diff options
Diffstat (limited to 'railties')
26 files changed, 444 insertions, 87 deletions
diff --git a/railties/CHANGELOG.md b/railties/CHANGELOG.md index f556ee210d..960b1ed8ca 100644 --- a/railties/CHANGELOG.md +++ b/railties/CHANGELOG.md @@ -71,7 +71,7 @@ * Remove old 'config.paths.app.controller' API in favor of 'config.paths["app/controller"]' API *Guillermo Iguaran* -## Rails 3.1.4 (unreleased) ## +## Rails 3.1.4 (March 1, 2012) ## * Setting config.force_ssl also marks the session cookie as secure. @@ -203,7 +203,7 @@ * Include all helpers from plugins and shared engines in application *Piotr Sarnacki* -## Rails 3.0.12 (unreleased) ## +## Rails 3.0.12 (March 1, 2012) ## * No changes. diff --git a/railties/guides/code/getting_started/config/database.yml b/railties/guides/code/getting_started/config/database.yml index 32a998ad72..51a4dd459d 100644 --- a/railties/guides/code/getting_started/config/database.yml +++ b/railties/guides/code/getting_started/config/database.yml @@ -6,9 +6,7 @@ development: adapter: sqlite3 database: db/development.sqlite3 - # Maximum number of database connections available per process. Please - # increase this number in multithreaded applications. - pool: 1 + pool: 5 timeout: 5000 # Warning: The database defined as "test" will be erased and @@ -17,15 +15,11 @@ development: test: adapter: sqlite3 database: db/test.sqlite3 - # Maximum number of database connections available per process. Please - # increase this number in multithreaded applications. - pool: 1 + pool: 5 timeout: 5000 production: adapter: sqlite3 database: db/production.sqlite3 - # Maximum number of database connections available per process. Please - # increase this number in multithreaded applications. - pool: 1 + pool: 5 timeout: 5000 diff --git a/railties/guides/source/3_2_release_notes.textile b/railties/guides/source/3_2_release_notes.textile index d669a7fdfa..0f8fea2bf6 100644 --- a/railties/guides/source/3_2_release_notes.textile +++ b/railties/guides/source/3_2_release_notes.textile @@ -49,6 +49,18 @@ The <tt>mass_assignment_sanitizer</tt> config also needs to be added in <tt>conf config.active_record.mass_assignment_sanitizer = :strict </ruby> +h4. What to update in your engines + +Replace the code beneath the comment in <tt>script/rails</tt> with the following content: + +<ruby> +ENGINE_ROOT = File.expand_path('../..', __FILE__) +ENGINE_PATH = File.expand_path('../../lib/your_engine_name/engine', __FILE__) + +require 'rails/all' +require 'rails/engine/commands' +</ruby> + h3. Creating a Rails 3.2 application <shell> diff --git a/railties/guides/source/action_view_overview.textile b/railties/guides/source/action_view_overview.textile index 2c0b81121f..f007629207 100644 --- a/railties/guides/source/action_view_overview.textile +++ b/railties/guides/source/action_view_overview.textile @@ -535,10 +535,10 @@ h4. AssetTagHelper This module provides methods for generating HTML that links views to assets such as images, JavaScript files, stylesheets, and feeds. -By default, Rails links to these assets on the current host in the public folder, but you can direct Rails to link to assets from a dedicated assets server by setting +ActionController::Base.asset_host+ in the application configuration, typically in +config/environments/production.rb+. For example, let's say your asset host is +assets.example.com+: +By default, Rails links to these assets on the current host in the public folder, but you can direct Rails to link to assets from a dedicated assets server by setting +config.action_controller.asset_host+ in the application configuration, typically in +config/environments/production.rb+. For example, let's say your asset host is +assets.example.com+: <ruby> -ActionController::Base.asset_host = "assets.example.com" +config.action_controller.asset_host = "assets.example.com" image_tag("rails.png") # => <img src="http://assets.example.com/images/rails.png" alt="Rails" /> </ruby> diff --git a/railties/guides/source/api_app.textile b/railties/guides/source/api_app.textile new file mode 100644 index 0000000000..f2d00c5768 --- /dev/null +++ b/railties/guides/source/api_app.textile @@ -0,0 +1,276 @@ +h2. Using Rails for API-only Apps + +In this guide you will learn: + +* What Rails provides for API-only applications +* How to configure Rails to start without any browser features +* How to decide which middlewares you will want to include +* How to decide which modules to use in your controller + +NOTE: This guide reflects features that have not yet been fully implemented. Docs first :) + +endprologue. + +h3. What is an API app? + +Traditionally, when people said that they used Rails as an "API", they meant +providing a programmatically accessible API alongside their web application. +For example, GitHub provides "an API":http://developer.github.com that you can use from your own custom clients. + +With the advent of client-side frameworks, more developers are using Rails to build a backend that is shared between their web application and other native applications. + +For example, Twitter uses its "public API":https://dev.twitter.com in its web application, which is built as a static site that consumes JSON resources. + +Instead of using Rails to generate dynamic HTML that will communicate with the server through forms and links, many developers are treating their web application as just another client, delivered as static HTML, CSS and JavaScript, and consuming a simple JSON API + +This guide covers building a Rails application that serves JSON resources to an API client *or* client-side framework. + +h3. Why use Rails for JSON APIs? + +The first question a lot of people have when thinking about building a JSON API using Rails is: "isn't using Rails to spit out some JSON overkill? Shouldn't I just use something like Sinatra?" + +For very simple APIs, this may be true. However, even in very HTML-heavy applications, most of an application's logic is actually outside of the view layer. + +The reason most people use Rails is that it provides a set of defaults that allows us to get up and running quickly without having to make a lot of trivial decisions. + +Let's take a look at some of the things that Rails provides out of the box that are still applicable to API applications. + +Handled at the middleware layer: + +* Reloading: Rails applications support transparent reloading. This works even if your application gets big and restarting the server for every request becomes non-viable. +* Development Mode: Rails application come with smart defaults for development, making development pleasant without compromising production-time performance. +* Test Mode: Ditto test mode. +* Logging: Rails applications log every request, with a level of verbosity appropriate for the current mode. Rails logs in development include information about the request environment, database queries, and basic performance information. +* Security: Rails detects and thwarts "IP spoofing attacks":http://en.wikipedia.org/wiki/IP_address_spoofing and handles cryptographic signatures in a "timing attack":http://en.wikipedia.org/wiki/Timing_attack aware way. Don't know what an IP spoofing attack or a timing attack is? Exactly. +* Parameter Parsing: Want to specify your parameters as JSON instead of as a URL-encoded String? No problem. Rails will decode the JSON for you and make it available in +params+. Want to use nested URL-encoded params? That works too. +* Conditional GETs: Rails handles conditional +GET+, (+ETag+ and +Last-Modified+), processing request headers and returning the correct response headers and status code. All you need to do is use the "stale?":http://api.rubyonrails.org/classes/ActionController/ConditionalGet.html#method-i-stale-3F check in your controller, and Rails will handle all of the HTTP details for you. +* Caching: If you use +dirty?+ with public cache control, Rails will automatically cache your responses. You can easily configure the cache store. +* HEAD requests: Rails will transparently convert +HEAD+ requests into +GET+ requests, and return just the headers on the way out. This makes +HEAD+ work reliably in all Rails APIs. + +While you could obviously build these up in terms of existing Rack middlewares, I think this list demonstrates that the default Rails middleware stack provides a lot of value, even if you're "just generating JSON". + +Handled at the ActionPack layer: + +* Resourceful Routing: If you're building a RESTful JSON API, you want to be using the Rails router. Clean and conventional mapping from HTTP to controllers means not having to spend time thinking about how to model your API in terms of HTTP. +* URL Generation: The flip side of routing is URL generation. A good API based on HTTP includes URLs (see "the GitHub gist API":http://developer.github.com/v3/gists/ for an example). +* Header and Redirection Responses: +head :no_content+ and +redirect_to user_url(current_user)+ come in handy. Sure, you could manually add the response headers, but why? +* Content Negotiation: The Rails +respond_to+ and +respond_with+ features automatically figure out which MIME type to serve, based on the request's +Accept+ header and available types. If you ever need to add support for types other than JSON (XML, CSV, or some proprietary format), this will come in handy. +* Caching: Rails provides page, action and fragment caching. Fragment caching is especially helpful when building up a nested JSON object. +* Basic, Digest and Token Authentication: Rails comes with out-of-the-box support for three kinds of HTTP authentication. +* Instrumentation: Rails 3.0 added an instrumentation API that will trigger registered handlers for a variety of events, such as action processing, sending a file or data, redirection, and database queries. The payload of each event comes with relevant information (for the action processing event, the payload includes the controller, action, params, request format, request method and the request's full path). +* Generators: This may be passé for advanced Rails users, but it can be nice to generate a resource and get your model, controller, test stubs, and routes created for you in a single command. +* Plugins: Many third-party libraries come with support for Rails that reduces or eliminates the cost of setting up and gluing together the library and the web framework. This includes things like overriding default generators, adding rake tasks, and honoring Rails choices (like the logger and cache backend). + +Of course, the Rails boot process also glues together all registered components. For example, the Rails boot process is what uses your +config/database.yml+ file when configuring ActiveRecord. + +**The short version is**: you may not have thought about which parts of Rails are still applicable even if you remove the view layer, but the answer turns out to be "most of it". + +h3. The Basic Configuration + +If you're building a Rails application that will be an API server first and foremost, you can start with a more limited subset of Rails and add in features as needed. + +You can generate a new bare Rails app: + +<shell> +$ rails new my_api --api +</shell> + +This will do three main things for you: + +* Configure your application to start with a more limited set of middleware than normal. Specifically, it will not include any middleware primarily useful for browser applications (like cookie support) by default. +* Make +ApplicationController+ inherit from +ActionController::API+ instead of +ActionController::Base+. As with middleware, this will leave out any +ActionController+ modules that provide functionality primarily used by browser applications. +* Configure the generators to skip generating views, helpers and assets when you generate a new resource. + +If you want to take an existing app and make it an API app, follow the following steps. + +In +config/application.rb+ add the following lines at the top of the +Application+ class: + +<ruby> +config.middleware.api_only! +config.generators.api_only! +</ruby> + +Change +app/controllers/application_controller.rb+: + +<ruby> +# instead of +class ApplicationController < ActionController::Base +end + +# do +class ApplicationController < ActionController::API +end +</ruby> + +h3. Choosing Middlewares + +An API application comes with the following middlewares by default. + +* +Rack::Cache+: Caches responses with public +Cache-Control+ headers using HTTP caching semantics. See below for more information. +* +Rack::Sendfile+: Uses a front-end server's file serving support from your Rails application. +* +Rack::Lock+: If your application is not marked as threadsafe (+config.threadsafe!+), this middleware will add a mutex around your requests. +* +ActionDispatch::RequestId+: +* +Rails::Rack::Logger+: +* +ActionDispatch::ShowExceptions+: Rescue exceptions and re-dispatch them to an exception handling application +* +ActionDispatch::DebugExceptions+: Log exceptions +* +ActionDispatch::RemoteIp+: Protect against IP spoofing attacks +* +ActionDispatch::Reloader+: In development mode, support code reloading. +* +ActionDispatch::ParamsParser+: Parse XML, YAML and JSON parameters when the request's +Content-Type+ is one of those. +* +ActionDispatch::Head+: Dispatch +HEAD+ requests as +GET+ requests, and return only the status code and headers. +* +Rack::ConditionalGet+: Supports the +stale?+ feature in Rails controllers. +* +Rack::ETag+: Automatically set an +ETag+ on all string responses. This means that if the same response is returned from a controller for the same URL, the server will return a +304 Not Modified+, even if no additional caching steps are taken. This is primarily a client-side optimization; it reduces bandwidth costs but not server processing time. + +Other plugins, including +ActiveRecord+, may add additional middlewares. In general, these middlewares are agnostic to the type of app you are building, and make sense in an API-only Rails application. + +You can get a list of all middlewares in your application via: + +<shell> +$ rake middleware +</shell> + +h4. Using Rack::Cache + +When used with Rails, +Rack::Cache+ uses the Rails cache store for its entity and meta stores. This means that if you use memcache, for your Rails app, for instance, the built-in HTTP cache will use memcache. + +To make use of +Rack::Cache+, you will want to use +stale?+ in your controller. Here's an example of +stale?+ in use. + +<ruby> +def show + @post = Post.find(params[:id]) + + if stale?(:last_modified => @post.updated_at) + render json: @post + end +end +</ruby> + +The call to +stale?+ will compare the +If-Modified-Since+ header in the request with +@post.updated_at+. If the header is newer than the last modified, this action will return a +304 Not Modified+ response. Otherwise, it will render the response and include a +Last-Modified+ header with the response. + +Normally, this mechanism is used on a per-client basis. +Rack::Cache+ allows us to share this caching mechanism across clients. We can enable cross-client caching in the call to +stale?+ + +<ruby> +def show + @post = Post.find(params[:id]) + + if stale?(:last_modified => @post.updated_at, :public => true) + render json: @post + end +end +</ruby> + +This means that +Rack::Cache+ will store off +Last-Modified+ value for a URL in the Rails cache, and add an +If-Modified-Since+ header to any subsequent inbound requests for the same URL. + +Think of it as page caching using HTTP semantics. + +NOTE: The +Rack::Cache+ middleware is always outside of the +Rack::Lock+ mutex, even in single-threaded apps. + +h4. Using Rack::Sendfile + +When you use the +send_file+ method in a Rails controller, it sets the +X-Sendfile+ header. +Rack::Sendfile+ is responsible for actually sending the file. + +If your front-end server supports accelerated file sending, +Rack::Sendfile+ will offload the actual file sending work to the front-end server. + +You can configure the name of the header that your front-end server uses for this purposes using +config.action_dispatch.x_sendfile_header+ in the appropriate environment config file. + +You can learn more about how to use +Rack::Sendfile+ with popular front-ends in "the Rack::Sendfile documentation":http://rubydoc.info/github/rack/rack/master/Rack/Sendfile + +The values for popular servers once they are configured to support accelerated file sending: + +<ruby> +# Apache and lighttpd +config.action_dispatch.x_sendfile_header = "X-Sendfile" + +# nginx +config.action_dispatch.x_sendfile_header = "X-Accel-Redirect" +</ruby> + +Make sure to configure your server to support these options following the instructions in the +Rack::Sendfile+ documentation. + +NOTE: The +Rack::Sendfile+ middleware is always outside of the +Rack::Lock+ mutex, even in single-threaded apps. + +h4. Using ActionDispatch::ParamsParser + ++ActionDispatch::ParamsParser+ will take parameters from the client in JSON and make them available in your controller as +params+. + +To use this, your client will need to make a request with JSON-encoded parameters and specify the +Content-Type+ as +application/json+. + +Here's an example in jQuery: + +<plain> +jQuery.ajax({ + type: 'POST', + url: '/people' + dataType: 'json', + contentType: 'application/json', + data: JSON.stringify({ person: { firstName: "Yehuda", lastName: "Katz" } }), + + success: function(json) { } +}); +</plain> + ++ActionDispatch::ParamsParser+ will see the +Content-Type+ and your params will be +{ :person => { :firstName => "Yehuda", :lastName => "Katz" } }+. + +h4. Other Middlewares + +Rails ships with a number of other middlewares that you might want to use in an API app, especially if one of your API clients is the browser: + +* +Rack::SSL+: Redirects any HTTP request to HTTPS. +* +Rack::Runtime+: Adds a header to the response listing the total runtime of the request. +* +Rack::MethodOverride+: Allows the use of the +_method+ hack to route POST requests to other verbs. +* +ActionDispatch::Cookies+: Supports the +cookie+ method in +ActionController+, including support for signed and encrypted cookies. +* +ActionDispatch::Flash+: Supports the +flash+ mechanism in +ActionController+. +* +ActionDispatch::BestStandards+: Tells Internet Explorer to use the most standards-compliant available renderer. In production mode, if ChromeFrame is available, use ChromeFrame. +* Session Management: If a +config.session_store+ is supplied, this middleware makes the session available as the +session+ method in +ActionController+. + +Any of these middlewares can be adding via: + +<ruby> +config.middleware.use Rack::MethodOverride +</ruby> + +h4. Removing Middlewares + +If you don't want to use a middleware that is included by default in the API-only middleware set, you can remove it using +config.middleware.delete+: + +<ruby> +config.middleware.delete ::Rack::Sendfile +</ruby> + +Keep in mind that removing these features may remove support for certain features in +ActionController+. + +h3. Choosing Controller Modules + +An API application (using +ActionController::API+) comes with the following controller modules by default: + +* +AbstractController::Translation+: Support for the +l+ and +t+ localization and translation methods. These delegate to +I18n.translate+ and +I18n.localize+. +* +ActionController::UrlFor+: Makes +url_for+ and friends available. +* +ActionController::Redirecting+: Support for +redirect_to+ +* +ActionController::Renderers::JSON+: Support for +render :json+ +* +ActionController::ConditionalGet+: Support for +stale?+ +* +ActionController::RackDelegation+: Support for the +request+ and +response+ methods returning +ActionDispatch::Request+ and +ActionDispatch::Response+ objects. +* +ActionController::MimeResponds+: Support for content negotiation (+respond_to+, +respond_with+) +* +ActionController::DataStreaming+: Support for +send_file+ and +send_data+ +* +AbstractController::Callbacks+: Support for +before_filter+ and friends +* +ActionController::Instrumentation+: Support for the instrumentation hooks defined by +ActionController+ (see "the source":https://github.com/rails/rails/blob/master/actionpack/lib/action_controller/metal/instrumentation.rb for more). + +Other plugins may add additional modules. You can get a list of all modules included into +ActionController::API+ in the rails console: + +<shell> +$ irb +>> ActionController::API.ancestors - ActionController::Metal.ancestors +</shell> + +h4. Adding Other Modules + +All ActionController modules know about their dependent modules, so you can feel free to include any modules into your controllers, and all dependencies will be included and set up as well. + +Some common modules you might want to add: + +* +ActionController::HTTPAuthentication::Basic+ (or +Digest+ or +Token): Support for basic, digest or token HTTP authentication. +* +ActionController::Rendering+: Support for templating and +ActionView+. +* +AbstractController::Layouts+: Support for layouts when rendering. +* +ActionController::Renderers::XML+: Support for +render :xml+. +* +ActionController::Cookies+: Support for +cookies+, which includes support for signed and encrypted cookies. This requires the cookie middleware. +* +ActionController::Rescue+: Support for +rescue_from+. + +The best place to add a module is in your +ApplicationController+. You can also add modules to individual controllers. diff --git a/railties/guides/source/asset_pipeline.textile b/railties/guides/source/asset_pipeline.textile index ff2bd08602..a061c1fc16 100644 --- a/railties/guides/source/asset_pipeline.textile +++ b/railties/guides/source/asset_pipeline.textile @@ -423,12 +423,14 @@ It is important that this folder is shared between deployments so that remotely NOTE. If you are precompiling your assets locally, you can use +bundle install --without assets+ on the server to avoid installing the assets gems (the gems in the assets group in the Gemfile). -The default matcher for compiling files includes +application.js+, +application.css+ and all non-JS/CSS files (i.e., +.coffee+ and +.scss+ files are *not* automatically included as they compile to JS/CSS): +The default matcher for compiling files includes +application.js+, +application.css+ and all non-JS/CSS files (this will include all image assets automatically): <ruby> [ Proc.new{ |path| !File.extname(path).in?(['.js', '.css']) }, /application.(css|js)$/ ] </ruby> +NOTE. The matcher (and other members of the precompile array; see below) is applied to final compiled file names. This means that anything that compiles to JS/CSS is excluded, as well as raw JS/CSS files; for example, +.coffee+ and +.scss+ files are *not* automatically included as they compile to JS/CSS. + If you have other manifests or individual stylesheets and JavaScript files to include, you can add them to the +precompile+ array: <erb> @@ -456,7 +458,7 @@ config.assets.manifest = '/path/to/some/other/location' NOTE: If there are missing precompiled files in production you will get an <tt>Sprockets::Helpers::RailsHelper::AssetPaths::AssetNotPrecompiledError</tt> exception indicating the name of the missing file(s). -h5. Server Configuration +h5. Far-future Expires header Precompiled assets exist on the filesystem and are served directly by your web server. They do not have far-future headers by default, so to get the benefit of fingerprinting you'll have to update your server configuration to add them. @@ -464,6 +466,7 @@ For Apache: <plain> <LocationMatch "^/assets/.*$"> + # Use of ETag is discouraged when Last-Modified is present Header unset ETag FileETag None # RFC says only cache for 1 year @@ -484,6 +487,8 @@ location ~ ^/assets/ { } </plain> +h5. GZip compression + When files are precompiled, Sprockets also creates a "gzipped":http://en.wikipedia.org/wiki/Gzip (.gz) version of your assets. Web servers are typically configured to use a moderate compression ratio as a compromise, but since precompilation happens once, Sprockets uses the maximum compression ratio, thus reducing the size of the data transfer to the minimum. On the other hand, web servers can be configured to serve compressed content directly from disk, rather than deflating non-compressed files themselves. Nginx is able to do this automatically enabling +gzip_static+: diff --git a/railties/guides/source/command_line.textile b/railties/guides/source/command_line.textile index 8ae8c61ae6..fe4a84dae9 100644 --- a/railties/guides/source/command_line.textile +++ b/railties/guides/source/command_line.textile @@ -521,9 +521,7 @@ development: adapter: postgresql encoding: unicode database: gitapp_development - # Maximum number of database connections available per process. Please - # increase this number in multithreaded applications. - pool: 1 + pool: 5 username: gitapp password: ... diff --git a/railties/guides/source/configuring.textile b/railties/guides/source/configuring.textile index e796f44606..2f465b37ed 100644 --- a/railties/guides/source/configuring.textile +++ b/railties/guides/source/configuring.textile @@ -652,19 +652,17 @@ The error occurred while evaluating nil.each h3. Database pooling -Active Record database connections are managed by +ActiveRecord::ConnectionAdapters::ConnectionPool+ which ensures that a connection pool synchronizes the amount of thread access to a limited number of database connections. This limit defaults to 1 and can be configured in +database.yml+. +Active Record database connections are managed by +ActiveRecord::ConnectionAdapters::ConnectionPool+ which ensures that a connection pool synchronizes the amount of thread access to a limited number of database connections. This limit defaults to 5 and can be configured in +database.yml+. <ruby> development: adapter: sqlite3 database: db/development.sqlite3 - # Maximum number of database connections available per process. Please - # increase this number in multithreaded applications. - pool: 1 + pool: 5 timeout: 5000 </ruby> -Since the connection pooling is handled inside of Active Record by default, all application servers (Thin, Mongrel, Unicorn etc.) should behave the same. Initially, the database connection pool is empty and it will create additional connections as the demand for them increases, until it reaches the connection pool limit. +Since the connection pooling is handled inside of ActiveRecord by default, all application servers (Thin, mongrel, Unicorn etc.) should behave the same. Initially, the database connection pool is empty and it will create additional connections as the demand for them increases, until it reaches the connection pool limit. Any one request will check out a connection the first time it requires access to the database, after which it will check the connection back in, at the end of the request, meaning that the additional connection slot will be available again for the next request in the queue. diff --git a/railties/guides/source/engines.textile b/railties/guides/source/engines.textile index e6058e7581..5f7eb5290c 100644 --- a/railties/guides/source/engines.textile +++ b/railties/guides/source/engines.textile @@ -77,7 +77,7 @@ end By inheriting from the +Rails::Engine+ class, this gem notifies Rails that there's an engine at the specified path, and will correctly mount the engine inside the application, performing tasks such as adding the +app+ directory of the engine to the load path for models, mailers, controllers and views. -The +isolate_namespace+ method here deserves special notice. This call is responsible for isolating the controllers, models, routes and other things into their own namespace, away from similar components inside hte application. Without this, there is a possibility that the engine's components could "leak" into the application, causing unwanted disruption, or that important engine components could be overriden by similarly named things within the application. +The +isolate_namespace+ method here deserves special notice. This call is responsible for isolating the controllers, models, routes and other things into their own namespace, away from similar components inside hte application. Without this, there is a possibility that the engine's components could "leak" into the application, causing unwanted disruption, or that important engine components could be overriden by similarly named things within the application. One of the examples of such conflicts are helpers. Without calling +isolate_namespace+, engine's helpers would be included in application's controllers. NOTE: It is *highly* recommended that the +isolate_namespace+ line be left within the +Engine+ class definition. Without it, classes generated in an engine *may* conflict with an application. diff --git a/railties/guides/source/getting_started.textile b/railties/guides/source/getting_started.textile index d6f3c3e217..bed14ef6a8 100644 --- a/railties/guides/source/getting_started.textile +++ b/railties/guides/source/getting_started.textile @@ -329,9 +329,7 @@ environment: development: adapter: sqlite3 database: db/development.sqlite3 - # Maximum number of database connections available per process. Please - # increase this number in multithreaded applications. - pool: 1 + pool: 5 timeout: 5000 </yaml> @@ -352,9 +350,7 @@ development: adapter: mysql2 encoding: utf8 database: blog_development - # Maximum number of database connections available per process. Please - # increase this number in multithreaded applications. - pool: 1 + pool: 5 username: root password: socket: /tmp/mysql.sock @@ -374,9 +370,7 @@ development: adapter: postgresql encoding: unicode database: blog_development - # Maximum number of database connections available per process. Please - # increase this number in multithreaded applications. - pool: 1 + pool: 5 username: blog password: </yaml> diff --git a/railties/guides/source/i18n.textile b/railties/guides/source/i18n.textile index 25201888e7..320f1e9d20 100644 --- a/railties/guides/source/i18n.textile +++ b/railties/guides/source/i18n.textile @@ -521,7 +521,7 @@ h5. Bulk and Namespace Lookup To look up multiple translations at once, an array of keys can be passed: <ruby> -I18n.t [:odd, :even], :scope => 'activerecord.errors.messages' +I18n.t [:odd, :even], :scope => 'errors.messages' # => ["must be odd", "must be even"] </ruby> diff --git a/railties/guides/source/routing.textile b/railties/guides/source/routing.textile index 42665114be..c5567b3350 100644 --- a/railties/guides/source/routing.textile +++ b/railties/guides/source/routing.textile @@ -622,6 +622,7 @@ You can specify what Rails should route +"/"+ to with the +root+ method: <ruby> root :to => 'pages#main' +root 'pages#main' # shortcut for the above </ruby> You should put the +root+ route at the top of the file, because it is the most popular route and should be matched first. You also need to delete the +public/index.html+ file for the root route to take effect. diff --git a/railties/guides/source/upgrading_ruby_on_rails.textile b/railties/guides/source/upgrading_ruby_on_rails.textile index 3588a67196..6e84b7fe40 100644 --- a/railties/guides/source/upgrading_ruby_on_rails.textile +++ b/railties/guides/source/upgrading_ruby_on_rails.textile @@ -4,15 +4,39 @@ This guide provides steps to be followed when you upgrade your applications to a endprologue. -h3. Rails Upgrades +h3. General Advice -When you're upgrading an existing application, it's always a great idea to have good test coverage before going in. Rails 3 and above requires Ruby 1.8.7 or higher. Support for all of the previous Ruby versions has been dropped officially and you should upgrade as early as possible. Rails 3.2.x will be the last branch to support 1.8.7 and Rails 4 (current edge) will support only Ruby 1.9.3. +Before attempting to upgrade an existing application, you should be sure you have a good reason to upgrade. You need to balance out several factors: the need for new features, the increasing difficulty of finding support for old code, and your available time and skills, to name a few. -TIP: Note that Ruby 1.8.7 p248 and p249 have marshaling bugs that crash Rails. Ruby Enterprise Edition has these fixed since the release of 1.8.7-2010.02. On the 1.9 front, Ruby 1.9.1 is not usable because it outright segfaults, so if you want to use 1.9.x, jump on to 1.9.2 or 1.9.3 for smooth sailing. +h4(#general_testing). Test Coverage + +The best way to be sure that your application still works after upgrading is to have good test coverage before you start the process. If you don't have automated tests that exercise the bulk of your application, you'll need to spend time manually exercising all the parts that have changed. In the case of a Rails upgrade, that will mean every single piece of functionality in the application. Do yourself a favor and make sure your test coverage is good _before_ you start an upgrade. + +h4(#general_ruby). Ruby Versions + +Rails generally stays close to the latest released Ruby version when it's released: + +* Rails 3 and above requires Ruby 1.8.7 or higher. Support for all of the previous Ruby versions has been dropped officially and you should upgrade as early as possible. +* Rails 3.2.x will be the last branch to support Ruby 1.8.7. +* Rails 4 will support only Ruby 1.9.3. + +TIP: Ruby 1.8.7 p248 and p249 have marshaling bugs that crash Rails. Ruby Enterprise Edition has these fixed since the release of 1.8.7-2010.02. On the 1.9 front, Ruby 1.9.1 is not usable because it outright segfaults, so if you want to use 1.9.x, jump on to 1.9.2 or 1.9.3 for smooth sailing. + +h3. Upgrading from Rails 3.2 to Rails 4.0 + +NOTE: This section is a work in progress. + +If your application is currently on any version of Rails older than 3.2.x, you should upgrade to Rails 3.2 before attempting an update to Rails 4.0. + +The following changes are meant for upgrading your application to Rails 4.0. + +h4(#plugins4_0). vendor/plugins + +Rails 4.0 no longer supports loading plugins from <tt>vendor/plugins</tt>. You must replace any plugins by extracting them to gems and adding them to your Gemfile. If you choose not to make them gems, you can move them into, say, <tt>lib/my_plugin/*</tt> and add an appropriate initializer in <tt>config/initializers/my_plugin.rb</tt>. h3. Upgrading from Rails 3.1 to Rails 3.2 -We recommend that you first upgrade to Rails 3.1 in case you haven't and make sure your application still runs as expected before attempting an update to Rails 3.2. +If your application is currently on any version of Rails older than 3.1.x, you should upgrade to Rails 3.1 before attempting an update to Rails 3.2. The following changes are meant for upgrading your application to Rails 3.2.1, the latest 3.2.x version of Rails. @@ -32,7 +56,7 @@ end h4(#config_dev3_2). config/environments/development.rb -* There are a couple of new configuration changes you'd want to add: +There are a couple of new configuration settings that you should add to your development environment: <ruby> # Raise exception on mass assignment protection for Active Record models @@ -45,7 +69,7 @@ config.active_record.auto_explain_threshold_in_seconds = 0.5 h4(#config_test3_2). config/environments/test.rb -The <tt>mass_assignment_sanitizer</tt> config also needs to be added in <tt>config/environments/test.rb</tt>: +The <tt>mass_assignment_sanitizer</tt> configuration setting should also be be added to <tt>config/environments/test.rb</tt>: <ruby> # Raise exception on mass assignment protection for Active Record models @@ -54,11 +78,11 @@ config.active_record.mass_assignment_sanitizer = :strict h4(#plugins3_2). vendor/plugins -* Rails 3.2 deprecates <tt>vendor/plugins</tt> and Rails 4.0 will remove them completely. You can start replacing these plugins by extracting them as gems and adding them in your Gemfile. If you choose not to make them gems, you can move them into, say, <tt>lib/my_plugin/*</tt> and add an appropriate initializer in <tt>config/initializers/my_plugin.rb</tt>. +Rails 3.2 deprecates <tt>vendor/plugins</tt> and Rails 4.0 will remove them completely. While it's not strictly necessary as part of a Rails 3.2 upgrade, you can start replacing any plugins by extracting them to gems and adding them to your Gemfile. If you choose not to make them gems, you can move them into, say, <tt>lib/my_plugin/*</tt> and add an appropriate initializer in <tt>config/initializers/my_plugin.rb</tt>. h3. Upgrading from Rails 3.0 to Rails 3.1 -We recommend that you first upgrade to Rails 3.0 in case you haven't and make sure your application still runs as expected before attempting an update to Rails 3.1. +If your application is currently on any version of Rails older than 3.0.x, you should upgrade to Rails 3.0 before attempting an update to Rails 3.1. The following changes are meant for upgrading your application to Rails 3.1.3, the latest 3.1.x version of Rails. @@ -83,14 +107,14 @@ gem 'jquery-rails' h4(#config_app3_1). config/application.rb -* The asset pipeline requires the following additions: +The asset pipeline requires the following additions: <ruby> config.assets.enabled = true config.assets.version = '1.0' </ruby> -* If your application is using the "/assets" route for a resource you may want change the prefix used for assets to avoid conflicts: +If your application is using an "/assets" route for a resource you may want change the prefix used for assets to avoid conflicts: <ruby> # Defaults to '/assets' @@ -99,9 +123,9 @@ config.assets.prefix = '/asset-files' h4(#config_dev3_1). config/environments/development.rb -* Remove the RJS setting <tt>config.action_view.debug_rjs = true</tt>. +Remove the RJS setting <tt>config.action_view.debug_rjs = true</tt>. -* Add the following, if you enable the asset pipeline. +Add these settings if you enable the asset pipeline: <ruby> # Do not compress assets @@ -113,7 +137,7 @@ config.assets.debug = true h4(#config_prod3_1). config/environments/production.rb -* Again, most of the changes below are for the asset pipeline. You can read more about these in the "Asset Pipeline":asset_pipeline.html guide. +Again, most of the changes below are for the asset pipeline. You can read more about these in the "Asset Pipeline":asset_pipeline.html guide. <ruby> # Compress JavaScripts and CSS @@ -137,6 +161,8 @@ config.assets.digest = true h4(#config_test3_1). config/environments/test.rb +You can help test performance with these additions to your test environment: + <ruby> # Configure static asset server for tests with Cache-Control for performance config.serve_static_assets = true @@ -145,7 +171,7 @@ config.static_cache_control = "public, max-age=3600" h4(#config_wp3_1). config/initializers/wrap_parameters.rb -* Add this file with the following contents, if you wish to wrap parameters into a nested hash. This is on by default in new applications. +Add this file with the following contents, if you wish to wrap parameters into a nested hash. This is on by default in new applications. <ruby> # Be sure to restart your server when you modify this file. diff --git a/railties/lib/rails/application.rb b/railties/lib/rails/application.rb index c163081bfc..10fa63c303 100644 --- a/railties/lib/rails/application.rb +++ b/railties/lib/rails/application.rb @@ -229,32 +229,32 @@ module Rails middleware.use ::Rack::SSL, config.ssl_options end + if config.action_dispatch.x_sendfile_header.present? + middleware.use ::Rack::Sendfile, config.action_dispatch.x_sendfile_header + end + if config.serve_static_assets middleware.use ::ActionDispatch::Static, paths["public"].first, config.static_cache_control end middleware.use ::Rack::Lock unless config.allow_concurrency middleware.use ::Rack::Runtime - middleware.use ::Rack::MethodOverride + middleware.use ::Rack::MethodOverride unless config.middleware.api_only? middleware.use ::ActionDispatch::RequestId middleware.use ::Rails::Rack::Logger, config.log_tags # must come after Rack::MethodOverride to properly log overridden methods middleware.use ::ActionDispatch::ShowExceptions, config.exceptions_app || ActionDispatch::PublicExceptions.new(Rails.public_path) middleware.use ::ActionDispatch::DebugExceptions middleware.use ::ActionDispatch::RemoteIp, config.action_dispatch.ip_spoofing_check, config.action_dispatch.trusted_proxies - if config.action_dispatch.x_sendfile_header.present? - middleware.use ::Rack::Sendfile, config.action_dispatch.x_sendfile_header - end - unless config.cache_classes app = self middleware.use ::ActionDispatch::Reloader, lambda { app.reload_dependencies? } end middleware.use ::ActionDispatch::Callbacks - middleware.use ::ActionDispatch::Cookies + middleware.use ::ActionDispatch::Cookies unless config.middleware.api_only? - if config.session_store + if !config.middleware.api_only? && config.session_store if config.force_ssl && !config.session_options.key?(:secure) config.session_options[:secure] = true end @@ -267,7 +267,7 @@ module Rails middleware.use ::Rack::ConditionalGet middleware.use ::Rack::ETag, "no-cache" - if config.action_dispatch.best_standards_support + if !config.middleware.api_only? && config.action_dispatch.best_standards_support middleware.use ::ActionDispatch::BestStandardsSupport, config.action_dispatch.best_standards_support end end diff --git a/railties/lib/rails/application/route_inspector.rb b/railties/lib/rails/application/route_inspector.rb index 2ca0c68243..1e5ce67a58 100644 --- a/railties/lib/rails/application/route_inspector.rb +++ b/railties/lib/rails/application/route_inspector.rb @@ -64,7 +64,7 @@ module Rails # executes `rake routes`. People should not use this class. class RouteInspector # :nodoc: def initialize - @engines = ActiveSupport::OrderedHash.new + @engines = Hash.new end def format all_routes, filter = nil diff --git a/railties/lib/rails/configuration.rb b/railties/lib/rails/configuration.rb index f8ad17773a..0efa21d82c 100644 --- a/railties/lib/rails/configuration.rb +++ b/railties/lib/rails/configuration.rb @@ -9,6 +9,14 @@ module Rails class MiddlewareStackProxy #:nodoc: def initialize @operations = [] + @api_only = false + end + + attr_reader :api_only + alias :api_only? :api_only + + def api_only! + @api_only = true end def insert_before(*args, &block) diff --git a/railties/lib/rails/generators/rails/app/templates/config/application.rb b/railties/lib/rails/generators/rails/app/templates/config/application.rb index acf47a03e5..e47784994a 100644 --- a/railties/lib/rails/generators/rails/app/templates/config/application.rb +++ b/railties/lib/rails/generators/rails/app/templates/config/application.rb @@ -54,7 +54,7 @@ module <%= app_const_base %> # This will create an empty whitelist of attributes available for mass-assignment for all models # in your app. As such, your models will need to explicitly whitelist or blacklist accessible # parameters by using an attr_accessible or attr_protected declaration. - # config.active_record.whitelist_attributes = true + <%= comment_if :skip_active_record %>config.active_record.whitelist_attributes = true # Specifies wether or not has_many or has_one association option :dependent => :restrict raises # an exception. If set to true, then an ActiveRecord::DeleteRestrictionError exception would be diff --git a/railties/lib/rails/generators/rails/app/templates/config/databases/mysql.yml b/railties/lib/rails/generators/rails/app/templates/config/databases/mysql.yml index 950016ad92..c3349912aa 100644 --- a/railties/lib/rails/generators/rails/app/templates/config/databases/mysql.yml +++ b/railties/lib/rails/generators/rails/app/templates/config/databases/mysql.yml @@ -12,9 +12,7 @@ development: adapter: mysql2 encoding: utf8 database: <%= app_name %>_development - # Maximum number of database connections available per process. Please - # increase this number in multithreaded applications. - pool: 1 + pool: 5 username: root password: <% if mysql_socket -%> @@ -30,9 +28,7 @@ test: adapter: mysql2 encoding: utf8 database: <%= app_name %>_test - # Maximum number of database connections available per process. Please - # increase this number in multithreaded applications. - pool: 1 + pool: 5 username: root password: <% if mysql_socket -%> @@ -45,9 +41,7 @@ production: adapter: mysql2 encoding: utf8 database: <%= app_name %>_production - # Maximum number of database connections available per process. Please - # increase this number in multithreaded applications. - pool: 1 + pool: 5 username: root password: <% if mysql_socket -%> diff --git a/railties/lib/rails/generators/rails/app/templates/config/databases/postgresql.yml b/railties/lib/rails/generators/rails/app/templates/config/databases/postgresql.yml index a8ed15c2dc..f08f86aac3 100644 --- a/railties/lib/rails/generators/rails/app/templates/config/databases/postgresql.yml +++ b/railties/lib/rails/generators/rails/app/templates/config/databases/postgresql.yml @@ -16,9 +16,7 @@ development: adapter: postgresql encoding: unicode database: <%= app_name %>_development - # Maximum number of database connections available per process. Please - # increase this number in multithreaded applications. - pool: 1 + pool: 5 username: <%= app_name %> password: @@ -44,9 +42,7 @@ test: adapter: postgresql encoding: unicode database: <%= app_name %>_test - # Maximum number of database connections available per process. Please - # increase this number in multithreaded applications. - pool: 1 + pool: 5 username: <%= app_name %> password: @@ -54,8 +50,6 @@ production: adapter: postgresql encoding: unicode database: <%= app_name %>_production - # Maximum number of database connections available per process. Please - # increase this number in multithreaded applications. - pool: 1 + pool: 5 username: <%= app_name %> password: diff --git a/railties/lib/rails/generators/rails/app/templates/config/databases/sqlite3.yml b/railties/lib/rails/generators/rails/app/templates/config/databases/sqlite3.yml index 32a998ad72..51a4dd459d 100644 --- a/railties/lib/rails/generators/rails/app/templates/config/databases/sqlite3.yml +++ b/railties/lib/rails/generators/rails/app/templates/config/databases/sqlite3.yml @@ -6,9 +6,7 @@ development: adapter: sqlite3 database: db/development.sqlite3 - # Maximum number of database connections available per process. Please - # increase this number in multithreaded applications. - pool: 1 + pool: 5 timeout: 5000 # Warning: The database defined as "test" will be erased and @@ -17,15 +15,11 @@ development: test: adapter: sqlite3 database: db/test.sqlite3 - # Maximum number of database connections available per process. Please - # increase this number in multithreaded applications. - pool: 1 + pool: 5 timeout: 5000 production: adapter: sqlite3 database: db/production.sqlite3 - # Maximum number of database connections available per process. Please - # increase this number in multithreaded applications. - pool: 1 + pool: 5 timeout: 5000 diff --git a/railties/test/application/loading_test.rb b/railties/test/application/loading_test.rb index 5ad51f8476..0354c08067 100644 --- a/railties/test/application/loading_test.rb +++ b/railties/test/application/loading_test.rb @@ -20,6 +20,7 @@ class LoadingTest < ActiveSupport::TestCase app_file "app/models/post.rb", <<-MODEL class Post < ActiveRecord::Base validates_acceptance_of :title, :accept => "omg" + attr_accessible :title end MODEL diff --git a/railties/test/application/middleware/sendfile_test.rb b/railties/test/application/middleware/sendfile_test.rb index 0591386a87..eb791f5687 100644 --- a/railties/test/application/middleware/sendfile_test.rb +++ b/railties/test/application/middleware/sendfile_test.rb @@ -57,5 +57,18 @@ module ApplicationTests get "/" assert_equal File.expand_path(__FILE__), last_response.headers["X-Lighttpd-Send-File"] end + + test "files handled by ActionDispatch::Static are handled by Rack::Sendfile" do + make_basic_app do |app| + app.config.action_dispatch.x_sendfile_header = 'X-Sendfile' + app.config.serve_static_assets = true + app.paths["public"] = File.join(rails_root, "public") + end + + app_file "public/foo.txt", "foo" + + get "/foo.txt", "HTTP_X_SENDFILE_TYPE" => "X-Sendfile" + assert_equal File.join(rails_root, "public/foo.txt"), last_response.headers["X-Sendfile"] + end end end diff --git a/railties/test/application/middleware_test.rb b/railties/test/application/middleware_test.rb index d0a550d2f0..a190a31fc7 100644 --- a/railties/test/application/middleware_test.rb +++ b/railties/test/application/middleware_test.rb @@ -26,6 +26,7 @@ module ApplicationTests boot! assert_equal [ + "Rack::Sendfile", "ActionDispatch::Static", "Rack::Lock", "ActiveSupport::Cache::Strategy::LocalCache", @@ -36,7 +37,6 @@ module ApplicationTests "ActionDispatch::ShowExceptions", "ActionDispatch::DebugExceptions", "ActionDispatch::RemoteIp", - "Rack::Sendfile", "ActionDispatch::Reloader", "ActionDispatch::Callbacks", "ActiveRecord::ConnectionAdapters::ConnectionManagement", @@ -52,6 +52,36 @@ module ApplicationTests ], middleware end + test "api middleware stack" do + add_to_config "config.middleware.api_only!" + add_to_config "config.force_ssl = true" + add_to_config "config.action_dispatch.x_sendfile_header = 'X-Sendfile'" + + boot! + + assert_equal [ + "Rack::SSL", + "Rack::Sendfile", + "ActionDispatch::Static", + "Rack::Lock", + "ActiveSupport::Cache::Strategy::LocalCache", + "Rack::Runtime", + "ActionDispatch::RequestId", + "Rails::Rack::Logger", + "ActionDispatch::ShowExceptions", + "ActionDispatch::DebugExceptions", + "ActionDispatch::RemoteIp", + "ActionDispatch::Reloader", + "ActionDispatch::Callbacks", + "ActiveRecord::ConnectionAdapters::ConnectionManagement", + "ActiveRecord::QueryCache", + "ActionDispatch::ParamsParser", + "ActionDispatch::Head", + "Rack::ConditionalGet", + "Rack::ETag" + ], middleware + end + test "Rack::Sendfile is not included by default" do boot! diff --git a/railties/test/generators/app_generator_test.rb b/railties/test/generators/app_generator_test.rb index a3c24c392b..cf6f9b90c9 100644 --- a/railties/test/generators/app_generator_test.rb +++ b/railties/test/generators/app_generator_test.rb @@ -202,6 +202,7 @@ class AppGeneratorTest < Rails::Generators::TestCase run_generator [destination_root, "--skip-active-record"] assert_no_file "config/database.yml" assert_file "config/application.rb", /#\s+require\s+["']active_record\/railtie["']/ + assert_file "config/application.rb", /#\s+config\.active_record\.whitelist_attributes = true/ assert_file "config/application.rb", /#\s+config\.active_record\.dependent_restrict_raises = false/ assert_file "test/test_helper.rb" do |helper_content| assert_no_match(/fixtures :all/, helper_content) @@ -350,6 +351,11 @@ class AppGeneratorTest < Rails::Generators::TestCase end end + def test_active_record_whitelist_attributes_is_present_application_config + run_generator + assert_file "config/application.rb", /config\.active_record\.whitelist_attributes = true/ + end + def test_active_record_dependent_restrict_raises_is_present_application_config run_generator assert_file "config/application.rb", /config\.active_record\.dependent_restrict_raises = false/ diff --git a/railties/test/generators/model_generator_test.rb b/railties/test/generators/model_generator_test.rb index 156fa86eee..e8d933935d 100644 --- a/railties/test/generators/model_generator_test.rb +++ b/railties/test/generators/model_generator_test.rb @@ -317,4 +317,14 @@ class ModelGeneratorTest < Rails::Generators::TestCase end end end + + def test_attr_accessible_added_with_non_reference_attributes + run_generator + assert_file 'app/models/account.rb', /attr_accessible :age, :name/ + end + + def test_attr_accessible_added_with_comments_when_no_attributes_present + run_generator ["Account"] + assert_file 'app/models/account.rb', /# attr_accessible :title, :body/ + end end diff --git a/railties/test/isolation/abstract_unit.rb b/railties/test/isolation/abstract_unit.rb index 4fb5e6a4eb..b0be555c4c 100644 --- a/railties/test/isolation/abstract_unit.rb +++ b/railties/test/isolation/abstract_unit.rb @@ -247,7 +247,10 @@ module TestHelpers :activemodel, :activerecord, :activeresource] - arr - remove_from_config "config.active_record.dependent_restrict_raises = false" if to_remove.include? :activerecord + if to_remove.include? :activerecord + remove_from_config "config.active_record.whitelist_attributes = true" + remove_from_config "config.active_record.dependent_restrict_raises = false" + end $:.reject! {|path| path =~ %r'/(#{to_remove.join('|')})/' } end |