Rails 7.0 gets hotwired with new frontend framework, adds app-level encryption

Ruby on Rails 7.0 scaffold

Web application framework Ruby on Rails 7.0 is now available, promising no less than being the full-stack tool the one-person team has been waiting for. 

Rails, which was used to build web offerings such as GitHub and Shopify, has its roots in the project management app Basecamp, from where it was extracted in 2003 to serve as a general full-stack framework for web app development.

In his version 7.0 announcement post, Rails creator David Heinemeier Hansson (DHH) calls the recent iteration the version he has “been longing for”, bringing the framework closer to providing developers with everything needed to create a modern app to build a business upon. According to DHH, realising a competitive web application from frontend to backend hasn’t been a real option for singular individuals for quite a while now. Compared to the olden days of the interwebs, the process has become “a journey akin to The Oregon Trail” where people “might well die” before getting anywhere near their destination.

While this might be a bit of a stretch, the number of tools and techniques available today and the time needed to be able to utilise them in a proficient manner has surely gone up since Rails first hit. Just like the number of device sizes one has to take into account. 

To help users to get the user experience they look for with minimal complexity, the focus of the 7.0 release lies squarely on the simplification of the front-end and the dispensation with Node.js. Since HTTP/2 has been widely adopted, browsers are mostly okay with ECMAScript 6 and ES modules, and the W3C import maps draft is gaining traction, the Rails team for instance deemed a tight coupling with transpilers and bundlers no longer necessary. 

Consequently, Rails now uses the Turbo and Stimulus components of frontend framework Hotwire in combination with import maps by default instead of working with Webpacker, Turbolinks and Rails UJS. Turbo and Stimulus are meant to speed up frontend code and give some structure, without adding the complexity of their predecessors or the need for custom JavaScript code. Developers who use something like React and therefore need bundling capabilities are provided with a jsbundling-rails gem to keep projects intact.

On the back-end side of things, Rails now sports encrypted attributes for Active Record models, which it inherited from Basecamp’s email reimagining Hey. The new addition allows developers to define which attributes are sensitive and need encrypting right in their code base to prevent data exposure – accidental or otherwise. 

Active Record gained quite a few enhancements overall in this release, such as the option to attach comments to SQL queries for origin tracing without the need for external gems, as the marginalia project has been ported to Rails and is now native to the framework. It also learned to lazily load the schema cache on the connection directly after it has been established, set timestamps on record creation during bulk insert/upsert, and support deferrable foreign key constraints in PostgreSQL.

Rails’ Action Cable client for integrating WebSockets with a Rails app has been reworked as well and now ensures successful channel subscriptions as well as safeguards to be able to handle massive client reconnects after server connectivity loss. The Active Job framework for declaring and running jobs meanwhile was fitted with the ability to allow jobs to retry indefinitely, communicate enqueue failures to callers of perform_later, and offer a serializer for the Range class.

Friends of the concept of parallel programming will surely be interested to hear that apps that use controller actions needing several unrelated queries to load can be sped up by allowing asynchronous loading starting with Rails 7.0. An exhaustive list of all removals, additions, and fixes can be found in Rails’ change log.

Though the update should largely bring improvements for programmers, devs maintaining older applications need to be aware of some changes that could lead to breakage or at least unexpected behaviour. The Zeitwerk code loader for instance is now exclusively used for autoloading replacing const_missing which makes some manual adjustments necessary, button_to has been changed, and sprocket-rails isn’t included by default anymore. Applications using Spring need to at least be upgraded to version 3.0 to work with Rails 7. Details and workarounds can be found in the project’s upgrade guide.