DEV Community: Haider Ali

Invite Plus Integration with GitHub

Haider Ali — Tue, 28 Jan 2025 22:51:41 +0000

InvitePlus integrates seamlessly with GitHub to simplify managing your organization’s repositories and teams. Using GitHub OAuth login, InvitePlus enables secure authentication to connect your GitHub account effortlessly. Once authenticated, you can invite new members to your GitHub organization with just a few clicks—no more navigating through multiple settings or manual invites! Additionally, offboarding becomes a breeze, as you can instantly remove members from your organization, ensuring data security and maintaining team hygiene. Here is step by step guide, on how you can integrate your GitHub with InvitePlus

Go to InvitePlus and login into your account
Click Integrations on the left menu
Click Github and it will redirect you to the GitHub login page
Once you have authenticated, your GitHub card will turn green like in the below screenshot
Now you can select Github service on the Invite page to send invites alongside other services to your newly hired

Alternatively, you can watch below video tutorial below for InvitePlus integration with GitHub

InvitePlus Demo

Tweet YouTube video with Google Chrome Extension

Haider Ali — Sun, 26 Jun 2022 14:38:04 +0000

Posting a youtube video on Twitter seems a daunting task as it involve

Downloading the Video
Cropping videos to 2 minutes and 20 seconds or less.
The minimum resolution for Twitter videos is 32 x 32 and the maximum resolution is 1920 x 1200 or 1200 x 1900
Supported formats are MP4 and MOV on the Twitter mobile apps and, on the web, MP4 with H264 format with AAC audio
The maximum file size is 512MB
Upload each video individually one by one

Thanks to clippost.io Google Chrome Extension. It takes care of all of above requirements and convert full YouTube video into video tweet thread on Twitter with just a click. All you have to do it install and activate the extension.

Please follow below step by step guide to install and activate Clippost Google Chrome Extension on your browser

Install Extension

Go to Google Chrome Web Store and search clippost or directly visit Clippost Extension

Enable Extension

This extension require activation. Please follow below steps to activate the extension in Google Chrome browser

Go to http://clippost.io and LOGIN WITH TWITTER
Go to top right click your profile picture to and select Chrome Extension
Enable chrome extension (If you have already enabled it just reload your page)

How to use Extension

Clippost extension provide controls to post video tweet threads. Go to any youtube video page and you will see below controls

You can select start and end time and click tweet icon to send tweet.

Note:

If video length is more than 2 minute and 20 seconds it will automatically convert it into video tweet thread
Clippost currently only support videos which are under 1 hour duration
After posting tweet via extension you can visit My Video section to check status of video (i.e. processing cropping downloading etc)

If you get into any issue please do let us know at info@clippost.io

How to Tweet YouTube video without link

Haider Ali — Fri, 29 Apr 2022 22:06:00 +0000

YouTube is the largest video sharing website on the internet, by far. With 1.9 billion logged-in users active on the site every month, nothing even comes close. You can now tweet YouTube videos without link on Twitter. Video tweets get more user engagement and interaction as compared to sharing url link on Twitter.

Clippost.io can convert YouTube video into video tweet. You cannot only convert clips within a YouTube video to video tweet. But, you can also post a complete thread of clips on twitter from a single YouTube video. Please follow steps below to tweet YouTube video without link.

Step 1

Go to clippost.io and click LOGIN WITH TWITTER

Step 1

You will see Dashboard screen after login. Click New Video and paste your YouTube video url

Note: If you want to tweet video in reply to another tweet then click on checkbox Send as a reply to a tweet and paste url of the tweet you want to reply to

Step 3

It will take you to New Video screen. Now click on add clip and add start time and end time of clip in MM:SS format where MM is minutes and SS is second.

Note: If you want to tweet whole video as video tweet thread. Please select Generate clips automatically

Step 4

It will take you to Tweet Text page. In this page you can add tweet text to each clip. Also, you can choose between you want to schedule the tweet or send it immediately

Step 5

You are done

You can keep track of status any time visiting info screen

You can also watch our YouTube video for How to Tweet YouTube Video without link

For queries please email us at help@clippost.io

Exploiting abstraction while writing rails controllers

Haider Ali — Fri, 07 May 2021 01:58:46 +0000

Abstraction is simple and beautiful while writing abstract code is an art.

While writing web apps apart from writing business logic most of the time we end up writing CRUD operations (Create, Read, Update Delete). There are a bunch of methods available to generate boilerplate code i.e. scaffolding, custom generators, etc. which have their own dos and don'ts.

I personally have been exploiting abstraction to write CRUD operations. Consider an example of developing a school management system where we have controllers like Student, Course, Section, Teacher, Exam, and many others. A typical student controller CRUD would be

class StudentsController < ApplicationController
  before_action :set_student, only: %i[ show edit update destroy ]

  def index
    @students = Student.all
  end

  def show
  end

  def new
    @student = Student.new
  end

  def edit
  end

  def create
    @student = Student.new(student_params)

    respond_to do |format|
      if @student.save
        format.html { redirect_to @student, notice: "Student was successfully created." }
        format.json { render :show, status: :created, location: @student }
      else
        format.html { render :new, status: :unprocessable_entity }
        format.json { render json: @student.errors, status: :unprocessable_entity }
      end
    end
  end

  def update
    respond_to do |format|
      if @student.update(student_params)
        format.html { redirect_to @student, notice: "Student was successfully updated." }
        format.json { render :show, status: :ok, location: @student }
      else
        format.html { render :edit, status: :unprocessable_entity }
        format.json { render json: @student.errors, status: :unprocessable_entity }
      end
    end
  end

  def destroy
    @student.destroy
    respond_to do |format|
      format.html { redirect_to students_url, notice: "Student was successfully destroyed." }
      format.json { head :no_content }
    end
  end

  private
    def set_student
      @student = Student.find(params[:id])
    end

    def student_params
      params.require(:student).permit(:first_name, :last_name, :roll_no, :date_of_birth)
    end
end

Sections controller CRUD would look like

class SectionsController < ApplicationController
  before_action :set_section, only: %i[ show edit update destroy ]

  def index
    @sections = Section.all
  end

  def show
  end

  def new
    @section = Section.new
  end

  def edit
  end

  def create
    @section = Section.new(section_params)

    respond_to do |format|
      if @section.save
        format.html { redirect_to @section, notice: "Section was successfully created." }
        format.json { render :show, status: :created, location: @section }
      else
        format.html { render :new, status: :unprocessable_entity }
        format.json { render json: @section.errors, status: :unprocessable_entity }
      end
    end
  end

  def update
    respond_to do |format|
      if @section.update(section_params)
        format.html { redirect_to @section, notice: "Section was successfully updated." }
        format.json { render :show, status: :ok, location: @section }
      else
        format.html { render :edit, status: :unprocessable_entity }
        format.json { render json: @section.errors, status: :unprocessable_entity }
      end
    end
  end

  def destroy
    @section.destroy
    respond_to do |format|
      format.html { redirect_to sections_url, notice: "Section was successfully destroyed." }
      format.json { head :no_content }
    end
  end

  private
    def set_section
      @section = Section.find(params[:id])
    end

    def section_params
      params.require(:section).permit(:name)
    end
end

And Course CRUD would be

class CoursesController < ApplicationController
  before_action :set_course, only: %i[ show edit update destroy ]

  def index
    @courses = Course.all
  end

  def show
  end

  def new
    @course = Course.new
  end

  def edit
  end

  def create
    @course = Course.new(course_params)

    respond_to do |format|
      if @course.save
        format.html { redirect_to @course, notice: "Course was successfully created." }
        format.json { render :show, status: :created, location: @course }
      else
        format.html { render :new, status: :unprocessable_entity }
        format.json { render json: @course.errors, status: :unprocessable_entity }
      end
    end
  end

  def update
    respond_to do |format|
      if @course.update(course_params)
        format.html { redirect_to @course, notice: "Course was successfully updated." }
        format.json { render :show, status: :ok, location: @course }
      else
        format.html { render :edit, status: :unprocessable_entity }
        format.json { render json: @course.errors, status: :unprocessable_entity }
      end
    end
  end

  def destroy
    @course.destroy
    respond_to do |format|
      format.html { redirect_to courses_url, notice: "Course was successfully destroyed." }
      format.json { head :no_content }
    end
  end

  private
    def set_course
      @course = Course.find(params[:id])
    end

    def course_params
      params.require(:course).permit(:title, :credit_hours, :code, :year)
    end
end

If you notice most of the time we are doing same kind of operation i.e. in the case of the show we first set the resource which could be Student, Course, Section, etc. In general, we are dealing with a resource or resources everywhere in the controllers.

In the Ruby on Rails world, we often talk about resources, we model every real-world object into Rails model as we did with the school management system Student, Course, Teacher, Exam. If we look at our above code we just specified resource name in reach controller for example in StudentsController we used Student, @student, @students, set_student, or student_params and the same is the case with CoursesController we have used Course, @course, @courses, set_course, or course_params, etc. In short, we are repeating the resource name in each file. We can come up with a generic controller let say BaseController where we perform all operations on a resource rather than student, course, section, etc. Then, we just inherit StudentsController, CoursesController, TeachersController, ExamsController from a single source of truth BaseController.

Let's start with the show function and try to write BaseController.

class BaseController < ApplicationController
  before_action :set_resource, only: %i[ show ]

  def show
  end

  def set_resource
    resource ||= resource_class.find(params[:id])
    instance_variable_set("@#{resource_name}", resource)
  end

  def resource_class
    @resource_class ||= resource_name.classify.constantize
  end

  def resource_name
    @resource_name ||= controller_name.singularize
  end
end

Writing create function is a bit more interesting

  def create
    @resource = resource_class.new(resource_params)

    respond_to do |format|
      if @resource.save
        format.html { redirect_to @resource, notice: "#{resource_name} was successfully created." }
        format.json { render :show, status: :created, location: @resource }
      else
        format.html { render :new, status: :unprocessable_entity }
        format.json { render json: @resource.errors, status: :unprocessable_entity }
      end
    end
  end

update and destroy functions are somewhat similar

  def update
    @resource = resource_class.find(params[:id])

    respond_to do |format|
      if @resource.update(resource_params)
        format.html { redirect_to @resource, notice: "#{resource_name} was successfully updated." }
        format.json { render :show, status: :ok, location: @resource }
      else
        format.html { render :edit, status: :unprocessable_entity }
        format.json { render json: @resource.errors, status: :unprocessable_entity }
      end
    end
  end

  def destroy
    @resource = resource_class.find(params[:id])

    @resource.destroy
    respond_to do |format|
      format.html { redirect_to "#{controller_name}_url", notice: "#{resource_name} was successfully destroyed." }
      format.json { head :no_content }
    end
  end

In all of the above rewrites, we just simply used resources as a generic variable attribute. destroying an object is the same no matter its Student, Course, Section, or Exam so resource.destroy works the same for each resource.

Our final refactoring will look like this

Since controllers are inherited from BaseController we can always override any method in the respective controller. For example, instead of directly creating a Student object we have a service written which takes student params and creates Student object after applying a bunch of business logic and pre-checks. For such scenarios, we can override create the function in StudentsController.

We can use the same pattern while writing our APIs and all other scenarios where we have a similar pattern repetition.

Thank You so much for the read.

AWS S3 file upload from client side

Haider Ali — Sat, 20 Oct 2018 22:32:06 +0000

Originally posted on my personal blog http://haidrali.com/aws-s3-file-upload-from-client-side/

Last week I pushed a new feature on production which involve file upload on AWS S3. When you are uploading file to S3 from frontend there is always a risk of exposing your AWS secrets to user, so you have following options to avoid this risk

Involve server as middleware and upload via server API, you will have more control over it
Allow users to upload directly to S3 anonymously

I don’t like both of above methods, as involving middleware you are uploading file twice i.e. frontend → server, server → s3 bucket and I don’t really want server to do this heavy lifting of uploading files to S3 on user behalf, while allowing user anonymous upload you are giving a blank check to you S3 bucket i.e. anyone in the world can upload to your s3 bucket, this was also not acceptable to me as this could have very swear consequences. I wanted to have bit more control over uploads while not compromising security issues, so I used AWS Security Token Service to generate secrets (access_key, access_secret) which lived temporarily and have limited access as you define it.

H3 Configure an IAM user on AWS console to generate temporary secrets

In order to generate temporary secrets you need following configurations on AWS console

create a new IAM user
create a policy to allow upload on S3 bucket
create a role for you IAM user to assume Security Token Service

Watch this video for configurations

Now, you can generate AWS STS with this ruby code

aws_sts = AWS::STS::Client.new(
          access_key_id: ENV['AWS_ACCESS_KEY_ID'],
          secret_access_key: ENV['AWS_SECRET_ACCESS_KEY']
        ).assume_role(
          role_arn: ENV['AWS_ROLE_ARN'],
          role_session_name: 'session_name',
          duration_seconds: 12*60*60)
// this will generate access_key, access_secret
aws_sts.credentials

AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY are credentials you download after creating user and AWS_ROLE_ARN is value which I copied at the end of video

H3 Enable ACL uploading to S3

You will be able to successfully upload files with secrets generated with above code, Since we have used a separate user to generate STS then only this user will be able to access file. To make this file accessible by other user as well you must send ACL: 'public-read' in request body or header while uploading file to S3. you can read more about ACL

I hope this help you improve your file upload as well. If you need any help please do ping me on twitter @alihaider907.

Newbies Introduction to Ruby on Rails

Haider Ali — Sat, 25 Nov 2017 13:13:48 +0000

Originally posted on my personal blog http://haidrali.com/newbies-introduction-to-ruby-on-rails

Note: This tutorial is intended to newbies only who want to kick-start web development with Ruby on Rails. I will just share links to different resources and give tips based on my experience which may help you starting development with Ruby on Rails.

Installation and Prerequisites

Just like any other framework ruby on rails framework has its own development environment, before diving into installations of environment I would recommend if you have planned to use Window operating system for ruby on rails development please read Rails Development on Windows. Seriously and switch to linux/unix based operating system. If you still insist to carry on with Windows go ahead with my Best wishes.

You can find complete installation guide of Ruby on Rails on GoRails website (there are other websites too). I will recommend installing RVM instead of rbenv and installing it from source. GoRails guides also include installing Git, MySQL/Postgres complete the installation process. You might get errors while installation please do check your OS and version before starting installation process.

Ruby Language

Once you have set up your installations and environment start with ruby language basics I would recommend The Little Book of Ruby by Huw Collingbourne. Don’t memorise anything just practice basic syntax, data structures, condition statements, loops modules and Classes. Since we have already installed ruby as well as created a project of rails (in above GoRails guide) your can either go to project root and open a console or write your program in a .rb file and run it with ruby keyword as mentioned in book.

Ruby on Rails Framework

You are familiar with Ruby language basics now it is time to start getting your hands on Ruby on Rails. You will find numerous tutorial on getting started with Rails, but RUBY ON RAILS TUTORIAL by Michael Hartl is the most comprehensive guide for newbies. It covers details at granular level starting from Zero to Deployment it includes everything. There are other good resources as well like RailsCasts, DriftingRuby, RailsTutorial, but if you are newbie I would highly recommend finishing Ruby on Rails Tutorial book by Micheal Hartl thoroughly first and then look elsewhere like RailsCasts (very good for topic specific tutorials) as it will make your Rails framework understanding in-depth.

Development Environment

Development environment contains your machine, tools, settings, configurations etc. Make your development environment as smooth as possible use .bashrc, tumx, terminal settings aliases to amplify your concentration. Have strong grip over terminal commands. Choose any suitable text editor I personally use Sublime Text in development and vim or emacs in production mode. Look at StackOverFlow’s survey for Most Popular Developer Environments by Occupation.

Be Open Source

Ruby on Rails is an open source framework and it has very large open source community, as a beginner you will get lots of help from open source community in term of different gems, git, gist, stack overflow etc. Don’t forget to contribute back once you have a good grip.

Follow Tech Talks

Ruby and Ruby on Rails framework has large community of developers across the world. There are many conferences being held across the world on Ruby language and Ruby on Rails framework both. RubyConf and RailsConf are two of the most popular conferences in Ruby on Rails world. Do follow tech talks in these conferences particularly from speakers David Heinemeier, Sean Griffin, Mike Perham, Aaron Patterson and people who are at the forefront of Ruby language and Ruby on Rails framework development. Look at 11 TOP INTERNATIONAL RUBY ON RAILS CONFERENCES AND EVENTS 2017. Also one particularly article I really like every Rails developer to read is The Rails Doctrine by DHH.

Never Stop Learning

Once you have develop basics of ruby on rails I would recommend having some DevOps and Front end frameworks like ReactJS, VueJS skills as well. Do explore topics like High Availability, Consistency, Scaling RDBS, NoSQL etc and regularly read engineering blogs of tech giants like Google, Twitter, Microsoft and Amazon etc.

If you are newbie to Ruby on Rails development and want any suggestions or help do ping me on twitter @alihaider907.

Happy Learning 😛

How pair programming helped me focus more

Haider Ali — Tue, 01 Aug 2017 09:22:36 +0000

Originally posted on my personal blog http://haidrali.com/how-pair-programming-helped-me-focus-more/.

I am a big advocate of pair programming as I always feel more productive doing tasks in a pair because it tends to be a Get Things Done kind of attitude. Followings are reasons why I believe pair programming can help you more productive at certain stages

1- The purpose of two programmers sitting on a single workstation is not always to get output greater than output of both individuals but to get the critical work done i.e, setting up your first deployment environment, debugging a rare and critical bug, code merge or code reviews etc

2- If pair consists of a senior developer with a junior developer the follow of knowledge from senior to junior developer really help junior developer to learn. This is what I have experienced while working almost a year with Waqas Farooq he be a Geek and I as new-grad

3- Many a time I have experienced that Unforced Errors like unintentionally making changes to another file, environment variables not loading in production are greatly reduced when a pair sit-down on a single workstation

4- Almost everyone uses social media be it Facebook, Twitter, Reddit, Hacker News etc during work to get some comfort and once your dive into it then it become difficult to get out of this comfort zone. But when you sit together with your fellow programmer the follow of work never stop and social media and other hurdles never come in your way you just keep going until you hit the finish line.

5- Concept of pair programming gets redefined under remote working environment as you are no longer sitting together physically but still you can be on a single workstation by the means of online realtime collaboration tools i.e. screen sharing

I hope my experience would help promoting pair programming culture at your workplace.

Happy Pair Programming :)

Data security in multi-tenant SaaS applications

Haider Ali — Thu, 08 Jun 2017 23:11:53 +0000

Data is the core of SaaS and having shipped two SaaS products on production in last four years I feel developing SaaS application requires extra safety measures on data security as compared to developing a general purpose application such as Chatting apps, client based solution, etc. Since in SaaS application resources are shared among clients so data security in term of data leakage between clients is a real challenge, In this post I would explain how proper measures should be taken to make sure data security in SaaS application.

Choosing what database structure you will go with is important question and it should be decided after carefully going through you requirements like what type of clients you will have enterprise/small business, how large your application is, etc. because database structure in SaaS application impact directly to the security as well performance issues. Normally you have three choices to structure your database for SaaS

1- Single Tenant (Each client will have a physically different database)

2- Multi-Tenant (Single database for all the clients where each client data is shared)

3- Multi-Tenant with multi-schema (Single database for all clients, but each client will have a separate, but homogeneous schema structure in the single database)

Single Tenant for each client gives you perfect solution to data security as data of each client is physically separated, but it is not cost efficient solution as each client has to pay cost of a fully managed database, also at application level you have to maintain connections to each client’s database separately and managing backups across all tenants is a real deal. It could be a good choice where you have Banks or enterprise level clients demanding their data to be separated on physically different server.

I was in huge favour of Multi-Tenant with multiple schema when I was developing SaaS, because it offers you same kind of data transparency among tenants as Single Tenant on a single database and it is cost efficient solution, but there were four things I didn’t choose Multi-Tenant with multiple schema and those were

Our application has more then 60 tables so having N client means database will have n*60 tables and sooner or later this limit will eventually reach the maximum number of tables in a database
Managing backups would have been a real deal at production
It becomes difficult to maintain homogeneous schema structure as your application grow broken migration cause huge pain (I have practically experience these bugs on production)
Practically you have to switch schema with each request you make to Database
So Multi-Tenant with multiple schema is not a good choice for an application where you have large number of tables and large number of clients, still I would recommend it if you have small number of tables in your application and measured number of clients and data security is your priority.

Multi-Tenant isn’t good fit if data security is your main concern at first look since data of all clients will be shared, but you can take safety measures at your application level to make use of this cost effective and easy to manage solution. Since all clients are using same database same schema and same tables so making sure that each client can access, update and delete only its own data become high priority challenge, As many a time you are playing directly with incoming parameters which can be manipulated easily to mitigate records of other clients/tenants if not ensured properly. There are two widely known approaches to correctly identifying the tenant against each HTTP request

1- Sub-domain many SaaS application use sub-domain feature like if your application is hosted at www.application.com then client named client1 will have client1.application.com and you can easily have sub-domain to know which client’s HTTP request it is and go to database for this particular client only
2- Maintain tenant in sessions

After successfully identifying tenant, next challenge is to make sure you shield your database logically such as it only reduced to that tenant. At the ground level you have to add a condition in WHERE caluse every time you query to database. At first look it seems pretty straight forward but any negligence in this would expose data of one tenant to the other tenants. I would never recommend appending condition in WHERE cause manually this should be done right way either via using library such as acts_as_tenant or writing a function in your database class which automatically append this WHERE clause for tenant every time you query for data.

External Storage

Apart from you primary database it is quite common that you have to use external storage such as Redis or even at times you depend on external services like Firebase, Amazon S3. The same above principle that each tenant can access, update and delete only its own data applies here too and there should be no way to reverse engineer and mitigate data present in these external storage and services such that it affects other tenants.

Feel free to contact me at @alihaider907 about this article or building SaaS products.

Thanks