The Rails 3 Ropes Course Presentation

8/3/2019 The Rails 3 Ropes Course Presentation

1/86

Rails 3 Ropes CourseGregg Pollack

Nathaniel Bibler

Thomas Meeks

Jacob Swanner

Mark Kendall

Caike Souza

Tyler Hunt


2/86

Getting Started & Routes

Workshop - Lab #1

Bundler & ActionController

Workshop - Lab #2

ActionMailer

Workshop - Lab #3

ActiveRelation & ActiveModel

Workshop - Lab #4

XSS & UJS

Workshop - Lab #5

Rails 3 Ropes Course


3/86

$rails Starting a New AppUsage:railsAPP_PATH[options]

Options:

.bundledb/*.sqlite3log/*.logtmp/**/*

.gitignore

[--dev]#Setuptheapplicationwith

#GemfilepointingtoyourRailscheckout

[--edge]#Setuptheapplicationwith#GemfilepointingtoRailsrepository

[--skip-gemfile]#Don'tcreateaGemfile

-r,[--ruby=PATH]#PathtotheRubybinaryofyourchoice

-d,[--database=DATABASE]#Preconfigureforselecteddatabase-m,[--template=TEMPLATE]#Pathtoanapplicationtemplate

-O,[--skip-activerecord]#SkipActiveRecordfiles

-T,[--skip-testunit]#SkipTestUnitfiles-J,[--skip-prototype]#SkipPrototypefiles

-G,[--skip-git]#SkipGitignoresandkeeps


4/86

$railstest_app

create

createREADME

create.gitignore

...

$rails

Usage:railsCOMMAND[ARGS]

Themostcommonrailscommandsare:

generateGeneratenewcode(short-cutalias:"g")

consoleStarttheRailsconsole(short-cutalias:"c")serverStarttheRailsserver(short-cutalias:"S")

dbconsoleStartaconsoleforthedatabasespecifiedinconfig/database.yml

(short-cutalias:"db")

Inadditiontothose,thereare:

applicationGeneratetheRailsapplicationcode

destroyUndocodegeneratedwith"generate"benchmarkerSeehowfastapieceofcoderuns

profilerGetprofileinformationfromapieceofcode

pluginInstallaplugin

runnerRunapieceofcodeintheapplicationenvironment

Allcommandscanberunwith-hformoreinformation.

$lsscript/

rails$cdtest_app/


5/86

script/generate

script/console

script/server

old scripts new hotness

script/dbconsole

railsg

railsc

railss

railsdb


6/86

script/generate

script/console

script/server

old scripts new hotness

script/dbconsole

aliasr='rails'

rg

rc

rs

rdb


7/86

Rails::Initializer.run do |config|

end

config/environment.rb

configuration

Rails 2

config.load_paths +=%W( #{RAILS_ROOT}/extras )

config.plugins = [ :exception_notification ]

config.time_zone ='UTC'

config.gem"bj"config.gem"sqlite3-ruby", :lib => "sqlite3"config.gem"aws-s3", :lib => "aws/s3"


8/86

config/application.rb

configuration

Rails 3

config.load_paths +=%W( #{RAILS_ROOT}/extras )

config.plugins = [ :exception_notification ]

config.time_zone ='UTC'

moduleTestApp

classApplication < Rails::Application

endend

Its a Rack Application


9/86

New Router API


10/86

Action Dispatch

Layouts

Logger

Callbacks

Renderer

url_forhttp_auth

helpers

MimeResponds

Cookies

Session http

routing

middleware


11/86

TestApp::Application.routes.draw do |map|

end

config/routes.rb

New Routing API

Rails 3


12/86

TestApp::Application.routes.draw do |map|

end

config/routes.rb

resources :postsmap.

New Routing API

Old routing syntax works

Rails 3


13/86

map.resources :postsdo |post|post.resources :comments

end

resources :postsdo

resources :comments

end

New Routing API

Rails 2

Rails 3


14/86

post.resources :comments,

:member => { :preview => :post },

:collection => { :archived => :get }

resources :commentsdo

member do

post :preview

end

collection do

get :archived

end

end

resources :commentsdo

post :preview, :on => :member

get :archived, :on => :collection

end

Rails 2

Rails 3

Rails 3

New Routing API


15/86

map.connect 'login', :controller => 'session', :action => 'new'

match 'login' => 'session#new'

Rails 2

Rails 3

map.login 'login', :controller => 'session', :action => 'new'

match 'login' => 'session#new', :as => :login

Rails 2

Rails 3

Named Route login_path


16/86

map.root :controller => 'users', :action => 'index'

Rails 2

Rails 3root :to => 'users#index'

map.connect ':controller/:action/:id'

map.connect ':controller/:action/:id.:format'

Rails 2

Rails 3match ':controller(/:action(/:id(.:format)))'

Legacy Route

(commented out by default)

Root Paths


17/86

map.connect '/articles/:year/:month/:day', :controller => 'posts', :action => 'index'

Rails 2

Rails 3match '/articles/:year/:month/:day' => "posts#index"

Optional Parameters

map.connect '/articles/:year/:month/:day', :controller => 'posts', :action => 'index'

map.connect '/articles/:year/:month', :controller => 'posts', :action => 'index'map.connect '/articles/:year', :controller => 'posts', :action => 'index'

Rails 2

Rails 3match '/articles(/:year(/:month(/:day)))' => "posts#index"


18/86

map.connect '/articles/:year', :controller => 'posts', :action => 'index',

:conditions => {:method => :get}

Rails 2

Rails 3match '/articles/:year' => "posts#index", :via => :get

Specifying the method

Rails 3get '/articles/:year' => "posts#index"


19/86

Rails 3match 'signin', :to => redirect("/login")

Redirection

match 'users/:name', :to => redirect {|params| "/#{params[:name]}" }

match 'google' => redirect('http://www.google.com/')


20/86

map.connect '/:year', :controller => 'posts', :action => 'index',

:requirements => { :year => /\d{4}/ }

Rails 2

Rails 3match '/:year' => "posts#index", :constraints => {:year => /\d{4}/}

Constraints

:constraints => { :user_agent => /iphone/ }

:constraints => { :ip => /192\.168\.1\.\d{1,3}/ }

constraints(:host => /localhost/) doresources :posts

end

constraints IpRestrictordo

get 'admin/accounts' => "queenbee#accounts"

end


21/86

Rails 3

get 'hello' => proc { |env| [200, {}, "Hello Rack"] }

Rack Goodness

get 'rack_endpoint' => PostsController.action(:index)

get 'rack_app' => CustomRackApp


22/86

http://guides.rails.info/routing.html

For more information


23/86


Tutorial - Lab #1

Follow the directions in the README


24/86

Getting Started & RoutesWorkshop - Lab #1


Workshop - Lab #2

ActionMailer

Workshop - Lab #3


Workshop - Lab #4

XSS & UJS

Workshop - Lab #5



25/86

Dependency Management


26/86

Typical Rails deployment

Specifyyourgemsinsideenvironment.rb

$rakegems:install

$rakegems:unpack

fetch,download,andinstall/compilethese

gemsintoyoursystemRubyGemsdirectory

config.gem"haml"

config.gem"chronic", :version => '0.2.3'

unpacksthegemsintoyourapplica@on

intoyourvendor/gemsdirectory

:dependencies


27/86

Issues

Conflictsoccuratruntime

Notgreatdependencyresolution

ItsboundintoRails


28/86

Dependency Resolution

[email protected] Rails2.3.2

ac@vesupport>=2.3.2 ac@vesupport=2.3.2

RailsAppSystemGems

Rails2.3.3

[email protected]

thor0.13.1

Rails2.3.2

Gem::LoadError:can'tactivateactivesupport(=2.3.2,

runtime),alreadyactivatedactivesupport-2.3.3


29/86

Bundler Commands

SpecifyyourgemsinsideGemfile

$bundle

$bundlepackage

fetch,download,andinstall/compilethesegems

gem"haml"

gem"chronic", '0.2.3'

Movesgemsourceinto/vendor/cache


30/86

With Bundler

[email protected] Rails2.3.2

ac@vesupport>=2.3.2 ac@vesupport=2.3.2

RailsAppSystemGems

[email protected]

thor0.13.1

Rails2.3.2

Happy!


31/86

Dependency Resolution

dependencies

paperclip

sqlite3

mocha rake-compiler

shoulda aws-s3

searchlogic

Depth First Search

activerecord

Conflict


32/86

Gemfile Syntaxsource "http://rubygems.org"

gem"hpricot", "0.6"gem"sqlite3-ruby", :require => "sqlite3"

gem"rails", :git => "git://github.com/rails/rails.git"

gem"rails", :path => "~/Sites/rails"

git "git://github.com/rails/rails.git"do

gem"railties" gem"active_model"end

group :testdo

gem"webrat"

end

$bundle

$bundle --without test

Will ensure all gems are installed, including webrat (but its only included in test mode).

Will install everything except webrat.


33/86

$bundlecheck

ChecktoseeifallthedependenciesareavailablefortheGemfile

$bundleshow

ShowsalllibrarieswhichareincludedbytheGemfileandtheirdependencies

$bundleshow

Showswherethegemislocatedinourfilesystem

$bundleopen

Willopenthegemsourceinourdefaulteditor


34/86

$bundle

I locally run

When I download a new application

Specifiesexactgemversionsmyapplica@onisrunning

When I deploy my application

$bundle

I run on the server

When my application is going live

$bundle

on the server

InstallsgemslistedinGemfile.lockratherthenGemfile

Gemfile.lock Check into Source Control


35/86

Gemfile vs Gemfile.lock

Gemfile

Gemfile.lock

$bundle

nokogiri 1.4.1

released!

$bundle

$bundleupdateGEMremote:http://rubygems.org/specs:

capistrano(2.5.18)

highlinenet-scp(>=1.0.0)

net-sftp(>=2.0.0)net-ssh(>=2.0.14)net-ssh-gateway(>=1.0.0)

nokogiri(1.4.0)

sqlite3-ruby(1.2.5)

nokogiri(1.4.1)

RecreatestheGemfile.lockandrunsbundletoinstall

newdependencies

$bundleupdatenokogiri

gem'sqlite3-ruby',:require=>'sqlite3'

source'http://rubygems.org'

gem'capistrano'

gem'nokogiri','>=1.4.0'


36/86

$bundlepackage

Copiesallgemstoyour

/vendor/cachedirectory

$bundle

Willinstallgemsfromthe

/vendor/cachedirectory

On the serverRun locally

But I dont want to rely on external servers for deployment


37/86

http://gembundler.com

For more information


38/86

ActionController::Metal

AbstractController::Base

Assigns

Callbacks

Collector

Helpers

Layouts

Logger

Rendering

Translation

ViewPaths

ActionController::Base

Cookies

Exceptions

Flash

Helpers

Redirecting

RenderingResponder

UrlFor

..... (lots more)

abstract

abstract

abstract

AbstractController Namespace

ActionController Namespace

includes

New ActionController Syntax


39/86

classUsersController < ApplicationControllerdefindex

@users=User.all

respond_todo |format|format.html

format.xml { render:xml => @users.to_xml } end end

Regular SyntaxNew ActionController Syntax

defshow @user=User.find(params[:id])

respond_todo |format|format.html # show.html.erbformat.xml { render:xml => @user }

end

end...



40/86

classUsersController < ApplicationController


respond_to

defindex @users=User.all

end...

end

:html, :xml, :json

respond_with(@users)

respond_with(@user)

defshow @user=User.find(params[:id])

Improved Syntax


41/86

Bundler & ActionControllerTutorial - Lab #2

R il 3 R C


42/86



Workshop - Lab #2

ActionMailer

Workshop - Lab #3


Workshop - Lab #4

XSS & UJS

Workshop - Lab #5



43/86

ActionMailerMikelLindsaar

New ActionMailer Syntax


44/86


createapp/models/user_mailer.rb

Rails 2

Rails 3

$script/generatemailerUserMailerwelcomeforgot_password

createapp/mailers/user_mailer.rb

$railsgmailerUserMailerwelcomeforgot_password



45/86


Rails 2

Rails 3

defwelcome(user, subdomain)

subject 'Welcome to TestApp'recipients user.email

from '[email protected]'

body :user => user, :subdomain => subdomain end

defwelcome(user, subdomain)

@user= user @subdomain= subdomain

mail(:from => "[email protected]",

:to => user.email,:subject => "Welcome to TestApp")

end

UserMailer.deliver_welcome(user, subdomain)

UserMailer.welcome(user, subdomain).deliver



46/86


Rails 3classUserMailer < ActionMailer::Base

defwelcome(user, subdomain) @user= user

@subdomain= subdomain

mail(:to => @user.email, :subject => "Welcome to TestApp")

end

end

attachments['test.pdf'] =File.read("#{Rails.root}/public/test.pdf")

do |format|

format.html { render'other_html_welcome' }

format.text { render'other_text_welcome' }end

default :from => "[email protected]",

welcome.text.erbwelcome.html.erbDefaults

:reply_to => "[email protected]",

"X-Time-Code" => Time.now.to_i.to_s


47/86

ActionMailerTutorial - Step #3

R il 3 R C


48/86



Workshop - Lab #2

ActionMailer

Workshop - Lab #3


Workshop - Lab #4

XSS & UJS

Workshop - Lab #5



49/86

ActiveRelation

replaces the internal ad-hocquery generation with

query generation based on relational algebra.

NickKallen

ActiveRelation


50/86

@posts=Post.find(:all, :conditions => {:published => true})

@posts=Post.where(:published => true)

returns an ActiveRecord::Relation

returns an Array of Posts

immediately queries the db

doesnt query the db

Rails 2

Rails 3

ActiveRelation

ActiveRelation


51/86


if params[:order] @[email protected](params[:order])end

@posts.each do |p|...

endQueryrunsh

ere

ActiveRelation

Lazy Loading

ActiveRelation


52/86


if params[:order] @[email protected](params[:order])end


@[email protected](params[:order])

@posts=Post.where(:published => true).order(params[:order])

ActiveRelation

ActiveRelation


53/86

@posts=Post.where(:published => true).order(params[:order])

posts =Post.order(params[:order])@published= posts.where(:published => true)@unpublished= posts.where(:published => false)

This is obviously a bad example

@published= Post.published@unpublished= Post.unpublished

ActiveRelation

ActiveRelation


54/86

@published= Post.published@unpublished= Post.unpublished@published= Post.published@unpublished= Post.unpublished

classPost < ActiveRecord::Base

default_scope:order => 'title'

named_scope:published, :conditions => {:published => true} named_scope:unpublished, :conditions => {:published => false}

end

classPost < ActiveRecord::Base

default_scope order('title')

scope :published, where(:published => true)

scope :unpublished, where(:published => false)

end

Rails 2

Rails 3

ActiveRelation

ActiveRelation


55/86

where(:conditions)having(:conditions)

select

group

orderlimit

offset

joins

includes(:include)

lock

readonly

from

New Finder Methods

ActiveRelation

ActiveRelation


56/86

Post.find(:all, :conditions => {:author => "Joe"}, :includes => :comments,

:order => "title", :limit => 10)

Post.where(:author => "Joe").include(:comments).order(:title).limit(10).all

ActiveRelation

Rails 2

Rails 3


57/86

ActiveModel

ActiveModel API

ActiveModel Helper Modules

Old ActiveRecord Stack


58/86

Old ActiveRecord Stack

CalculationsDirty

Migrations

NamedScope

SchemaFixtures

Transactions

Serialization

Associations

Callbacks

ActiveModel

Attribute Methods

Callbacks

Dirty

ErrorsNaming

Observing

Serialization

Translation

Validations

ActiveModel


59/86

Attribute Methods

Callbacks

Dirty

Errors

Naming

Observing

Serialization

Translation

Validations

before_create:authenticate

before_save:send_email around_create:log

person.changed?person.name_changed?person.name_was

person.name_change

validates_presence_of:emailvalidates_length_of:name, :within => 3..20

validates_inclusion_of:salary, :in => 50000..200000

person =Person.newperson.serializable_hashperson.to_json

person.to_xml


60/86

ActiveModel

Attribute Methods

Callbacks

Dirty

Errors

Naming

Observing

Serialization

Translation

Validations

Validations without db


61/86

classApplicant

includeActiveModel::Validations

validates_presence_of:name, :email

attr_accessor:name, :email

end

>> a.name = "Gregg"

=> "Gregg"

>> a.valid?

=> false

>> a.errors=> {:email=>["can't be blank"]}

>> a.email = "[email protected]"

=> "[email protected]"

>> a.valid?

=> true

>> a = Applicant.new

=> #

Serialization without db


62/86

classApplicant includeActiveModel::Serializers::JSON

attr_accessor:namedefattributes

@attributes||= {:name => 'nil'} endend

>> a = Applicant.new

=> #

>> a.name = "Gregg"=> "Gregg"

>> a.to_json

=> "{\"name\":\"Gregg\"}"


63/86

ActiveRelation & ActiveModelTutorial - Lab #4



64/86


Workshop - Lab #1


Workshop - Lab #2

ActionMailer

Workshop - Lab #3


Workshop - Lab #4

XSS & UJS

Workshop - Lab #5



65/86

Cross Site ScriptingXSS

Cross-Site Scripting (XSS)


66/86

Cross Site Scripting (XSS)

Rails 2

Rails 3

Rails 2

Rails 3

(unsafe)

(unsafe)

(safe)

(safe)


67/86

(unsafe)

moduleActionViewmoduleHelpers

moduleRawOutputHelper defraw(stringish)

stringish.to_s.html_safe end end

endend

action_view/helpers/raw_output_helper.rb

(unsafe)

Returns a String which is assumed to be

safe and will not be escaped again

>> s.html_safe?

=> false

>> s = "Yo!"

=> "Yo!"

>> s = s.html_safe

=> "Yo!"

>> s.html_safe?

=> true



68/86


Rails 2

Rails 3

Rails 3

No escaping done on user input

Vulnerable to attack!!



69/86


Safe!


70/86

Unobtrusive JavascriptUJS

Adopting Unobtrusive Javascript


71/86

data-method

data-confirm

data-remote

data-disable-with

HTML 5 custom data attributes

Custom data attributes are intended to store custom data private to the page orapplication, for which there are no more appropriate attributes or elements

data-*



72/86

post %>

true %>

Show

Show

Rails 2

Rails 3



73/86

true) do |f| %>

Rails 2

Rails 3



74/86

:delete %>

Destroy

Destroy

Rails 2 Rails 3



75/86

'Are you sure?', :method => :delete %>

Destroy

Destroy

Rails 2 Rails 3



76/86

"Please wait..." %>

"Please wait..." %>

Rails 2

Rails 3



77/86

data-method

data-confirm

data-remote

data-disable-with

HTML 5 custom data attributes

/public/javascripts/rails js


78/86

/public/javascripts/rails.js

var message =event.element().readAttribute('data-confirm'); if (message) { // ... Do a confirm box

}

var element =event.findElement("a[data-remote]"); if (element) { // ... Do the AJAX call

}

var element =event.findElement("a[data-method]"); if (element) { // ... Create a form

}});

document.observe("dom:loaded", function() {

$(document.body).observe("click", function(event) {

jQuery in Rails?


79/86

http://github.com/rails/jquery-ujs

$('a[data-confirm],input[data-confirm]').live('click', function () {

// ... Do a confirm box

});

$('form[data-remote]').live('submit', function (e) { // ... Do an AJAX call

});

Deprecated Methods


80/86

p

http://github.com/rails/prototype_legacy_helper

link_to_remote

remote_form_for

observe_field

observe_form

form_remote_tag

button_to_remote

submit_to_remote

link_to_function

periodically_call_remote

prototype_legacy_helper

Cross-site Request Forgery


81/86

Rails 3Rails 2classApplicationController < ActionController::Base

protect_from_forgery

end

Hacker site Your site

Rails 2

Rails 3

(in your layout)

rails.js unobtrusively adds the token


82/86

XSS & UJSTutorial - Lab #5



83/86


Workshop - Lab #1


Workshop - Lab #2

ActionMailer

Workshop - Lab #3


Workshop - Lab #4

XSS & UJS

Workshop - Lab #5

p

Internal APIs


84/86

Generators

(that we didnt cover)Internal APIs

ActiveModel API

ActionController Modularity

Railties

Custom Validations


85/86

name author URL

rainbow of 80s toys merwinglittle dear http://www.flickr.com/photos/merwing/2152164258/

Notting Hill Gate Eole http://www.flickr.com/photos/eole/942309733/

Das Licht Small http://www.flickr.com/photos/small/62713023/

Metro Genova opti mystic http://www.flickr.com/photos/miiilio/2503634282/

Immobility Dilemna gilderic http://www.flickr.com/photos/gilderic/3528157964/

train station nolifebeforecoffee http://www.flickr.com/photos/nolifebeforecoffee/1803584805/

Mystical station Jsome1 http://www.flickr.com/photos/jsome1/2226394415/

Railswaystation Pieter Musterd http://www.flickr.com/photos/piet_musterd/2233025691/

The Handover MarkyBon http://www.flickr.com/photos/markybon/152769885/

EN57 magro_kr http://www.flickr.com/photos/iks_berto/1328682171/

Adirondack Extreme Mikey Roach http://www.flickr.com/photos/mikeroach/4576888456/

IMG_1242 khoogheem http://www.flickr.com/photos/khoogheem/3534078991/

Creative Commons

ll k


86/86

Gregg [email protected]

http://envylabs.com

http://ruby5.envylabs.comRuby5 Podcast

If you need help with a Rails 3

project, feel free to give us a call

Presentation by:

Nathaniel [email protected]

Thomas [email protected]

Jacob [email protected]

Tyler [email protected]

Mark [email protected]

Caike SouzaCaike@EnvyLabs com

The Rails 3 Ropes Course Presentation

Documents

Transcript of The Rails 3 Ropes Course Presentation