NEGABARO Rails

🏗️

MVC Pattern

Model-View-Controller — The core architecture of Rails

A design pattern separating apps into Model (data/business logic), View (display), and Controller (request handling). Everything in Rails runs on MVC.

📏

Convention over Configuration

Rails' core philosophy — convention trumps configuration

Philosophy where following naming conventions lets Rails auto-connect everything. e.g., Post model → posts table → PostsController → app/views/posts/

📁

Rails Directory Structure

Roles and conventions for each project folder

Rails project directory structure physically reflects MVC. Each folder (app/, config/, db/, test/) has a clearly defined role.

🧅

Rack & Middleware

HTTP processing layer underneath Rails

Rack is the interface spec between Ruby web servers and frameworks. Middleware intercepts and processes requests/responses, stacked like onion layers.

🗺️

RESTful Routes

One line of resources generates 7 routes automatically

URLs designed per resource following REST principles. resources :posts generates 7 routes: index, show, new, create, edit, update, destroy.

📋

Params & Strong Parameters

Accessing request parameters and managing allow lists

Access URL params, form data, JSON body via params hash. Strong Parameters (require/permit) whitelist allowed fields to prevent Mass Assignment attacks.

⏱️

Before Action & Callbacks

Inserting common logic before/after action execution

Declaratively insert common logic (auth checks, data loading) before/after Controller actions with before_action, after_action, around_action.

🧩

Controller Concerns

Modules shared across multiple Controllers

Create modules in app/controllers/concerns/ and include them in multiple Controllers for code reuse. Used for auth, pagination, search, etc.

💎

ActiveRecord

ORM — manipulate databases with objects

Object-Relational Mapping. Auto-maps Ruby objects to DB tables, enabling CRUD via Ruby methods without writing SQL.

📦

Migrations

Version control database schema with code

Define DB table creation/modification/deletion in Ruby code, executed chronologically for schema version control. Track and rollback DB changes like Git.

🔗

Associations

has_many, belongs_to — defining relationships between models

Declaratively define model relationships with belongs_to, has_many, has_one, has_many :through. Auto-connected when following foreign key conventions.

✅

Validations

Ensure data integrity at the Model level

Declare validations on models with the validates macro. Various checks (presence, uniqueness, length, format) run before DB save.

🪝

Model Callbacks

Hooks that auto-execute before/after save/delete

Hook into model lifecycle events (before_save, after_create, before_destroy) to auto-execute logic at specific points.

🔎

Scopes & Query Interface

Name and manage reusable queries

Name frequently used query conditions with scope macro for reuse. Chainable for readable complex queries.

⚠️

N+1 Query Problem

Performance enemy — solving with includes

Individually querying associated data in loops causes 1 (list) + N (each association) queries. Reduce to 2 queries with includes/preload/eager_load.

📄

ERB & Partials

Embed Ruby in HTML and split into reusable fragments

ERB (Embedded Ruby) is a template engine for embedding Ruby in HTML. Partials are reusable view fragments that reduce repetition.

🖼️

Layouts & yield

Manage common page structure with layouts

Define common HTML structure (head, nav, footer) in application.html.erb layout and insert each page's unique content with yield.

📝

Form Helpers

Safe and convenient form building with form_with

form_with helper auto-handles CSRF tokens, HTTP methods, and parameter naming. Passing a model object auto-determines create/update URL.

⚡

Turbo & Hotwire

SPA-like UX without JavaScript

Hotwire (HTML Over The Wire) sends HTML from server and Turbo partially updates pages. Provides SPA-level UX while minimizing JavaScript.

🎮

Stimulus

HTML-centric lightweight JavaScript framework

Connect JavaScript behavior by adding data-controller, data-action, data-target attributes to HTML. HTML leads, JS is the "seasoning".

🔑

Devise

Rails standard authentication system

Authentication gem providing sign-up, login, logout, password reset, email verification, OAuth. Auto-generates helpers like current_user, authenticate_user!.

🛡️

CSRF Protection

Auto defense against Cross-Site Request Forgery attacks

Rails auto-inserts/validates CSRF tokens for all non-GET requests to prevent forged requests. protect_from_forgery enabled by default.

🚫

Strong Parameters

Preventing Mass Assignment attacks

Explicitly declare allowed fields with params.require(:model).permit(:field1, :field2) in Controller. Non-permitted fields are auto-ignored.

NEW

🔒

Tenant Isolation Query Patterns — Start from Organization Scope, Not Model.where

Query patterns that structurally prevent data leaks in multi-tenant Rails apps

In multi-tenant apps, global queries like Contract::Asset.joins(:contract).where(contracts: { organization_id: ... }) leak data if a single ID is wrong. Starting from organization.contracts makes query structure itself guarantee tenant isolation.

🧪

RSpec

BDD (Behavior-Driven Development) test framework

Write tests like natural language with describe/context/it blocks. Verify with expect(actual).to eq(expected) syntax. Tests all layers of Rails.

🏭

FactoryBot

Clean test data generation

Dynamically generate test data with Factory pattern instead of Fixtures. Create data on-the-fly with concise syntax like create(:user), build(:post).

🌐

Request Specs

Integration tests for HTTP request/response

Simulate real HTTP requests with get, post, patch, delete methods and verify response status codes, redirects, and rendered content.

⏳

Background Jobs

Active Job + Sidekiq — process heavy tasks asynchronously

Process time-consuming tasks like email delivery, file processing, and external API calls asynchronously in background queues. Users get immediate responses.

💀

Sidekiq: Deploys and the Async Job Pitfall

SIGTERM/SIGKILL — why long Sidekiq jobs die on every deploy

Async jobs can vanish entirely or get stuck forever in \"running\" state depending on deploy timing. Understanding the difference between SIGTERM (graceful) and SIGKILL (forced), how Sidekiq handles graceful shutdown, and the limits of OSS reveals why these incidents happen.

📡

Action Cable

Rails built-in WebSocket — real-time features

WebSocket framework built into Rails that pushes real-time data from server to client. Used for chat, notifications, and live updates.

💨

Caching

Dramatically improve response speed by reducing repeated computations

Cache DB queries and view rendering results with Fragment Caching, Russian Doll Caching, Low-Level Caching for 10x+ response speed improvement.

📦

Asset Pipeline & Vite

Frontend asset management for JavaScript, CSS, images

Bundle JavaScript/CSS/images with Sprockets (legacy), Webpacker (deprecated), Vite (modern) and optimize cache with fingerprinting.

🚢

Kamal Deployment

Rails official deployment tool — Docker-based zero-downtime deploys

Rails official deployment tool by DHH. Deploy to any VPS with Docker containers. For small servers like DigitalOcean, local build + push to registry is recommended.

NEW

🖼️

background-removal-js — How AI Background Removal Works in the Browser

IS-Net model + ONNX Runtime Web + WebGPU — client-side segmentation without a server

imgly/background-removal-js removes image backgrounds with AI in the browser, no server needed. Runs IS-Net (U-Net family) via ONNX Runtime Web with WebGPU acceleration. Resizes to 1024×1024 → model outputs alpha mask → applied to original.

🚫

Why We Avoid Helpers

My Convention — data logic in Controller, minimal Helpers

Rails Helpers are convenient but overuse causes global pollution, testing difficulties, and ambiguous responsibilities. Data processing in Controller, display-only in Helper.

💎

DHH's Rails Coding Style

Vanilla Rails is enough — The 37signals philosophy

Coding principles practiced by Rails creator DHH. Minimize external libraries, map everything to CRUD, manage state as records instead of booleans.

🔥

Campfire (37signals)

The DHH style textbook — real-time chat built with only Rails built-ins

Real-time chat app released by 37signals under the ONCE brand. has_secure_password instead of Devise, Solid series instead of Redis, CRUD-only without custom actions — the DHH style textbook.

📖

Writebook (37signals)

ONCE brand publishing tool — textbook for delegated_type and edit history management

37signals' ONCE brand publishing app. Manages polymorphic content (Page/Section/Picture) with delegated_type, tracks edit history with Edit records. Same auth pattern as Campfire, but with unique patterns like Access control and Publication.

📋

Solid Queue (Rails)

DB-only without Redis — Rails 8 default background job system

Rails 8 default ActiveJob backend. Processes background jobs using only database (PostgreSQL/MySQL/SQLite) instead of Redis/Sidekiq. Non-blocking polling with FOR UPDATE SKIP LOCKED.

💾

Solid Cache (Rails)

SSD instead of Redis — database-based Rails cache store

Rails 8 default cache store. Uses database (SSD) instead of Redis/Memcached for much larger caches. Write-based probabilistic expiration and Maglev consistent hashing for sharding.

💎

Rails 8 + SQLite — Why It Works in Production

The era of no PostgreSQL has arrived — SQLite in production proven by 37signals

Rails 8 officially supports SQLite as a production database. Solid Queue (background jobs), Solid Cache (cache), Solid Cable (WebSocket) all run on SQLite. Proven in production by 37signals (Basecamp).

NEW

📝

SQLite WAL Mode — Pros and Cons

How Write-Ahead Logging solves SQLite concurrency problems

WAL (Write-Ahead Logging) replaces SQLite's default DELETE journal mode, enabling concurrent reader/writer access. Enabled by default in Rails 8, it's especially effective for frequent small transactions like Solid Queue.

🚀

Rails App Deployment SaaS Comparison

Practical comparison of Fly.io, Render, DigitalOcean, Fargate, Railway, Heroku

A practical guide to choosing the right PaaS/SaaS for deploying early-stage Rails projects. Compared by free tier, Docker support, PostgreSQL/SQLite compatibility, pricing structure, and scaling options.