I am developing a boilerplate called SuperRails.
Super Rails | Rails Boilerplate for Solopreneurs
A production-ready Rails boilerplate with Devise, Avo, Stripe, ViewComponent and more. Skip the setup, ship your MVP in days.
super-rails.com
It is a collection of gems and pages that aren't in the Rails standard but are definitely convenient to have. I am currently taking on a challenge to release one product a month on YouTube, including marketing, and I can say without a doubt that I am able to continue this challenge because of SuperRails. Most MVPs can be ready to release in an instant by just adding a few models and controller actions to it.
For the "LazyCafe" I released this month, I simply used SuperRails as a foundation, added a single model called "Track," and enabled it to be operated by the frontend via a JSON API. It is incredibly easy to build an MVP.
Now, I use Devise as the authentication method for SuperRails.
When I asked on Reddit which gem I should adopt for my boilerplate, I was asked why I use Devise instead of the built-in Rails 8 authentication.
Frankly speaking, I have never had any issues using Devise.
However, it seems there is a strong sentiment within the Rails community that Devise is too complex and that I should be using the standard Rails 8 authentication.
I understand that feeling. The philosophy of Rails is to "ride the rails." In other words, as Web developers, we run like trains along the tracks that the genius DHH has built by adhering abnormally to the principle of "Convention over Configuration."
That is the Rails community.
As a Rails engineer—or rather, as a businessman—I respect him from the bottom of my heart.
On the other hand, I didn't really see the merit in using the Rails 8 authentication feature.
Sure, as a framework policy, it is important to provide an authentication method by default to demonstrate that "batteries are included."
However, I see no particular reason to abandon Devise, which I have grown accustomed to using.
I have used Devise in every single Rails project I have participated in so far.
There is a claim that Devise is complex. I don't really understand that.
It is rare that I need to customize authentication features. Moreover, as a small-scale entrepreneur, I don't have time to spend on login methods, which are not the core of my business.
In fact, isn't it more tedious to take the code generated by rails g authentication, tweak it, and try to configure it to fit your own use case? I'd have nothing to laugh about if I customized it strangely and then got hacked.
It also has poor compatibility with existing libraries.
For example, I use a fairly niche library called "any_login." This is a very convenient gem that allows you to switch login users instantly.
AnyLogin Gem
Description
Demo available on: https://any-login.herokuapp.com (source code for demo https://github.com/igorkasyanchuk/any_login_test)
Video Demo: https://youtu.be/978DlHvufSY
AnyLogin was created to speed up the development process by allowing developers to quickly log in as any user.
Give it a try; if you like it please share AnyLogin with friends. If you have any suggestions please feel free to contact me.
Requirements
Ruby: >= 3.0, Rails: >= 6.1. Pre-configured to work with Devise, Authlogic, Clearance or Sorcery gems.
For Rails < 4.2.7 please use gem 'any_login', '1.3'.
Installation
-
Add AnyLogin to your Gemfile:
gem 'any_login' -
Execute in console:
bundle install -
In application layout (for example
app/views/layouts/application.html.erb) add the following to the bottom of the page:= any_login_here if defined?(AnyLogin) -
Open your app and on the bottom left corner you will see semi-transparent user icon. Click on it and now you can select any user to log in…
Gems like Pundit and Avo also work.
Pundit
Pundit provides a set of helpers which guide you in leveraging regular Ruby classes and object oriented design patterns to build a straightforward, robust, and scalable authorization system.
Links:
Sponsored by: Varvet
Installation
Please note that the README on GitHub is accurate with the latest code on GitHub. You are most likely using a released version of Pundit, so please refer to the documentation for the latest released version of Pundit.
bundle add pundit
Include Pundit::Authorization in your application controller:
class ApplicationController < ActionController::Base include Pundit::Authorization end
Optionally, you can run the generator, which will set up an application policy with some useful defaults for you:
rails g pundit:install
After generating your application policy, restart the Rails server so that Rails
can pick up any classes in the new app/policies/…
These are implemented on the premise that the current_user defined by Devise exists.
Even the code output by AI assumes that current_user exists. Naturally, since the vast majority of apps in the training data were implemented with Devise.
Someone on Reddit commented like this:
there is one caveat to that: make sure to use "Device" naming convention so using libraries such Pundit, CanCanCan etc is compatible with your code without addition tweaking.
Does that mean something like this?
module ApplicationHelper
def current_user
Current.user
end
end
I’m sorry, but I don’t want to write code like this.
Surprisingly, the Devise community remains active even after the implementation of the Rails 8 standard authentication.
As of the time of writing this article, the last merge was two weeks ago.
Devise is a flexible authentication solution for Rails based on Warden. It:
- Is Rack based;
- Is a complete MVC solution based on Rails engines;
- Allows you to have multiple models signed in at the same time;
- Is based on a modularity concept: use only what you really need.
It's composed of 10 modules:
- Database Authenticatable: hashes and stores a password in the database to validate the authenticity of a user while signing in. The authentication can be done both through POST requests or HTTP Basic Authentication.
- Omniauthable: adds OmniAuth (https://github.com/omniauth/omniauth) support.
- Confirmable: sends emails with confirmation instructions and verifies whether an account is already confirmed during sign in.
- Recoverable: resets the user password and sends reset instructions.
- Registerable: handles signing up users through a registration process, also allowing them to edit and destroy their account.
- Rememberable: manages generating and clearing a token…
In a world where many gems are abandoned and disappear, this is encouraging.
It lives up to having over 20,000 stars.
For these reasons, I have decided to use Devise for SuperRails and my other projects, even with Rails 8.
Since this decision could easily change depending on the evolution of AI and the trends in the community, I intend to just wait and see for about a year and focus on my business.
As a side note, it’s strange for me to complain, but why is it that the Rails 8 standard authentication has a login page but no sign-up page?