This is the 5th of 8 presentations given at University of Texas during my Beginner to Builder Rails 3 Class. For more info and the whole series including video presentations at my blog:
http://schneems.com/tagged/Rails-3-beginner-to-builder-2011
4. RESTful
REpresentational State Transfer
• The state of the message matters
• Different state = different message
“You Again?” “You Again?”
@Schneems
Friday, July 8, 2011
5. RESTful
REpresentational State Transfer
• Rails Maps Actions to HTTP Methods
• GET - index, show, new
• PUT - update
• POST - create
• DELETE - destroy
@Schneems
Friday, July 8, 2011
6. Ruby convention
• Documentation
• ClassName#MethodName
class Dog
def show
...
end
end
• Dog#show
@Schneems
Friday, July 8, 2011
7. Routes
routes.rb
resources :dogs
• Routes
• Connect controller actions to URLs
• Example: /dogs/show/2
• Will call DogsController#show
• Pass params[:id] = 2
resources sets up {index, new, create, destroy, edit, update} routes
@Schneems
Friday, July 8, 2011
9. Routes
• routes.rb routes.rb
• Specify resources resources :dogs
• forget a route?
• run rake routes
helper Verb Path Action Controller
dogs GET /dogs(.:format) {:action=>"index", :controller=>"dogs"}
dog POST /dogs(.:format) {:action=>"create", :controller=>"dogs"}
new_dog GET /dogs/new(.:format) {:action=>"new", :controller=>"dogs"}
edit_dog GET /dogs/:id/edit(.:format) {:action=>"edit", :controller=>"dogs"}
dog GET /dogs/:id(.:format) {:action=>"show", :controller=>"dogs"}
PUT /dogs/:id(.:format) {:action=>"update", :controller=>"dogs"}
DELETE /dogs/:id(.:format) {:action=>"destroy", :controller=>"dogs"}
@Schneems
Friday, July 8, 2011
10. Routes
Source: http://peepcode.com
@Schneems
Friday, July 8, 2011
11. Routes
• dog_path(@dog) (PUT)
• dogs_path (GET)
• dog_path(@dog) (GET)
• dog_path(@dog) (DELETE)
• dogs_path (POST)
Name That Action!
1.Find the Verb
2.Plural or Singular?
3.object.id or no args?
@Schneems
Friday, July 8, 2011
12. Routes
• dog_path(@dog) (PUT) Update
• dogs_path (GET) Index
• dog_path(@dog) (GET) Show
• dog_path(@dog) (DELETE) Destroy
• dogs_path (POST) Create
Name That Action!
1.Find the Verb
2.Plural or Singular?
3.object.id or no args?
@Schneems
Friday, July 8, 2011
13. Routes
• How do I define http://localhost:3000/ ?
• Root of your application
routes.rb
root :to => "dogs#index"
@Schneems
Friday, July 8, 2011
14. Routes
• Custom route
• when resources don’t do enough use “match”
• Define custom helpers using :as =>
match '/foobar/' => 'foo#search', :as => :search
• Use route in view as search_path
http://guides.rubyonrails.org/routing.html
@Schneems
Friday, July 8, 2011
15. New - Active Record
# New does not save the object
dog = Dog.new(:name => "fido")
dog.id
>> nil
dog.name
>> "fido"
dog.new_record?
>> true
# must manually call save
dog.save
>> true
dog.id
>> 1
@Schneems
Friday, July 8, 2011
16. Create - Active Record
# Create does save the object
dog = Dog.create(:name => "lassie")
dog.id
>> 1
dog.name
>> "lassie"
dog.new_record?
>> false
@Schneems
Friday, July 8, 2011
17. Data Flow
• How do I get data from Server?
• Controller to View
• Instance Variables - @dog
• How do I get data from browser to server?
• View to Controller
• forms, links, buttons
def create <%= @dog.name %>
@dog = Dog.create(params[... ...
end
@Schneems
Friday, July 8, 2011
18. Data Flow
• View to Controller (modify @variable)
• View has @variable which has ID and
attributes
• Pass @variable.id and new attributes to
controller
• Controller finds object by the ID
• modifies attributes and saves data
<%= form_for(@dog) do |f| %> def create
... @dog = Dog.create(params[...
<% end %> end
@Schneems
Friday, July 8, 2011
19. link_to
• Send data using links
@dog = Dog.find(:id => 2)
<%= link_to 'Some Action', @dog %>
• link_to generates a link
• Calls a Controller Method
• Passes data
@Schneems
Friday, July 8, 2011
20. link_to
• link_to can take a path directly
<%= link_to 'Link Text', “/dogs” %>
or
<%= link_to 'Link Text', dogs_path %>
• So can form_for, form_tag, button_to ...
@Schneems
Friday, July 8, 2011
21. link_to
• path object is not needed if using a
ruby
helper
@dog = Dog.new
<%= link_to 'Link Text', @dog %>
# => DogsController#new
@dog = Dog.where(:name => "fido")
<%= link_to 'Link Text', @dog %>
# => DogsController#show
@Schneems
Friday, July 8, 2011
22. link_to
• What data does the controller see ?
<%= link_to 'Link Text', dog_path(@dog) %>
def show
dog_id = params[:id]
Dog.where(:id => dog_id)
...
end
• params returns a hash passed via
http request
@Schneems
• :id is the key passed from @dogs
Friday, July 8, 2011
23. link_to def show
dog_id = params[:id]
Dog.where(:id => dog_id)
...
end
• Why only pass ID?
• minimize data sent to and from server
• decouple data sent from object
• security & continuity
• http methods don’t natively accept
ruby objects
@Schneems
Friday, July 8, 2011
24. link_to
• Can I send other stuff besides ID?
• You betcha!
<%= link_to "Link Text", search_path(:foo => {:bar => 42} )%>
meaning_of_life = params[:foo][:bar]
• pass additional info into
view_helper arguments
• all data is stored in params
@Schneems
Friday, July 8, 2011
25. button_to
• like link_to except renders as a
button
• default HTTP for buttons method is
POST
<%= button_to "Link Text", search_path(:foo => {:bar => 42} )%>
@Schneems
Friday, July 8, 2011
26. form_for
• form_for - view_helper
• generates form for object
<%= form_for(@dog) do |f| %>
Controller View <div class="field">
<%= f.label :fur_color %><br />
@dog = Dog.new
<%= f.text_field :fur_color %>
</div>
@dog.fur_color
...
<div class="actions">
<%= f.submit %>
</div>
<% end %>
@Schneems
Friday, July 8, 2011
27. form_for
• form_for - view_helper
• Uses object’s current state for
submit path
Controller View
@dog = Dog.new <%= form_for(@dog) do |f| %>
<div class="field">
<%= f.label :fur_color %><br />
<%= f.text_field :fur_color %>
</div>
...
@dog is a new Dog, <div class="actions">
<%= f.submit %>
so the form will </div>
default to calling the <% end %>
create action
@Schneems
Friday, July 8, 2011
28. form_tag
• form_tag - view_helper
• generates form with no object
• needs a path
Routes
• Path is set in routes.rb
match '/search/' => 'foo#search', :as => :search
View <% form_tag search_path do %>
Search:
<%= text_field_tag 'query' %>
<%= submit_tag 'Go!!'%>
<% end %>
@Schneems
Friday, July 8, 2011
29. Controller Methods
• Why create & new?
• New then Create
dogs_controller.rb app/views/dogs/new.html.erb
def new <%= form_for(@dog) do |f| %>
@dog = Dog.new ...
end <% end %>
dogs_controller.rb app/views/dogs/create.html.erb
def create
<%= @dog.name %>
@dog = Dog.create(params[...
...
end
@Schneems
Friday, July 8, 2011
30. Controller Methods
• What if I want extra actions?
• Use Index for other stuff ( like
search)
• Create your own if you have to
def my_crazy_custom_method
puts "This is OK, but not desirable"
end
index, new, create, destroy, edit, & update not enough?
@Schneems
Friday, July 8, 2011
31. Controller Methods
• What if I run out of methods
• Already used index, new, create, destroy, edit, & update
• Create a new controller !
• DogRacesController
• DogGroomerController
• etc.
multiple controllers per heavily used models is normal
@Schneems
Friday, July 8, 2011
32. Data Flow
• How do I get data from browser to
server?
• Forms
• form_for
• form_tag
• Links
• Buttons
@Schneems
Friday, July 8, 2011
33. Recap
• Lots of view helpers take data from view to
controller
• Pick the one that best suits your needs
• Run out of Routes to use?
• generate a new controller
• Forget a route
• Run: rake routes
@Schneems
Friday, July 8, 2011
35. Crypto Hashes
• A functionfixed length any input and
returns a
that takes
string
Passwo
• function is not reversible
• minor changes in input
rds
• major changes in output a12n2
912348...
• Examples: MD5, SHA1, SHA256
@Schneems
Friday, July 8, 2011
36. Crypto Hashes
• Different input
• Different output
ss
ffPa
myPass
i
myD
A12D
P29...
34U...
!= BG123
@Schneems
Friday, July 8, 2011
37. Crypto Hashes
• Same input
• Same output
ass
myPass
myP
A12D 4U...
==A
34U... 12D3
@Schneems
Friday, July 8, 2011
38. Crypto Hashes
• How does this help with user
authentication?
• passwords shouldn’t be stored in a
database
• store crypto-hash instead
• The same input produce the same output
• Compare hashed password to stored hash
@Schneems
Friday, July 8, 2011
39. Crypto Hashes
• Good for more than just users!
• Comparing large datasets for equality
• Authenticate downloaded files,
@Schneems
Friday, July 8, 2011
40. Crypto Hashes
• Considerations
• Collisions - happen
• Rainbow tables - exist
• Timing Attacks - are not impossible
• Don’t use MD5
• Helpful techniques
• “salt” your hashed data
• hash your Hash
@Schneems
Friday, July 8, 2011
41. Crypto Hashes
• Are Awesome
• Are Useful
@Schneems
Friday, July 8, 2011
42. Authlogic
• Authentication Gem
• Don’t write your own authentication
• Good for learning, but in production use a
library
gem install authlogic
@Schneems
Friday, July 8, 2011
43. Authlogic
class User < ActiveRecord::Base
acts_as_authentic
end
class UserSession < Authlogic::Session::Base
end
• Very flexible, lightweight, and modular
• Doesn’t generate code, examples are online
@Schneems
Friday, July 8, 2011
44. Routes
• They’re kindof important
(like, really really important)
@Schneems
Friday, July 8, 2011
45. Questions?
http://guides.rubyonrails.org
http://stackoverflow.com
http://peepcode.com
@Schneems
Friday, July 8, 2011