./script/plugin install git://github.com/rails/ssl_requirement.git

b. Include it in your application_controller.rb:

include SslRequirement

c. Specify actions that require SSL in their respective controllers. For eg. my session controller has the following line:

ssl_required  :new, :create

d. Add the following line in development.rb to bypass SSL in development mode:

SslRequirement.disable_ssl_check = true

2. Gotcha’s
a. Include all submit actions in requirement
Any action that processes form data from a SSL page should also be added to the requirement. In the above example, the form on the login page(new action) is processed by the create action and hence it is also included in the requirement.
b. Ajax actions
Ajax actions on a SSL page should also use SSL and must be included in the requirement. At times you do not have a body for the Ajax action and it is rendered using it’s respective RJS template. In such cases create an empty action and include it in the ssl_requirement.
c. Mixed content
A lot of browsers show you a “Mixed Content Warning” if your SSL page references non-SSL assets. IE displays a scary looking confirmation dialog while Firefox and Chrome show a exclamation in the url bar. Any relative paths(eg. using _path helpers) on the page will automatically use the https protocol but any absolute paths(eg. using _url helper or by manually specifying as a string in link_to) will need to be changed to use https.
d. Asset host issue
If you are using Rails asset hosts and do not have a SSL certificate that supports wildcard(for subdomains), then you need to disable them for the SSL pages. Just add the following code to your production.rb:

ActionController::Base.asset_host = Proc.new { |source, request|
  if request.ssl?
    "#{request.protocol}#{request.host_with_port}"
  else
    "#{request.protocol}assets%d.yourdomain.com" % (source.hash % 4)
  end
}

Replace “yourdomain” with your apps domain and “4″ with the number of asset hosts required.

The above should ensure that you have a proper SSL setup without displaying warnings to the user.

1. Handling User Specific Components

Taking the delete action as explained in the example above, the code in the cached view looks something like this:

<% if logged_in? %>

  <%= link_to_remote "Delete",
    :url => user_message_path(current_user, message)
    :method => :delete,
    :confirm => "Are you sure you wish to delete this message?",
    :html => { :title => "Delete Post" } %>


<% end %>

This will create an li element with class “delete” and “only_kratos_delete_allowed” if the username of the message owner is “kratos”

In the non-cached part of the view I have the following code:

<% if logged_in? %>
  <% if current_user.is_admin? %>
    <%= javascript_tag "$(document).ready(function() { MessageView.removeInvalidDeteteButtons('only_#{current_user.login}_delete_allowed', 'true'); });" %>
  <% else %>
    <%= javascript_tag "$(document).ready(function() { MessageView.removeInvalidDeteteButtons('only_#{current_user.login}_delete_allowed'); });" %>
  <% end %>
<% end %>

If the current user is an admin I pass the JavaScript function an additional parameter.

In the application.js file I have the following code:

var MessageView = {
  removeInvalidDeteteButtons: function(element_class, admin) {
    if (admin == undefined)
    {
      $('.delete').each(function() { if (!$(this).hasClass(element_class)) { $(this).remove(); } });
    }
  }
}

If the second parameter is passed(in the case of an admin) the function does nothing, else it iterates over all li elements with class “delete” and removes all elements that do not also have, in this case, the “only_kratos_delete_allowed” class.

2. Handling Rails Authenticity Token

This part describes how to take care of the authenticity token problem:

I added the following code to the layout:

<%= javascript_tag "var AUTH_TOKEN = #{form_authenticity_token.inspect};" if protect_against_forgery? %>

This code creates a JavaScript variable named “AUTH_TOKEN” that contains the current authentication token. Since this section is not cached it always get the correct token.

Next I added the following code to application.js:

$(document).ajaxSend(function(event, request, settings) {
  if (settings.type == 'get' || settings.type == 'GET' || typeof(AUTH_TOKEN) == "undefined") return;
  var authTokenRegExp = /authenticity_token=\w{40}/
  settings.data = settings.data || "";
  if (authTokenRegExp.test(settings.data))
  {
    settings.data=settings.data.replace(authTokenRegExp, "authenticity_token=" + encodeURIComponent(AUTH_TOKEN));
  }
  else
  {
    settings.data += (settings.data ? "&" : "") + "authenticity_token=" + encodeURIComponent(AUTH_TOKEN);
  }
})

This code is a slight modification of the code posted here. ajaxSend is jQuery function that is executed before every ajax request is sent and I use it here to replace or append the authenticity token to the request, unless the request is GET or the AUTH_TOKEN variable is not defined.

3. Handling Fuzzy Timestamps

The code for timestamps in the cached view looks like this:

  <%= process_message_body_timestamp(message) %>

And the helper code is:

def process_message_body_timestamp(message)
  link_to "#{message.created_at}", show_message_url(message), :class => "timestamps"
end

I put the following code in the layout(non-cached):

<%= javascript_tag "$(document).ready(function() { CustomDate.datify(#{get_custom_date_arguments}) });" %>

The get_custom_date_arguments helper is defined in application helper and returns a string containing the current time arguments needed for the JavaScript function:

def get_custom_date_arguments
  current_time = Time.zone.now
  "#{current_time.year},#{current_time.month-1},#{current_time.day},#{current_time.hour},#{current_time.min},#{current_time.sec}"
end

I put the following code in application.js:

var CustomDate = {
  datify: function(current_utc_year,
                      current_utc_month,
                      current_utc_day,
                      current_utc_hour,
                      current_utc_minute,
                      current_utc_second) {
    $('.timestamps').each(function() {
      $(this).html(CustomDate.humane_date($(this).html(),
                                                current_utc_year,
                                                current_utc_month,
                                                current_utc_day,
                                                current_utc_hour,
                                                current_utc_minute,
                                                current_utc_second)).removeClass('timestamps')
    })
  },

  humane_date: function(date_str, current_utc_year, current_utc_month, current_utc_day, current_utc_hour, current_utc_minute, current_utc_second) {
    var time_formats = [
                        [60, 'less than a minute ago'],
                        [90, '1 minute'], // 60*1.5
                        [3600, 'minutes', 60], // 60*60, 60
                        [5400, '1 hour'], // 60*60*1.5
                        [86400, 'hours', 3600], // 60*60*24, 60*60
                        [129600, '1 day'], // 60*60*24*1.5
                        [604800, 'days', 86400], // 60*60*24*7, 60*60*24
                        [907200, '1 week'], // 60*60*24*7*1.5
                        [2628000, 'weeks', 604800], // 60*60*24*(365/12), 60*60*24*7
                        [3942000, '1 month'], // 60*60*24*(365/12)*1.5
                        [31536000, 'months', 2628000], // 60*60*24*365, 60*60*24*(365/12)
                        [47304000, '1 year'], // 60*60*24*365*1.5
                        [3153600000, 'years', 31536000], // 60*60*24*365*100, 60*60*24*365
                        [4730400000, '1 century'], // 60*60*24*365*100*1.5
                      ];

    var time = ('' + date_str).replace(/-/g,"/").replace(/[TUTC]/g," "),
        dt = new Date

    dt.setUTCFullYear(current_utc_year, current_utc_month, current_utc_day)
    dt.setUTCHours(current_utc_hour, current_utc_minute, current_utc_second)

    var seconds = ((dt - new Date(time) + (dt.getTimezoneOffset() * 60000)) / 1000),
        token = ' ago',
        prepend = '',
        i = 0,
        format;

    if (seconds < 0) {
      seconds = Math.abs(seconds);
      token = '';
      prepend = 'in ';
    }

    while (format = time_formats[i++]) {
      if (seconds < format[0]) {
        if (format.length == 2) {
          return (i>1?prepend:'') + format[1] + (i > 1 ? token : ''); // Conditional so we don't return Just Now Ago
        }
        else {
            return prepend + Math.round(seconds / format[2]) + ' ' + format[1] + (i > 1 ? token : '');
        }
      }
    }

    // overflow for centuries
    if(seconds > 4730400000) {
      return Math.round(seconds / 4730400000) + ' Centuries' + token;
    }

    return date_str;
  }
}

The datify function iterates over all timestamps(elements with class “timestamps”) and replaces them with fuzzy timestamps. The humane_date function(yanked from here) generates the actual fuzzy timestamps.

The project I am currently working on requires me to maintain two parallel deployment branches. One is a “production branch” which is deployed on the live server and the other is a “development branch” which is deployed on a staging server. All enhancements and feature additions are done in the “development branch” and the only changes made in the “production branch” are production bug fixes that need urgent attention. Once the “development branch” is deemed stable it is merged into “production branch” and deployed.

I’ve divided my work-flow into two parts. The first part is a generic approach which I follow in all projects, the second part is specific to the case mentioned above and discusses how I manage the two branches using git. Although I mention “Rails” in the title of this post, the work-flow I define below is not “Rails” specific and can be applied to any project where multiple deployment branches need to be maintained. I assume the reader has a basic understanding of git and is comfortable with git branches. There are lots of configuration settings in git which help you setup things like you git author name, email and colors for git commands etc. There are two I would like to mention here though:

git config --global push.default "tracking"

This command tells git to perform a push only to the tracked remote branch in which you are currently working.

git config --global pack.threads "0"

This command tells git to auto-detect the number of threads to use for packing repositories and is useful when working on a machine with more than one core.

1. Generic Workflow

a. Start with a clean master branch.

git checkout master
git pull

You now have a clean master branch. Never work directly in the master branch, instead make all changes to a local branch.

b. Create a local branch.

git branch my_local_branch
git checkout my_local_branch

or do both in one command:

git checkout -b my_local_branch

This creates a new local branch named “my_local_branch” and switches to it. You can now perform all changes in this branch. One good practice to follow when using git is to commit often and in small chunks. This gives you finer control on the work done and allows you to fix mistakes without losing other work. Once you are satisfied, all those smaller commits can be consolidated in a single meaningful commit.

c. Merge with master branch.

git checkout master
git pull

if new changes were pulled do the following:

git checkout my_local_branch
git rebase master

A rebase will apply the newly pulled changes in the master branch to your local branch and then apply local branch changes on top of that. This will ensure a clean merge with master. Conflicts are very common during a rebase and will need to be resolved before you can have a successful rebase. You can also pass the “-i” option to rebase to perform an interactive rebase which will alllow you to squash multiple commits into one if you so require. Once you are finished with the rebase do the following:

git checkout master
git merge my_local_branch
git push

Once you are satisfied with the push you can delete the local branch:

git branch -d my_local_branch

2. Managing Multiple Deployment Branches

The master branch is set as the branch for production deployment and a new remote branch is created for development phase. Since I use capistrano for project deployment I set it up to have three separate tasks: “production”, “production_staging” and “development_staging”. The “production” and “production_staging” tasks use the master branch and the “development_staging” task uses the newly created remote branch. For both the remote branches you must follow the above work-flow i.e: never work directly in the branches themselves, instead create local branches to work in.

a. Create a new remote branch.

First create a new remote branch from our master branch:

git push origin master:refs/heads/development_phase_1

b. Track the remote branch.

Track the newly created remote branch:

git checkout --track -b development_phase_1 origin/development_phase_1

This will create a new local branch named “development_phase_1″ that is tracking the remote “development_phase_1″ branch. Everyone who needs to work on development branch tracks this remote “development_phase_1″ branch and pushes to it. The only pushes to master branch are production fixes.

c. Merge the development branch with the master branch.

Once work on development branch is finished we are ready to merge the two branches:

git checkout development_phase_1
git rebase master
git checkout master
git merge development_phase_1
git push
git branch -d development_phase_1
git push origin :heads/development_phase_1

Normally a rebase is not a good idea in a remotely tracked branch but since our phase is finished and we will create a new remote branch for the next phase, I do so here. Alternatively, I could do a force push for the remote development branch and everyone working on it would need to remove and retrack it again. The second last line removes our locally tracked development branch and the last one removes it from the remote repository.

Final Thoughts

As I mentioned before, the above presented work-flow is not perfect by any means but it works for me. I would appreciate feedback from anyone who reads this and has some  suggestions/recommendations to help me manage my projects better.