Adding Tools to the Tool Belt

Sinatra Project Week is in the rear view, and it came with new challenges and new things to learn. This Sinatra project was very different from the previous CLI project we had done mostly because of the amount of features that we were able to add to our application. Learning about the RESTful routes gave us the flexibility of navigating through the application with ease. Using bcrypt provided us with being able to have User accounts with their information saved and protected with secure passwords. Having the Ruby gem ‘shotgun’ as well, was an absolute need, it gives you the ability to visualize what your application look like as you’re making changes to it instantly.

My Sinatra Project idea came from a friend of mine, who is a chef in Orlando, his idea was to make a Facebook style app but strictly for chefs from all over. They would be able to post the same as Facebook but they would also be able to keep and store recipes. This requires having different users being able to add and see different posts and recipes but also only letting them edit or delete their own posts, this is where the authentication of bcrypt comes in. When we were first introduced to being able to create users and passwords it really got me excited. Cyber security has always been a very interesting topic for me, so getting to learn how to protect our users with encrypted passwords was something I was eager to get started on. We use a Ruby gem called bcrypt for this encrypting process. The way bcrypt works is that it takes the user password or key and it adds what is called “salt” to that password and produces a unique “hash” every time. The “salt” that is added to the password is a randomly generated fixed-length string value that is added to the password. It can turn a simple “123” password into a unique hash that looks like :

$2a$12$ng1cv7nOEU2l5Gzl8ifR9.78aT5qhDoug4hU99fXWvr18.fdMXpDi 

Even if another user were to use the same password the newly generated hash would not be the same. This is thanks to the randomly generated “salting”. Even though the hash is completely unique even if the original password entered is the same, bcrypt will still know that even though the two hashes would be different that they would still be the same password. This added security feature prevents attackers from being able to crack one password and accessing any other accounts who might have used the same password, because the hashes wouldn’t be the same. I created dummy accounts testing out my application and its features, and when I went to see the data that had been stored in my database it was interesting to see all the different hashes that had been saved in the place of passwords. Despite looking like a complete keyboard smash of random keys bcrypt knows exactly what the password is. Another thing that needs to be added in besides adding the bcrypt gem in your Gemfile, in the User model we have to add in the macro has_secure_password this already has certain validations built in for which the password must follow or it won’t be accepted. It makes sure that the password isn’t empty and that it doesn’t extend a certain length. This macro also gives us the setter method for ‘password’ and looks for a password_digest column in your database which is where the encrypted and salted password is stored. It then gives us another method .authenticate which is what compares the entered password to the salted password. Bcrypt finds the stored encrypted password and encrypts the entered password to then compare both salted passwords. When compared if they are the same the method will return true or false if the password is not entered correctly.

The bcrypt gem wasn’t the only one that was exciting to use, the other gem that we got to use was the Ruby gem ‘shotgun’. This gem provides you with a live server to see your app in its full entirety and reloads your application with every request made. So a simple page refresh would show you all the changes you made in your view page, or a simple refresh would allow you to test out your newly created route. This gem is one that I believe is an essential gem to have in every single Sinatra application that you are working on because it is a major help, being able to actually see exactly how your app is laid out or how your routes are working. The only down side is that because it does reload every request it does give you correct and instant results, but it becomes rather slow after a while and needs to be restarted.

Building a full app using Sinatra was really exciting and really felt like a true designer. I was able to build an entire working app that was fully functional and definitely thinking about other ideas that I can build with Sinatra to continue working and learning it. Being able to get an idea and using all the different tools that come with Ruby in the form of gems that make the experience of designing completely simple.