Dhara Thacker

Hi, I'm Dara, and I've been working as a Ruby on Rails developer for the past nine years. Currently, I'm working as a team lead in my current organization. Qualification-wise, the highest degree of qualification I hold is a master of computer applications. I passed out of my post-graduation in the year 2015.

With the rate limiting, there's a line we need to write in our middleware file where we mention the custom rate limit so that we cannot have anyone hit the same API multiple times in a short interval. So we can limit it to a certain number of requests in a certain duration. This is called custom rate limiting and it needs to be done in our config dot application, config slash application dot rb file as part of our middleware feature.

Multi tenancy, I had done very briefly during my early days, so I'm not quite sure about that right now. No, I'm not sure about this.

Whenever there's a 503 service unavailable error, firstly, we need to check our logs to see what's breaking the application. So there might be chances that our server storage is full or RAM is utilized up to 100%, or maybe DNS is not available. Like, for example, if we're using Cloudflare and Cloudflare is not reachable or something like that. So we need to figure out what's causing the error. We can see the Apache error logs to figure out where the issue is. And based on what kind of issue comes up, we need to solve accordingly.

I don't have much hands-on experience with React at the moment, but the APS that we develop in Rails would be restful only. And in React, we can use the same conventions to create the routes accordingly as we do in Rails. And, like, for example, if it's a user listing API, then in React front end also, we can create a module of users. And in that, we can create the index function. So that would work. And in that index function, we call the user index API of Rails back end, and we can work it like that.

Okay, so far for user authentication, I've been using device jam and JWT token to authenticate the request, and authenticate the user. How it integrates with AWS infrastructure? I would say that whenever there's a request for an API, the request would first go to our web server, which is Apache, for example. Whenever the request goes to that Apache server, it checks where it needs to redirect. And from there, it redirects the request to our app server, which is Rails. From there, Rails would identify which controller and action it needs to send it to. Whenever the method goes through, whenever the request goes to the controller, we first verify if it is an authenticated request or not. So there, we test and check if the authentication token of that user is present. If it is present but incorrect, then we send back an error. If it is correct and present, then we provide a required response to that request.

The before action filter, would be the first thing that would run and be executed whenever there's a request comes up to this controller, provided it is applicable to that action. For example, the required admin action is to be executed only when the request for new or create action is called. Similarly, the find user action would not be called if there's a requirement for index new or create action. Apart from that, for all other methods, all other actions, the find user would be called. The issue with this code is in the find user action, we are using user dot find params of ID. So whenever the ID is incorrect and user is not found, it would throw an exception when the user is not found. The ideal way would be to use find by so that even if the user is not found, we wouldn't have an exception that would be raised. Rather, it would give us a nil error. Like, it would return nil instead of raising an exception.

In this, if there's a service error that could come up, then the first rescue will be executed where it says service calling service error, and it would print the necessary message. And apart from that, if there's any other error or specific error that we need to handle, then it won't handle it would directly go to the other rescue. But over there also, we explicitly need to mention as an exception that needs to be caught, and only then it would be able to raise the error.

For a service object in rails, we can make use of the object-oriented principles. Like, having a service object itself would be one of the object-oriented principles as we are segregating the code. So segregating the code in a different section increases the code reusability. So that would be one of the benefits. Secondly, with the services, we can make use of proper inheritance as in when required, again, enhancing the reusability of code. Then, as we can have method overloading in this case as well. Like, we can have a method that would take up different parameters in different scenarios so we can have dynamic arguments as well. In that way, we can achieve function overloading as well as one of the features of encapsulation. So in this way, we can make use of object-oriented principles in the subject.

To safeguard the sensitive data, firstly, we can make sure that our API endpoint is also SSL enabled, first thing. Second thing, of course, authentication is there. Like, we need to authenticate each and every request. And, the authentication token should also have an expiry so that it expires after a certain time, so even if the token is accessible to hackers, it gets expired, and they cannot use it to send bulk requests. Then, in our queries, in the condition where we pass the parameters, those parameters should be only the permitted parameters, plus it should be sanitized. Like, we cannot simply write as user dot where ID is equal to and pass the ID straight away. We can use it as a hash parameter, like string interpolation, and then pass it in the where condition after the comma. That way, the hacker cannot modify our queries by bypassing the values directly to the query as a part of SQL injection. So, yeah, I think that's pretty much I can think of at the moment.

I'm not quite sure about animated transitions, but I think we can make use of JavaScript for this. Like, there are various JavaScript packages that might come up with this functionality that would enable us to do this. Or, otherwise, we can also use any other JavaScript feature. Yeah. I think using JavaScript jQuery packages would help us do this. Like, for example, if we have some drag and drop feature or something like that, then we do have a JavaScript package to do that. So I'm sure that there might be some packages that would allow us to do animated transitions also. So yeah.