Tag Archives: Rails

one-liner to install nginx with passenger and ssl

Just build this little guy for our puppet script, maybe someone needs it too 🙂

export V=0.7.67 && wget -O /tmp/nginx-$V.tar.gz http://sysoev.ru/nginx/nginx-$V.tar.gz && cd /tmp && tar xzvf nginx-$V.tar.gz && sudo passenger-install-nginx-module --nginx-source-dir /tmp/nginx-$V --extra-configure-flags="--with-http_ssl_module" --auto --prefix=/opt/nginx-$V && rm /opt/nginx && sudo ln -s  /opt/nginx-$V /opt/nginx

(If you like the stock nginx without ssl, youll need the –auto-download option)

Empty session id leads to shared session + Fix

We recently encountered some users that had an empty sessionid and therefore where logged in as other users, to fix this (the reason why the ids where empty is still unknown….) we now forbid blank session ids.

# users with blank session id get logged in as other users / share session 
#-> forbid empty session ids
# TEST: set _session_id cookie to "" it should be removed/replaced
class ActionController::Session::AbstractStore
  def load_session_with_blank_id_protection(*args)
    id, data = load_session_without_blank_id_protection(*args)
    return [nil, {}] if id.blank?
    [id, data]
  end
  alias_method_chain :load_session, :blank_id_protection
end

ActiveRecord without default scope

This is a pretty hacky implementation of the feature we needed:
remove the default scope for some queries (e.g. update deleted records)

Code:

class ActiveRecord::Base
  def self.without_default_scope(&block)
    scope = scoped({})
    defaults = scope.current_scoped_methods_when_defined

    old = defaults[:find][:conditions]
    defaults[:find][:conditions] = {}

    begin
      yield(scope)
    ensure
      defaults[:find][:conditions] = old
    end
  end
end

Usage

MYModel.without_default_scope{|s| s.update_all(:deleted_at => nil)}

There is an less hacky alternative, but it did not work for us (AR 2.3.2)