SFTP virtual users with ProFTPD and Rails: Part 1
By Brian Gadoury
December 20, 2012
I recently worked on a Rails 3.2 project that used the sweet PLupload JavaScript/Flash upload tool to upload files to the web app. To make it easier for users to upload large and/or remote files to the app, we also wanted to let them upload via SFTP. The catch was, our users didn’t have SFTP accounts on our server and we didn’t want to get into the business of creating and managing SFTP accounts. Enter: ProFTPD and virtual users.
ProFTPD’s virtual users concept allows you to point ProFTPD at a SQL database for your user and group authentication. This means SFTP logins don’t need actual system logins (although you can mix and match if you want). Naturally, this is perfect for dynamically creating and destroying SFTP accounts. Give your web app the ability to create disposable SFTP credentials and automatically clean up after the user is done with them, and you have a self-maintaining system.
Starting from the inside-out, you need to configure ProFTPD to enable virtual users. Here are the relevant parts from our proftpd.conf:
##
# Begin proftpd.conf excerpt. For explanation of individual config directives, see the
# great ProFTPD docs at …database mysql postgres ruby rails sysadmin
Verify Addresses the Easy Way with SmartyStreets
By Tim Case
December 20, 2012
Adding an address form is a pretty common activity in web apps and even more so with ecommerce web apps. Validations on forms allow us to guide the user to filling out all required fields and to make sure the fields conform to basic formats. Up until now going further with addresses to verify they actually exist in the real world was a difficult enough task that most developers wouldn’t bother with it. Imagine though the cost to the merchant who ships something to the wrong state because the customer accidently selected “SD” (South Dakota) when they thought they were selecting “SC” (South Carolina), a simple enough mistake to make and one that wouldn’t be caught by most address forms. In today’s ecommerce world customers expect deliveries to be fast and reliable, and in this case the customer would have to wait until the package is returned to the merchant with “Address Unknown” only to have to wait even longer for the reshipment. Even worse for the merchant, maybe the package never gets returned.
SmartyStreets is a new API web app that I implemented for our client Mobixa, a web app that allows people to sell their used …
ecommerce javascript api
Advanced Product Options (Variants) in Piggybak
By Steph Skardal
December 18, 2012
About a month ago, Tim Case and I developed and released a Piggybak extension piggybak_variants, which provides advanced product optioning (or variant) support in Piggybak. Piggybak is an open source Ruby on Rails ecommerce platform developed and maintained by End Point. Here, I discuss the background and basics of the extension.
Motivation & Background
The motivation for this extension was the common ecommerce need for product options (e.g. size, color), where each variation shares high-level product information such as a title and description, but variants have different options, quantities available, and prices. Having been intimately familiar with Spree, another open source Ruby on Rails ecommerce framework, we decided to borrow similarities of Spree’s product optioning data model after seeing its success in flexibility over many projects. The resulting model is similar to Spree’s data model, but a bit different due to the varied nature in Piggybak’s mountability design.
Spree’s data model for advanced product optioning. A product has many variants. Each variant has and belongs to many option values. A product also has many options, which define …
ecommerce piggybak rails
Lazy AJAX
By Jeff Boes
December 18, 2012
Don’t do this, at least not without a good reason. It’s not the way to design AJAX interfaces from scratch, but it serves well in a pinch, where you have an existing CGI-based page and you don’t want to spend a lot of time rewriting it.
I was in a hurry, and the page involved was a seldom-used administration page. I was attempting to convert it into an AJAX-enabled setup, wherein the page would stand still, but various parts of it could be updated with form controls, each of which would fire off an AJAX request, and use the data returned to update the page.
However, one part of it just wasn’t amenable to this approach, or at least not quick-and-dirty. This part had a relatively large amount of inline interpolated (Interchange) data (if you don’t know what Interchange is, you can substitute “PHP” in that last sentence and you’ll be close enough.) I wanted to run the page back through the server-side processing, but only cared about (and would discard all but) one element of the page.
My lazy-programmer’s approach was to submit the page itself as an AJAX request:
$.ajax({
url: '/@_MV_PAGE_@',
data: { …interchange javascript jquery
tmux and SecureCRT settings
By Ron Phipps
December 14, 2012
Richard gave me a call today to show the wonders of tmux. I am using Windows, and unfortunately, right off the bat I couldn’t see color and there were a bunch of accented as dividing the panes.
After some trial and error and finding this post on the subject we got it working. The key is to configure SecureCRT to use xterm + ANSI colors and set the character set to UTF-8 and “Use Unicode line drawing code points”.
Hooray! I’ll be trying out tmux in day-to-day use to see if it will replace or augment screen for me.
terminal
Update Your GNU Screen Config on the Fly
By Greg Davidson
December 14, 2012
An Indispensable Tool
I use Screen constantly in my work at End Point. It is an indispensable tool that I would not want to operate without. It’s so handy to resume where I left off after I’ve detached or when my connection drops unexpectedly. This is likely preaching to the choir but if you are not already using Screen and/or tmux, start now.
The Scenario
I often find myself in the following situation:
- SSH into a server
- Fire up a new Screen session
- Create several windows for editing files, tailing logs, etc.
- Realize the default Screen configuration is inadequate or does not exist.
- Facepalm \O/
While my needs are fairly minimal, I do like to bump up the scrollback buffer and display the list of windows in the status line.
There are a couple of options at this point. I could put up with the default / non-existent configuration or create a config file and manually re-create the session and all of the windows to pick up the configuration changes. Neither of these options was desirable.
I wanted to be able to update the configuration and have all of the existing windows pick up the changes. After asking around a little I ended up taking a look at the manual and discovered the …
terminal tips
Is AVS for International Customers Useless?
By Jeff Boes
December 13, 2012
Any ecommerce site that sells “soft goods”, some digitally delivered product, has to deal with a high risk of credit card fraud, since their product is usually received instantly and relatively easily resold. Most payment processors can make use of AVS (Address Verification System). It usually works well for cards issued by United States banks with customers having a U.S. billing address, but its track record with international customers and banks has been less than stellar.
AVS compares a buyer’s address information with what the bank has on file for the card’s billing address. To reduce false negatives, that comparison is limited to the postal code and the numeric part of the street address. The lack of consistent AVS implementation by non-U.S. banks, and the variety of postal codes seen outside the U.S., Canada, and the U.K., mean problems creep in for most international orders.
Any time you reject an order, whether it’s for a legitimately incorrect billing address, a bank/AVS problem, or any other reason, you’re increasing the likelihood of losing the customer’s business, having them retry and cost you more in payment processing fees, …
ecommerce payments
Piggybak Extensions: A Basic How-To Guide
By Barrett Griffith
December 13, 2012
This article outlines the steps to build an extension for Piggybak. Piggybak is an open-source Ruby on Rails ecommerce platform created and maintained by End Point. It is developed as a Rails Engine and is intended to be mounted on an existing Rails application. If you are interested in developing an extension for Piggybak, this article will help you identify the steps you need to take to have your extension leveraging the Piggybak gem, and integrating smoothly into your app.
Introduction
The Piggybak platform is lightweight and relies on Rails meta-programming practices to integrate new extensions. The best references to use alongside your development should be the previously developed extensions found here:
It is likely that your extension will tie into the admin interface. Piggybak utilizes the RailsAdmin gem for its admin interface.
Setting up the Development Environment
A convenient way to start building out your extension is to develop against the demo app found here. The demo app utilizes the Piggybak gem and comes with sample data to populate the e-commerce store.
The Piggybak demo app sample data is exported …
piggybak rails