This Wikipedia-inspired Ruby-on-Rails project was part of my curriculum at Bloc.io. In this project I learned a lot about user authentication and authorization using Ruby Gems Devise and Pundit. In addition, I got to play some more with Stripe’s API. All of this will come in handy when developing my Yno Club Companion.
Admins, Subscribers, Users, Oh My!
A freemium wiki service is much more challenging than it looks. Building CRUD for the wikis themselves was pretty straight-forward. Protecting access to the right users was not. Most of my work as a Flash developer was free to the public. Even when projects had logins, my participation was minimal. In this project I had to provide access to multiple user levels, as well as protect the app from various kinds of session hacks.
Building a wiki is not easy. Building a secure app with multiple user roles is much harder.
Devise and Pundit to the Rescue
From the beginning, I was advised to load gems Devise and Pundit. While Pundit is a definite timesaver, Devise is truly magical. When you deep dive into how it works and view the code it produces, its a wonder that anyone rolls their own authentication code. This app has 3 user roles which have different access. In addition, it uses Stripe’s API to collect payment for premium features. For extra credit, I added markdown editing with the Redcarpet gem. The result is a pretty functional—and unhackable—wiki clone.
- Ruby v4
- Bootstrap v3
- Devise gem
- Pundit gem
- Redcarpet gem
- Stripe API
I learned during this project there are a lot of ways to hack a user session. I also gained confirmation on the importance of unit testing. When you add up all the different combinations of user/access combinations Rspec becomes an invaluable tool to keep them straight. Of all the projects I did at Bloc.io, this was one of the most valuable in regards to real world applications.