Changes and new features

Март 9, 2021

Главная
Информатика
Changes and new features

Содержание

2. Engine Yard - www.engineyard.com Multiple separations and deprecations HTTP semantics changes More security features Lots of
3. Engine Yard - www.engineyard.com Ruby 1.9.3 minimum 2.0 recommended Rails 5.x will require >= 2.0 so
4. Engine Yard - www.engineyard.com Saying goodbye...
5. Engine Yard - www.engineyard.com vendor/plugins - use gems instead ActiveResource https://github.com/rails/activeresource Hash-based/dynamic finder methods https://github.com/rails/activerecord-deprecated_finders ActiveRecord::SessionStore
6. Engine Yard - www.engineyard.com PATCH
7. Engine Yard - www.engineyard.com HTTP says that a PUT request represents a complete representation of a
8. Engine Yard - www.engineyard.com config.thread_safe is on by default Still should try a truly threaded interpreter/server
9. Engine Yard - www.engineyard.com Click to edit Master text styles STRONG PARAMETERS
10. Engine Yard - www.engineyard.com Strong Parameters Before:
11. Engine Yard - www.engineyard.com Strong Parameters After:
12. Engine Yard - www.engineyard.com Strong Parameters Why is this better? Puts sanitization focus on user input
13. Engine Yard - www.engineyard.com Encrypted Cookies New cookie store: “encrypted_cookie_store” Now the default in Rails 4
14. Engine Yard - www.engineyard.com Default Headers config.action_dispatch.default_headers = { 'X-Frame-Options' => 'SAMEORIGIN', 'X-XSS-Protection' => '1; mode=block',
15. Engine Yard - www.engineyard.com THE ELEPHANT IN THE ROOM
16. Engine Yard - www.engineyard.com Rails Rails 4 includes support for PostgreSQL datatypes: hstore arrays INET CIDR
17. Engine Yard - www.engineyard.com PostgreSQL hstore CREATE EXTENSION hstore; Or enable_extension "hstore" in migrations Like serialized
18. Engine Yard - www.engineyard.com PostgreSQL Array create_table :foos do |t| t.integer :int_array, array: true t.string :string_array,
19. Engine Yard - www.engineyard.com INET, CIDR, MACADDR create_table :networks do |t| t.cidr :cidr_address t.inet :ip_address t.macaddr
20. Engine Yard - www.engineyard.com Using a UUID Enable the uuid-ossp extension create_table :name, id: :uuid {
21. Engine Yard - www.engineyard.com TURBOLINKS ZOOM ZOOM!
22. Engine Yard - www.engineyard.com CAVEAT EMPTOR: May break some of your javascript Various event listeners may
23. Engine Yard - www.engineyard.com Disabling Turbolinks Remove from Gemfile Remove from application.js bundle https://github.com/rails/turbolinks
24. Engine Yard - www.engineyard.com CACHE MONEY
25. Engine Yard - www.engineyard.com Cache Digests Forget bumping version numbers in your cache. On application start,
26. Engine Yard - www.engineyard.com Click to edit Master text styles T FOR SCIENCE
27. Engine Yard - www.engineyard.com New Default Test Locations
28. Engine Yard - www.engineyard.com LIVE STREAMING
29. Engine Yard - www.engineyard.com Is it live? Stream response to the browser Needs multi-threaded application server
30. Engine Yard - www.engineyard.com Stuff NOT Shipping Background Queuing Asynchronous ActionMailer where.like / where.not_like
31. Engine Yard - www.engineyard.com Upgrading PAY ATTENTION to deprecation warnings Have a *really* good set of
33. Скачать презентацию

Engine Yard - www.engineyard.com
Multiple separations and deprecations
HTTP semantics changes
More security features
Lots of

cool PostgreSQL integration

Overview

Engine Yard - www.engineyard.com
Ruby 1.9.3 minimum
2.0 recommended
Rails 5.x will require >= 2.0

so might as well upgrade now
Many deprecated items are now separate gems
May not be compatible with Rails 4.1
Use only as a bridge; make sure to get rid of uses of the old stuff
PATCH verb (instead of PUT)
PATCH :update, article: { author: “foo”, title: “bar”, body: “blah” }
“Strong Parameters”
Thread Safe by default

Changes

Слайд 4

Engine Yard - www.engineyard.com
Saying goodbye...

Слайд 5

Engine Yard - www.engineyard.com
vendor/plugins - use gems instead
ActiveResource
https://github.com/rails/activeresource
Hash-based/dynamic finder methods
https://github.com/rails/activerecord-deprecated_finders
ActiveRecord::SessionStore
https://github.com/rails/activerecord-session_store
Observers
https://github.com/rails/rails-observers
Page and Action

Caching
https://github.com/rails/actionpack-action_caching
https://github.com/rails/actionpack-page_caching

Removed in 4.0

Слайд 6

Engine Yard - www.engineyard.com
PATCH

Слайд 7

Engine Yard - www.engineyard.com
HTTP says that a PUT request represents a complete

representation of a resource.
Ergo, we’ve been using PUT wrong. We rarely pass a whole resource to a controller on edits - just the changed bits.

Solution: use PATCH instead. PATCH sends up just what’s changed.

HTTP PATCH

Слайд 8

Engine Yard - www.engineyard.com
config.thread_safe is on by default
Still should try a truly

threaded interpreter/server
JRuby/Rubinius + Puma, Passenger Enterprise

THREAD SAFETY

Слайд 9

Engine Yard - www.engineyard.com
Click to edit Master text styles
STRONG PARAMETERS

Слайд 10

Engine Yard - www.engineyard.com
Strong Parameters
Before:

Слайд 11

Engine Yard - www.engineyard.com
Strong Parameters
After:

Слайд 12

Engine Yard - www.engineyard.com
Strong Parameters
Why is this better?
Puts sanitization focus on user

input vector - the controller
Frees up the developer to work with the data model uninhibited
Criticisms:
Breaks the idea that you should be able to throw ANYTHING at an object and it knows what to do with it.
Nested attributes can be a pain in the rear.

Слайд 13

Engine Yard - www.engineyard.com
Encrypted Cookies
New cookie store: “encrypted_cookie_store”
Now the default in Rails

4
Encrypts cookies before being sent to the client, decrypts received cookies
Prevents user tampering
Not a complete security solution.
MIGHT annoy the NSA.

Image credit: Electronic Frontier Foundation - eff.org

Слайд 14

Engine Yard - www.engineyard.com
Default Headers
config.action_dispatch.default_headers = {
'X-Frame-Options' => 'SAMEORIGIN',
'X-XSS-Protection' => '1; mode=block',
'X-Content-Type-Options'

$Engine Yard - www.engineyard.com Default Headers config.action_dispatch.default_headers = { 'X-Frame-Options' => 'SAMEORIGIN',$

=> 'nosniff'
}

Include default headers with each response coming from Rails.

Слайд 15

Engine Yard - www.engineyard.com
THE ELEPHANT IN THE ROOM

Слайд 16

Engine Yard - www.engineyard.com
Rails <3 PostgreSQL
Rails 4 includes support for PostgreSQL datatypes:
hstore
arrays
INET
CIDR
MACADDR
uuid

Engine Yard - www.engineyard.com Rails Rails 4 includes support for PostgreSQL datatypes:

Слайд 17

Engine Yard - www.engineyard.com
PostgreSQL hstore
CREATE EXTENSION hstore;
Or enable_extension "hstore" in migrations
Like serialized

columns, but more efficient (not a text field)
GIST or GIN indexes
Read the PostgreSQL docs to figure out which is right for you
Querying is a little weird
User.where(“preferences @> ‘theme=>black’”)
Available in 3.2 through activerecord-postgres-hstore gem

Слайд 18

Engine Yard - www.engineyard.com
PostgreSQL Array
create_table :foos do |t|
t.integer :int_array, array: true

t.string :string_array, array: true
end

foo = Foo.new
foo.int_array = [1, 2, 3, 4, 5]
foo.save

Слайд 19

Engine Yard - www.engineyard.com
INET, CIDR, MACADDR
create_table :networks do |t|
t.cidr :cidr_address
t.inet

:ip_address
t.macaddr :mac_address
end

cidr, inet both come out as a native Ruby IPAddr object
macaddr treated as a string

Слайд 20

Engine Yard - www.engineyard.com
Using a UUID
Enable the uuid-ossp extension
create_table :name, id: :uuid

{ |t| ... }

Слайд 21

Engine Yard - www.engineyard.com
TURBOLINKS
ZOOM ZOOM!

Слайд 22

Engine Yard - www.engineyard.com
CAVEAT EMPTOR:
May break some of your javascript
Various event listeners

may need to be changed
Speed improvement depends on how much JS/CSS you have

Turbolinks

Swaps out contents with what should’ve been rendered by the server
Avoids the need to reload all the CSS/JS again
On by default, easily disabled
Makes everything look faster

Слайд 23

Engine Yard - www.engineyard.com
Disabling Turbolinks
Remove from Gemfile
Remove from application.js
bundle
https://github.com/rails/turbolinks

Слайд 24

Engine Yard - www.engineyard.com
CACHE MONEY

Слайд 25

Engine Yard - www.engineyard.com
Cache Digests
Forget bumping version numbers in your cache.
On application

start, computes MD5 sum of cache content and stores the sum as a key; when the content changes, the MD5 sum changes thus invalidating the cache.

<% cache [‘v3’, comment] do %>
My comment: <%= comment.body %>
<% end %>

<% cache comment do %>
My comment: <%= comment.body %>
<% end %>

BEFORE

AFTER

Слайд 26

Engine Yard - www.engineyard.com
Click to edit Master text styles
T
FOR SCIENCE

Слайд 27

Engine Yard - www.engineyard.com
New Default Test Locations

Слайд 28

Engine Yard - www.engineyard.com
LIVE STREAMING

Слайд 29

Engine Yard - www.engineyard.com
Is it live?
Stream response to the browser
Needs multi-threaded application

server
e.g. Puma, Thin, Passenger Enterprise
Putting it behind a non-GIL addled interpreter also advised
Not a lot of examples in the wild yet
May not work on IE. :-(

class MyController < ApplicationController include ActionController::Live def index 100.times { response.stream.write "hello world\n" } response.stream.close endend

Example from http://tenderlovemaking.com/2012/07/30/is-it-live.html

Слайд 30

Engine Yard - www.engineyard.com
Stuff NOT Shipping
Background Queuing
Asynchronous ActionMailer
where.like / where.not_like

Слайд 31

Engine Yard - www.engineyard.com
Upgrading
PAY ATTENTION to deprecation warnings
Have a really good set

of tests and as high coverage as possible
Take it in stages, by sprints
3.2 -> 4.0 will be easiest upgrade path

Changes and new features

Содержание

Engine Yard - www.engineyard.comMultiple separations and deprecationsHTTP semantics changesMore security featuresLots of

Engine Yard - www.engineyard.comRuby 1.9.3 minimum2.0 recommendedRails 5.x will require >= 2.0

Engine Yard - www.engineyard.comSaying goodbye...

Engine Yard - www.engineyard.comPATCH

Engine Yard - www.engineyard.comHTTP says that a PUT request represents a complete

Engine Yard - www.engineyard.comconfig.thread_safe is on by defaultStill should try a truly

Engine Yard - www.engineyard.comClick to edit Master text stylesSTRONG PARAMETERS

Engine Yard - www.engineyard.comStrong ParametersBefore:

Engine Yard - www.engineyard.comStrong ParametersAfter:

Engine Yard - www.engineyard.comStrong ParametersWhy is this better?Puts sanitization focus on user

Engine Yard - www.engineyard.comEncrypted CookiesNew cookie store: “encrypted_cookie_store”Now the default in Rails

Engine Yard - www.engineyard.comDefault Headersconfig.action_dispatch.default_headers = {'X-Frame-Options' => 'SAMEORIGIN','X-XSS-Protection' => '1; mode=block','X-Content-Type-Options'

Engine Yard - www.engineyard.comTHE ELEPHANT IN THE ROOM

Engine Yard - www.engineyard.comRails <3 PostgreSQLRails 4 includes support for PostgreSQL datatypes:hstorearraysINETCIDRMACADDRuuid

Engine Yard - www.engineyard.comPostgreSQL hstoreCREATE EXTENSION hstore;Or enable_extension "hstore" in migrationsLike serialized

Engine Yard - www.engineyard.comPostgreSQL Arraycreate_table :foos do |t| t.integer :int_array, array: true

Engine Yard - www.engineyard.comINET, CIDR, MACADDRcreate_table :networks do |t| t.cidr :cidr_address t.inet

Engine Yard - www.engineyard.comUsing a UUIDEnable the uuid-ossp extensioncreate_table :name, id: :uuid

Engine Yard - www.engineyard.comTURBOLINKSZOOM ZOOM!

Engine Yard - www.engineyard.comCAVEAT EMPTOR:May break some of your javascriptVarious event listeners

Engine Yard - www.engineyard.comDisabling TurbolinksRemove from GemfileRemove from application.jsbundlehttps://github.com/rails/turbolinks

Engine Yard - www.engineyard.comCACHE MONEY

Engine Yard - www.engineyard.comCache DigestsForget bumping version numbers in your cache.On application

Engine Yard - www.engineyard.comClick to edit Master text stylesTFOR SCIENCE

Engine Yard - www.engineyard.comNew Default Test Locations

Engine Yard - www.engineyard.comLIVE STREAMING

Engine Yard - www.engineyard.comIs it live?Stream response to the browserNeeds multi-threaded application

Engine Yard - www.engineyard.comStuff NOT ShippingBackground QueuingAsynchronous ActionMailerwhere.like / where.not_like

Engine Yard - www.engineyard.comUpgradingPAY ATTENTION to deprecation warningsHave a *really* good set

Похожие презентации