reclaim-the-stack
diff --git a/‎.env.test
+2 b/‎.env.test
+2
diff --git a/‎.github/workflows/depot-build-and-push.yaml
+16-4 b/‎.github/workflows/depot-build-and-push.yaml
+16-4
diff --git a/‎.gitignore
+6 b/‎.gitignore
+6
diff --git a/‎.rspec
+1 b/‎.rspec
+1
diff --git a/‎Gemfile
+6 b/‎Gemfile
+6
diff --git a/‎Gemfile.lock
+36 b/‎Gemfile.lock
+36
diff --git a/‎app/api/cloudflare.rb
+47 b/‎app/api/cloudflare.rb
+47
diff --git a/‎app/controllers/posts_controller.rb
+32-13 b/‎app/controllers/posts_controller.rb
+32-13
diff --git a/‎app/models/cached_url.rb
+16 b/‎app/models/cached_url.rb
+16
@@ -0,0 +1,2 @@
+CLOUDFLARE_API_TOKEN=cloudflare-token
+CLOUDFLARE_ZONE_ID=zone-id
@@ -4,25 +4,37 @@ on: push
 
 jobs:
   docker:
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-24.04
     permissions:
       contents: read
       pages: write
       id-token: write
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - uses: depot/setup-action@v1
 
-      - uses: docker/login-action@v2
+      - uses: docker/login-action@v3
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
 
-      - uses: depot/build-push-action@v1
+      - name: Build and push with sha + latest tag on master
+        if: github.ref == 'refs/heads/master'
+        uses: depot/build-push-action@v1
         with:
           project: b4qlt63xvg
           platforms: linux/amd64,linux/arm64
           push: true
           tags: |
             reclaimthestack/rails-example:latest
             reclaimthestack/rails-example:sha-${{ github.sha }}
+
+      - name: Build and push with sha tag on feature branches
+        if: github.ref != 'refs/heads/master'
+        uses: depot/build-push-action@v1
+        with:
+          project: b4qlt63xvg
+          platforms: linux/amd64,linux/arm64
+          push: true
+          tags: |
+            reclaimthestack/rails-example:sha-${{ github.sha }}
@@ -29,3 +29,9 @@
 
 # Ignore master key for decrypting credentials and more.
 /config/master.key
+
+# RSpec
+spec/examples.txt
+
+# Dotenv
+.env.development.local
@@ -0,0 +1 @@
+--require rails_helper --color
@@ -6,6 +6,7 @@ ruby File.read(".ruby-version")
 gem "rails", github: "rails/rails", branch: "main"
 
 gem "bootsnap", require: false
+gem "httpx"
 gem "importmap-rails"
 gem "opengraph_parser"
 gem "pg"
@@ -22,4 +23,9 @@ end
 
 group :development, :test do
   gem "dotenv-rails"
+  gem "rspec-rails"
+end
+
+group :test do
+  gem "webmock"
 end
@@ -99,21 +99,30 @@ GEM
   specs:
     addressable (2.8.2)
       public_suffix (>= 2.0.2, < 6.0)
+    bigdecimal (3.1.8)
     bindex (0.8.1)
     bootsnap (1.16.0)
       msgpack (~> 1.2)
     builder (3.2.4)
     concurrent-ruby (1.2.2)
     connection_pool (2.4.0)
+    crack (1.0.0)
+      bigdecimal
+      rexml
     crass (1.0.6)
     date (3.3.3)
+    diff-lcs (1.5.0)
     dotenv (2.8.1)
     dotenv-rails (2.8.1)
       dotenv (= 2.8.1)
       railties (>= 3.2)
     erubi (1.12.0)
     globalid (1.1.0)
       activesupport (>= 5.0)
+    hashdiff (1.1.0)
+    http-2-next (1.0.3)
+    httpx (1.2.5)
+      http-2-next (>= 1.0.3)
     i18n (1.12.0)
       concurrent-ruby (~> 1.0)
     importmap-rails (1.1.5)
@@ -183,13 +192,33 @@ GEM
       connection_pool
     reline (0.3.3)
       io-console (~> 0.5)
+    rexml (3.2.8)
+      strscan (>= 3.0.9)
+    rspec-core (3.12.1)
+      rspec-support (~> 3.12.0)
+    rspec-expectations (3.12.2)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.12.0)
+    rspec-mocks (3.12.4)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.12.0)
+    rspec-rails (6.0.1)
+      actionpack (>= 6.1)
+      activesupport (>= 6.1)
+      railties (>= 6.1)
+      rspec-core (~> 3.11)
+      rspec-expectations (~> 3.11)
+      rspec-mocks (~> 3.11)
+      rspec-support (~> 3.11)
+    rspec-support (3.12.0)
     sidekiq (7.0.7)
       concurrent-ruby (< 2)
       connection_pool (>= 2.3.0)
       rack (>= 2.2.4)
       redis-client (>= 0.11.0)
     stimulus-rails (1.2.1)
       railties (>= 6.0.0)
+    strscan (3.1.0)
     thor (1.2.1)
     timeout (0.3.2)
     turbo-rails (1.4.0)
@@ -203,6 +232,10 @@ GEM
       activemodel (>= 6.0.0)
       bindex (>= 0.4.0)
       railties (>= 6.0.0)
+    webmock (3.23.1)
+      addressable (>= 2.8.0)
+      crack (>= 0.3.2)
+      hashdiff (>= 0.4.0, < 2.0.0)
     webrick (1.8.1)
     websocket-driver (0.7.5)
       websocket-extensions (>= 0.1.0)
@@ -217,17 +250,20 @@ PLATFORMS
 DEPENDENCIES
   bootsnap
   dotenv-rails
+  httpx
   importmap-rails
   opengraph_parser
   pg
   propshaft
   puma
   rails!
   redis
+  rspec-rails
   sidekiq
   stimulus-rails
   turbo-rails
   web-console
+  webmock
 
 RUBY VERSION
    ruby 3.2.1p31
 
@@ -0,0 +1,47 @@
+module Cloudflare
+  BASE_URL = "https://api.cloudflare.com/client/v4".freeze
+
+  # https://developers.cloudflare.com/api/operations/zone-purge#purge-cached-content-by-tag-host-or-prefix
+  #
+  # Rate-limiting: Cache-Tag, host and prefix purging each have a rate limit
+  # of 30,000 purge API calls in every 24 hour period. You may purge up to
+  # 30 tags, hosts, or prefixes in one API call. This rate limit can be
+  # raised for customers who need to purge at higher volume.
+  #
+  # Provide tags as an Array of Strings, eg: ["mnd-assets-id-xxx", ...] or a single String
+  def self.purge_by_tags(tags, zone_id: ENV.fetch("CLOUDFLARE_ZONE_ID"))
+    tags = Array.wrap(tags)
+
+    post("zones/#{zone_id}/purge_cache", tags:)
+  end
+
+  # https://developers.cloudflare.com/api/operations/zone-purge#purge-cached-content-by-url
+  def self.purge_by_urls(urls, zone_id: ENV.fetch("CLOUDFLARE_ZONE_ID"))
+    urls = Array.wrap(urls)
+
+    post("zones/#{zone_id}/purge_cache", files: urls)
+  end
+
+  # https://developers.cloudflare.com/api/operations/zone-purge#purge-all-cached-content
+  def self.purge_everything(zone_id: ENV.fetch("CLOUDFLARE_ZONE_ID"))
+    post("zones/#{zone_id}/purge_cache", purge_everything: true)
+  end
+
+  %w[get post delete patch].each do |verb|
+    define_singleton_method(verb) do |path, params = {}|
+      request(verb.upcase, path, params)
+    end
+  end
+
+  def self.request(verb, path, params)
+    HTTPX.send(
+      verb.downcase,
+      "#{BASE_URL}/#{path}",
+      headers: {
+        "Authorization" => "Bearer #{ENV.fetch('CLOUDFLARE_API_TOKEN')}",
+        "Accept" => "application/json",
+      },
+      json: params,
+    ).raise_for_status
+  end
+end
@@ -1,5 +1,6 @@
 class PostsController < ApplicationController
-  before_action :set_post, only: %i[ show edit update destroy ]
+  before_action :enable_caching, only: %i[index show new edit]
+  skip_before_action :verify_authenticity_token
 
   # GET /posts
   def index
@@ -8,6 +9,7 @@ def index
 
   # GET /posts/1
   def show
+    @post = Post.find(params[:id])
   end
 
   # GET /posts/new
@@ -17,42 +19,59 @@ def new
 
   # GET /posts/1/edit
   def edit
+    @post = Post.find(params[:id])
   end
 
   # POST /posts
   def create
     @post = Post.new(post_params)
 
     if @post.save
-      redirect_to @post, notice: "Post was successfully created."
+      CachedUrl.expire_by_tags(["posts:all"])
+      redirect_to post_url(@post, nocache: true), notice: "Post was successfully created."
     else
       render :new, status: :unprocessable_entity
     end
   end
 
   # PATCH/PUT /posts/1
   def update
+    @post = Post.find(params[:id])
+
     if @post.update(post_params)
-      redirect_to @post, notice: "Post was successfully updated."
+      CachedUrl.expire_by_tags(["posts:all", "posts:#{@post.id}"])
+      redirect_to post_url(@post, nocache: true), notice: "Post was successfully updated."
     else
       render :edit, status: :unprocessable_entity
     end
   end
 
   # DELETE /posts/1
   def destroy
-    @post.destroy!
-    redirect_to posts_url, notice: "Post was successfully destroyed.", status: :see_other
+    post = Post.find(params[:id])
+
+    post.destroy!
+
+    CachedUrl.expire_by_tags(["posts:all", "posts:#{post.id}"])
+
+    redirect_to posts_url(nocache: true), notice: "Post was successfully destroyed.", status: :see_other
   end
 
   private
-    # Use callbacks to share common setup or constraints between actions.
-    def set_post
-      @post = Post.find(params[:id])
-    end
 
-    # Only allow a list of trusted parameters through.
-    def post_params
-      params.require(:post).permit(:title, :body)
-    end
+  def post_params
+    params.require(:post).permit(:title, :body)
+  end
+
+  def enable_caching
+    return if params.key?(:nocache)
+
+    # don't cache cookies (note: Cloudflare won't cache responses with cookies)
+    request.session_options[:skip] = true
+
+    tags = action_name == "index" ? ["section:posts", "posts:all"] : ["section:posts", "posts:#{params[:id]}"]
+
+    CachedUrl.upsert({ url: request.url, tags:, expires_at: 1.hour.from_now }, unique_by: :url)
+    expires_in 1.hour, public: true
+  end
 end
@@ -0,0 +1,16 @@
+class CachedUrl < ApplicationRecord
+  scope :tagged_one_of, -> (tags) { where("tags && ARRAY[?]::varchar[]", tags) }
+
+  def self.expire_by_tags(tags)
+    transaction do
+      cached_urls = tagged_one_of(tags)
+
+      now = Time.now
+      urls_to_purge = cached_urls.map { |cu| cu.url unless cu.expires_at < now }.compact
+
+      Cloudflare.purge_by_urls(urls_to_purge)
+
+      cached_urls.delete_all
+    end
+  end
+end
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+CLOUDFLARE_API_TOKEN=cloudflare-token`
	`2`	`+CLOUDFLARE_ZONE_ID=zone-id`