Course 37 - Building Web Apps with Ruby On Rails | Episode 2: Navigating the Framework of Frameworks - CyberCode Academy

Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
Speaker 1 (00:00):
In the two hundred milliseconds or so it takes to
you to blink, a modern web application has already executed
millions of instructions millions.

Speaker 2 (00:08):
It's really hard to wrap your head around it is.

Speaker 1 (00:10):
I mean, you type a URL, hit enter, and before
your finger even lifts off the keyboard, global traffic has
been routed, a highly secure vault has been queried, complex
data translated, and a custom interface painted specifically for you.

Speaker 2 (00:24):
And you just see the page load. Right. It feels
completely like magic.

Speaker 1 (00:28):
It does, But today we are tearing down that illusion.
Welcome to our deep dive into the hidden assembly line
of a modern web request.

Speaker 2 (00:37):
Yeah, because it happens so fast, we just take the
architecture completely for granted. But when you understand the sheer
volume of operations happening in that fraction of a second,
I mean, it completely changes how you view the web absolutely.

Speaker 1 (00:49):
So to guide us today, we're going to mentally trace
this exact assembly line using the mechanics of Ruby on Rails. Now,
Rails is massive, It powers some of the biggest applications
out there. So what stood out to me right away
in the material is that Rails isn't actually just one
single tool.

Speaker 2 (01:04):
Right, not at all. It's what we call a meta framework.
So it's a framework built out of several distinct specialized frameworks,
and all of those pieces are organized around this very
specific architectural pattern called MVC, which.

Speaker 1 (01:18):
Stands for model view controller.

Speaker 2 (01:20):
Exactly, model view controller.

Speaker 1 (01:22):
Okay, let's unpack this MVC thing for a second, because
we hear that acronym thrown around constantly in software development.
Why is everything broken up into these three specific buckets.

Speaker 2 (01:33):
Well, to understand why NBC is so crucial, you really
have to look at how web development used to be done.
In the early days, Developers would write files where the
logic that queried the database was tangled right up with
the HTML code that displayed the page.

Speaker 1 (01:49):
Oh right, what people call spaghetti code.

Speaker 2 (01:51):
Exactly spaghetti code. So if you wanted to just change
the color of a button, you accidentally ran the risk
of breaking the code that processed a user's credit card.

Speaker 1 (01:58):
Oh wow, that sounds terrifying.

Speaker 2 (02:01):
It was. It was completely unmintainable.

Speaker 1 (02:03):
So NBC was the solution to untangle the spaghetti. You
isolate the data of the model, you isolate the user interface,
the view, and then you put a traffic cop right
in the middle to manage the communication between them. Yeah,
that's the.

Speaker 2 (02:16):
Controller precisely, and in Rails that communication always starts at
the very front door of the application, the router, right.

Speaker 1 (02:23):
I like to think of the router like the host
at a wildly busy restaurant. Like you walk in a
front door, that's your web request arriving at the server.
The host looks at you, figures out what you need,
and says, ah, you need a table for two. Let
me take you to this specific waiter who handles that section.

Speaker 2 (02:39):
That's a great analogy. And in the Reils ecosystem, that
restaurant host is part of a core framework called action pack.

Speaker 1 (02:45):
Action pack got it. Yeah.

Speaker 2 (02:46):
Action pack is the ultimate traffic cop It handles the routing,
the controllers, and the views. When your request arrives, action
pack looks at a specific file where the developer has
basically mapped out all the acceptable paths.

Speaker 1 (03:00):
Say, we want a really simple rule. If someone navigates
to our site and types in slash learn, we just
want to send them away to another website like some
external tutorial.

Speaker 2 (03:09):
Sure, so in your routes file you define that using
a routing method like get. You conceptually tell the application. Hey,
when you receive a get request for the path, learn
redirect the user to this external URL.

Speaker 1 (03:24):
And that's just a one liner.

Speaker 2 (03:25):
Just a one liner. It's super clean.

Speaker 1 (03:26):
But most of the time, I mean, we aren't kicking
people out of our app. We want to keep them inside.
So let's say we're building a system to manage a
list of people. A user goes to slash people. What happens?

Speaker 2 (03:38):
Then in that case, instead of an external redirect, you
route that path to an internal controller. You point it
to your people controller and specifically to an action inside it,
like an index action that lists everyone out.

Speaker 1 (03:51):
Ah. So the controller is the waiter in the restaurant
analogy exactly.

Speaker 2 (03:54):
The router seats the desk, hands them off to the controller,
and now it's the controller's job to figure out what
the user at actually ordered.

Speaker 1 (04:00):
Here's where I start thinking about scale, though. If I'm
building a whole application around people, I'm gonna need way
more than just a list page. I need a route
to show, a form to create a new person, a
route to view a specific profile, routes to update their info,
delete them, all of that.

Speaker 2 (04:18):
Oh, for sure.

Speaker 1 (04:19):
Before modern frameworks didn't developers have to manually write and
connect individual routing logic for every single one of those
actions they did.

Speaker 2 (04:27):
Yeah, you would spend hours writing dozens of lines of
repetitive boilerplate code just to get the basic scaffolding of
a feature working. It was incredibly tedious.

Speaker 1 (04:37):
And this is where Rails introduces what looks like absolute magic,
because instead of manually writing all those out you use
a single command called resources. You literally just tell the
routes that resources that people, Yeah.

Speaker 2 (04:48):
And that one line instantly generates all the necessary routes.
It's a massive leap in developer productivity.

Speaker 1 (04:54):
That's crazy just from that one.

Speaker 2 (04:56):
Worse, it's that one declaration. Rails automatically assumes you want
a full suite of CRUD.

Speaker 1 (05:01):
Routes CRU meaning create, read, update, and delete.

Speaker 2 (05:05):
Right, it maps out the exact URLs and HTTP methods
needed to handle viewing a list, viewing a single person, creating, editing, destroying.
It wires all of those up to the corresponding actions
in your controller completely behind the scenes.

Speaker 1 (05:20):
Okay, but let me push back a bit here. If
the framework is magically generating all these routes invisibly behind
a single line of code, doesn't become incredibly easy to
lose track of what actually exists. Like, you open your code,
you see resources dot people, But how do you actually
know what specific URLs the application is listening for.

Speaker 2 (05:40):
That is a very common pitfall actually when you write
heavily on framework magic. But Rails provides a built in
truth teller.

Speaker 1 (05:47):
Okay, what is it?

Speaker 2 (05:47):
Through the command line interface, you can run a command
called Rails roads, and when you do that, the application
strips away all the abstraction and prints out a highly detailed,
formatted list of every single route that is currently active.

Speaker 1 (05:59):
Oh that's anny.

Speaker 2 (06:00):
Yeah, shows you the exact HTTP verb, the specific URL pattern,
and the exact controller action it triggers. It's basically how
you verify what the traffic cop actually knows.

Speaker 1 (06:09):
Okay, so our web request has successfully talked to the
traffic cop and it's been handed off to the controller.
The user asked for a list of people, but the
controller is currently empty handed. It needs to actually fetch
that list, which means it has to talk to the database.

Speaker 2 (06:24):
Yes, the database is the vault where the actual information
is locked away. But there is a massive translation problem
here that we have to deal with.

Speaker 1 (06:32):
Right, because your application logic is written in the fluid,
elegant language of Ruby, but your database vault only understands
the rigid, highly structured language of SQL.

Speaker 2 (06:43):
Exactly, they don't speak the same language.

Speaker 1 (06:45):
So we need a translator. And in RAILS, that translator
is a framework called active record. It performs what's known
as object relational mapping or an ARM right.

Speaker 2 (06:55):
Active record acts as a diplomatic translator between the two
systems because writing raw queries by hand is notoriously messy
and it's really prone to errors, especially when the queries
get complex.

Speaker 1 (07:06):
So what does the ORM actually do?

Speaker 2 (07:07):
What an ORM does is seamlessly map the data stored
in a database road directly into a Ruby object in
the applications memory.

Speaker 1 (07:15):
Oh so instead of writing a clunky sequel string that
says like update people set email equals new where aid
equals five. Yeah, you just talk to the Ruby object.
You tell your person object to update it's email. Yep.

Speaker 2 (07:27):
An active record intercepts that simple Ruby command, instantly translates
it into the proper SEQL syntax, executes it against the database,
and reports back. It completely insulates the developer from the
database mechanics.

Speaker 1 (07:40):
That's brilliant.

Speaker 2 (07:41):
It is an active record actually manages this relationship across
four main roles migrations, validations, storage and retrieval, and callbacks.

Speaker 1 (07:49):
Let's talk about migrations because they are fascinating. They are
essentially how we build the blueprints for the vault itself.
If we want to create a new database table to
hold our people, we don't go into the database software
and manually add columns do it.

Speaker 2 (08:03):
No, you generate a migration file. You use the command
line and you tell Rails you want to create a
people table. Rails generates a blueprint file containing a block
of Ruby code, and inside that code you define your columns. Conceptually,
you say, add a column named email and make it
a string, or add a column for their age and
make it an integer.

Speaker 1 (08:23):
And then you just run a command to migrate the database,
and active record translates your blueprint into the SQL commands
needed to physically build the table exactly.

Speaker 2 (08:32):
And the safety net here is great. If you realize
you messed up, like maybe you forgot to add a
column for a phone number, you can just roll back
the migration. Active record perfectly reverses the operation and gives
you a clean slate.

Speaker 1 (08:44):
Oh that's incredibly forgiving, And you'll notice something interesting when
you look at the final table, active record automatically adds
a column that you never explicitly asked for, an ID column.

Speaker 2 (08:55):
Right. It automatically gives every single record a unique primary key.
This is that famous Rails philosophy of convention over configuration.

Speaker 1 (09:04):
Because it assumes you need a primary key to track data, right,
because ninety nine percent of the time you do. It
saves you from configuring.

Speaker 2 (09:10):
The obvious Exactly. Now, once the vault is built, you
have to protect what goes into it. If a user
is filling out a form, you don't want them saving
a profile without a name or an email address, right,
Which brings us to the second role of active record validations.
In your Ruby code, you just set a simple rule
validate that the name is Presence.

Speaker 1 (09:31):
Wait, let me stop you there. Why are we doing
that in the Ruby application layer. Doesn't the database already
have its own strict rules, Like you can configure a
database column to absolutely reject any blank entries. It feels
like we are duplicating work by writing it in the
application code too.

Speaker 2 (09:48):
You definitely can, and for ultimate security you often should
have constraints at the database level. But think about the
user experience. If you rely purely on the database to
catch the error. The database violent only rejects the bad
data and throws a massive, highly technical error back at
the application. By a time it bubbles up, the user
experience is ruined.

Speaker 1 (10:08):
Ah. So by putting the validation in the active record
translator layer, we intercept the bad data before it ever
touches the vault doors exactly.

Speaker 2 (10:17):
Active record stops the save flags the missing name and
provides a clean, readable error message. We can instantly pass
that back to the screen. Hey, you forgot to enter
your name. It provides immediate, graceful feedback.

Speaker 1 (10:30):
That makes perfect sense. And once the data is fully
vetted and successfully saved, active record has one more trick,
right callbacks.

Speaker 2 (10:37):
Yeah. Callbacks are great. They allow you to hook additional
automated tasks to the life cycle of the data.

Speaker 1 (10:43):
Like telling the system the absolute instant a new person
is successfully shaved into the vault for the very first time,
triggers separate process to send them a welcome email.

Speaker 2 (10:52):
Right, It's all about seamlessly orchestrating the side effects of
changing data.

Speaker 1 (10:57):
Okay, so let's recap where we are the controller app
active record for the list of people. Active record translated
the request fetch the data from the vault and handed
it back. But if you hand a user raw database code,
they're going to immediately close the browser tap.

Speaker 2 (11:11):
Yeah, nobody wants to see that.

Speaker 1 (11:12):
So how does Rails actually translate that raw data into
the beautiful visual interface.

Speaker 2 (11:17):
We expect to paint the screen? Action Pack uses another
subframework called action View. But first there's a handoff that
has to happen. The controller has the data, but the
view is a completely separate.

Speaker 1 (11:29):
File, and Rails bridges this gap almost invisibly using instance variables.
In the controller, you assign your data to a specifically
marked variable, and Rails performs a bit of magic. It
takes that variable and perfectly mirrors it over to the
view's context.

Speaker 2 (11:44):
Yeah, so the view instantly has access to the exact
same data the controller just fetched, and it does this
with security in mind too. How So, Well, when data
flows the other way, say the user is submitting a
form back to the controller, Rails uses a strict vetting system.
Iplicitly requires that the incoming data contains the exact expected
parameters like a name and an email, and it aggressively

(12:06):
filters out any unexpected or potentially malicious data fields before
it ever processes them.

Speaker 1 (12:11):
So, assuming we securely pass our list of people to
the view, we need to build the HTML and action
view handles this using a syntax called ERB or embedded
rub right.

Speaker 2 (12:22):
ERB is brilliant because it allows you to mix standard
static HTML tags with dynamic Ruby logic in the viewfile.
Rails uses a clever tagging system essentially drop little markers
into your HTML to tell the server what to do.

Speaker 1 (12:35):
So instead of writing out twenty individual list items in
HTML for twenty people, you use an ERB marker to
create a loop. Some of these markers basically tell Rails, hey,
run this code silently behind the scenes. That's your loop logic, yep.

Speaker 2 (12:50):
But other markers, the ones with an equal sign, act
like a paintbrush. They tell Rails take the result of
this variable and literally painted into the HTML document right
here exactly.

Speaker 1 (13:00):
You use that paint marker inside your loop to dynamically
insert the person's name for every single record in the database.
When the server is done processing, all those little Ruby
markers vanish and the browser receives a perfectly standard HTML document.

Speaker 2 (13:14):
Right But you know, a web page is more than
just a list. It has a navigation bar, a footter metadata.
You don't want to rewrite all of that structural HTML
on every single page of your application.

Speaker 1 (13:23):
Oh, absolutely not, which is why action view structurally divides
the interface into layouts and partials.

Speaker 2 (13:30):
Yeah, let's explain that. A partial is just a reusable,
bite sized chunk of interface, like a specific user profile
card that you might want to display on the homepage,
the search page, and the user directory. You write it
once and inject it anywhere.

Speaker 1 (13:44):
Here's where it gets really interesting, though. The layout the
big picture. I think of the layout like a heavy
wooden picture frame. It contains all the standard structure of
your site that never changes your top navigation, your foot
or your structural containers. And right in the middle of
that layout fileile is a single command, the yield command.

Speaker 2 (14:03):
Oh I love that analogy.

Speaker 1 (14:04):
Right, that yield command is where the specific view template
your request it gets injected. The framework swaps out the painting,
but it keeps the exact same picture frame.

Speaker 2 (14:13):
And that picture frame. The layout also includes vital security
infrastructure by default. For example, it automatically injects hidden tokens
to protect against cross site request forgery or CSRF.

Speaker 1 (14:24):
Let's explain CSRF quickly because the mechanism is really clever.
A malicious site might try to trick your browser into
submitting a form on your application's behalf like tricking you
into deleting your account while you're browsing a different tab.
How does RAILS stop that?

Speaker 2 (14:40):
It stops it by hiding a unique, secret, cryptographically secure
token inside every single legitimate form rendered by action View.
Oh okay, so when a form is submitted back to
the server, Rails checks for that specific token. Because a
malicious third party site cannot read that hidden token from
your page, their forged request will be missing it, and

(15:00):
Wales will instantly reject the submission.

Speaker 1 (15:03):
So it builds the walls of the fortress automatically. It
also sets up strict content security policies to guard against
unauthorized JavaScript executing. But speaking of the browser, we have
to talk about styling. Action View ties into the asset
pipeline to manage all your CSS files.

Speaker 2 (15:17):
Yes, instead of making the browser download twenty different CSS
style sheets, the asset pipeline compiles all of your styling
into one single Mini five file.

Speaker 1 (15:27):
And there is an incredibly smart caching trick here. Browsers
are aggressively lazy they want to save CSS files locally
so they don't have to download them over and over.
But if you update your app and change your background
to crimson red, how do you force every user's browser
to realize there's a new file.

Speaker 2 (15:44):
Rail solves this by adding a unique cryptographic fingerprint to
the end of the compiled CSS file name. It's a
long string of characters based entirely on the contents of
the file.

Speaker 1 (15:54):
So the absolute second you change that background color to
crimson red, the file content's change, which means the finger
it changes exactly.

Speaker 2 (16:01):
The browser sees a completely new file name, realizes its
cased version is obsolete, and instantly downloads the fresh styling.

Speaker 1 (16:09):
So we've queried the database, translated the data, embedded it
into htmail, and styled it with a beautifully cash CSS
file we sent it to the user. But if we're
building a modern web application, users don't just want fast
loading times. They want the app to feel instantaneous, like
a native piece of software on their phone, and to.

Speaker 2 (16:26):
Achieve that instantaneous feel in the browser, we have to
leverage JavaScript. Rails natively supports modern JavaScript bundling through Webpack,
allowing you to seamlessly integrate massive complex third party JavaScript
libraries that.

Speaker 1 (16:41):
Also use it something called unobtrusive JavaScript right to handle lightweight,
invisible interactions.

Speaker 2 (16:47):
Yeah, things like automatically popping up a confirmation dialogue when
you click delete, or temporarily disabling a submit button so
a user doesn't accidentally double click and charge their credit
card twice.

Speaker 1 (16:58):
But the real star the show here. The mechanism that
gives rails apps that lightning fast single page application feel
without actually being one is turble links. The first time
you realize what turblelnks is doing, it feels like an
absolute magic trick.

Speaker 2 (17:13):
It really does. To understand the magic, think about how
standard navigation works. When you click a link to go
to a new page, your browser completely throws away the
current page. The screen flash is white, The browser downloads
the new HTML, reparses all the CSS, reevaluates all the JavaScript,
and redraws the entire windle from absolute scratch.

Speaker 1 (17:32):
It's a hard refresh, and it's computationally expensive, very expensive.
But with turble links enabled, it fundamentally hijacks that process.
It intercepts your click. Instead of letting the browser do
a hard refresh, turble links quietly fires off an invisible
background request to the server to fetch the new page.

Speaker 2 (17:50):
Right, and when that new HTML arrives, turblns inspects it.
It completely ignores the header section of the new document
because it knows the CSS and JavaScript already loaded and active. Right,
It grabs only the body of the new page, and
it seamlessly swaps it out with the current body on
your screen. Finally, it silently updates the URL in your

(18:10):
address bar, so your browser history stays perfectly intact.

Speaker 1 (18:14):
The perceived loading speed is astonishing because the browser never
flashes white, never stops to recompile style sheets. It just
instantly swaps the painting inside the frame. Wait a minute, though,
so what does this all mean for our code? If
the browser never does a true hard refresh, doesn't that
fundamentally break custom JavaScript? Usually developers write scripts that listen

(18:37):
for the window loaded event before they run. If turbolinks
is just sneaking in and swapping the body, those standard
load events are never going to fire.

Speaker 2 (18:45):
You nailed it. That is the ultimate pitfall for developers
new to this ecosystem. If you write standard JavaScript that
waits for the window to load, it will run perfectly
the very first time you visit the site. But the
second you click a link and turble Links takes over,
your customer scripts will go completely dead.

Speaker 1 (19:01):
Because the window never technically reloaded. So how do we
fix it?

Speaker 2 (19:04):
Well, the framework provides a custom event listener to solve
this exact problem. Instead of telling your JavaScript to wait
for the standard browserload event, you wrap your code in
a special handler that listens for a turbolinks dot load event.

Speaker 1 (19:16):
See.

Speaker 2 (19:17):
Because the framework intentionally fires that specific event every single
time it swaps out the body, your code runs flawlessly
and reliably on every single navigation, regardless of whether it
was a hard refresh or turbolink swap.

Speaker 1 (19:30):
It's an incredibly elegant system once you understand how the
pieces connect. So as we wrap up this deep dive,
I have a mental exercise for you, the listener, Yeah,
to really reinforce what we've unpacked today. I want you
to try this the next time you are using your
favorite web application. Maybe you click a button to update
your profile settings or save a new post. I want
you to visually trace the hidden assembly line.

Speaker 2 (19:53):
That's a great exercise.

Speaker 1 (19:54):
Imagine action pack at busy restaurant host intercepting your request
and directing Trafficmagine active record the diplomatic translator, validating your inputs,
catching errors and seamlessly translating your data into the vault.

Speaker 2 (20:07):
And then actionview right, imagine.

Speaker 1 (20:09):
Action view taking that raw data, embedding it into an
HTML template via ERB markers, wrapping it in your secure
layout and styling it. And finally, imagine turbolinks catching that
response and instantaneously swapping out the HTML on your screen
so fast you didn't even notice a transition.

Speaker 2 (20:27):
It really is a masterclass in architectural orchestration. The request
flows from the controller to the model, to the view
and back to the browser in fractions of a second.
MVC in perfect motion.

Speaker 1 (20:37):
It is. But I want to leave you with one
final provocative thought to ponder. We've seen today how metaframeworks
provide immense, almost staggering power. They hide incredibly complex operations
like writing raw sequal schemas, or handling browser caching, or
manually intercepting page loads behind simple magic one liners.

Speaker 2 (20:56):
Which brings up the eternal tension in software development. Does
relying on this framework magic make us better and more
capable builders because it allows us to move incredibly fast
and focus purely on the user experience, or does it
risk making us overly dependent on abstracted tools we don't
fully understand underneath, because inevitably, when the magic breaks, someone

(21:16):
has to know how to fix the underlying machinery.

Speaker 1 (21:19):
A great question for any self taugh learner or a
professional to chew on. Next time you hit and earn
a URL, remember it's not magic. It's just an incredibly fast,
beautifully designed assembly line.

All Episodes

Course 37 - Building Web Apps with Ruby On Rails | Episode 2: Navigating the Framework of Frameworks

Episode Transcript

Popular Podcasts

Stuff You Should Know

Dateline NBC

iHeartRadio 24/7 News: The Latest

.css-15opob5{left:0;position:absolute;top:0.8rem;} All Episodes

.css-14f5ked{margin:0;word-break:break-word;display:-webkit-box;-webkit-box-orient:vertical;box-orient:vertical;-webkit-line-clamp:2;overflow:hidden;}Course 37 - Building Web Apps with Ruby On Rails | Episode 2: Navigating the Framework of Frameworks