$30 off During Our Annual Pro Sale. View Details »

Rails 4 in 30'

Rails 4 in 30'

Santiago Pastorino

October 29, 2012
Tweet

More Decks by Santiago Pastorino

Other Decks in Programming

Transcript

  1. WHAT’S NEW
    RAILS 4 IN 30’
    Monday, October 29, 12

    View Slide

  2. Monday, October 29, 12

    View Slide

  3. Monday, October 29, 12

    View Slide

  4. ■ Migration
    ■ Ruby 1.9.3
    ■ Strong Parameters
    ■ Declarative ETags
    ■ Cache Digests
    ■ Turbolinks
    ■ ActiveSupport::Queue
    ■ Async Mailers
    ■ Routing Concerns
    ■ ActionController::Live
    ■ Security
    ■ Other features
    AGENDA
    Monday, October 29, 12

    View Slide

  5. MIGRATION
    Monday, October 29, 12

    View Slide

  6. 3.0.X ➡ 3.1.X ➡ 3.2.X
    Monday, October 29, 12

    View Slide

  7. IN EACH STEP ...
    Monday, October 29, 12

    View Slide

  8. TESTS
    COVERAGE
    QA
    Monday, October 29, 12

    View Slide

  9. DEPRECATIONS
    Monday, October 29, 12

    View Slide

  10. ■ Active Resource
    ■ AR Observers
    ■ AR Session Store
    ■ AMo Mass Assignment Sanitizer
    ■ Hash Based Finders
    ■ find_all_* / find_last_*
    ■ Action Caching
    ■ Page Caching
    AVAILABLE AS GEMS
    Monday, October 29, 12

    View Slide

  11. VENDOR/PLUGINS
    WAS REMOVED
    Monday, October 29, 12

    View Slide

  12. USE RAILS GUIDES
    Monday, October 29, 12

    View Slide

  13. Monday, October 29, 12

    View Slide

  14. Monday, October 29, 12

    View Slide

  15. ■ YARV
    ■ Fastest VM
    ■ Bytecode interpreter
    ■ Lazy Sweep GC (tuneable)
    ■ Native Threads
    ■ Better strategy for GIL / GVL
    ■ Encodings
    RUBY 1.9.3
    Monday, October 29, 12

    View Slide

  16. FEATURES
    Monday, October 29, 12

    View Slide

  17. STRONG
    PARAMETERS
    Monday, October 29, 12

    View Slide

  18. ActiveRecord::Schema.define(version:  20121010233758)  do
       create_table  "users",  force:  true  do  |t|
           t.string      "username"
           t.string      "password"
           t.boolean    "admin"
           t.datetime  "created_at"
           t.datetime  "updated_at"
       end
    end
    #  ...
    user  =  User.new  params[:user]
    MASS ASSIGNMENT
    Monday, October 29, 12

    View Slide

  19. ActiveRecord::Schema.define(version:  20121010233758)  do
       create_table  "users",  force:  true  do  |t|
           t.string      "username"
           t.string      "password"
           t.boolean    "admin"
           t.datetime  "created_at"
           t.datetime  "updated_at"
       end
    end
    #  ...
    user  =  User.new  params[:user]
    MASS ASSIGNMENT
    Monday, October 29, 12

    View Slide

  20. RA
    ILS
    3.2
    #  app/models/user.rb
    class  User  <  ActiveRecord::Base;  end
    #  app/controllers/users_controller.rb
    class  UsersController  <  ApplicationController
       def  create
           @user  =  User.create!  params[:user]
           redirect_to  @user
       end
    end
    #  raises  ActiveModel::MassAssignmentSecurity::Error
    MASS ASSIGNMENT
    Monday, October 29, 12

    View Slide

  21. RA
    ILS
    4.0
    #  app/models/user.rb
    class  User  <  ActiveRecord::Base;  end
    #  app/controllers/users_controller.rb
    class  UsersController  <  ApplicationController
       def  create
           @user  =  User.create!  params[:user]
           redirect_to  @user
       end
    end
    #  raises  ActiveModel::ForbiddenAttributesError
    MASS ASSIGNMENT
    Monday, October 29, 12

    View Slide

  22. RA
    ILS
    3.2
    #  app/models/user.rb
    class  User  <  ActiveRecord::Base
       attr_accessible  :username,
                                       :password
    end
    #  app/controllers/users_controller.rb
    class  UsersController  <  ApplicationController
       def  create
           @user  =  User.create!  params[:user]
           redirect_to  @user
       end
    end
    MASS ASSIGNMENT
    Monday, October 29, 12

    View Slide

  23. RA
    ILS
    3.2
    #  app/models/user.rb
    class  User  <  ActiveRecord::Base
       attr_accessible  :username,
                                       :password
    end
    #  app/controllers/users_controller.rb
    class  UsersController  <  ApplicationController
       def  create
           @user  =  User.create!  params[:user]
           redirect_to  @user
       end
    end
    MASS ASSIGNMENT
    Monday, October 29, 12

    View Slide

  24. RA
    ILS
    4.0
    #  app/models/user.rb
    class  User  <  ActiveRecord::Base;  end
    #  app/controllers/users_controller.rb
    class  UsersController  <  ApplicationController
       def  create
           @user  =  User.create!  params.require(:user).
                                                                   permit(:username,  :password)
           redirect_to  @user
       end
    end
    STRONG PARAMETERS
    Monday, October 29, 12

    View Slide

  25. RA
    ILS
    4.0
    #  app/models/user.rb
    class  User  <  ActiveRecord::Base;  end
    #  app/controllers/users_controller.rb
    class  UsersController  <  ApplicationController
       def  create
           @user  =  User.create!  params.require(:user).
                                                                   permit(:username,  :password)
           redirect_to  @user
       end
    end
    STRONG PARAMETERS
    Monday, October 29, 12

    View Slide

  26. RA
    ILS
    4.0
    #  app/models/user.rb
    class  User  <  ActiveRecord::Base;  end
    #  app/controllers/users_controller.rb
    class  UsersController  <  ApplicationController
       def  create
           @user  =  User.create!  user_params
           redirect_to  @user
       end
       private
       def  user_params
           params.require(:user).permit(:username,  :password)
       end
    end
    STRONG PARAMETERS
    Monday, October 29, 12

    View Slide

  27. RA
    ILS
    4.0
    #  app/models/user.rb
    class  User  <  ActiveRecord::Base;  end
    #  app/controllers/users_controller.rb
    class  UsersController  <  ApplicationController
       def  create
           @user  =  User.create!  user_params
           redirect_to  @user
       end
       private
       def  user_params
           params.require(:user).permit(:username,  :password)
       end
    end
    STRONG PARAMETERS
    Monday, October 29, 12

    View Slide

  28. RA
    ILS
    4.0
    curl  http://localhost:3000/users  -­‐d  
    "user[username]=spastorino&user[admin]=true&
    authenticity_token=mm89V7LxLMRJoMJcnP6SIxnxg19RzcO56hdqbDZNmVo
    ="  -­‐-­‐cookie  cookie
    STRONG PARAMETERS
    Monday, October 29, 12

    View Slide

  29. RA
    ILS
    4.0
    curl  http://localhost:3000/users  -­‐d  
    "user[username]=spastorino&user[admin]=true&
    authenticity_token=mm89V7LxLMRJoMJcnP6SIxnxg19RzcO56hdqbDZNmVo
    ="  -­‐-­‐cookie  cookie
    STRONG PARAMETERS
    Monday, October 29, 12

    View Slide

  30. RA
    ILS
    4.0
    user  =  User.find_by_username('spastorino')
    user.admin?
    =>  false
    STRONG PARAMETERS
    Monday, October 29, 12

    View Slide

  31. RA
    ILS
    4.0
    user  =  User.find_by_username('spastorino')
    user.admin?
    =>  false
    user.update_attributes(username:  'santiago',  admin:  true)
    =>  true
    STRONG PARAMETERS
    Monday, October 29, 12

    View Slide

  32. RA
    ILS
    4.0
    user  =  User.find_by_username('spastorino')
    user.admin?
    =>  false
    user.update_attributes(username:  'santiago',  admin:  true)
    =>  true
    user.admin?
    =>  true
    STRONG PARAMETERS
    Monday, October 29, 12

    View Slide

  33. HTTPS://GITHUB.COM/RAILS/STRONG_PARAMETERS
    Monday, October 29, 12

    View Slide

  34. DECLARATIVE
    ETAGS
    Monday, October 29, 12

    View Slide

  35. RA
    ILS
    3.2
    class  TodolistsController  <  ApplicationController
       def  show
           @todolist  =  Todolist.find(params[:id])
           fresh_when  etag:  @todolist
       end
    end
    DECLARATIVE ETAGS
    Monday, October 29, 12

    View Slide

  36. RA
    ILS
    4.0
    class  TodolistsController  <  ApplicationController
       etag  {  current_user.try  :admin  }
       def  show
           @todolist  =  Todolist.find(params[:id])
           fresh_when  etag:  @todolist
       end
    end
    DECLARATIVE ETAGS
    Monday, October 29, 12

    View Slide

  37. RA
    ILS
    4.0
    class  TodolistsController  <  ApplicationController
       etag  {  current_user.try  :admin  }
       etag  {  @project.try  :cache_key  }
       def  show
           @todolist  =  Todolist.find(params[:id])
           fresh_when  etag:  @todolist
       end
    end
    DECLARATIVE ETAGS
    Monday, October 29, 12

    View Slide

  38. HTTPS://GITHUB.COM/RAILS/ETAGGER
    Monday, October 29, 12

    View Slide

  39. CACHE
    DIGESTS
    Monday, October 29, 12

    View Slide

  40. RA
    ILS
    3.2
    #  projects/show.html.erb
    <%  cache  [  "v5",  project  ]  do  %>
       All  my  todo  lists:
       <%=  render  project.todolists  %>
    <%  end  %>
    #  todolists/_todolist.html.erb
    <%  cache  [  "v3",  todolist  ]  do  %>
       <%=  todolist.name  %>:
       <%=  render  todolist.todos  %>
    <%  end  %>
    #  todos/_todo.html.erb
    <%  cache  [  "v1",  todo  ]  do  %>
       <%=  todo.name  %>
    <%  end  %>
    CACHING VIEWS
    Monday, October 29, 12

    View Slide

  41. RA
    ILS
    3.2
    #  projects/show.html.erb
    <%  cache  [  "v5",  project  ]  do  %>
       All  my  todo  lists:
       <%=  render  project.todolists  %>
    <%  end  %>
    #  todolists/_todolist.html.erb
    <%  cache  [  "v3",  todolist  ]  do  %>
       <%=  todolist.name  %>:
       <%=  render  todolist.todos  %>
    <%  end  %>
    #  todos/_todo.html.erb
    <%  cache  [  "v1",  todo  ]  do  %>
       <%=  todo.name  %>
    <%  end  %>
    CACHING VIEWS
    Monday, October 29, 12

    View Slide

  42. RA
    ILS
    3.2
    #  projects/show.html.erb
    <%  cache  [  "v5",  project  ]  do  %>
       All  my  todo  lists:
       <%=  render  project.todolists  %>
    <%  end  %>
    #  todolists/_todolist.html.erb
    <%  cache  [  "v3",  todolist  ]  do  %>
       <%=  todolist.name  %>:
       <%=  render  todolist.todos  %>
    <%  end  %>
    #  todos/_todo.html.erb
    <%  cache  [  "v1",  todo  ]  do  %>
       <%=  todo.name  %>
    <%  end  %>
    CACHING VIEWS
    Monday, October 29, 12

    View Slide

  43. Monday, October 29, 12

    View Slide

  44. RA
    ILS
    3.2
    #  projects/show.html.erb
    <%  cache  [  "v5",  project  ]  do  %>
       All  my  todo  lists:
       <%=  render  project.todolists  %>
    <%  end  %>
    #  todolists/_todolist.html.erb
    <%  cache  [  "v3",  todolist  ]  do  %>
       <%=  todolist.name  %>:
       <%=  render  todolist.todos  %>
    <%  end  %>
    #  todos/_todo.html.erb
    <%  cache  [  "v1",  todo  ]  do  %>
       <%=  todo.name  %>
    <%  end  %>
    CACHING VIEWS
    Monday, October 29, 12

    View Slide

  45. RA
    ILS
    3.2
    #  projects/show.html.erb
    <%  cache  [  "v5",  project  ]  do  %>
       All  my  todo  lists:
       <%=  render  project.todolists  %>
    <%  end  %>
    #  todolists/_todolist.html.erb
    <%  cache  [  "v3",  todolist  ]  do  %>
       <%=  todolist.name  %>:
       <%=  render  todolist.todos  %>
    <%  end  %>
    #  todos/_todo.html.erb
    <%  cache  [  "v1",  todo  ]  do  %>
       <%=  todo.name  %>
    <%  end  %>
    CACHING VIEWS
    Monday, October 29, 12

    View Slide

  46. RA
    ILS
    3.2
    #  projects/show.html.erb
    <%  cache  [  "v5",  project  ]  do  %>
       All  my  todo  lists:
       <%=  render  project.todolists  %>
    <%  end  %>
    #  todolists/_todolist.html.erb
    <%  cache  [  "v3",  todolist  ]  do  %>
       <%=  todolist.name  %>:
       <%=  render  todolist.todos  %>
    <%  end  %>
    #  todos/_todo.html.erb
    <%  cache  [  "v2",  todo  ]  do  %>
       <%=  todo.name  %>
    <%  end  %>
    CACHING VIEWS
    Monday, October 29, 12

    View Slide

  47. RA
    ILS
    3.2
    #  projects/show.html.erb
    <%  cache  [  "v5",  project  ]  do  %>
       All  my  todo  lists:
       <%=  render  project.todolists  %>
    <%  end  %>
    #  todolists/_todolist.html.erb
    <%  cache  [  "v3",  todolist  ]  do  %>
       <%=  todolist.name  %>:
       <%=  render  todolist.todos  %>
    <%  end  %>
    #  todos/_todo.html.erb
    <%  cache  [  "v2",  todo  ]  do  %>
       <%=  todo.name  %>
    <%  end  %>
    CACHING VIEWS
    Monday, October 29, 12

    View Slide

  48. RA
    ILS
    3.2
    #  projects/show.html.erb
    <%  cache  [  "v5",  project  ]  do  %>
       All  my  todo  lists:
       <%=  render  project.todolists  %>
    <%  end  %>
    #  todolists/_todolist.html.erb
    <%  cache  [  "v4",  todolist  ]  do  %>
       <%=  todolist.name  %>:
       <%=  render  todolist.todos  %>
    <%  end  %>
    #  todos/_todo.html.erb
    <%  cache  [  "v2",  todo  ]  do  %>
       <%=  todo.name  %>
    <%  end  %>
    CACHING VIEWS
    Monday, October 29, 12

    View Slide

  49. RA
    ILS
    3.2
    #  projects/show.html.erb
    <%  cache  [  "v5",  project  ]  do  %>
       All  my  todo  lists:
       <%=  render  project.todolists  %>
    <%  end  %>
    #  todolists/_todolist.html.erb
    <%  cache  [  "v4",  todolist  ]  do  %>
       <%=  todolist.name  %>:
       <%=  render  todolist.todos  %>
    <%  end  %>
    #  todos/_todo.html.erb
    <%  cache  [  "v2",  todo  ]  do  %>
       <%=  todo.name  %>
    <%  end  %>
    CACHING VIEWS
    Monday, October 29, 12

    View Slide

  50. RA
    ILS
    3.2
    #  projects/show.html.erb
    <%  cache  [  "v6",  project  ]  do  %>
       All  my  todo  lists:
       <%=  render  project.todolists  %>
    <%  end  %>
    #  todolists/_todolist.html.erb
    <%  cache  [  "v4",  todolist  ]  do  %>
       <%=  todolist.name  %>:
       <%=  render  todolist.todos  %>
    <%  end  %>
    #  todos/_todo.html.erb
    <%  cache  [  "v2",  todo  ]  do  %>
       <%=  todo.name  %>
    <%  end  %>
    CACHING VIEWS
    Monday, October 29, 12

    View Slide

  51. RA
    ILS
    4.0
    #  projects/show.html.erb
    <%  cache  project  do  %>
       All  my  todo  lists:
       <%=  render  project.todolists  %>
    <%  end  %>
    #  todolists/_todolist.html.erb
    <%  cache  todolist  do  %>
       <%=  todolist.name  %>:
       <%=  render  todolist.todos  %>
    <%  end  %>
    #  todos/_todo.html.erb
    <%  cache  todo  do  %>
     <%=  todo.name  %>
    <%  end  %>
    CACHE DIGESTS
    Monday, October 29, 12

    View Slide

  52. RA
    ILS
    4.0
    #  projects/show.html.erb
    <%  cache  project  do  %>
       All  my  todo  lists:
       <%=  render  project.todolists  %>
    <%  end  %>
    #  todolists/_todolist.html.erb
    <%  cache  todolist  do  %>
       <%=  todolist.name  %>:
       <%=  render  todolist.todos  %>
    <%  end  %>
    #  todos/_todo.html.erb
    <%  cache  todo  do  %>
       <%=  todo.name  %>
    <%  end  %>
    CACHE DIGESTS
    Monday, October 29, 12

    View Slide

  53. CRITICISMS
    Monday, October 29, 12

    View Slide

  54. HTTPS://GITHUB.COM/RAILS/CACHE_DIGESTS
    Monday, October 29, 12

    View Slide

  55. TURBOLINKS
    Monday, October 29, 12

    View Slide

  56. FOLLOW LINKS
    WITHOUT
    RELOADING THE
    WHOLE PAGE
    Monday, October 29, 12

    View Slide

  57. DOESN’T
    DOWNLOAD JS &
    CSS
    Monday, October 29, 12

    View Slide

  58. DOESN’T
    DOWNLOAD JS &
    CSS
    NOT A REAL GAIN IF YOU USE CACHING
    Monday, October 29, 12

    View Slide

  59. DOESN’T RE-COMPILE
    Monday, October 29, 12

    View Slide

  60. DOESN’T RE-COMPILE
    ONLY V8
    Monday, October 29, 12

    View Slide

  61. Monday, October 29, 12

    View Slide

  62. DOESN’T RE-
    EVALUATE
    Monday, October 29, 12

    View Slide

  63. CONSIDERATIONS
    Monday, October 29, 12

    View Slide

  64. HTTPS://GITHUB.COM/RAILS/TURBOLINKS
    Monday, October 29, 12

    View Slide

  65. ACTIVESUPPORT::QUEUE
    Monday, October 29, 12

    View Slide

  66. RA
    ILS
    4.0
    Rails.queue.push  Job.new
    job  =  Rails.queue.pop
    job.run
    AS::QUEUE
    Monday, October 29, 12

    View Slide

  67. RA
    ILS
    4.0
    #  config/application.rb
    #  Default  Synchronous
    config.queue  =  ActiveSupport::SynchronousQueue.new
    #  Default  Threaded
    config.queue  =  ActiveSupport::Queue.new
    #  Resque  Queue
    config.queue  =  Resque::Rails::Queue.new
    #  Sidekiq  Queue
    config.queue  =  Sidekiq::Client::Queue.new
    AS::QUEUE
    Monday, October 29, 12

    View Slide

  68. ASYNC
    MAILERS
    Monday, October 29, 12

    View Slide

  69. RA
    ILS
    3.2
    class  UsersController  <  ActionController::Base
       def  create
           @user  =  User.new  params[:user]
           if  @user.save
               UserMailer.welcome_email(@user).deliver
           end
           respond_with  @user
       end
    end
    MAILERS
    Monday, October 29, 12

    View Slide

  70. RA
    ILS
    4.0
    class  UsersController  <  ActionController::Base
       def  create
           @user  =  User.new  params[:user]
           if  @user.save
               UserMailer.welcome_email(@user).deliver
           end
           respond_with  @user
       end
    end
    ASYNC MAILERS
    Monday, October 29, 12

    View Slide

  71. ROUTING
    CONCERNS
    Monday, October 29, 12

    View Slide

  72. RA
    ILS
    3.2
    #  config/routes.rb
    Myapp::Application.routes.draw  do
       resources  :messages  do
           resources  :comments
       end
       resources  :forwards  do
           resources  :comments
       end
       resources  :uploads  do
           resources  :comments
       end
       resources  :documents  do
           resources  :comments
       end
       resources  :todos  do
           resources  :comments
       end
    ROUTING CONCERNS
    Monday, October 29, 12

    View Slide

  73. RA
    ILS
    4.0
    #  config/routes.rb
    Myapp::Application.routes.draw  do
       concern  :commentable  do
           resources  :comments
       end
       resources  :messages,    concerns:  :commentable
       resources  :forwards,    concerns:  :commentable
       resources  :uploads,      concerns:  :commentable
       resources  :documents,  concerns:  :commentable
       resources  :todos,          concerns:  :commentable
    end
    ROUTING CONCERNS
    Monday, October 29, 12

    View Slide

  74. ACTIONCONTROLLER::LIVE
    Monday, October 29, 12

    View Slide

  75. RA
    ILS
    4.0
    class  MyController  <  ActionController::Base
    end
    AC::LIVE
    Monday, October 29, 12

    View Slide

  76. RA
    ILS
    4.0
    class  MyController  <  ActionController::Base
       include  ActionController::Live
    end
    AC::LIVE
    Monday, October 29, 12

    View Slide

  77. RA
    ILS
    4.0
    class  MyController  <  ActionController::Base
       include  ActionController::Live
       def  index
           100.times  {
               response.stream.write  "hi\n"
           }
           response.stream.close
       end
    end
    AC::LIVE
    Monday, October 29, 12

    View Slide

  78. HTTP://TENDERLOVEMAKING.COM/2012/07/30/
    IS-IT-LIVE.HTML
    Monday, October 29, 12

    View Slide

  79. SECURITY
    Monday, October 29, 12

    View Slide

  80. ■ match doesn’t catch all
    SECURITY
    Monday, October 29, 12

    View Slide

  81. ■ match doesn’t catch all
    ■ ej. match ‘/follow’
    SECURITY
    Monday, October 29, 12

    View Slide

  82. ■ match doesn’t catch all
    ■ ej. match ‘/follow’
    ■ escape_html_entities_in_json = true
    SECURITY
    Monday, October 29, 12

    View Slide

  83. ■ match doesn’t catch all
    ■ ej. match ‘/follow’
    ■ escape_html_entities_in_json = true
    ■ var posts = #{ @posts.to_json }
    SECURITY
    Monday, October 29, 12

    View Slide

  84. ■ match doesn’t catch all
    ■ ej. match ‘/follow’
    ■ escape_html_entities_in_json = true
    ■ var posts = #{ @posts.to_json }
    ■ X-Frame-Options: SAMEORIGIN
    SECURITY
    Monday, October 29, 12

    View Slide

  85. ■ match doesn’t catch all
    ■ ej. match ‘/follow’
    ■ escape_html_entities_in_json = true
    ■ var posts = #{ @posts.to_json }
    ■ X-Frame-Options: SAMEORIGIN
    ■ X-Xss-Protection: 1; mode=block
    SECURITY
    Monday, October 29, 12

    View Slide

  86. ■ match doesn’t catch all
    ■ ej. match ‘/follow’
    ■ escape_html_entities_in_json = true
    ■ var posts = #{ @posts.to_json }
    ■ X-Frame-Options: SAMEORIGIN
    ■ X-Xss-Protection: 1; mode=block
    ■ X-Content-Type-Options: nosniff
    SECURITY
    Monday, October 29, 12

    View Slide

  87. ■ threadsafe! by default
    ■ ActiveRecord::Model
    ■ ActiveModel::Model
    ■ ActiveRecord::Relation
    ■ Schema cache dump
    ■ Dalli
    ■ PATCH verb
    ■ Friendly errors
    ■ Default test directories have changed
    OTHER FEATURES
    Monday, October 29, 12

    View Slide

  88. WE ❤ OSS
    Monday, October 29, 12

    View Slide

  89. WHEN IS
    RAILS 4
    GOING TO BE
    RELEASED?
    Monday, October 29, 12

    View Slide

  90. @SPASTORINO
    Monday, October 29, 12

    View Slide

  91. THANK YOU!
    Monday, October 29, 12

    View Slide

  92. QUESTIONS?
    Monday, October 29, 12

    View Slide