Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Multimedia storytelling for the web. Built in cooperation with WDR.
For a high level introduction and example Pageflow stories see pageflow.io.
For instructions on how to update from a prior version of the gem see the Updating Pageflow wiki page.
Pageflow is a Rails engine which roughly consists of the following components:
Pageflow assumes the following choice of libraries:
Pageflow runs in environments with:
Accounts of the following cloud services have to be registered:
Generate a new Rails application using the MySQL database adapter:
$ rails new my_pageflow --database=mysql
$ cd my_pageflow
Do not name your application "pageflow"
since it will cause conflicts
which constant names created by Pageflow itself.
Enter valid MySQL credentials inside config/database.yml
and create
the database:
$ rake db:create
Add these lines to your application's Gemfile, replacing X.Y.Z
with
the current Pageflow version number. It is recommended to depend on a
specific minor version using the pessimistic version constraint
operator. See Pageflow's
versioning policy
for details.
# Gemfile
gem 'pageflow', '~> X.Y.Z'
# The install generator sets up Resque as Active Job backend
gem 'resque', '~> 1.25'
gem 'resque-scheduler', '~> 4.10'
gem 'ar_after_transaction', '~> 0.8.0'
gem 'redis', '~> 3.0'
gem 'redis-namespace', '~> 1.5'
Run bundler to install dependencies:
$ bundle install
Now you can run the generator to setup Pageflow and its dependencies:
$ rails generate pageflow:install
The generator will invoke Active Admin and Devise generators in turn
and apply some configuration changes. When asked to overwrite the
db/seeds.rb
file, choose yes.
To better understand Pageflow's configuration choices, you can run the
single steps of the install
generator one by one. See the wiki page
The Install Generator in Detail
for more. If you'd rather not look behind the scenes for now, you can
safely read on.
Now you can migrate the database.
$ rake db:migrate
Finally, you can populate the database with some example data, so things do not look too blank in development mode.
$ rake db:seed
Pageflow stores files in S3 buckets also in development mode. Otherwise there's no way to have Zencoder encode them. See setting up external services.
The host application can utilize environment variables to configure the API keys for S3 and Zencoder. The variables can be found in the generated Pageflow initializer.
For available configuration options and examples see the inline docs
in config/initializers/pageflow.rb
in your generated rails app.
Ensure you have defined default url options in your environments
files. Here is an example of default_url_options
appropriate for a
development environment in config/environments/development.rb
:
config.action_mailer.default_url_options = {host: 'localhost:3000'}
In production, :host
should be set to the actual host of your
application.
In addition to the Rails server, you need to start two Rake tasks for
the background job processing. These tasks are listed in Procfile
which
is generated in the project root folder by the Pageflow installer.
Consider using the foreman gem to start all of these processes (including the Rails server) with a single command in your development environment.
The built-in Resque web server is mounted at /background_jobs
. Use it to
inspect the state of background jobs, and restart failed jobs. This functionality
is only available for admins.
If you run into problems during the installation of Pageflow, please refer to the Troubleshooting docs. If that doesn't help, consider filing an issue.
See SECURITY.md
.
Pull requests are welcome on GitHub at https://github.com/codevise/pageflow. Everyone interacting in the project's codebases, issue trackers and mailing lists is expected to follow the code of conduct.
See the Contributing section in the guides list for instructions on how to setup your development environment. The GitHub wiki contains high level guides on common development workflows.
The gem is available as open source under the terms of the MIT License.
Built in cooperation with:
We would like to express our special thanks to the following services for supporting Pageflow through free open source plans:
FAQs
Unknown package
We found that pageflow demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.