harikrishnan – redpanthers.co

Difference between Date, Time and DateTime

harikrishnan — Wed, 05 Apr 2017 10:23:42 +0000

Date When you need a string format of year, month and day, you have to go through Date class.

Has date attributes only (year, month, day)
Based on integer whole-day intervals from an arbitrary “day zero”
Can handle date arithmetic in units of whole days
Date object is created with ::new, ::jd, ::ordinal, ::commercial, ::parse, ::strptime, ::today, Time#to_date etc.
Takes 4 bytes to store.

Eg:

$ require 'date'
$ Date.new(2001,2,3)
  Date: 2001-02-03
$ Date.jd(2451944)
  Date: 2001-02-03 ...
$ Date.ordinal(2001,34)
  Date: 2001-02-03 ...
$ Date.commercial(2001,5,6)
  Date: 2001-02-03 ...
$ Date.parse('2001-02-03')
  Date: 2001-02-03 ...
$ Date.strptime('03-02-2001', '%d-%m-%Y')
  Date: 2001-02-03 ...
$ Time.new(2001,2,3).to_date
  Date: 2001-02-03 ...
$ Date.today
  "Mon, 02 Jan 2017"

Time

If you need both date and time values, we can make use of Time class.

Has date and time attributes (year, month, day, hour, min, sec, subsec)
Can handle negative times before unix time
Can handle time arithmetic in units of seconds

Eg:

$ require 'time'
$ Time.now
   2015-12-08 10:26:40 -0200
$ time = Time.new
  Components of a Time
$ time.year    # => Year of the date
$ time.month   # => Month of the date (1 to 12)
$ time.day     # => Day of the date (1 to 31 )
$ time.wday    # => 0: Day of week: 0 is Sunday
$ time.yday    # => 365: Day of year
$ time.hour    # => 23: 24-hour clock
$ time.min     # => 59
$ time.sec     # => 59
$ time.usec    # => 999999: microseconds
$ time.zone    # => "UTC": timezone name

Also rails provide a really good time class called ActiveSupport::TimeWithZone. It contains all the features the Time class have, plus many improvements, such as the support for configurable time zones.

DateTime

Has date and time attributes (year, month, day, hour, min, sec)
It is formatted as YYYY-MM-DD HH:MM:SS
Based on fractions of whole-day intervals from an arbitrary “day zero” (-4712-01-01)
Can handle date arithmetic in units of whole days or fractions
Takes 8 bytes to store, and has a precision of .001 seconds.
- A four-byte integer packed as YYYY×10000 + MM×100 + DD
- A four-byte integer packed as HH×10000 + MM×100 + SS
Valid ranges go from the year 1000 to the year 9999
It is created with ::new, ::jd, ::ordinal, ::commercial, ::parse, ::strptime, ::now, Time#to_datetime etc.

Eg:

$ require 'date'
$ DateTime.new(2001,2,3,4,5,6)
  DateTime: 2001-02-03T04:05:06+00:00 ...

Let’s see the Differences among all of them which makes them unique.

Date use rational and a “day zero” for storage. But Time doesn’t. So Time is faster.
Date field is populated with a literal date and does not concern itself with time zones so this can cause trouble if it is not expressed in the user’s local time. A DateTime can always be converted to a user’s local time if required.
Time used to track changes to records and update every time when the record is changed. DateTime used to store a specific and static value which is not affected by any changes in records.
Time internally converted current time zone to UTC for storage, and during retrieval converted back to the current time zone. DateTime can not do this.
Time affected by different TIME ZONE related setting. Datetime is constant.
Ruby’s Time class implements a proleptic Gregorian calendar and has no concept of calendar reform. This problem can be overcome using DateTime class.

Now since we know so many facets of Date, Time and DateTime , we can use them in a much better manner in future at our time of needs. Happy Coding in Ruby!

References

]]>

Rack::Attack – secure you rails app for the real world

harikrishnan — Mon, 27 Feb 2017 15:08:19 +0000

Are you worried about the security issues in your Rails app? The rack-attack gem, can help you. Rack::Attack is a rack middleware which provides security to our rails application. It allows us to safelist, blacklist, throttle and to track requests.

If the request matches any safelist, it is allowed.
If the request matches any blocklist, it is blocked.
If the request matches any throttle, a counter is incremented in the Rack::Attack.cache. If any throttle’s limit is exceeded, the request is blocked.
Otherwise, all tracks are checked, and the request is allowed.

Implementation

Install the rack-attack gem, or add it to you Gemfile as:

gem 'rack-attack'

Then tell your app to use the Rack::Attack middleware. For Rails 3+ apps:

# In config/application.rb
config.middleware.use Rack::Attack

Or you can use it in Rackup file as

# In config.ru
use Rack::Attack

By default, Rack Attack uses Rails cache. You can override that by setting the `Rack::Attack.cache.store` value. It is used for throttling. If you want to create use a custom adapter, for example, memory store, create a file called rack_attack.rb in config/initializers to configure Rack Attack and put the following code in the file:

class Rack::Attack
  Rack::Attack.cache.store = ActiveSupport::Cache::MemoryStore.new
  ########
end

Throttle

throttle('api/ip', limit: 3, period: 10) do |req|
  req.ip
end

Here we are limiting the request per seconds from the same IP address. Here we are limiting only 3 requests in 10 sec.

Safelist

Rack::Attack.safelist('allow from localhost') do |req|
  '127.0.0.1' == req.ip
end

Above example always allows the request from localhost. And the request is allowed if the value is true.

Blacklist

Rack::Attack.blacklist('block 2.2.2.2') do |req|
  '2.2.2.2' == req.ip
end

Here, it blocks the request from ‘2.2.2.2’.

Fail2Ban: Fail2Ban.filter can be used within a blocklist to block all requests from misbehaving clients. Allow2Ban: Allow2Ban.filter works the same way as the Fail2Ban.filter except that it allows requests from misbehaving clients until such time as they reach maximum retry.

Block logins from a bad user agent

Rack::Attack.blacklist('block bad UA logins') do |req|
  req.path == '/login' && req.post? && req.user_agent == 'BadUA'
end

In the above example, if a bad user tries to login, the request is blocked.

Tracks

Rack::Attack.track("special_agent") do |req|
  req.user_agent == "SpecialAgent"
end

It tracks request from a special user.

Security issues that Rack Attack addresses

Rate limits against DDoS and abusive users

DDoS is short for Distributed Denial of Service. It uses multiple computers and Internet connections to flood the targeted resource.

When you need more security to your rails app, don’t forget to add Rack::Attack in it. It will protect your app from bad clients.

Whitelist Search Engine spiders

Though we blacklist IP’s that are misbehaving, we have to whitelist search engine spiders. But they have a huge range of IP’s. So we can check user agent. But it’s something anyone can fake. We can run a reverse DNS lookup of the accessing IP and perform a forward DNS lookup on the domain (using host command). Verify that it is same as the original IP address from the logs.

References

]]>

How to format Git log for meaningful information

harikrishnan — Mon, 30 Jan 2017 12:42:55 +0000

Git is a wonderful piece of software that makes life easier and more productive for a programmer. But sadly most developers don’t use it up to their full potential so we are going to blog about various simple and advanced usages of git as a series. In the first article of the series, we are going to talk about git logs. Git log is a great feature, that allows us to keep track of our works. There are different options available under git log command, which help us to customize the output of git log and also to filter the log.

Git Graphs

git log --graph --decorate --oneline

The –graph option draws a graph representing the branches and its structure of commit history. –oneline is used to display commit message and its hash in a single line, which is used along with –decorate, which helps us to easily see which commit belongs to which branch.

Custom formatting

git log --pretty=format:""

This lets you display each commit however you want in printf style. For example %cn, %h and %cd which represents committer name, abbreviated hash and committer date respectively.

git log --pretty=format:"%cn committed %h on %cd"

Filtering the output

Git log can be filtered by different filters and format output

By amount

git log -

It displays latest n commits and its output. For example

git log -3

Will display latest 3 commit details

By date

git log --after=
git log --before=

Using --after and --before, we can get logs after or before the specified date. You can also use these both to get logs between two dates Example

git log --after='24-10-2016'
or
git log --since='24-10-2016'

--since and and --until are synonym for --after and --before

git log --date=

--date flag is used to format the output of the date. There are different option available for --date flag such as short, iso8601, relative, etc…

By Author

git log --author=

When you are only looking for commits by certain user you can --author flag. You can also use regular expressions for this.

git log --author='John\| Mary'

By message

git log --grep=''

When you want to search for log with certain string using --grep flag. You can use -i option if you want ignore the case.

By file

git log -- something.rb incredible.rb

When you want to get log only on some files you can specify files after -- flag

By Content

Git log allows you to get logs of files containing certain string. You can specify string using the -S flag

git log -S"Hello World!"

Format options available

git log --pretty=format:''

Git log format options

%H  - Commit hash
%h  - Abbreviated commit hash
%T  - Tree hashes
%t  - Abbreviated tree hash
%P  - Parent hashes
%p  - Abbreviated parent hashes
%an - Author name
%ae - Author email
%ad - Author date (format respects the --date=option)
%ar - Author date, relative
%cn - Committer name
%ce - Committer email
%cd - Committer date
%cr - Committer date, relative
%s  - Subject
%B  - Message

Example

git log --pretty=format:"%B on %ad with hash %h by %an" --date=short

That was a bit on how we can use Git log, and specifically on how to format the output. Leave your comments, questions, and doubts in the comment section in case you need to reach me.]]>