Performance monitoring identifies slow queries and bottlenecks. I use EXPLAIN ANALYZE to profile query execution. pgstatstatements tracks query statistics over time. Slow query logs capture problematic queries. Query execution time, I/O, and buffer us

Using email instead of username for authentication is a common requirement. I extend AbstractBaseUser and create a custom user manager early in the project because switching later means complex data migrations. The key is setting USERNAME_FIELD = 'ema

Letting users paste rich content is a product requirement that can become a security nightmare. I never try to write my own sanitizer. Instead, I run HTML through DOMPurify using JSDOM on the server and keep the allowlist small (minimal tags + attribu

Traditional offset-based pagination becomes unreliable and slow for large datasets when records are frequently inserted or deleted—users can miss items or see duplicates across pages. Cursor-based pagination solves this by using an opaque token that e

Turbo Drive caches pages aggressively, which is usually great. For volatile admin dashboards (counts, queues, toggles) you often want no-cache to avoid confusing “stale UI” bugs. turbo_cache_control makes the intent explicit.

If you sort by a non-unique column (score, created_at), pagination can “skip” or “duplicate” records. Always add a secondary unique key like id for deterministic ordering.

Proper indexing is the difference between millisecond and multi-second query response times. I add indexes to foreign keys automatically since Rails doesn't do this by default, and I create composite indexes for common query patterns that filter on mu

Elasticsearch provides powerful full-text search capabilities. Spring Data Elasticsearch offers repository abstraction similar to JPA. @Document annotates entity classes with index mapping. @Field customizes field types and analyzers. Queries use meth

When you need to invalidate caches by changing timestamps, use touch_all to avoid per-record callbacks. It’s fast, explicit, and doesn’t run unintended side effects.

For transactional email, the reliability problem is usually latency and retries, not MIME formatting. I prefer an HTTP email provider because requests are easy to bound with context.WithTimeout and easier to observe than raw SMTP. The code below build

When auth breaks in the UI, it’s expensive and it always seems to happen at the worst time. I keep one or two Playwright smoke tests that cover the critical path: login, navigate, create something, logout. The goal isn’t to test every edge case; it’s

OFFSET gets slower as tables grow and becomes inconsistent under writes. Keyset pagination is stable and fast: paginate by (created_at, id) cursor. This is a common “senior Rails” upgrade for activity feeds.