Rails 4 at Austin on Rails

32
Engine Yard - www.engineyard.com Rails 4 Rails 4 Changes and New Changes and New Features Features J. Austin Hughey Field Application Engineer Engine Yard @jaustinhughey @openhackatx @engineyard

description

Slides from my presentation at Austin on Rails in Austin, TX on Rails 4 on June 25, 2013. This was originally a Keynote presentation that I apparently can't upload directly to Slideshare without exporting as PPT (seriously, guys, wtf) so ignore any display issues.

Transcript of Rails 4 at Austin on Rails

Page 1: Rails 4 at Austin on Rails

Engine Yard - www.engineyard.com

Rails 4Rails 4Changes and New FeaturesChanges and New Features

J. Austin HugheyField Application EngineerEngine Yard

@jaustinhughey

@openhackatx

@engineyard

Page 2: Rails 4 at Austin on Rails

2Engine Yard - www.engineyard.com

• Multiple separations and deprecations• HTTP semantics changes• More security features• Lots of cool PostgreSQL integration

OverviewOverview

Page 3: Rails 4 at Austin on Rails

3Engine Yard - www.engineyard.com

• Ruby 1.9.3 minimum– 2.0 recommended

– Rails 5.x will require >= 2.0 so might as well upgrade now

• Many deprecated items are now separate gems– May not be compatible with Rails 4.1

– Use only as a bridge; make sure to get rid of uses of the old stuff

• PATCH verb (instead of PUT)– PATCH :update, article: { author: “foo”, title: “bar”, body: “blah” }

• “Strong Parameters”• Thread Safe by default

ChangesChanges

Page 4: Rails 4 at Austin on Rails

4

QuickTime™ and aGIF decompressor

are needed to see this picture.

Engine Yard - www.engineyard.com

Saying goodbye...Saying goodbye...

Page 5: Rails 4 at Austin on Rails

5Engine Yard - www.engineyard.com

– vendor/plugins - use gems instead

– ActiveResource

• https://github.com/rails/activeresource

– Hash-based/dynamic finder methods

• https://github.com/rails/activerecord-deprecated_finders

– ActiveRecord::SessionStore

• https://github.com/rails/activerecord-session_store

– Observers

• https://github.com/rails/rails-observers

– Page and Action Caching

• https://github.com/rails/actionpack-action_caching

• https://github.com/rails/actionpack-page_caching

Removed in 4.0Removed in 4.0

Page 6: Rails 4 at Austin on Rails

6Engine Yard - www.engineyard.com

PATCH

Page 7: Rails 4 at Austin on Rails

7Engine Yard - www.engineyard.com

• HTTP says that a PUT request represents a complete representation of a resource.

• Ergo, we’ve been using PUT wrong. We rarely pass a whole resource to a controller on edits - just the changed bits.

• Solution: use PATCH instead. PATCH sends up just what’s changed.

HTTP PATCHHTTP PATCH

Page 8: Rails 4 at Austin on Rails

8Engine Yard - www.engineyard.com

• config.thread_safe is on by default• Still should try a truly threaded interpreter/server• JRuby/Rubinius + Puma, Passenger Enterprise

THREAD SAFETYTHREAD SAFETY

Page 9: Rails 4 at Austin on Rails

9Engine Yard - www.engineyard.com

• Click to edit Master text styles

STRONG PARAMETERS

Page 10: Rails 4 at Austin on Rails

10

Engine Yard - www.engineyard.com

Strong ParametersStrong Parameters

• Before:

Page 11: Rails 4 at Austin on Rails

11

Engine Yard - www.engineyard.com

Strong ParametersStrong Parameters

• After:

Page 12: Rails 4 at Austin on Rails

12

Engine Yard - www.engineyard.com

Strong ParametersStrong Parameters

• Why is this better?– Puts sanitization focus on user input vector - the controller

– Frees up the developer to work with the data model uninhibited

• Criticisms:– Breaks the idea that you should be able to throw ANYTHING at an

object and it knows what to do with it.

– Nested attributes can be a pain in the rear.

Page 13: Rails 4 at Austin on Rails

13

Engine Yard - www.engineyard.com

Encrypted CookiesEncrypted Cookies

• New cookie store: “encrypted_cookie_store”

• Now the default in Rails 4

• Encrypts cookies before being sent to the client, decrypts received cookies

• Prevents user tampering

• Not a complete security solution.

• MIGHT annoy the NSA.Image credit: Electronic Frontier Foundation - eff.org

Page 14: Rails 4 at Austin on Rails

14

Engine Yard - www.engineyard.com

Default HeadersDefault Headers

config.action_dispatch.default_headers = {'X-Frame-Options' => 'SAMEORIGIN','X-XSS-Protection' => '1; mode=block','X-Content-Type-Options' => 'nosniff'}

Include default headers with each response coming from Rails.

Page 15: Rails 4 at Austin on Rails

15

Engine Yard - www.engineyard.com

THE ELEPHANT IN THE ROOMTHE ELEPHANT IN THE ROOM

Page 16: Rails 4 at Austin on Rails

16

Engine Yard - www.engineyard.com

Rails <3 PostgreSQLRails <3 PostgreSQL

• Rails 4 includes support for PostgreSQL datatypes:– hstore

– arrays

– INET

– CIDR

– MACADDR

– uuid

Page 17: Rails 4 at Austin on Rails

17

Engine Yard - www.engineyard.com

PostgreSQL hstorePostgreSQL hstore

• CREATE EXTENSION hstore;– Or enable_extension "hstore" in migrations

• Like serialized columns, but more efficient (not a text field)• GIST or GIN indexes

– Read the PostgreSQL docs to figure out which is right for you

• Querying is a little weird– User.where(“preferences @> ‘theme=>black’”)

• Available in 3.2 through activerecord-postgres-hstore gem

Page 18: Rails 4 at Austin on Rails

18

Engine Yard - www.engineyard.com

PostgreSQL ArrayPostgreSQL Array

create_table :foos do |t| t.integer :int_array, array: true t.string :string_array, array: trueend

foo = Foo.newfoo.int_array = [1, 2, 3, 4, 5]foo.save

Page 19: Rails 4 at Austin on Rails

19

Engine Yard - www.engineyard.com

INET, CIDR, MACADDRINET, CIDR, MACADDR

create_table :networks do |t| t.cidr :cidr_address t.inet :ip_address t.macaddr :mac_addressend

• cidr, inet both come out as a native Ruby IPAddr object• macaddr treated as a string

Page 20: Rails 4 at Austin on Rails

20

Engine Yard - www.engineyard.com

Using a UUIDUsing a UUID

• Enable the uuid-ossp extension• create_table :name, id: :uuid { |t| ... }

Page 21: Rails 4 at Austin on Rails

21

Engine Yard - www.engineyard.com

TURBOLINKSTURBOLINKSZOOM ZOOM!

Page 22: Rails 4 at Austin on Rails

22

Engine Yard - www.engineyard.com

• CAVEAT EMPTOR:May break some of your javascript

Various event listeners may need to be changed

Speed improvement depends on how much JS/CSS you have

TurbolinksTurbolinks

• Swaps out <body> contents with what should’ve been rendered by the server

• Avoids the need to reload all the CSS/JS again• On by default, easily disabled• Makes everything look faster

Page 23: Rails 4 at Austin on Rails

23

Engine Yard - www.engineyard.com

Disabling TurbolinksDisabling Turbolinks

• Remove from Gemfile• Remove from application.js•bundle

https://github.com/rails/turbolinks

Page 24: Rails 4 at Austin on Rails

24

Engine Yard - www.engineyard.com

CACHE MONEYCACHE MONEY

Page 25: Rails 4 at Austin on Rails

25

Engine Yard - www.engineyard.com

Cache DigestsCache Digests

• Forget bumping version numbers in your cache.• On application start, computes MD5 sum of cache content

and stores the sum as a key; when the content changes, the MD5 sum changes thus invalidating the cache.

<% cache [‘v3’, comment] do %> My comment: <%= comment.body %><% end %>

<% cache comment do %> My comment: <%= comment.body %><% end %>

BEFORE

AFTER

Page 26: Rails 4 at Austin on Rails

26

Engine Yard - www.engineyard.com

• Click to edit Master text styles

TT

FOR SCIENCE

Page 27: Rails 4 at Austin on Rails

27

Engine Yard - www.engineyard.com

New Default Test LocationsNew Default Test Locations

Then Now

test/units test/models

test/units/helpers test/helpers

test/functional test/controllers

test/functional test/mailers

Page 28: Rails 4 at Austin on Rails

28

Engine Yard - www.engineyard.com

LIVE STREAMINGLIVE STREAMING

Page 29: Rails 4 at Austin on Rails

29

Engine Yard - www.engineyard.com

Is it live?Is it live?

• Stream response to the browser• Needs multi-threaded application server

– e.g. Puma, Thin, Passenger Enterprise

– Putting it behind a non-GIL addled interpreter also advised

• Not a lot of examples in the wild yet• May not work on IE. :-(class MyController < ApplicationController include ActionController::Live def index 100.times { response.stream.write "hello world\n" } response.stream.close endend

Example from http://tenderlovemaking.com/2012/07/30/is-it-live.html

Page 30: Rails 4 at Austin on Rails

30

Engine Yard - www.engineyard.com

Stuff NOT ShippingStuff NOT Shipping

• Background Queuing• Asynchronous ActionMailer• where.like / where.not_like

Page 31: Rails 4 at Austin on Rails

31

Engine Yard - www.engineyard.com

UpgradingUpgrading

• PAY ATTENTION to deprecation warnings• Have a *really* good set of tests and as high coverage as

possible• Take it in stages, by sprints• 3.2 -> 4.0 will be easiest upgrade path

Page 32: Rails 4 at Austin on Rails

Thank You