To get your two-finger swipe navigation back, just go into the Mouse preferences and over to the More Gestures section. Change the first option (Swipe between pages) to use two fingers.

This will disable the full-screen swiping and get you back up and running. Doing the same thing on your laptop should work as well, except you’ll pick three-finger swiping instead of two.

Enjoy.

In the course of building the frontend application for Earbits, I’ve been constantly annoyed with the responsiveness of my local development server. As a pretty complex AJAX application, there are lots of little (and some bigger) calls to the Rails backend APIs to do lots of potentially slow things. This means that there are lots of calls that are originating in the browser and being served by one mongrel, so the server ends up handling requests too slowly. Which leads to me being frustrated. Which leads to me finding a nice solution to the problem.

Warning: This May Not Apply To You

If you have slow running requests that have to run in series, or if you’re not doing AJAX-y things, this isn’t going to help you much. This setup is only useful if your app sends a bunch of parallel requests to the backend. For instance, if after your main page loads, you need to do AJAX requests to a) load the user’s friends, b) get their comment history, c) calculate some suggestions, and d) check to see if you should show a popup promo to the user, then this might help you out. But if you need the results of request (a) to get (b) and the results of (b) to get (c), then you’re out of luck and this will be a waste of your time.

Ok, ready to do this?

Step 1 – Install Nginx

This is much simpler if you have macports installed. So go do that first if you haven’t already. If the first step below doesn’t do anything, you don’t have macports. Once you have macports, it’s a simple two-command process to install nginx.

$ sudo port -d selfupdate
$ sudo port install nginx +ssl +debug

Now, while nginx is installing you can open a new terminal window and keep going. The install will take a few minutes.

Step 2 – Configure Foreman

Foreman is a great tool released by David Dollar to make running web processes and workers crazy easy. It uses a Procfile to define the different things it controls and you should refer to his blog or a Google search to learn about the finer points of Foreman. We use a pretty simplistic file here as an example.

To get started just run:
$ gem install foreman

Then create a file called Procfile in the root of your project using the text editor of your choice. My Procfile has just one line that define a web process using the standard Rails server:

web:    bundle exec rails server -p $PORT

Step 3 – Configure Nginx

Now that nginx is probably finished installing, we can get it configured to act as a local Load Balancer for our Rails server. I’m going to set it up using port 80 locally. If you are running an HTTP server locally already on port 80, then you should adjust your configuration accordingly. But if you’re not using port 80, Rails redirects might cause you some headaches. So I suggest you stick with the standard port.

First, you’ll need to find your nginx.conf configuration file. If you used macports to install it, it’s probably in /opt/local/etc/nginx/nginx.conf but if you can’t find it, run nginx -V to see where it’s hiding.

If you’re not familiar with nginx at all, there are two main directives that you’ll be using, server and upstream. The server directive defines the front-end part of nginx (i.e. where it listens for incoming requests). The upstream directive defines the back-end (i.e. where to send requests so that Rails can handle them). Both of these snippets should exist within the http section of your config file. I’ll provide a complete nginx.conf at the end of this section so that you can just replace the default file and then tweak it if necessary.

Upstream section

This is the configuration that I’m using, I will explain it in a second:

upstream foreman4000 {
  server localhost:4000;
  server localhost:4001;
  server localhost:4002;
  server localhost:4003;
  server localhost:4004;
}

Here on line 1 we’re defining the upstream which we will reference later. Note that “foreman4000″ is just an arbitrary name used to reference it within the config. Then since we plan on running 5 web processes starting at port 4000, we list out each of the ports where our Foreman will be listening for requests.

Server section

This will define a server so that nginx will listen to requests on port 80 and direct them to the upstream we created above (line 6). We also pass the real IP of the request and the hostname along to the server (lines 7-9, in case you need either of these bits of data.

 server {
    listen       80;
    server_name  localhost;
    access_log  /opt/local/var/log/nginx/foreman4000.access.log  main;
    location / {
      proxy_pass http://foreman4000;
      proxy_set_header Host $host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $remote_addr;
    }
 }

Test the config

After you’re done making the changes above (or if you download my nginx.conf example file), you should run $ sudo nginx -t to test the config and make sure it’s all good. If it fails, double check everything. If it’s good, you’re ready to start it up.

Step 4 – Start your Engines

Now all we have to do is start everything up. In your Rails project directory:
$ sudo nginx
$ foreman start -p 4000 -c web=5

Note: I use the non-standard port 4000 as the starting point so that other random servers can run on 3000 (rails default) and 5000 (foreman default) without conflicting with this setup.

If it’s working you should be able to open up http://localhost in your browser and your Rails site should load. In the terminal running Foreman, you should see it handing requests to each of the 5 web processes (web.1 – web.5) like this:

Now, enjoy your new, super-responsive AJAX server! I know I do.

Notes and Extras

There are a few reasons my local development environment is slow. Firstly, I’m using a hosted mongodb that is shared among a few of our developers so that we can more easily collaborate on work. It makes it possible for me to add a new feature and seed the database with some good example data, then hand it off to our UI guy to style it up with zero configuration on his end other than a git pull. Secondly, we make heavy use of the Facebook Graph APIs which can at times be sluggish over my mere-mortal internet connection. Getting someone’s friends might take a full second, posting something to a wall might take a couple seconds. You can imagine how with just one process running, it would get a bit slow.

The third reason our site is slow in development is the simple fact that it’s designed to be chatty. Instead of large monolithic views getting rendered for the user, we do a lot of client-side template rendering using underscore.js based on json data requested by the client app (which leverages backbone.js for much of the interaction logic). In production, this works great because we can fire up a bunch of web processes and everything scales on out. But in development, between the slow database access and the numerous calls, things can take seemingly forever to fully load. But not anymore!

BTW – if you haven’t tried Earbits out for your online radio needs, you absolutely should. Great way to discover new music, share with your friends and really just have a great time. And you should stop listening to so much Genesis anyway. It’s time for something fresher.

The perishable_token is the suggested way to send out secured one-time-use emails because it’s updated every time the User model is updated (like, when the user logs in) so the email can’t be re-used to reset the password again for instance.  I’m using it in some pretty strange ways to handle proxy users (users who haven’t actually registered yet on our site), but this issue also is present for the password-reset case.

I noticed that some users were getting rejected after clicking the link in the email saying that the perishable token was no longer valid. “That can’t be right,” I thought to myself – because I know for a fact that some of those users hadn’t logged in.  But their token was still invalid. So after a little bit of troubleshooting, I realized the issue….

The token is updated every time the User object is saved. Not just when they login.  And I have jobs running in the background to update the users with external data pulled from various APIs.  So my job was resetting the perishable_token for every user it touched.  Ok, so how did I fix the issue?  Simple really – I just took control of the maintenance of the perishable_token away from Authlogic and handled it myself.

So now, the token is reset at exactly two times: User creation and on a successful login.  No more craziness.

I added line 3 to the User model, to tell Authlogic to take a hike:

class User < ActiveRecord::Base
  acts_at_authentic
  disable_perishable_token_maintenance(true)
  ...
end

And also added line 4 to my UserSessions controller, to update the token on successful login:

def create
  @user_session = UserSession.new(params[:user_session])
  if @user_session.save
  @user_session.user.reset_perishable_token!
  flash[:notice] = "Login successful!"
  redirect_to root_url
end

Finally, I added line 3 and 4 to the Users controller, to create a token in the first place:

def create
  @user = User.new(params[:user])
  @user.reset_perishable_token
  @user.reset_single_access_token
  if(@user.save)
    redirect_to account_path
  else
    render :action => :new
  end
end

That’s it. Now my emails will still work even with jobs running and the user objects being updated in the background!

Update 9/22: fixed an error on line 4 of the UserSessions controller above, was doing @user.reset_perishable_token! but should be @user_session.user.reset_perishable_token!

In your Gemfile, update the authlogic line to be:

gem 'authlogic', :git => 'git://github.com/odorcicd/authlogic.git', :branch => 'rails3'

Now you should run $ bundle install to grab the new gem. Then, there are just a few more deprecated things in Rails3 that you’ll need to change in your upgraded app. I’ll try to enumerate here from memory, so please forgive me if I forget something.

First, you need to update your ApplicationController because #requesturi is outdated. Replace it with #fullpath:

def store_location
  session[:return_to] = request.fullpath
end

Second, you need to drop the filter_parameter_logging setting from your ApplicationController because it’s now handled in the new application.rb file. Just remember to add the :password_confirmation field to the default array like so:

# Configure sensitive parameters which will be filtered from the log file.
config.filter_parameters += [:password, :password_confirmation]

Third, if your migration script (or the steps you followed manually) didn’t get rid of the /config/initializers/cookie_verification_secret.rb file, delete it now. Cookie secrets are now handled in the /config/initializers/secret_token.rb file.

Fourth, the f.error_message construct isn’t available anymore in core rails, so you should take this opportunity to create your own better more customizable error messages. If you really really want to keep using f.error_message you can install the dynamic_form plugin, but don’t do that. Railscast.com did a very nice explanation of how to create your own shared _error_messages.html.erb view (along with some other validation-related stuff.)

Finally, you need to make sure your generated pages include the csrf_meta_tag. Check out my previous post if you’re getting an InvalidAuthenticityToken error when you hit the Logout link.

That should be all you need to do to have Authlogic working in Rails3 without deprecated warnings.

This is the error message shown:
ActionController::InvalidAuthenticityToken in User sessionsController#destroy

actionpack (3.0.0) lib/action_controller/metal/ request_forgery_protection.rb:96:in `verify_authenticity_token'

And the solution is simple, you just need to add the new csrf_meta_tag helper to your generated page (probably in the /views/layouts/application.html.erb file).

...
<head>
  <meta http-equiv="content-type" content="text/html;charset=UTF-8" />
  <title>Some Title</title>
  <%= stylesheet_link_tag :all %>
  <%= javascript_include_tag :defaults %>
  <%= csrf_meta_tag %>
</head>
...

Line 7 is the one you care about and need to have in your html.erb file.

This helper includes the appropriate meta tags which make the authenticity_token available to the handleMethod javascript function. In Rails3, links generated with the link_to helper which use a :method other than GET get passed through that handleMethod function in rails.js. That function creates a temporary form, sets some parameters and submits it. And if you’re using protect_from_forgery (you should be) all non-GET requests are checked to prevent Cross Site Request Forgery (CSRF). So, if those meta tags don’t exist on your page, the handleMethod function doesn’t know what your authenticity_token is, and the request will be rejected with the error above.

Line 5 below is an example of my main nav logout link that was causing the problem when clicked. No change was required to this code after doing the above fix.

<% if !current_user %>
  <%= link_to "Log In", new_user_session_path %> |
  <%= link_to "Register", new_account_path %> |
<% else %>
  <%= link_to "Logout", user_session_path, :method => :delete %> |
<% end %>

This isn’t specific to Authlogic’s logout click – any time you are using link_to now in Rails3 with non-GET methods, it uses unobtrusive javascript. And if you’re missing the csrf_meta_tag helper, any unobtrusive javascript posts will fail to validate.

For an innexplicable reason, Microsoft decided to kill the Export function from IIS7 in favor of this new feature.  But for those of us who don’t trust technology, we like to do things manually and to get a repeatable result that doesn’t update automatically when we least expect it.  Yes, I am the sort of person who wonders why the default Windows Update on servers is to Install and Reboot Automatically at 2am…

In any case, in a simple 3 step process you too can export and import your Internet Information Server 7 websites and app pools.

I will call the target server TWEB (this is the server where you want a duplicate configuration) and the source server SWEB (this is where the current configuration exists).

First, on TWEB make a backup copy of the files in C:\Windows\System32\inetsrv\config.  I just created a subfolder called “bak” and copied them.  This is very important.  If you forget or skip this step because backups are for sissies, you will be re-installing IIS7 in step 4.

Second, copy the AppliationHost.config from SWEB into the C:\Windows\System32\inetsrv\config folder on TWEB.  Also copy any application files like your c:\websites folder or whatever over to TWEB in the appropriate location if you haven’t already.

Third, on TWEB open both the new ApplicationHost.config and the backup ApplicationHost.config from step 1 and locate the <configProtectedData> node in the backup.  Copy that node and replace it into the new config file.

Fourth, if you didn’t backup the existing config file, remove the IIS role and add it back, then start at step 1.

Note: if you have custom accounts under which you’re running app pools (cuz you’re not using LocalSystem, right?) then you just need to go into the IIS Management Console and re-configure the passwords for those accounts.  They were encrypted with the other server’s AES keys so they won’t be valid on this server and the pools won’t start.

That’s it.  Hope that helps.  It should work the same for C# .NET applications (which is what I’m using) or just static websites or whatever.  But of course, you shouldn’t trust me.  Test it yourself first.

My new good-karma policy is that if I spend more than an hour tracking down a general bug or wacky configuration thing, I promise to blog the solution.