Rails 4 in 30'

WHAT’S NEW
RAILS 4 IN 30’
Monday, October 29, 12

View Slide


View Slide

■ Migration
■ Ruby 1.9.3
■ Strong Parameters
■ Declarative ETags
■ Cache Digests
■ Turbolinks
■ ActiveSupport::Queue
■ Async Mailers
■ Routing Concerns
■ ActionController::Live
■ Security
■ Other features
AGENDA

View Slide

MIGRATION

View Slide

3.0.X ➡ 3.1.X ➡ 3.2.X

View Slide

IN EACH STEP ...

View Slide

TESTS
COVERAGE
QA

View Slide

DEPRECATIONS

View Slide

■ Active Resource
■ AR Observers
■ AR Session Store
■ AMo Mass Assignment Sanitizer
■ Hash Based Finders
■ ﬁnd_all_* / ﬁnd_last_*
■ Action Caching
■ Page Caching
AVAILABLE AS GEMS

View Slide

VENDOR/PLUGINS
WAS REMOVED

View Slide

USE RAILS GUIDES

View Slide


View Slide

■ YARV
■ Fastest VM
■ Bytecode interpreter
■ Lazy Sweep GC (tuneable)
■ Native Threads
■ Better strategy for GIL / GVL
■ Encodings
RUBY 1.9.3

View Slide

FEATURES

View Slide

STRONG
PARAMETERS

View Slide

ActiveRecord::Schema.define(version: 20121010233758) do
create_table "users", force: true do |t|
t.string "username"
t.string "password"
t.boolean "admin"
t.datetime "created_at"
t.datetime "updated_at"
end
end
# ...
user = User.new params[:user]
MASS ASSIGNMENT

View Slide

RA
ILS
3.2
# app/models/user.rb
class User < ActiveRecord::Base; end
# app/controllers/users_controller.rb
class UsersController < ApplicationController
def create
@user = User.create! params[:user]
redirect_to @user
end
end
# raises ActiveModel::MassAssignmentSecurity::Error
MASS ASSIGNMENT

View Slide

RA
ILS
4.0
def create
redirect_to @user
end
end
# raises ActiveModel::ForbiddenAttributesError
MASS ASSIGNMENT

View Slide

RA
ILS
3.2
class User < ActiveRecord::Base
attr_accessible :username,
:password
end
def create
redirect_to @user
end
end
MASS ASSIGNMENT

View Slide

RA
ILS
4.0
def create
@user = User.create! params.require(:user).
permit(:username, :password)
redirect_to @user
end
end
STRONG PARAMETERS

View Slide

RA
ILS
4.0
def create
@user = User.create! user_params
redirect_to @user
end
private
def user_params
params.require(:user).permit(:username, :password)
end
end
STRONG PARAMETERS

View Slide

RA
ILS
4.0
curl http://localhost:3000/users -‐d
"user[username]=spastorino&user[admin]=true&
authenticity_token=mm89V7LxLMRJoMJcnP6SIxnxg19RzcO56hdqbDZNmVo
=" -‐-‐cookie cookie
STRONG PARAMETERS

View Slide

RA
ILS
4.0
user = User.find_by_username('spastorino')
user.admin?
=> false
STRONG PARAMETERS

View Slide

RA
ILS
4.0
user.admin?
=> false
user.update_attributes(username: 'santiago', admin: true)
=> true
STRONG PARAMETERS

View Slide

RA
ILS
4.0
user.admin?
=> false
user.update_attributes(username: 'santiago', admin: true)
=> true
user.admin?
=> true
STRONG PARAMETERS

View Slide

HTTPS://GITHUB.COM/RAILS/STRONG_PARAMETERS

View Slide

DECLARATIVE
ETAGS

View Slide

RA
ILS
3.2
class TodolistsController < ApplicationController
def show
@todolist = Todolist.find(params[:id])
fresh_when etag: @todolist
end
end
DECLARATIVE ETAGS

View Slide

RA
ILS
4.0
etag { current_user.try :admin }
def show
end
end
DECLARATIVE ETAGS

View Slide

RA
ILS
4.0
etag { current_user.try :admin }
etag { @project.try :cache_key }
def show
end
end
DECLARATIVE ETAGS

View Slide

HTTPS://GITHUB.COM/RAILS/ETAGGER

View Slide

CACHE
DIGESTS

View Slide

RA
ILS
3.2
# projects/show.html.erb

All my todo lists:

# todolists/_todolist.html.erb

:

# todos/_todo.html.erb

CACHING VIEWS

View Slide


View Slide

RA
ILS
3.2

All my todo lists:


:


CACHING VIEWS

View Slide

RA
ILS
4.0

All my todo lists:


:


CACHE DIGESTS

View Slide

CRITICISMS

View Slide

HTTPS://GITHUB.COM/RAILS/CACHE_DIGESTS

View Slide

TURBOLINKS

View Slide

FOLLOW LINKS
WITHOUT
RELOADING THE
WHOLE PAGE

View Slide

DOESN’T
DOWNLOAD JS &
CSS

View Slide

DOESN’T
DOWNLOAD JS &
CSS
NOT A REAL GAIN IF YOU USE CACHING

View Slide

DOESN’T RE-COMPILE

View Slide

DOESN’T RE-COMPILE
ONLY V8

View Slide


View Slide

DOESN’T RE-
EVALUATE

View Slide

CONSIDERATIONS

View Slide

HTTPS://GITHUB.COM/RAILS/TURBOLINKS

View Slide

ACTIVESUPPORT::QUEUE

View Slide

RA
ILS
4.0
Rails.queue.push Job.new
job = Rails.queue.pop
job.run
AS::QUEUE

View Slide

RA
ILS
4.0
# config/application.rb
# Default Synchronous
config.queue = ActiveSupport::SynchronousQueue.new
# Default Threaded
config.queue = ActiveSupport::Queue.new
# Resque Queue
config.queue = Resque::Rails::Queue.new
# Sidekiq Queue
config.queue = Sidekiq::Client::Queue.new
AS::QUEUE

View Slide

ASYNC
MAILERS

View Slide

RA
ILS
3.2
class UsersController < ActionController::Base
def create
@user = User.new params[:user]
if @user.save
UserMailer.welcome_email(@user).deliver
end
respond_with @user
end
end
MAILERS

View Slide

RA
ILS
4.0
class UsersController < ActionController::Base
def create
@user = User.new params[:user]
if @user.save
UserMailer.welcome_email(@user).deliver
end
respond_with @user
end
end
ASYNC MAILERS

View Slide

ROUTING
CONCERNS

View Slide

RA
ILS
3.2
# config/routes.rb
Myapp::Application.routes.draw do
resources :messages do
resources :comments
end
resources :forwards do
resources :comments
end
resources :uploads do
resources :comments
end
resources :documents do
resources :comments
end
resources :todos do
resources :comments
end
ROUTING CONCERNS

View Slide

RA
ILS
4.0
# config/routes.rb
Myapp::Application.routes.draw do
concern :commentable do
resources :comments
end
resources :messages, concerns: :commentable
resources :forwards, concerns: :commentable
resources :uploads, concerns: :commentable
resources :documents, concerns: :commentable
resources :todos, concerns: :commentable
end
ROUTING CONCERNS

View Slide

ACTIONCONTROLLER::LIVE

View Slide

RA
ILS
4.0
class MyController < ActionController::Base
end
AC::LIVE

View Slide

RA
ILS
4.0
include ActionController::Live
end
AC::LIVE

View Slide

RA
ILS
4.0
include ActionController::Live
def index
100.times {
response.stream.write "hi\n"
}
response.stream.close
end
end
AC::LIVE

View Slide

HTTP://TENDERLOVEMAKING.COM/2012/07/30/
IS-IT-LIVE.HTML

View Slide

SECURITY

View Slide

■ match doesn’t catch all
SECURITY

View Slide

■ ej. match ‘/follow’
SECURITY

View Slide

■ escape_html_entities_in_json = true
SECURITY

View Slide

■ var posts = #{ @posts.to_json }
SECURITY

View Slide

■ X-Frame-Options: SAMEORIGIN
SECURITY

View Slide

■ X-Xss-Protection: 1; mode=block
SECURITY

View Slide

■ X-Xss-Protection: 1; mode=block
■ X-Content-Type-Options: nosniff
SECURITY

View Slide

■ threadsafe! by default
■ ActiveRecord::Model
■ ActiveModel::Model
■ ActiveRecord::Relation
■ Schema cache dump
■ Dalli
■ PATCH verb
■ Friendly errors
■ Default test directories have changed
OTHER FEATURES

View Slide

Rails 4 in 30'

Rails 4 in 30'

Santiago Pastorino

More Decks by Santiago Pastorino

Other Decks in Programming

Featured

Transcript