One of the most beautiful things about Ruby development is the ease of adding functionality through packaged libraries called gems. With the power of Bundler, you can quickly add and manage gems in few lines of code. With the recent release of Rails 3.0.4 I’d like to share the 10 must-have gems which allow me to focus on what’s unique to my app.
Contents
- 1 1. Devise (Authentication)
- 2 2. CanCan (Authorization)
- 3 3. Haml (Better Views)
- 4 4. Compass (Better CSS)
- 5 5. Will Paginate (Pagination)
- 6 6. Paperclip (File Attachments)
- 7 7. Meta Where (ActiveRecord Query Extensions)
- 8 8. DelayedJob (Background Job Scheduling)
- 9 9. Has Scope (Collection Filtering)
- 10 10. Rack SSL Enforcer (HTTPS Redirection)
1. Devise (Authentication)
Just about every public-facing Rails app needs some type of authentication scheme. Authentication is often confused and interchanged with authorization, although the 2 terms have very distinct meanings.
In a nut shell, authentication determines if users are who they say they are, commonly through a username and password combination. Authorization determines which actions an authenticated user can perform. Devise is a solution to the former problem. I recently switched from AuthLogic in favor of Devise’s advanced engine for providing models, controllers and views. AuthLogic leaves it up to the developer to create the views and controllers. However, views are generally the first thing you should override, but thankfully Devise makes that easy as well.
Devise is a very active gem, and in conjunction with omniauth, has made it incredibly simple to setup Facebook and Twitter login buttons in less than a dozen lines of code. At first, the engine seemed too overbearing for me, but once I understood how easy it is to override and extend Devise, I made the switch.
https://github.com/plataformatec/devise
CanCan is an incredibly easy way to define and access user permissions. All apps tend to have some sort of authorization scheme, but it’s generally setup adhoc, and leads to very messy view code. If you have dozens of if object.user == current_user
statements littered among your views and controllers, it’s time to take a look at CanCan.
If you aren’t authorizing the current user to modify a provided object in update actions, a user could send a post request to update another user’s project, for example. With CanCan, your app’s authorization scheme is defined centrally in an Ability model. By using the can? method, you can check to see if the current user is authorized to perform an action to handle conditional view rendering.
CanCan also makes it dead simple to authorize controller actions and handle authorization exceptions.
https://github.com/ryanb/cancan
3. Haml (Better Views)
HAML transforms your views with sexy, minimalist syntax that makes Ruby jealous. HAML’s indent based syntax eliminates end tags, and provides a more concise way of defining HTML and interpreting embedded ruby code.
I made the switch about 2 years ago and cringe every time I have to work with “real” HTML. Even mediocre HTML ninjas will be comfortable with HAML in a few days. HAML takes:
<h2><%= @user.name %></h2>
<div class="about">About Me: <%= @user.about %></div>
and makes it great:
h2= @user.name
.about About Me: #{@user.about}
4. Compass (Better CSS)
Compass is a framework that does to CSS what HAML does to HTML. In conjunction with SASS, a CSS replacement, Compass provides native frameworks such as Blueprint. By leveraging SASS mixins, you can finally ditch non-semantic classes such as “div-8” for blueprint columns.
The other major benefit of SASS is variables, most commonly used for color definitions. Tear up that sticky note with hex colors and start using color variables. Better yet, create an entire color palette using SASS’s lighten and darken functions.
5. Will Paginate (Pagination)
Will Paginate is by far the reigning champ when it comes to pagination. Originally ported from PHP, will_paginate can get you up and running with pagination in a few lines of code. There are practically no contenders, and rightfully so since I can’t think of too many ways to make this better. OK, Ajax pagination would be really awesome.
https://github.com/mislav/will_paginate/wiki
6. Paperclip (File Attachments)
If you’ve ever written code to handle file uploads and image processing, you surely cringe every time a client says “I’d like the user to have his or her own photo”–that is until you’ve worked with a gem as easy to use as this one.
Paperclip makes it trivial to restrict content types, define storage locations and access a model’s associated attachment. If you’re working with images, you can define styles with corresponding resolutions for use-cases such as thumbnails and profile sizes.
Even if you are using Heroku with its read-only file system, paperclip works beautifully with outside storage mechanism such as Amazon S3.
https://github.com/thoughtbot/paperclip
7. Meta Where (ActiveRecord Query Extensions)
This is a less popular gem that I ran into when I got sick of passing in complex SQL strings into ARel where methods, and then finding the inconsistencies between MySQL (development) SQLite (test) and Postgres (Heroku).
The default behavior of chaining ARel where methods is to “and” the conditions. Meta_where lets you define complex boolean logic on conditions, even among sub tables.
http://metautonomo.us/projects/metawhere/
8. DelayedJob (Background Job Scheduling)
One of the easiest ways to speed up some Rails apps is to push more complex processing into background jobs. The most notorious offenders are image processing and emailing.
Instead of having the user wait on the browser while an email sends or an image is processed, (both items that can wait) offload these tasks to a later time and let the user continue.
This gem automatically handles scheduling and provides an easy way to run all scheduled jobs. With Heroku, running the jobs is as easy as pushing up the workers a notch.
https://github.com/tobi/delayed_job
9. Has Scope (Collection Filtering)
This gem does to filtering what will_paginate did to pagination. Most rails apps dealing with item collections that need to be filtered by an attribute such as location, category or tag, will benefit from this. By leveraging existing model scopes, you can keep your controllers lean without conditional statements for each possible filter query.
Simply use the has_scope method with the scope name in the controller, and pass the model into apply_scopes to take advantage instant filtering.
https://github.com/plataformatec/has_scope
10. Rack SSL Enforcer (HTTPS Redirection)
With all the hype a few months ago over Firesheep, even basic, non credit-card accepting, apps that use passwords need for SSL. Sure, there’s no requirement that you secure your app, and even if a user’s account was compromised it may cause little harm.
However, most people reuse the same password for everything, and I wouldn’t like to have on my conscience that a user’s online banking password was stolen because they accessed my app without SSL at Starbucks.
Rack SSL Enforcer is a dead simple gem that uses Rack to redirect non https requests to the https equivalent. The default configuration forces HTTPS on every request, but can easily be overridden to only required it on some URL and URL patterns.
You may be familiar with the ssl_requirement gem originally released by DHH. This isn’t compatible with Rails 3, although there is a fork bartt-ssl_requirement that is which I’ve used in previous projects. I never really liked the idea of HTTPS redirection happening after the request gets to the controller. The rack solution is much simpler, especially for securing an entire app.