rails

For Postgres search beyond trivial ILIKE, maintain a tsvector column and a GIN index. Update it via trigger or application logic. This keeps search fast and predictable even as your dataset grows.

When multiple users can update the same record simultaneously, optimistic locking prevents lost updates by detecting conflicts. Rails provides built-in support via a lock_version integer column that increments on every update. If two users load the sa

I like optimistic UI for tiny interactions (like “star” or “follow”) because it makes the interface feel instant. The tradeoff is handling failure cleanly. I implement this with Stimulus: flip CSS + text immediately, then submit a Turbo request in the

Storing secrets in environment variables works but gets messy at scale with dozens of keys. Rails encrypted credentials provide a structured alternative where secrets live in version-controlled credentials.yml.enc files, encrypted with a master key st

Active Storage makes uploads easy; production makes them dangerous. Validate content type and size at the model layer, and keep the error messages user-friendly. This prevents large or unexpected uploads from blowing up costs and processing queues.

Drag-and-drop reorder can be fancy, but the core is: user triggers a reorder action, server persists positions, and the UI updates. For simpler UIs, I skip drag-and-drop and use up/down buttons. Each click POSTs to a move_up action, updates position,

A modal that opens without focusing an input is a tiny annoyance that adds up. In Hotwire apps, modals often swap in via Turbo Frames, which means the DOM is injected after navigation. Stimulus is ideal here: attach an autofocus controller to the moda

A simple fixed-window rate limiter is often enough for endpoints like login, password reset, webhooks, or expensive searches. Use atomic Redis INCR + EXPIRE with a stable key and return remaining quota for UX.

Scheduling bugs are often time zone bugs. Persist times in UTC, accept user input in their zone, and convert explicitly. Keep conversions close to the boundary (forms/controllers).

Instead of sprinkling custom JS for notifications, I treat flash as UI state and render it via Turbo Streams. When a create/update succeeds, the controller responds to format.turbo_stream and the template uses turbo_stream.replace to swap the flash co

Strong parameters prevent mass assignment vulnerabilities by explicitly whitelisting which attributes can be set via user input. Without this protection, attackers could modify sensitive fields like admin or account_balance by including them in reques

In production, stack traces without context are slow to debug. Raise custom exceptions that include IDs and safe metadata, and log them as JSON. This is the difference between “we think” and “we know”.