Cloud City has long supported some of the primary developers of core Ruby infrastructure, particularly Bundler and/or RubyGems, initially by providing the maintainers a day job and the workplace flexibility to work on these important projects. Over the last few years we’ve moved into more directly supporting this work, by becoming the defacto/only current design and development firm (in addition to individuals doing similar work) for RubyCentral for RubyGems work.
Rubygems.org redesign
Ian and Martin have been working on a series of changes to RubyGems that are starting to roll out now. There is some deeper feature work underway right now, but the first of these changes is the beginning of a design update on RubyGems.org that Martin has posted about on the official blog. Of course, read about some of the other changes he and the RubyGems team have been working on in their September update.
Rails controller permissions changes
While working on some of the feature work that touched on how RubyGems.org was handling permissions, Martin came across a bit of parameter filtering/handling that wasn’t ideal. It was easy to write in a way that a user could trigger uncaught 500s that wouldn’t get handled by permit/require like you might expect.
The default, recommended way of handling parameters in Rails:
user_params = params.require(:user).permit(:name, :age)
will throw NoMethodError when someone tries passing in a user manually as a string with /path?user=string [likely to try and get around security measures].
Instead you have to write
user_params = params.permit(user: [:name, :age]).require(:user)
to fully handle this instead of throwing an error.
To simplify the param filtering down to one method that you can’t so easily get wrong/insecure, Martin (with help from the Rails team to further refine the functionality) came up with
params = ActionController::Parameters.new(user: { name: "Martin", age: 40 })
permitted = params.expect(user: %i[name age])
permitted.permitted? # => true
permitted.has_key?(:name) # => true
permitted.has_key?(:age) # => true
You can read more in PR to “Add Parameters#expect to safely filter and require params and Martin is working on a post detailing the changes further.
Keeping RubyGems.org up and responsive
And lastly, Cloud City developers have long been involved in keeping RubyGems.org, a high volume site and API that hosts all our communities lovely gems, running smoothly. You can read about some of work André was doing on this back in 2018, not to mention his founding of Ruby Together to help innovate how Bundler and RubyGems work got funded.
Some of this work has been brought officially under the Cloud City umbrella, and we have an oncall arrangement with RubyCentral, to keep all your gems all downloading smoothly (Martin and André have had this arrangment since the end of last year and have been unofficially keeping it running for longer).
Reach out
If you are interested in supporting more of this type of work (for instance you have features you’d like to propose for RubyGems or Bundler to better support your company) or would like to work with the core of the team that keeps RubyGems.org running smoothly, contact us, email me directly at kenzi@cloudcity.io, or meet up with me at RubyConf in Chicago.