DEV Community: Abhinav Saxena

Elixir Plugs

Abhinav Saxena — Sat, 03 Dec 2022 06:33:21 +0000

Of late, I have been writing some Elixir code to build an API layer for Soopr, a SaaS tool I am working on. This system needed a simplistic authentication mechanism and I ended up writing a custom Plug for it. This post explains what are plugs and how you can write one yourself.

What is a Plug?

In Elixir world, Plug is a bit similar to Rack in Ruby. Official documentation describes Plug as:

A specification for composable modules between web applications
An abstraction layer for connection adapters for different web servers in the Erlang VM

Plugs can be chained together and they can be very powerful as well as can add simplicity and readability to your code.

If I were to describe Plug, plugs are a mechanism through which either you can transform your request/response or you can decide to filter requests that reach to your controller.

In Plug/Phoenix world, %Plug.Conn{} in the connection struct that contains both request & response paramters and is typically called conn.

Transformation

It essentially means modifying conn (technically, creating a copy of original conn) and adding more details to it. These plugs also need to return modified conn struct so that plugs can be chained together. Some examples of plugs are:

Plug.RequestId - generates a unique request id for each request
Plug.Head - converts HEAD requests to GET requests
Plug.Logger - logs requests

Filter

There are cases when you want to stop HTTP requests if they don’t meet your criteria. Example - they come from a blocked IP or more common example - don’t have required authentication details. In these cases you use such plugs. Plug.BasicAuth is one such plug, it provides Basic HTTP authentication.

How are plugs chained?

In Phoenix world, plugs are generally added to your endpoint.ex or router.ex modules.

defmodule MyAppWeb.Router do
  use MyAppWeb, :router
  import Plug.BasicAuth

  pipeline :api do
    plug :accepts, ["json"] 
    plug :basic_auth,
      username: System.fetch_env!("AUTH_USER"),
      password: System.fetch_env!("AUTH_KEY")
  end

  scope "/api/v1/", MyAppWeb do
    pipe_through :api
    get "/posts", PostController, :index
  end
end

In this example - our api pipeline would accept only json requests and require basic authentication. This api pipeline is then used to define a GET /api/v1/posts route.

How to build your own Plug?

There are two ways in which you can write your own Plug - Function or Module.

1. Function Plugs

Function plugs are generally used if your plug is simple enough and doesn’t have any costly initialisation requirement. To write a function plug, simply define a function which takes two inputs - conn and options.

Example:

def introspect(conn, _options) do
  IO.puts """
  Verb: #{inspect(conn.method)}
  Host: #{inspect(conn.host)}
  Headers: #{inspect(conn.req_headers)}
  """
  conn
end

2. Module Plugs

Module plugs are useful when you have a bit heavy initialisation process or you need auxilary functions to keep your code readable. For a Module Plug, you need you to define following two functions inside an elixir module:

init/1 where you can do the initialisation bit. It takes options as input, something that you can pass when using it in router or endpoint file.
call/2 which is nothing but a function plug and takes exactly the same two parameters - conn and options

defmodule MyAppWeb.BearerAuth do

  import Plug.Conn
  alias MyApp.Account

  def init(options) do
    options
  end

  def call(conn, _options) do
    case get_bearer_auth_token(conn) do
      nil ->
        conn |> unauthorized()
      :error ->
        conn |> unauthorized()
      auth_token ->
        account =
          Account.get_from_token(auth_token)
        if account do
          assign(conn, :current_account, account)
        else
          conn |> unauthorized()
        end
    end
  end

  defp get_bearer_auth_token(conn) do
    with ["Bearer " <> auth_token] <- get_req_header(conn, "authorization") do
      auth_token
    else
      _ -> :error
    end
  end

  defp unauthorized(conn) do
    conn
    |> resp(401, "Unauthorized")
    |> halt()
  end
end

This is taken from an actual plug which I wrote for Soopr (I have just changed the names). Though I didn’t have any heavy initialisation requirements, I decided to use module way of writing so that I can define a couple of private helper functions. In this example:

init/1 function takes options, however does nothing with it.
call/2 function takes conn and options as input
Private function get_brearer_auth_token/1 takes conn as input and tries finding auth_token.
From auth_token we try finding an account. If we find the account, we add in our conn so that it is accessible to downstream plugs and controller functions.
In case we don’t find auth_token or account we respond with 401 and halt the request, unauthorized/1 function takes care of that.

Interesting Use cases

Here are a few interesting problems which you can possibly solve using your own custom plugs.

Firewall - block traffic from barred IP addresses or clients.
Last Seen - in messenger apps, last seen is maintained separately, using a plug you can update users' last seen value.
Throttle - throttle requests depending upon limits set by you or pricing plans.
Circuit Breaker - in case your downstream backend systems are facing trouble, you can decide to prevent traffic from creating more trouble.

Scoop - a production-ready Sinatra boilerplate project

Abhinav Saxena — Mon, 22 Nov 2021 19:29:00 +0000

Bootstrap Sinatra projects using Corneal, Capistrano, Puma, and Nginx

Sinatra is a Ruby framework that helps you quickly create web applications, APIs and microservices. Its minimalism not only attracted a lot of developers, but it also inspired Flask in Python and Express in Node.js

If you are developing microservices or web APIs, Sinatra is a great choice. However, bootstraping a Sinatra project that is optimized for development speed as well as is easy to deploy has become non trivial because

Documentation is not easy to find (you mostly find Ruby on Rails specific tips)
You need to write code to set up and connect DB, manage migrations etc.
You need to create a right directory structure yourself and configure it accordingly
You also miss a boot file that you can use with console and with custom rake tasks/scripts
Setting up projects for deployment is tedious and error prone, with a lot of details to be filled in for Capistrano, Puma and Nginx.

Scoop solves it by providing a good boilerplate that can be a starting point for your next project. It solves all the above mentioned problems and comes up with easy to edit configuration files that can help you correctly configure servers.

Scoop uses

Corneal to make scaffolding models, controllers and views
ActiveRecord as database ORM
Capistrano for deployment
Puma as app server
Nginx as a proxy server

In addition,

it is also JSON API ready with JSON, CORS and JSONP support already enabled,
has a RoR like console, and
comes up with example script and rake task that can be used to perform tasks that load the environment

Try Sinatra & Scoop by forking Scoop Repository. Scoop's README has detailed steps to set up development and production systems as well as the deployment process.

Please let me know in comments if you would want to try it out or have any suggestions - would love to improve the project.

Cookie - a complete landing website for your next project.

Abhinav Saxena — Tue, 27 Apr 2021 16:56:30 +0000

Recently, while working on a project, I got fascinated with the idea of using a static site as a landing website, and markdown to power additional supporting pages and blog posts. And the outcome is Cookie.

You can checkout code on Github

Cookie is a Jekyll and Tailwind CSS based static website that makes the whole process of creating and launching landing websites extremely easy. With its responsive, mobile-friendly pages, integrated blog, additional pages, and Soopr integration, it can help you focus on building your product than landing website.

Demo

You can see demo app deployed here

Cookie also uses Tailwind 2.0 which is a utility first CSS framework and makes the process of iterating on the homepage a lot easier.

Features

Well-designed landing page
Responsive and mobile-friendly
Additional pages like about us, terms of service & privacy policy
Integrated blog, write content in markdown format
Easy to customize using Tailwind CSS
Fast and performant website
SEO optimized
RSS feed
Easy to deploy on platforms like Heroku, AWS, Netlify & Vercel. One-click deploy on Netlify is also possible
Easy to integrate with headless CMS like Forestry
Soopr integrated - easy to customize share & like buttons, URL shortening, and website analytics
Free & MIT Licensed

Deployment

You can check out Github or my blog for more details on customization and deployment. Do try it out for your next project.

Acknowledgement

Cookie uses landing page provided by Tailwind Starter Kit - thanks for providing an amazing landing page under MIT License. Initial code was also inspired by Jekyll TailwindUI

8 useful Rails Bytes to improve your development process

Abhinav Saxena — Tue, 01 Sep 2020 11:10:33 +0000

Rails Bytes is a platform created by Chris Oliver aka excid3 to share useful Ruby on Rails recipes/templates. These templates allow you to add features to both old and new apps. In the background, these templates may install a gem, run their installation steps, or edit configurations themselves. Of late, I have been using Rails Bytes for my new Rails apps, and here are a few of them (in no particular order) which I find very useful.

HAML: Add beautifully DRY, well-indented, clear markup. I particularly enjoy writing clean markup, and I absolutely love HAML It also helps me understand the logic and intent clearly without getting lost in HTML. This template also lets you automatically convert your .erb files to .haml files. You also get an option to retain your .erb files in case you want to go back.

rails app:template LOCATION='https://railsbytes.com/script/x7msKK'

Live Reload: LiveReload with Webpack for views and viewcomponents. I was recently exposed to Gatsby, and live reloading added so much to my productivity. Live Reload template tries to emulate the same for Rails. It used webpacker. There's another template on Rails Bytes which achieves the same using guard.

rails app:template LOCATION='https://railsbytes.com/script/V1bs61'

dotenv: A Ruby gem to load environment variables from .env. One of the tenets of a twelve-factor app is storing configuration in the environment. In the development environment, this template uses dotenv-rails gem which loads environment variables from .env file in the development environment.

rails app:template LOCATION='https://railsbytes.com/script/zOvsQ0'

Simple form: Rails forms made easy. Rails default forms abstract native HTML forms well, Simple form takes this abstraction a little further and helps you create forms easily.

rails app:template LOCATION='https://railsbytes.com/script/VQLslK'

Recreate: Rake task to drop schema and recreate the database. I am not sure if it's only me - but because of multiple reasons, I tend to recreate my development database numerous times. Rake task added by this template makes it very easy to do.

rails app:template LOCATION='https://railsbytes.com/script/VQLsoK'

Annotate: Annotate Rails classes with schema and routes info. Rails does magic with ActiveRecord, and while I completely love it, I also need to refer to column names very frequently. This template and underlying gem help you achieve that.

rails app:template LOCATION='https://railsbytes.com/script/Vqqsqg'

Strong Versions: Ensure your gems are appropriately versioned. I have seen production issues arising because of version mismatch of gems and other external libraries. Install strong_versions gem to enforce stricter policy on your Gemfile requirements.

rails app:template LOCATION='https://railsbytes.com/script/xjNsMn'

High Voltage: Add High Voltage to manage static pages. There are static pages in every app, and High Voltage using a good convention saves you from building unnecessary controllers for static pages. For more details check out High Voltage gem.

rails app:template LOCATION='https://railsbytes.com/script/XbBsdZ'

(cross-post from my personal blog)