Wednesday, September 15, 2021

Rails 7.0 Alpha 1: New JavaScript Answers, At-Work Encryption, Query Origin Logging, Zeitwerk Exclusively

Posted by dhh

Welcome to the first alpha release of Rails 7. It brings some very exciting new answers to how we do JavaScript, an awesome approach to at-work encryption with Active Record, SQL query origin logging, asynchronous query loading, exclusive autoloading through Zeitwerk, and much more.

We usually don’t do alpha releases for Rails, but given the fact that the new front-end approach is such a substantial change, we thought it best to validate that a little further before jumping straight on the beta -> release candidate -> final train.

Please help us test all this new stuff so we can ensure a solid final release of Rails 7 this year!

All New Answers On The Front-End

After almost five years with Webpacker as our default answer to writing modern JavaScript in Rails, it’s time to move on. Advancements in browser support for ES6/ESM, widespread adoption of HTTP/2, and the exciting new standard for import maps has paved the way for a no-Node approach to JavaScript in Rails 7without giving up on npm packages.

Together with the replacement of Turbolinks and Rails UJS by the Hotwire combination of Stimulus and Turbo, we now have the most complete in-the-box front-end setup for writing great Rails applications ever. Without needing thousands of node dependencies in node_modules, fighting with bundler configurations, or any of the other challenges common with JavaScript development.

At the same time, we’ve also dramatically improved the integration between Rails and JavaScript + CSS bundlers for those who need that. Through two new companion gems that can be triggered via rails new –javascript [bundler] and –css [bundler], you get easy access to starting a new application or changing one that starts with import maps to use esbuild, rollup.js, Webpack, Tailwind CSS, PostCSS, Dart Sass, and Bootstrap.

At-Work Encryption With Active Record

Extracted from HEY, we’ve added encrypted attributes to Active Record, so your application can offer at-work encryption in addition to the traditional at-rest and in-transit coverage.

As an immediate practical benefit, encrypting sensitive attributes adds an additional security layer. For example, if an attacker gained access to your database, a snapshot of it, or your application logs, they wouldn’t be able to make sense of the encrypted information. And even without thinking about malicious actors, checking application logs for legit reasons shouldn’t expose personal information from customers either.

But more importantly, by using Active Record Encryption, you define what constitutes sensitive information in your application at the code level. This enables controlling how this information is accessed and building services around it. As examples, think about auditable Rails consoles that protect encrypted data or check the built-in system to filter controller params automatically.

Checkout the full guide on how to use encrypted attributes.

Trace Query Origins With Marginalia-Style Tagging

Almost a decade ago, Marginalia was extracted from Basecamp to trace query origins with SQL comment tagging. Now this external gem has been upstreamed into Active Record as QueryLogs.

Asynchronous Query Loading

When you have a controller action that needs to load two unrelated queries, you can now do it concurrently through Relation#load_async. If you have three complex queries that each take 100ms, you’d have to spend 300ms executing them one by one before. Now you can run them in parallel, spending only a total of 100ms on the set.

Zeitwerk Exclusively

Autoloading in Rails is one of those magical quality of life realities that it’s easy to just take for granted. The trusty old const_missing approach which came with a range of quirks and missing features has finally been replaced exclusively with the Zeitwerk code loader. There are a few upgrade gotchas to be aware of, especially for older applications, but with this upgrade guide you should be on your way in no time

A Few Other Highlights

From All Of Us To All Of You

There are over three thousand commits that have gone into Rails 7 since we released version 6.1 last year. This is the work of hundreds of contributors. Including over 200 first-time contributors this year alone. They join the nearly six thousand contributors that have made changes to the Rails code base over the years!