Walter Schreppers's Profile

Great episode!
But there is a bug in lib/api_constrains.rb :

def initialize(options)
@verison = options[:version]
@default = options[:default]
end

Should it not be the following?:
@version = options[:version]

because in the matches method below it, you use the @version variable...

Oops, just saw David spotted it also ;)

By the way the above does a post request (can do gets too which is commented) and it parses the uri including a port which can be something like http://example.com:5000. Parameters is a hash like:
{:file=>'bla.mp4'}

Wow, allmost like voodoo. Was just about to question how I would test my external web requests properly and bam you come with this episode ;). Awesome!

The thing I might add for asynchronous requests (or requests that can time out) searched a lot around and the only proper way to make a request timeout seems to be as follows:

def http_api_call( url_address, form_parameters )
begin
    uri = URI.parse( url_address )

    #this shortcut works but we can't set the timeouts...
    #response = Net::HTTP.get_response(uri)

    http = Net::HTTP.new(uri.host, uri.port)

    http.open_timeout = 3
    http.read_timeout = 3
    #request = Net::HTTP::Get.new(uri.request_uri)
    request = Net::HTTP::Post.new(uri.request_uri)
    request.set_form_data( form_parameters )

    response = http.request(request)
    result = response.body.to_s
  rescue Timeout::Error
    result = "WARNING: Connection timeout to external url on "+uri.to_s
  rescue Errno::ECONNREFUSED
    result = "WARNING: Connection refused to external url on "+uri.to_s
  end

  result #give back response string
 end

Using the above way your rails process does not hang if the request fails it just times out (had that problem with a backend that would sometimes fail to respond).

Kind regards and keep up the great work!

More test driven development episodes, it's awesome!

@Jonas : I thought that too before looking more closely and running the app. Basically since the message view is a standard rails 3 form it has html escaping and csrf tag (look application layout <%= csrf_meta_tag %>): you can't post javascript nor html through the form nor can you post in the form from another site.

That leaves a curl post, which is closed due to the security with FAYE_TOKEN (and the fact if your server has a good firewall you close the 9292 for outside world). So in essence even though not at first glance it is pretty secure ;)

Now getting it working with https might be another deal (meaning a clever one can read messages from other rooms even when you implement authentication but that's true for facebook, twitter also).