Brian Auton

Software developer and consultant in the Philadelphia area.

Rails and Web Components Part 1: Adding Polymer to a Rails App

My horizons were expanded a little bit by Dane O'Connor’s recent talk on web components and Polymer at Software As Craft Philadelphia. Not knowing much about web components, I didn’t realize there was such an elegant way to encapsulate the related JavaScript, CSS, and HTML for a single piece of a website’s behavior without having to manipulate global state. That’s a huge improvement to the state of the art for front-end development, and I immediately wondered how easy it would be to start including this stuff in some of my current Rails projects.

If you’re not already familiar with the basic idea of web components and how they work from a purely front-end perspective, take a look at the introduction on the Polymer site. Otherwise, read on to learn about the mostly painless process I used to get web components up and running in an existing Rails app.

Read More →

The Best Commit Messages Are Just One Line

If you want a simple way to make your commit messages more effective, try strictly limiting them to one line. Many developers and teams try to be helpful by packing extra detail into the body of each commit message whenever possible. But this detail takes extra time to write and to read, and it rarely adds any value. Here are some things I’ve often seen wasting space in the body of a multi-line commit message.

Read More →

Rails Token Authentication Without Devise

A popular solution for token-based authentication in Rails has been retired, and the most common replacements leave some security issues unaddressed. Here’s a solution with a clean and maintainable design.

Anyone working on a modern Rails application is probably familiar with Devise. It’s by far the most popular drop-in solution for handling authentication of the username and password variety. Anyone who also needs to offer token-based authentication (maybe in order to offer a REST API), might be accustomed to using Devise for this too, through its handy token_authenticatable feature.

Those developers might be dismayed, as I was, to find that token_authenticatable has been removed from recent versions of Devise. They might be further dismayed to find that the only solution that has any sort of consensus as a replacement seems dubious for a couple of different reasons.

Read More →