url
235 |         # self.attachment.expiring_url(3600, :thumb)
236 |         self.attachment.url(:thumb)
237 |       end
238 | 
239 |       def import!
240 |         return false unless self.attachment_importing?
241 |         self.attachment_importing = false
242 |         if self.remote_url.present?
243 |           uri = URI.parse(self.remote_url)
244 |           self.attachment = uri
245 |           self.attachment_file_name = File.basename(URI.decode(uri.path))
246 |         end
247 |         self.save
248 |       end
249 | 
250 |       protected
251 | 
252 |       def prepare_import
253 |         return unless self.remote_url.present? && self.remote_url_changed?
254 |         self.attachment_importing = true
255 |       end
256 | 
257 |       def async_import
258 |         AvatarImportWorker.perform_async(self.id) if self.attachment_importing?
259 |       end
260 |     end
261 | 
262 |     # == Schema Information
263 |     #
264 |     # Table name: avatars
265 |     #
266 |     #  id                      :integer          not null, primary key
267 |     #  top                     :integer          default(0)
268 |     #  left                    :integer          default(0)
269 |     #  width                   :integer          default(0)
270 |     #  height                  :integer          default(0)
271 |     #  created_at              :datetime
272 |     #  updated_at              :datetime
273 |     #  attachment_file_name    :string(255)
274 |     #  attachment_content_type :string(255)
275 |     #  attachment_file_size    :integer
276 |     #  attachment_updated_at   :datetime
277 |     #  attachment_importing    :boolean          default(FALSE)
278 |     #  attachment_hash         :string(255)
279 |     #  remote_url              :text
280 | 
281 | 
282 | In the edit form:
283 | 
284 |     <!-- Upload form stubs -->
285 |     <div style="display:none">
286 |       <form action="<%= aws_bucket_url %>" method="post" enctype="multipart/form-data" id="avatar_form">
287 |         <input type="file" name="file" id="avatar_attachment">
288 |         <%= aws_upload_tags %>
289 |       </form>
290 |     </div>
291 |     
292 | Background worker:
293 | 
294 | ```
295 | class AvatarImportWorker
296 |   include Sidekiq::Worker
297 | 
298 |   sidekiq_options queue: "default"
299 |   sidekiq_options retry: false
300 | 
301 |   def perform(avatar_id)
302 |     avatar = Avatar.find(avatar_id)
303 |     avatar.import!
304 |   end
305 | end
306 | ```
307 | 
308 | In the upload controller:
309 | 
310 | ```
311 | class UploadController < ApplicationController
312 |   before_filter :aws_key_to_remote_url, only: [:avatar]
313 | 
314 |   ...
315 |   
316 |   def avatar
317 |     @avatar = current_user.build_avatar(avatar_params)
318 | 
319 |     # Each new upload needs to be unique in case the same file is uploaded twice with different content
320 |     @avatar.attachment_uploaded_at = Time.now
321 | 
322 |     if current_user.save
323 |       respond_to do |format|
324 |         format.json { render json: @avatar }
325 |       end
326 |     else
327 |       respond_to do |format|
328 |         format.json { render json: { status: 'error', errors: @avatar.errors }.to_json, status: 422 }
329 |       end
330 |     end
331 |   end
332 |   
333 |   ...
334 | 
335 |   protected
336 |   
337 |   def avatar_params
338 |     params.require(:avatar).permit(:attachment, :remote_url)
339 |   end
340 | 
341 |   def aws_key_to_remote_url
342 |     params[:avatar] ||= {}
343 |     key = params[:avatar][:key]
344 |     params[:avatar][:remote_url] ||= view_context.aws_url_for(key) if key.present?
345 |   end
346 |    
347 | ``` 
348 | 
349 | In the Javascript:
350 | 
351 | ```
352 | jQuery(function($) {
353 |   var avatarXhr;
354 |   var avatarTimeout;
355 |   var avatarImage;
356 | 
357 |   function postAvatar(key) {
358 |     if (avatarXhr) avatarXhr.abort();
359 |     if (avatarImage) delete(avatarImage);
360 |     if (avatarTimeout) {
361 |       clearTimeout(avatarTimeout);
362 |       avatarTimeout = null;
363 |     }
364 |     console.log("Posting: "+key);
365 |     avatarXhr = $.ajax({
366 |       type: 'post',
367 |       url: '/upload/avatar',
368 |       data:  {
369 |         avatar: {key: key},
370 |         authenticity_token: $("meta[name='csrf-token']").attr('content'),
371 |         utf8: "✓"
372 |       },
373 |       success: function(response) {
374 |         console.log(response);
375 |         var $img = $('img.avatar')
376 |         $img.each(function() {
377 |           loadImage($(this), decodeURI(response.url));
378 |         });
379 |       }
380 |     });
381 |   }
382 | 
383 |   function loadImage($img, url, retryCount) {
384 |     var missingUrl = '/images/avatars/original/missing.png';
385 |     var importingUrl = '/images/loading.gif';
386 |     if (!retryCount) {
387 |       $img.removeClass('missing');
388 |       $img.parent().addClass("importing");
389 |       retryCount = 0;
390 |     }
391 |     avatarImage = new Image();
392 |     avatarImage.src = url;
393 |     avatarImage.onload = function() {
394 |       if ($img) {
395 |         $img.attr("src", url);
396 |         $img.parent().removeClass('importing');
397 |       }
398 |     };
399 |     avatarImage.onerror = function() {
400 |       if (retryCount >= 10) {
401 |         $img.parent().removeClass('importing');
402 |         $img.attr("src", missingUrl);
403 |         console.log('There was a problem loading the image');
404 |         return false;
405 |       }
406 |       avatarTimeout = setTimeout(function() {
407 |         loadImage($img, url, ++retryCount);
408 |       }, 3000);
409 |     };
410 |   }
411 | 
412 |   $('.user-photo, .user-photo a').bind('click', function(e) {
413 |     e.preventDefault();
414 |     e.stopPropagation();
415 |     $('#avatar_attachment').trigger("click");
416 |     return false;
417 |   });
418 | 
419 |   $('#avatar_attachment').uploader({
420 |     start: function() {
421 |       var uploader = this;
422 |     },
423 |     progress: function(event) {
424 |       console.log("Progress!", event)
425 |     },
426 |     success: function(response) {
427 |       console.log(response);
428 |       var $response = $(response);
429 |       var key = $(response).find("Key").text();
430 |       postAvatar(key);
431 |     },
432 |     error: function(response) {
433 |       console.log("Error!", response);
434 |     }
435 |   });
436 | });
437 | 
438 | ```
439 | 
440 | ### Reliability of storage
441 | ### Post processing
442 | ### Importing
443 | ### Progress in the browser
444 | 
445 | ## Resources
446 | 
447 | * [Uploading multiple files with the Nginx Upload Module](http://blog.joshsoftware.com/2010/10/20/uploading-multiple-files-with-nginx-upload-module-and-upload-progress-bar/)
448 | * [Nginx Upload Module With Paerclip](http://matthewhutchinson.net/2010/1/6/nginx-upload-module-with-paperclip-on-rails/page/2)
449 | * [Direct to S3 Browser Uploads](http://www.spacevatican.org/2013/7/7/direct-to-s3-browser-uploads/)
450 | * http://blog.vrplumber.com/b/2013/06/07/nginx-upload-module/
451 | * 


--------------------------------------------------------------------------------
/asus_wl520gu.md:
--------------------------------------------------------------------------------
  1 | # Asus WL520GU
  2 | 
  3 | Much of this is based on the MightyOhm wifi radio project. 
  4 | 
  5 | ## Building OpenWRT
  6 | 
  7 | OpenWRT is a great platform for running Linux on the router. Unfortunately building OpenWRT is difficult on the Mac and on Windows. There are a number of solutions that make it possible, but the easiest solution is to just use a virtual machine. To do this we'll use [Vagrant](http://docs.vagrantup.com/v2/getting-started/) which allows us to control our virtual machine from the command line.
  8 | 
  9 | ### Getting setup
 10 | 
 11 | Install [Virtual Box](https://www.virtualbox.org). 
 12 | 
 13 | Install [Vagrant](http://docs.vagrantup.com/v2/installation/).
 14 | 
 15 | Create a new folder, I used `~/Projects/robots/openwrt` and go to that folder in Terminal. Once there you'll want to create a `Vagrantfile` to do this:
 16 | 
 17 |     vagrant init ubuntu/trusty64
 18 | 
 19 | Your `Vagrantfile` will have a lot of options, but the most basic is:
 20 | 
 21 |     # -*- mode: ruby -*-
 22 |     # vi: set ft=ruby :
 23 | 
 24 |     Vagrant.configure(2) do |config|
 25 |       config.vm.box = "ubuntu/trusty64"
 26 |       config.vm.network "forwarded_port", guest: 80, host: 8080
 27 |     end
 28 | 
 29 | Note that we are specifying Ubuntu as the operating system and we and forwarding a port. This will help later when connecting packages. With that we can launch the virtual machine and ssh to it:
 30 | 
 31 |     vagrant up
 32 |     vagrant ssh
 33 |     
 34 | Once you are in the vagrant shell you are on your Ubuntu machine. Switch to the home folder of your virtual shell (don't use the shared `/vagrant` folder as it is mounted case-insensitively):
 35 | 
 36 |     cd ~/
 37 |     
 38 | ### Getting the packages needed to build
 39 | 
 40 | In order to build OpenWRT you need some packages:
 41 | 
 42 |     sudo apt-get install gawk bison gcc
 43 | 
 44 | Or everything (?):
 45 | 
 46 |     sudo apt-get install subversion build-essential libncurses5-dev zlib1g-dev gawk bison gcc git ccache gettext libssl-dev xsltproc zip 
 47 |     
 48 |     
 49 | ### Changing the ownership of /usr/local
 50 | 
 51 | For some reason the local user doesn't own the folder `/usr/local`. There is probably a good reason for this, but you'll need to be able to add tools there in the build process. To simplify, I changed the ownership:
 52 | 
 53 |     sudo chown -R vagrant:vagrant /usr/local/    
 54 |     
 55 | ### Getting the source        
 56 | 
 57 | Most of the work I have done with OpenWRT uses the 8.09 version (Kamikaze). The 8.09.2 version can be downloaded here: [https://downloads.openwrt.org/kamikaze/8.09.2/](https://downloads.openwrt.org/kamikaze/8.09.2/). Technically OpenWRT has advanced and the version specified is obsolete (but it works without kernel errors on my target device so I like it).
 58 | 
 59 |     svn co svn://svn.openwrt.org/openwrt/tags/8.09.2 openwrt
 60 |     
 61 | Or:
 62 | 
 63 |     wget https://downloads.openwrt.org/kamikaze/8.09.2/kamikaze_8.09.2_source.tar.bz2
 64 |     bzip2 -dk kamikaze_8.09.2_source.tar.bz2
 65 |     tar -xvf kamikaze_8.09.2_source.tar
 66 |     mv 8.09.2 openwrt     
 67 | 
 68 | Now that you've go the source go to it:
 69 | 
 70 |     cd openwrt
 71 |     ./scripts/feeds update -a
 72 |     ./scripts/feeds install madplay mpc mpd
 73 |     make prereq
 74 |     make menuconfig
 75 | 
 76 | #### Menu config
 77 | 
 78 | * Target System (Broadcom BCM947xx/953xx [2.4])
 79 | * Target Profile (Generic, Broadcom WiFi (default))
 80 | * Select all packages by default
 81 | 	- Image configuration —>
 82 | 		- Base system 
 83 | 			- busybox (press enter to open hidden menu)
 84 | 				- Configuration
 85 | 					- Coreutils
 86 | 						- stty
 87 | 					- Networking Utilities
 88 | 						- Netcat server options (-l) 
 89 | 	- Kernel modules
 90 | 		- Sound support
 91 | 			- kmod-sound-core
 92 | 		- USB support
 93 | 			- kmod-usb-core
 94 | 			- kmod-usb-ohci
 95 | 			- kmod-usb-audio
 96 | 		- Sound
 97 | 			- mpd
 98 | 			- mpc
 99 | 			- madplay
100 | 
101 | 
102 | #### Patch bug
103 | 
104 | Unfortunately the version of the `patch` tool on ubuntu has changed just slightly and the version string that is printed now has the word _GNU_. The easiest way to fix the problem is to adjust the the configure script for Quilt (where the error shows up).
105 | 
106 | 	vim ./build_dir/host/quilt-0.47/configure.ac
107 | 
108 | Find the line:
109 | 
110 | 	patch_version=$2
111 | 	
112 | And change it to 
113 | 
114 | 	patch_version=$3	
115 | 	
116 | Save the file, then re-run the configure line:
117 | 
118 | 	cd ./build_dir/host/quilt-0.47
119 | 	./configure --with-patch=/usr/bin/patch
120 | 	
121 | 	
122 | ### Missing packages bug
123 | 
124 | One of the package repositories (luci) moved to git and is no longer available at the previous location. If you are going to be working on packages you'll need to update this in the `feeds.conf.default` file:
125 | 
126 |     nano feeds.conf.default
127 |     
128 | Replace the luci line ([https://dev.openwrt.org/changeset/40030](https://dev.openwrt.org/changeset/40030))    
129 | 
130 |     src-svn packages svn://svn.openwrt.org/openwrt/branches/packages_8.09 svn://svn.openwrt.org/openwrt/packages
131 |     src-svn xwrt http://x-wrt.googlecode.com/svn/tags/kamikaze_8.09.2/package
132 |     # src-svn luci http://svn.luci.subsignal.org/luci/tags/0.8.8/contrib/package
133 |     src-git luci http://git.openwrt.org/project/luci.git
134 | 	
135 | Once complete, update the packages:
136 | 
137 |      ./scripts/feeds update	          
138 | 	
139 | ### Make the OpenWRT binary
140 | 
141 | At this point your configuration should be ready:
142 | 
143 |     make world V=99
144 |     
145 | The `V=99` adds a serious amount of debugging information. The compile should run and complete with no errors. This process takes a long time (about 30 minutes), so call your mom and watch the logs messages scroll by.    
146 | 
147 | Once this is completed you should copy the build to the shared `/vagrant` folder on the virtual machine. This will make it accessible from your laptop without an SSH session:
148 | 
149 |     cp bin/openwrt-brcm-2.4-squashfs.trx /vagrant
150 | 	
151 | ## Flashing
152 | 
153 | Now that you have built a custom OpenWRT you need to _flash_ it to the ROM of the router. Then you'll need to configure the network and possibly setup the banner message (for fun).
154 | 
155 | ### Blind flashing
156 | 
157 | There are a couple of ways to flash the build onto the ROM. The easiest way is to flash it via the network cable. Unfortunately there is no way to see the output of this process unless you manually solder the header for the serial inside the unit. The alternative is to "Blind flash" the unit. You could end up making a mistake and bricking the router. But I haven't done that yet.
158 | 
159 | To accomplish a blind flash you'll need to be able to connect your computer directly to the router via a CAT-5 cable (not a crossover). Connect the cable from local machine (i.e., laptop) to LAN1 port on the router and open the network preferences for your LAN:
160 | 
161 | [https://rpl.cat/ZUEZX2pBV_aU8IfDO5mJtr5Fm_XlJIhm5MTsubrHxzw](https://rpl.cat/ZUEZX2pBV_aU8IfDO5mJtr5Fm_XlJIhm5MTsubrHxzw)
162 | 
163 | > Sometimes your wireless network (wireless) is on a .1 network and will interfere If so you can (a) change it (b) turn off wireless while you do stuff
164 | 
165 | Setup your LAN network: 
166 | 
167 | - Configure IPv4: *Manually* 
168 | - IP Address: *192.168.1.185*
169 | - Subnet Mask: *255.255.255.0* 
170 | - Router *192.168.1.1*
171 | 
172 | You are ready to flash the unit. You need to get the unit into restore mode:
173 | 
174 | 1. Power off router (unplug it)
175 | 2. Hold down Restore button on the back of the router
176 | 3. Power on router while still holding the button (plug it back in)
177 | 4. Power LED should start flashing once per second, release Restore button
178 | 
179 | At this point the router is in restore mode. You should be able to ping the router:
180 | 
181 |      ping 192.168.1.1
182 |      
183 | You should see valid ping responses:
184 | 
185 | 	PING 192.168.1.1 (192.168.1.1): 56 data bytes
186 | 	64 bytes from 192.168.1.1: icmp_seq=0 ttl=100 time=2.480 ms
187 | 	64 bytes from 192.168.1.1: icmp_seq=1 ttl=100 time=1.561 ms
188 | 	64 bytes from 192.168.1.1: icmp_seq=2 ttl=100 time=1.462 ms
189 | 	64 bytes from 192.168.1.1: icmp_seq=3 ttl=100 time=1.212 ms
190 |     
191 | Change to your project folder (where the `Vagrantfile` is located, not in your SSH session):
192 |      
193 |     cd ~/Projects/robots/openwrt/  
194 |     
195 | Next start a `tftp` session:
196 |     
197 |     tftp
198 |     > trace
199 |     > timeout 1
200 |     > mode binary
201 |     > connect 192.168.1.1
202 |     > put openwrt-brcm-2.4-squashfs.trx
203 | 
204 | You may see a lot of "Sending packet" kind of information then it will stop (for me this ended with `Sent 1904640 bytes in 5.6 seconds`).
205 | 
206 | <span style="color:red">*** Wait 10 minutes, don't touch anything ***</span>
207 | 
208 | *** During this point the router is reconfiguring the firmware you just uploaded ***
209 | After 10 minutes, reboot the router (unplug, wait a couple seconds, plug it back in)
210 | Ping the router (wait until it starts responding, boot takes about 10 seconds):
211 | 
212 |     ping 192.168.1.1 
213 | 
214 | Once it is responding you are ready to login:
215 | 
216 |     telnet 192.168.1.1	
217 |     
218 | You should see your router:/Users/njero/Desktop/Robots/robot/kamikaze/package/phidget21-servo-utils/Makefile
219 | 
220 |     Trying 192.168.1.1...
221 |     Connected to 192.168.1.1.
222 |     Escape character is '^]'.
223 |      === IMPORTANT ============================
224 |       Use 'passwd' to set your login password
225 |       this will disable telnet and enable SSH
226 |      ------------------------------------------
227 | 
228 | 
229 |     BusyBox v1.11.2 (2015-08-31 04:19:00 UTC) built-in shell (ash)
230 |     Enter 'help' for a list of built-in commands.
231 | 
232 |       _______                     ________        __
233 |      |       |.-----.-----.-----.|  |  |  |.----.|  |_
234 |      |   -   ||  _  |  -__|     ||  |  |  ||   _||   _|
235 |      |_______||   __|_____|__|__||________||__|  |____|
236 |               |__| W I R E L E S S   F R E E D O M
237 |      KAMIKAZE (8.09.2, r18961) -------------------------
238 |       * 10 oz Vodka       Shake well with ice and strain
239 |       * 10 oz Triple sec  mixture into 10 shot glasses.
240 |       * 10 oz lime juice  Salute!
241 |      ---------------------------------------------------
242 |     root@OpenWrt:/# exit
243 |     
244 | ### SSH
245 | 
246 | To connect to the router via SSH you'll need to set a root password:
247 | 
248 |     passwd    
249 |     	
250 | ## Networking
251 | 
252 | Once you've flashed OpenWRT onto your router, you'll want to configure the router to talk with your home network. Telnet to the router:
253 | 
254 |     telnet 192.168.1.1
255 |     
256 | ### Wireless
257 | 
258 | To setup the wireless edit `/etc/config/wireless`. By default the configuration is:
259 | 
260 |     config wifi-device  wl0
261 |       option type     broadcom
262 |       option channel  5
263 | 
264 |       # REMOVE THIS LINE TO ENABLE WIFI:
265 |       option disabled 1
266 | 
267 |     config wifi-iface
268 |       option device   wl0
269 |       option network  lan
270 |       option mode     ap
271 |       option ssid     OpenWrt
272 |       option encryption none
273 | 
274 | 
275 | The default configuration allows you to connect to the router as if it were your primary access point. However, in our configuration we want it to join our existing wireless netork. To do this change the configuration to the following:
276 | 
277 |     config wifi-device  wl0
278 |       option type       broadcom
279 |       option channel    6  # the channel your wireless network is on
280 | 
281 |     config wifi-iface
282 |       option device     wl0
283 |       option network    lan
284 |       option mode       sta 
285 |       option ssid       MyNetwork # the SSID of your network
286 |       option encryption psk  # the encryption mode of your network (or wep)
287 |       
288 |       ### If you are using WPA preshared key, specify that key or password
289 |       option key        XXXXXXXXXX 
290 | 
291 |       ### If you have a wep key with a password, you must prefix the password
292 |       ### with "s:" (no quotes). If you are using a wep hex key then you should
293 |       ### specify the key and then select it
294 |       # option key1="ABCDEF12345...""
295 |       # option key=1
296 |        
297 | 
298 | > To get your wifi channel on a Mac, Option+Click the wifi icon in the menu bar and choose "Open Wireless Diagnostics". Once opened, hit Cmd+2 to open a general info panel. The channel is there.
299 | 
300 | ### Network
301 | 
302 | We'll want to configure the network so that our device is serving as a bridge on the wireless network. To do this you have to update the lan configuration and the an configuration in `/etc/config/network`:
303 | 
304 | 
305 |     #### VLAN configuration
306 |     config switch eth0
307 |       option vlan0    "1 2 3 4 5*"
308 |       option vlan1    "0 5"
309 | 
310 | 
311 |     #### Loopback configuration
312 |     config interface loopback
313 |       option ifname   "lo"
314 |       option proto    static
315 |       option ipaddr   127.0.0.1
316 |       option netmask  255.0.0.0
317 | 
318 | 
319 |     #### LAN configuration
320 |     config interface lan
321 |       option type     bridge
322 |       option ifname   "eth0.0"
323 |       option proto    dhcp # or static
324 |       #### If you don't choose a dynamic ipaddr your wireless network may allow a static one
325 |       #### but make sure it is on your wireless subnet. Choosing a static address makes
326 |       #### connecting to your router simpler
327 |       # option ipaddr   192.168.0.199
328 |       # option netmask  255.255.255.0
329 | 
330 | 
331 |     #### WAN configuration
332 |     config interface wan
333 |       option type     bridge  
334 |       option ifname   "eth0.1"        
335 |       option proto    static                
336 |       option ipaddr   192.168.1.1 # Allow it to continue to operate as a gateway
337 |       option netmask  255.255.255.0    
338 | 
339 | ### DHCP
340 | 
341 | If you are using DHCP on WAN you will need to configure it in `/etc/config/dhcp` (notice that by default the WAN configuration is disabled):
342 | 
343 |     config dnsmasq
344 |       option domainneeded     1
345 |       option boguspriv        1
346 |       option filterwin2k      '0'  #enable for dial on demand
347 |       option localise_queries 1
348 |       option local            '/lan/'
349 |       option domain           'lan'
350 |       option expandhosts      1
351 |       option nonegcache       0
352 |       option authoritative    1
353 |       option readethers       1
354 |       option leasefile        '/tmp/dhcp.leases'
355 |       option resolvfile       '/tmp/resolv.conf.auto'
356 |       #list server            '/mycompany.local/1.2.3.4'
357 |       #option nonwildcard     0
358 |       #list interface         br-lan
359 | 
360 |     config dhcp lan
361 |       option interface        lan
362 |       option start            100
363 |       option limit            150
364 |       option leasetime        12h
365 | 
366 |     config dhcp wan
367 |       option interface        wan
368 |       option start            100        
369 |       option limit            150                
370 |       option leasetime        12h            
371 | 
372 | ### Firewall
373 | 
374 | By default the router is expecting to have the WAN port connected to the Internet so the firewall is settings are very restrictive. However because we will use the WAN port to directly connect to a laptop we'll want to remove some of the restrictions.
375 | 
376 | Open `/etc/config/firewall` and update the `wan` zone so that it is similar to the `lan` zone:
377 | 
378 |     #### Update the wan zone so it looks like the lan zone
379 |     config zone
380 |       option name     wan
381 |       option input    ACCEPT
382 |       option output   ACCEPT
383 |       option forward  REJECT
384 | 
385 | ### Applying changes
386 | 
387 | Once you have made the changes you can restart your network :
388 | 
389 |     /etc/init.d/network restart
390 | 
391 | This will disconnect you from your current session (and depending on the changes you make, you may need to reboot the router). Change the network cable to be plugged into the WAN port on the router and you can again telnet to `192.168.1.1`. You can also telnet through your wireless network by finding out which dhcp address it picked up (check your normal wireless router for clients), or by connecting to the manual address you specified (in our example `192.168.0.199`).
392 | 	
393 | ## Robotics and Phidgets package
394 | 
395 | First you need to install the package into the feeds for building packages:
396 | 
397 |     # In the main ssh session    
398 |     cd ~/
399 |     git clone git://github.com/jeffrafter/phidget-servo-driver
400 |     mkdir openwrt/package/phidget-servo
401 |     cp phidget-servo-driver/package/Makefile openwrt/package/phidget-servo-driver
402 |     cd openwrt
403 |     ./scripts/feeds install phidget-servo # not sure this is necessary
404 | 
405 | It will need to be accessible via http:
406 | 
407 |     # In another ssh session
408 |     cd ~/phidget-servo-driver
409 |     tar -cvf phidget-servo.tar ./src/*
410 |     sudo python -m SimpleHTTPServer 80
411 | 
412 | Then you need to select it
413 | 
414 |     # In the main ssh session    
415 |     make menuconfig
416 |     # Go to libraries, select it with M, exit, save
417 |     make package/phidget-servo/{clean,compile} V=99
418 | 
419 | When working on new things in the tar if you have already downloaded, you need to remove the cached download:
420 | 
421 |     rm /home/vagrant/openwrt/dl/phidget-servo.tar
422 | 
423 | At this point you have a compiled package (ipk). If you changed the `menuconfig` you'll need to recompile the primary binary:
424 | 
425 |     make world V=99
426 | 
427 | If you haven't changed the selected packages (just updated the package) you should be able to simply update the index:
428 | 
429 |     make package/index
430 | 
431 | You'll want to re-flash the binary to the router (see Flashing above). Finally, you'll need to make the new set of packages available to `opkg` so you'll need to copy them to where they can be seen from the router. 
432 | 
433 | ## Opkg
434 | 
435 | The package tool for OpenWRT is `opkg`. By default the configuration (in `/etc/opkg.conf`) points to the default OpenWRT packages:
436 | 
437 |     src/gz snapshots http://downloads.openwrt.org/kamikaze/8.09.2/brcm-2.4/packages
438 |     dest root /
439 |     dest ram /tmp
440 |     lists_dir ext /var/opkg-lists
441 |     option overlay_root /jffs
442 | 
443 | What we need to do is expose the packages from our Virtual Machine to the router. This takes a couple of steps. First we need to run the python web server in the virtual machine:
444 | 
445 |      # From within your ~/openwrt folder
446 |      sudo python -m SimpleHTTPServer 80
447 |      
448 | Once the server is running in the virtual machine, you should be able to connect to it via the port forward we setup in the `Vagrantfile`. From your local machine:
449 | 
450 |      wget http://127.0.0.1:8080/README
451 | 
452 | This should successfully get the `README`. With that accomplished you should be able to check your local IP address and connect directly to it from the router. On the router run:
453 | 
454 |     wget http://192.168.0.2:8080/README
455 |     
456 | If this fails (and you cannot ping your machine from the router) it is possibly being blocked by your local firewall. Temporarily turn off the firewall or add an exception for port 8080. 
457 | 
458 | Now that you are successfully connected, on the router, update the `/etc/opkg.conf` to point at your local machine and proxy:
459 | 
460 | 
461 |     src/gz snapshots http://192.168.0.2:8080/bin/packages/mipsel                          
462 |     dest root /
463 |     dest ram /tmp
464 |     lists_dir ext /var/opkg-lists                                   
465 |     option overlay_root /jffs
466 | 
467 | Now that the packages are connected, update them:
468 | 
469 |     opkg update
470 |     
471 | Then install the `phidget-servo` package:    
472 | 
473 |     opkg install kmod-usb-ohci
474 |     opkg install phidget-servo
475 |     
476 | Make sure the USB is disconnected and reboot the router. Once you have connected, without plugging in the USB, detect all of the devices and clear:
477 | 
478 |     dmesg -c
479 |     
480 | Now plug in the USB for the servo and run `dmesg` again:
481 | 
482 |     dmesg
483 |     
484 | You should see the information about the device
485 | 
486 |     hub.c: new USB device 00:03.0-1, assigned address 2
487 |     usb.c: USB device 2 (vend/prod 0x6c2/0x39) is not claimed by any active driver.           
488 |     
489 | You should now be able to control the servo:
490 | 
491 |     servo 10 # servo min pos: -23, max pos: 232
492 | 
493 | ## Resources 
494 | 
495 | [Setting up packages](https://forum.openwrt.org/viewtopic.php?id=16040)
496 | 
497 | [FCC versus OpenWRT](http://www.cnx-software.com/2015/07/27/new-fcc-rules-may-prevent-installing-openwrt-on-wifi-routers/)
498 | 
499 | [Building OpenWRT on Ubuntu and OSX](http://www.acme-dot.com/building-openwrt-14-07-barrier-breaker-on-ubuntu-and-os-x/)
500 | 
501 | [Magic potion](https://gist.github.com/jeffrafter/386741)
502 | 


--------------------------------------------------------------------------------