Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Rails 4 in 30'

Rails 4 in 30'

Santiago Pastorino

October 29, 2012
Tweet

More Decks by Santiago Pastorino

Other Decks in Programming

Transcript

  1. ▪ Migration ▪ Ruby 1.9.3 ▪ Strong Parameters ▪ Declarative

    ETags ▪ Cache Digests ▪ Turbolinks ▪ ActiveSupport::Queue ▪ Async Mailers ▪ Routing Concerns ▪ ActionController::Live ▪ Security ▪ Other features AGENDA Monday, October 29, 12
  2. ▪ Active Resource ▪ AR Observers ▪ AR Session Store

    ▪ AMo Mass Assignment Sanitizer ▪ Hash Based Finders ▪ find_all_* / find_last_* ▪ Action Caching ▪ Page Caching AVAILABLE AS GEMS Monday, October 29, 12
  3. ▪ YARV ▪ Fastest VM ▪ Bytecode interpreter ▪ Lazy

    Sweep GC (tuneable) ▪ Native Threads ▪ Better strategy for GIL / GVL ▪ Encodings RUBY 1.9.3 Monday, October 29, 12
  4. ActiveRecord::Schema.define(version:  20121010233758)  do    create_table  "users",  force:  true  do  |t|

           t.string      "username"        t.string      "password"        t.boolean    "admin"        t.datetime  "created_at"        t.datetime  "updated_at"    end end #  ... user  =  User.new  params[:user] MASS ASSIGNMENT Monday, October 29, 12
  5. ActiveRecord::Schema.define(version:  20121010233758)  do    create_table  "users",  force:  true  do  |t|

           t.string      "username"        t.string      "password"        t.boolean    "admin"        t.datetime  "created_at"        t.datetime  "updated_at"    end end #  ... user  =  User.new  params[:user] MASS ASSIGNMENT Monday, October 29, 12
  6. RA ILS 3.2 #  app/models/user.rb class  User  <  ActiveRecord::Base;  end

    #  app/controllers/users_controller.rb class  UsersController  <  ApplicationController    def  create        @user  =  User.create!  params[:user]        redirect_to  @user    end end #  raises  ActiveModel::MassAssignmentSecurity::Error MASS ASSIGNMENT Monday, October 29, 12
  7. RA ILS 4.0 #  app/models/user.rb class  User  <  ActiveRecord::Base;  end

    #  app/controllers/users_controller.rb class  UsersController  <  ApplicationController    def  create        @user  =  User.create!  params[:user]        redirect_to  @user    end end #  raises  ActiveModel::ForbiddenAttributesError MASS ASSIGNMENT Monday, October 29, 12
  8. RA ILS 3.2 #  app/models/user.rb class  User  <  ActiveRecord::Base  

     attr_accessible  :username,                                    :password end #  app/controllers/users_controller.rb class  UsersController  <  ApplicationController    def  create        @user  =  User.create!  params[:user]        redirect_to  @user    end end MASS ASSIGNMENT Monday, October 29, 12
  9. RA ILS 3.2 #  app/models/user.rb class  User  <  ActiveRecord::Base  

     attr_accessible  :username,                                    :password end #  app/controllers/users_controller.rb class  UsersController  <  ApplicationController    def  create        @user  =  User.create!  params[:user]        redirect_to  @user    end end MASS ASSIGNMENT Monday, October 29, 12
  10. RA ILS 4.0 #  app/models/user.rb class  User  <  ActiveRecord::Base;  end

    #  app/controllers/users_controller.rb class  UsersController  <  ApplicationController    def  create        @user  =  User.create!  params.require(:user).                                                                permit(:username,  :password)        redirect_to  @user    end end STRONG PARAMETERS Monday, October 29, 12
  11. RA ILS 4.0 #  app/models/user.rb class  User  <  ActiveRecord::Base;  end

    #  app/controllers/users_controller.rb class  UsersController  <  ApplicationController    def  create        @user  =  User.create!  params.require(:user).                                                                permit(:username,  :password)        redirect_to  @user    end end STRONG PARAMETERS Monday, October 29, 12
  12. RA ILS 4.0 #  app/models/user.rb class  User  <  ActiveRecord::Base;  end

    #  app/controllers/users_controller.rb class  UsersController  <  ApplicationController    def  create        @user  =  User.create!  user_params        redirect_to  @user    end    private    def  user_params        params.require(:user).permit(:username,  :password)    end end STRONG PARAMETERS Monday, October 29, 12
  13. RA ILS 4.0 #  app/models/user.rb class  User  <  ActiveRecord::Base;  end

    #  app/controllers/users_controller.rb class  UsersController  <  ApplicationController    def  create        @user  =  User.create!  user_params        redirect_to  @user    end    private    def  user_params        params.require(:user).permit(:username,  :password)    end end STRONG PARAMETERS Monday, October 29, 12
  14. RA ILS 4.0 user  =  User.find_by_username('spastorino') user.admin? =>  false user.update_attributes(username:

     'santiago',  admin:  true) =>  true STRONG PARAMETERS Monday, October 29, 12
  15. RA ILS 4.0 user  =  User.find_by_username('spastorino') user.admin? =>  false user.update_attributes(username:

     'santiago',  admin:  true) =>  true user.admin? =>  true STRONG PARAMETERS Monday, October 29, 12
  16. RA ILS 3.2 class  TodolistsController  <  ApplicationController    def  show

           @todolist  =  Todolist.find(params[:id])        fresh_when  etag:  @todolist    end end DECLARATIVE ETAGS Monday, October 29, 12
  17. RA ILS 4.0 class  TodolistsController  <  ApplicationController    etag  {

     current_user.try  :admin  }    def  show        @todolist  =  Todolist.find(params[:id])        fresh_when  etag:  @todolist    end end DECLARATIVE ETAGS Monday, October 29, 12
  18. RA ILS 4.0 class  TodolistsController  <  ApplicationController    etag  {

     current_user.try  :admin  }    etag  {  @project.try  :cache_key  }    def  show        @todolist  =  Todolist.find(params[:id])        fresh_when  etag:  @todolist    end end DECLARATIVE ETAGS Monday, October 29, 12
  19. RA ILS 3.2 #  projects/show.html.erb <%  cache  [  "v5",  project

     ]  do  %>    <p>All  my  todo  lists:</p>    <%=  render  project.todolists  %> <%  end  %> #  todolists/_todolist.html.erb <%  cache  [  "v3",  todolist  ]  do  %>    <p><%=  todolist.name  %>:</p>    <%=  render  todolist.todos  %> <%  end  %> #  todos/_todo.html.erb <%  cache  [  "v1",  todo  ]  do  %>    <p><%=  todo.name  %></p> <%  end  %> CACHING VIEWS Monday, October 29, 12
  20. RA ILS 3.2 #  projects/show.html.erb <%  cache  [  "v5",  project

     ]  do  %>    <p>All  my  todo  lists:</p>    <%=  render  project.todolists  %> <%  end  %> #  todolists/_todolist.html.erb <%  cache  [  "v3",  todolist  ]  do  %>    <p><%=  todolist.name  %>:</p>    <%=  render  todolist.todos  %> <%  end  %> #  todos/_todo.html.erb <%  cache  [  "v1",  todo  ]  do  %>    <p><%=  todo.name  %></p> <%  end  %> CACHING VIEWS Monday, October 29, 12
  21. RA ILS 3.2 #  projects/show.html.erb <%  cache  [  "v5",  project

     ]  do  %>    <p>All  my  todo  lists:</p>    <%=  render  project.todolists  %> <%  end  %> #  todolists/_todolist.html.erb <%  cache  [  "v3",  todolist  ]  do  %>    <p><%=  todolist.name  %>:</p>    <%=  render  todolist.todos  %> <%  end  %> #  todos/_todo.html.erb <%  cache  [  "v1",  todo  ]  do  %>    <p><%=  todo.name  %></p> <%  end  %> CACHING VIEWS Monday, October 29, 12
  22. RA ILS 3.2 #  projects/show.html.erb <%  cache  [  "v5",  project

     ]  do  %>    <p>All  my  todo  lists:</p>    <%=  render  project.todolists  %> <%  end  %> #  todolists/_todolist.html.erb <%  cache  [  "v3",  todolist  ]  do  %>    <p><%=  todolist.name  %>:</p>    <%=  render  todolist.todos  %> <%  end  %> #  todos/_todo.html.erb <%  cache  [  "v1",  todo  ]  do  %>    <p><%=  todo.name  %></p> <%  end  %> CACHING VIEWS Monday, October 29, 12
  23. RA ILS 3.2 #  projects/show.html.erb <%  cache  [  "v5",  project

     ]  do  %>    <p>All  my  todo  lists:</p>    <%=  render  project.todolists  %> <%  end  %> #  todolists/_todolist.html.erb <%  cache  [  "v3",  todolist  ]  do  %>    <p><%=  todolist.name  %>:</p>    <%=  render  todolist.todos  %> <%  end  %> #  todos/_todo.html.erb <%  cache  [  "v1",  todo  ]  do  %>    <li><%=  todo.name  %></li> <%  end  %> CACHING VIEWS Monday, October 29, 12
  24. RA ILS 3.2 #  projects/show.html.erb <%  cache  [  "v5",  project

     ]  do  %>    <p>All  my  todo  lists:</p>    <%=  render  project.todolists  %> <%  end  %> #  todolists/_todolist.html.erb <%  cache  [  "v3",  todolist  ]  do  %>    <p><%=  todolist.name  %>:</p>    <%=  render  todolist.todos  %> <%  end  %> #  todos/_todo.html.erb <%  cache  [  "v2",  todo  ]  do  %>    <li><%=  todo.name  %></li> <%  end  %> CACHING VIEWS Monday, October 29, 12
  25. RA ILS 3.2 #  projects/show.html.erb <%  cache  [  "v5",  project

     ]  do  %>    <p>All  my  todo  lists:</p>    <%=  render  project.todolists  %> <%  end  %> #  todolists/_todolist.html.erb <%  cache  [  "v3",  todolist  ]  do  %>    <p><%=  todolist.name  %>:</p>    <%=  render  todolist.todos  %> <%  end  %> #  todos/_todo.html.erb <%  cache  [  "v2",  todo  ]  do  %>    <li><%=  todo.name  %></li> <%  end  %> CACHING VIEWS Monday, October 29, 12
  26. RA ILS 3.2 #  projects/show.html.erb <%  cache  [  "v5",  project

     ]  do  %>    <p>All  my  todo  lists:</p>    <%=  render  project.todolists  %> <%  end  %> #  todolists/_todolist.html.erb <%  cache  [  "v4",  todolist  ]  do  %>    <p><%=  todolist.name  %>:</p>    <ul><%=  render  todolist.todos  %></ul> <%  end  %> #  todos/_todo.html.erb <%  cache  [  "v2",  todo  ]  do  %>    <li><%=  todo.name  %></li> <%  end  %> CACHING VIEWS Monday, October 29, 12
  27. RA ILS 3.2 #  projects/show.html.erb <%  cache  [  "v5",  project

     ]  do  %>    <p>All  my  todo  lists:</p>    <%=  render  project.todolists  %> <%  end  %> #  todolists/_todolist.html.erb <%  cache  [  "v4",  todolist  ]  do  %>    <p><%=  todolist.name  %>:</p>    <ul><%=  render  todolist.todos  %></ul> <%  end  %> #  todos/_todo.html.erb <%  cache  [  "v2",  todo  ]  do  %>    <li><%=  todo.name  %></li> <%  end  %> CACHING VIEWS Monday, October 29, 12
  28. RA ILS 3.2 #  projects/show.html.erb <%  cache  [  "v6",  project

     ]  do  %>    <p>All  my  todo  lists:</p>    <%=  render  project.todolists  %> <%  end  %> #  todolists/_todolist.html.erb <%  cache  [  "v4",  todolist  ]  do  %>    <p><%=  todolist.name  %>:</p>    <ul><%=  render  todolist.todos  %></ul> <%  end  %> #  todos/_todo.html.erb <%  cache  [  "v2",  todo  ]  do  %>    <li><%=  todo.name  %></li> <%  end  %> CACHING VIEWS Monday, October 29, 12
  29. RA ILS 4.0 #  projects/show.html.erb <%  cache  project  do  %>

       <p>All  my  todo  lists:</p>    <%=  render  project.todolists  %> <%  end  %> #  todolists/_todolist.html.erb <%  cache  todolist  do  %>    <p><%=  todolist.name  %>:</p>    <%=  render  todolist.todos  %> <%  end  %> #  todos/_todo.html.erb <%  cache  todo  do  %>  <p><%=  todo.name  %></p> <%  end  %> CACHE DIGESTS Monday, October 29, 12
  30. RA ILS 4.0 #  projects/show.html.erb <%  cache  project  do  %>

       <p>All  my  todo  lists:</p>    <%=  render  project.todolists  %> <%  end  %> #  todolists/_todolist.html.erb <%  cache  todolist  do  %>    <p><%=  todolist.name  %>:</p>    <ul><%=  render  todolist.todos  %></ul> <%  end  %> #  todos/_todo.html.erb <%  cache  todo  do  %>    <li><%=  todo.name  %></li> <%  end  %> CACHE DIGESTS Monday, October 29, 12
  31. DOESN’T DOWNLOAD JS & CSS NOT A REAL GAIN IF

    YOU USE CACHING Monday, October 29, 12
  32. RA ILS 4.0 #  config/application.rb #  Default  Synchronous config.queue  =

     ActiveSupport::SynchronousQueue.new #  Default  Threaded config.queue  =  ActiveSupport::Queue.new #  Resque  Queue config.queue  =  Resque::Rails::Queue.new #  Sidekiq  Queue config.queue  =  Sidekiq::Client::Queue.new AS::QUEUE Monday, October 29, 12
  33. RA ILS 3.2 class  UsersController  <  ActionController::Base    def  create

           @user  =  User.new  params[:user]        if  @user.save            UserMailer.welcome_email(@user).deliver        end        respond_with  @user    end end MAILERS Monday, October 29, 12
  34. RA ILS 4.0 class  UsersController  <  ActionController::Base    def  create

           @user  =  User.new  params[:user]        if  @user.save            UserMailer.welcome_email(@user).deliver        end        respond_with  @user    end end ASYNC MAILERS Monday, October 29, 12
  35. RA ILS 3.2 #  config/routes.rb Myapp::Application.routes.draw  do    resources  :messages

     do        resources  :comments    end    resources  :forwards  do        resources  :comments    end    resources  :uploads  do        resources  :comments    end    resources  :documents  do        resources  :comments    end    resources  :todos  do        resources  :comments    end ROUTING CONCERNS Monday, October 29, 12
  36. RA ILS 4.0 #  config/routes.rb Myapp::Application.routes.draw  do    concern  :commentable

     do        resources  :comments    end    resources  :messages,    concerns:  :commentable    resources  :forwards,    concerns:  :commentable    resources  :uploads,      concerns:  :commentable    resources  :documents,  concerns:  :commentable    resources  :todos,          concerns:  :commentable end ROUTING CONCERNS Monday, October 29, 12
  37. RA ILS 4.0 class  MyController  <  ActionController::Base    include  ActionController::Live

       def  index        100.times  {            response.stream.write  "hi\n"        }        response.stream.close    end end AC::LIVE Monday, October 29, 12
  38. ▪ match doesn’t catch all ▪ ej. match ‘/follow’ ▪

    escape_html_entities_in_json = true SECURITY Monday, October 29, 12
  39. ▪ match doesn’t catch all ▪ ej. match ‘/follow’ ▪

    escape_html_entities_in_json = true ▪ var posts = #{ @posts.to_json } SECURITY Monday, October 29, 12
  40. ▪ match doesn’t catch all ▪ ej. match ‘/follow’ ▪

    escape_html_entities_in_json = true ▪ var posts = #{ @posts.to_json } ▪ X-Frame-Options: SAMEORIGIN SECURITY Monday, October 29, 12
  41. ▪ match doesn’t catch all ▪ ej. match ‘/follow’ ▪

    escape_html_entities_in_json = true ▪ var posts = #{ @posts.to_json } ▪ X-Frame-Options: SAMEORIGIN ▪ X-Xss-Protection: 1; mode=block SECURITY Monday, October 29, 12
  42. ▪ match doesn’t catch all ▪ ej. match ‘/follow’ ▪

    escape_html_entities_in_json = true ▪ var posts = #{ @posts.to_json } ▪ X-Frame-Options: SAMEORIGIN ▪ X-Xss-Protection: 1; mode=block ▪ X-Content-Type-Options: nosniff SECURITY Monday, October 29, 12
  43. ▪ threadsafe! by default ▪ ActiveRecord::Model ▪ ActiveModel::Model ▪ ActiveRecord::Relation

    ▪ Schema cache dump ▪ Dalli ▪ PATCH verb ▪ Friendly errors ▪ Default test directories have changed OTHER FEATURES Monday, October 29, 12