Using Rails’ MessageVerifier for Stateless Token Management

This post originally appeared on BackerKit’s Blog. Many web applications have the need to send links to users that allow the user to perform an action without logging in. Examples include password reset and confirming an email address. These links need to embed some kind of identifying information so the server can discern which user is performing the action. If the action is sensitive, the link should also include some amount of obfuscation so the URLs cannot be guessed or generated by nefarious actors. Read On →

Getting Started with Event Sourcing in Postgres

This post originally appeared on BackerKit’s Blog. In a previous post we explored how our application tracks sent emails. We set things up to update or insert a record for each email with the current state (delivered, dropped, etc). In this post we’ll look at an alternative data model where we’ll store each event as its own record and then roll up the events to get the current state of a particular email. Read On →

Building and Deploying Ruby Docker Images with CircleCI and Heroku

This post originally appeared on BackerKit’s Blog. Heroku makes it dead simple to deploy and operate apps; Docker makes it even easier! Heroku has a Docker runtime in beta. This article will review how to setup a simple Ruby app to build and deploy as a Docker container on Heroku using CircleCI. The app we’ll be using We run a dashboard for internal use with a range of widgets that give us data about various events in the company and application. Read On →

Tracking and Analyzing Emails Using Webhooks

Our application is driven by calls to action delivered to project backers via email. We send ~2 million emails a month with 98%+ deliverability. Given the important role email plays in our business, we wanted to have better technical and behavioral insights into what was going on with our sent emails. We wanted to know more about our email at the project and backer level as well as what kind of impacts our emails have on conversion rates. Read On →

Building a Rack::Attack Dashboard

At BackerKit, we occasionally see high volumes of traffic from malicious clients. (Kickstarter has faced a similar problem.) These DDoS attacks result in degraded performance and frustrate our customers. Not cool! We implemented Kickstarter’s Rack::Attack and configured constraints on the number of requests allowed in a time period based on IP address on our troublesome endpoints. Yay, problem solved! Like most tools, Rack::Attack requires tuning; our initial stab at configuration led to customers being blocked. Read On →

Configuring a Static Website on AWS with Terraform

I recently migrated this blog (built using Hugo) from a manually configured setup with S3 and CloudFront to the same infrastructure managed via Terraform. While it’s relatively trivial to host a static site on AWS these days, migrating this simple application to be managed with Terraform was a great way to get started with HashiCorp’s infrastructure automation tools. This post will lay out the steps for deploying a static site on AWS via Terraform and some of the gotchas of migrating an existing site. Read On →

Refactoring Towards Repositories

I’ve been working on projects recently that make heavy use of the repository pattern. I frequently wonder if the added layer of abstraction is worth the indirection and I’ve found there is a large continuum between writing large queries in controllers and abstracting all the way to repositories. What is a repository anyway? Martin Fowler defines a repository as [a layer of abstraction that] mediates between the domain and the data mapping layers Data mappers are an additional layer of abstraction one can use to put room between the data store and the domain models. Read On →

Tuning AWS SQS Job Queues

On a project recently, we were debugging a slow user experience during file upload and after investigating, found that the culprit was mainly our queue configuration. We were using Amazon’s Simple Queue Service (SQS) for queueing and this post goes over our debugging process and the lessons learned for tuning SQS along with some more general take aways about background jobs and queue design. Our use case The user flow in question here is a contract signing flow where the user uploads a file to be prepared for signing. Read On →

Find and Replace in Vim Without Plugins

Find and replace across files is one of those features I frequently see Vim users reverting back to something like Sublime or another more GUI driven editor. This apparent weakness in Vim bothered me so I went in search of how to find and replace across multiple files or directories in a project without leaving Vim. It turns out there are built in building blocks we can use to build up this command. Read On →

Adding a Boolean Column to an Existing Table with Alembic and SQLAlchemy

Ever find yourself needing to add a new boolean column to an existing table? I do! Recently I’ve been using SQLAlchemy and Alembic to manage migrations and I frequently find myself looking up how to achieve this task. Below is a recipe for adding a boolean column to an existing table. We want to avoid the three state boolean problem so we’ll be making this column null: false. Since we’re adding this column to an existing table we have existing rows that will have empty values for this new column. Read On →