Name: sinatra
Owner: Sinatra
Description: Classy web-development dressed in a DSL (official / canonical repo)
Created: 2009-01-14 01:27:30.0
Updated: 2018-01-20 09:20:47.0
Pushed: 2018-01-16 12:05:38.0
Homepage: http://www.sinatrarb.com/
Size: 6155
Language: Ruby
GitHub Committers
User | Most Recent Commit | # Commits |
---|
Other Committers
User | Most Recent Commit | # Commits |
---|
Sinatra is a DSL for quickly creating web applications in Ruby with minimal effort:
app.rb
ire 'sinatra'
'/' do
ello world!'
Install the gem:
install sinatra
And run with:
myapp.rb
View at: http://localhost:4567
The code you changed will not take effect until you restart the server. Please restart the server every time you change or use sinatra/reloader.
It is recommended to also run gem install thin
, which Sinatra will
pick up if available.
yield
and nested layoutsIn Sinatra, a route is an HTTP method paired with a URL-matching pattern. Each route is associated with a block:
'/' do
show something ..
'/' do
create something ..
'/' do
replace something ..
h '/' do
modify something ..
te '/' do
annihilate something ..
ons '/' do
appease something ..
'/' do
affiliate something ..
nk '/' do
separate something ..
Routes are matched in the order they are defined. The first route that matches the request is invoked.
Routes with trailing slashes are different from the ones without:
'/foo' do
Does not match "GET /foo/"
Route patterns may include named parameters, accessible via the
params
hash:
'/hello/:name' do
matches "GET /hello/foo" and "GET /hello/bar"
params['name'] is 'foo' or 'bar'
ello #{params['name']}!"
You can also access named parameters via block parameters:
'/hello/:name' do |n|
matches "GET /hello/foo" and "GET /hello/bar"
params['name'] is 'foo' or 'bar'
n stores params['name']
ello #{n}!"
Route patterns may also include splat (or wildcard) parameters, accessible
via the params['splat']
array:
'/say/*/to/*' do
matches /say/hello/to/world
rams['splat'] # => ["hello", "world"]
'/download/*.*' do
matches /download/path/to/file.xml
rams['splat'] # => ["path/to/file", "xml"]
Or with block parameters:
'/download/*.*' do |path, ext|
ath, ext] # => ["path/to/file", "xml"]
Route matching with Regular Expressions:
/\/hello\/([\w]+)/ do
ello, #{params['captures'].first}!"
Or with a block parameter:
%r{/hello/([\w]+)} do |c|
Matches "GET /meta/hello/world", "GET /hello/world/1234" etc.
ello, #{c}!"
Route patterns may have optional parameters:
'/posts/:format?' do
matches "GET /posts/" and any extension "GET /posts/json", "GET /posts/xml" etc
Routes may also utilize query parameters:
'/posts' do
matches "GET /posts?title=foo&author=bar"
tle = params['title']
thor = params['author']
uses title and author variables; query is optional to the /posts route
By the way, unless you disable the path traversal attack protection (see below), the request path might be modified before matching against your routes.
You may customize the Mustermann
options used for a given route by passing in a :mustermann_opts
hash:
'\A/posts\z', :mustermann_opts => { :type => :regexp, :check_anchors => false } do
matches /posts exactly, with explicit anchoring
f you match an anchored pattern clap your hands!"
It looks like a condition, but it isn't one! These options will
be merged into the global :mustermann_opts
hash described
below.
Routes may include a variety of matching conditions, such as the user agent:
'/foo', :agent => /Songbird (\d\.\d)[\d\/]*?/ do
ou're using Songbird version #{params['agent'][0]}"
'/foo' do
Matches non-songbird browsers
Other available conditions are host_name
and provides
:
'/', :host_name => /^admin\./ do
dmin Area, Access denied!"
'/', :provides => 'html' do
ml :index
'/', :provides => ['rss', 'atom', 'xml'] do
ilder :feed
provides
searches the request's Accept header.
You can easily define your own conditions:
:probability) { |value| condition { rand <= value } }
'/win_a_car', :probability => 0.1 do
ou won!"
'/win_a_car' do
orry, you lost."
For a condition that takes multiple values use a splat:
:auth) do |*roles| # <- notice the splat here
ndition do
unless logged_in? && roles.any? {|role| current_user.in_role? role }
redirect "/login/", 303
end
d
"/my/account/", :auth => [:user, :admin] do
our Account Details"
"/only/admin/", :auth => :admin do
nly admins are allowed here!"
The return value of a route block determines at least the response body passed on to the HTTP client, or at least the next middleware in the Rack stack. Most commonly, this is a string, as in the above examples. But other values are also accepted.
You can return any object that would either be a valid Rack response, Rack body object or HTTP status code:
[status (Fixnum), headers (Hash), response
body (responds to #each)]
#each
and passes nothing but strings to
the given blockThat way we can, for instance, easily implement a streaming example:
s Stream
f each
100.times { |i| yield "#{i}\n" }
d
'/') { Stream.new }
You can also use the stream
helper method (described below) to reduce
boiler plate and embed the streaming logic in the route.
As shown above, Sinatra ships with built-in support for using String patterns and regular expressions as route matches. However, it does not stop there. You can easily define your own matchers:
s AllButPattern
tch = Struct.new(:captures)
f initialize(except)
@except = except
@captures = Match.new([])
d
f match(str)
@captures unless @except === str
d
all_but(pattern)
lButPattern.new(pattern)
all_but("/index") do
...
Note that the above example might be over-engineered, as it can also be expressed as:
// do
ss if request.path_info == "/index"
...
Or, using negative look ahead:
%r{(?!/index)} do
...
Static files are served from the ./public
directory. You can specify
a different location by setting the :public_folder
option:
:public_folder, File.dirname(__FILE__) + '/static'
Note that the public directory name is not included in the URL. A file
./public/css/style.css
is made available as
http://example.com/css/style.css
.
Use the :static_cache_control
setting (see below) to add
Cache-Control
header info.
Each template language is exposed via its own rendering method. These methods simply return a string:
'/' do
b :index
This renders views/index.erb
.
Instead of a template name, you can also just pass in the template content directly:
'/' do
de = "<%= Time.now %>"
b code
Templates take a second argument, the options hash:
'/' do
b :index, :layout => :post
This will render views/index.erb
embedded in the
views/post.erb
(default is views/layout.erb
, if it exists).
Any options not understood by Sinatra will be passed on to the template engine:
'/' do
ml :index, :format => :html5
You can also set options per template language in general:
:haml, :format => :html5
'/' do
ml :index
Options passed to the render method override options set via set
.
Available Options:
Templates are assumed to be located directly under the ./views
directory. To use a different views directory:
:views, settings.root + '/templates'
One important thing to remember is that you always have to reference
templates with symbols, even if they're in a subdirectory (in this case,
use: :'subdir/template'
or 'subdir/template'.to_sym
). You must use a
symbol because otherwise rendering methods will render any strings
passed to them directly.
'/' do
ml '%div.title Hello World'
Renders the template string. You can optionally specify :path
and
:line
for a clearer backtrace if there is a filesystem path or line
associated with that string:
'/' do
ml '%div.title Hello World', :path => 'examples/file.haml', :line => 3
Some languages have multiple implementations. To specify what implementation to use (and to be thread-safe), you should simply require it first:
ire 'rdiscount' # or require 'bluecloth'
'/') { markdown :index }
Dependency | haml |
File Extension | .haml |
Example | haml :index, :format => :html5 |
Dependency | erubis or erb (included in Ruby) |
File Extensions | .erb, .rhtml or .erubis (Erubis only) |
Example | erb :index |
Dependency | builder |
File Extension | .builder |
Example | builder { |xml| xml.em "hi" } |
It also takes a block for inline templates (see example).
Dependency | nokogiri |
File Extension | .nokogiri |
Example | nokogiri { |xml| xml.em "hi" } |
It also takes a block for inline templates (see example).
Dependency | sass |
File Extension | .sass |
Example | sass :stylesheet, :style => :expanded |
Dependency | sass |
File Extension | .scss |
Example | scss :stylesheet, :style => :expanded |
Dependency | less |
File Extension | .less |
Example | less :stylesheet |
Dependency | liquid |
File Extension | .liquid |
Example | liquid :index, :locals => { :key => 'value' } |
Since you cannot call Ruby methods (except for yield
) from a Liquid
template, you almost always want to pass locals to it.
Dependency | Anyone of: RDiscount, RedCarpet, BlueCloth, kramdown, maruku |
File Extensions | .markdown, .mkd and .md |
Example | markdown :index, :layout_engine => :erb |
It is not possible to call methods from Markdown, nor to pass locals to it. You therefore will usually use it in combination with another rendering engine:
:overview, :locals => { :text => markdown(:introduction) }
Note that you may also call the markdown
method from within other
templates:
Hello From Haml!
markdown(:greetings)
Since you cannot call Ruby from Markdown, you cannot use layouts written in
Markdown. However, it is possible to use another rendering engine for the
template than for the layout by passing the :layout_engine
option.
Dependency | RedCloth |
File Extension | .textile |
Example | textile :index, :layout_engine => :erb |
It is not possible to call methods from Textile, nor to pass locals to it. You therefore will usually use it in combination with another rendering engine:
:overview, :locals => { :text => textile(:introduction) }
Note that you may also call the textile
method from within other templates:
Hello From Haml!
textile(:greetings)
Since you cannot call Ruby from Textile, you cannot use layouts written in
Textile. However, it is possible to use another rendering engine for the
template than for the layout by passing the :layout_engine
option.
Dependency | RDoc |
File Extension | .rdoc |
Example | rdoc :README, :layout_engine => :erb |
It is not possible to call methods from RDoc, nor to pass locals to it. You therefore will usually use it in combination with another rendering engine:
:overview, :locals => { :text => rdoc(:introduction) }
Note that you may also call the rdoc
method from within other templates:
Hello From Haml!
rdoc(:greetings)
Since you cannot call Ruby from RDoc, you cannot use layouts written in
RDoc. However, it is possible to use another rendering engine for the
template than for the layout by passing the :layout_engine
option.
Dependency | Asciidoctor |
File Extension | .asciidoc, .adoc and .ad |
Example | asciidoc :README, :layout_engine => :erb |
Since you cannot call Ruby methods directly from an AsciiDoc template, you almost always want to pass locals to it.
Dependency | Radius |
File Extension | .radius |
Example | radius :index, :locals => { :key => 'value' } |
Since you cannot call Ruby methods directly from a Radius template, you almost always want to pass locals to it.
Dependency | Markaby |
File Extension | .mab |
Example | markaby { h1 "Welcome!" } |
It also takes a block for inline templates (see example).
Dependency | Rabl |
File Extension | .rabl |
Example | rabl :index |
Dependency | Slim Lang |
File Extension | .slim |
Example | slim :index |
Dependency | Creole |
File Extension | .creole |
Example | creole :wiki, :layout_engine => :erb |
It is not possible to call methods from Creole, nor to pass locals to it. You therefore will usually use it in combination with another rendering engine:
:overview, :locals => { :text => creole(:introduction) }
Note that you may also call the creole
method from within other templates:
Hello From Haml!
creole(:greetings)
Since you cannot call Ruby from Creole, you cannot use layouts written in
Creole. However, it is possible to use another rendering engine for the
template than for the layout by passing the :layout_engine
option.
Dependency | WikiCloth |
File Extension | .mediawiki and .mw |
Example | mediawiki :wiki, :layout_engine => :erb |
It is not possible to call methods from MediaWiki markup, nor to pass locals to it. You therefore will usually use it in combination with another rendering engine:
:overview, :locals => { :text => mediawiki(:introduction) }
Note that you may also call the mediawiki
method from within other
templates:
Hello From Haml!
mediawiki(:greetings)
Since you cannot call Ruby from MediaWiki, you cannot use layouts written in
MediaWiki. However, it is possible to use another rendering engine for the
template than for the layout by passing the :layout_engine
option.
Dependency | CoffeeScript and a way to execute javascript |
File Extension | .coffee |
Example | coffee :index |
Dependency | Stylus and a way to execute javascript |
File Extension | .styl |
Example | stylus :index |
Before being able to use Stylus templates, you need to load stylus
and
stylus/tilt
first:
ire 'sinatra'
ire 'stylus'
ire 'stylus/tilt'
'/' do
ylus :example
Dependency | yajl-ruby |
File Extension | .yajl |
Example | yajl :index, :locals => { :key => 'qux' }, :callback => 'present', :variable => 'resource' |
The template source is evaluated as a Ruby string, and the
resulting json variable is converted using #to_json
:
= { :foo => 'bar' }
[:baz] = key
The :callback
and :variable
options can be used to decorate the rendered
object:
resource = {"foo":"bar","baz":"qux"};
ent(resource);
Dependency | WLang |
File Extension | .wlang |
Example | wlang :index, :locals => { :key => 'value' } |
Since calling ruby methods is not idiomatic in WLang, you almost always
want to pass locals to it. Layouts written in WLang and yield
are
supported, though.
Templates are evaluated within the same context as route handlers. Instance variables set in route handlers are directly accessible by templates:
'/:id' do
oo = Foo.find(params['id'])
ml '%h1= @foo.name'
Or, specify an explicit Hash of local variables:
'/:id' do
o = Foo.find(params['id'])
ml '%h1= bar.name', :locals => { :bar => foo }
This is typically used when rendering templates as partials from within other templates.
yield
and nested layoutsA layout is usually just a template that calls yield
.
Such a template can be used either through the :template
option as
described above, or it can be rendered with a block as follows:
:post, :layout => false do
b :index
This code is mostly equivalent to erb :index, :layout => :post
.
Passing blocks to rendering methods is most useful for creating nested layouts:
:main_layout, :layout => false do
b :admin_layout do
erb :user
d
This can also be done in fewer lines of code with:
:admin_layout, :layout => :main_layout do
b :user
Currently, the following rendering methods accept a block: erb
, haml
,
liquid
, slim
, wlang
. Also the general render
method accepts a block.
Templates may be defined at the end of the source file:
ire 'sinatra'
'/' do
ml :index
D__
ayout
l
yield
ndex
.title Hello world.
NOTE: Inline templates defined in the source file that requires sinatra are
automatically loaded. Call enable :inline_templates
explicitly if you
have inline templates in other source files.
Templates may also be defined using the top-level template
method:
late :layout do
html\n =yield\n"
late :index do
div.title Hello World!'
'/' do
ml :index
If a template named “layout” exists, it will be used each time a template
is rendered. You can individually disable layouts by passing
:layout => false
or disable them by default via
set :haml, :layout => false
:
'/' do
ml :index, :layout => !request.xhr?
To associate a file extension with a template engine, use
Tilt.register
. For instance, if you like to use the file extension
tt
for Textile templates, you can do the following:
.register :tt, Tilt[:textile]
First, register your engine with Tilt, then create a rendering method:
.register :myat, MyAwesomeTemplateEngine
ers do
f myat(*args) render(:myat, *args) end
'/' do
at :index
Renders ./views/index.myat
. Learn more about
Tilt.
To implement your own template lookup mechanism you can write your
own #find_template
method:
igure do
t :views [ './views/a', './views/b' ]
find_template(views, name, engine, &block)
ray(views).each do |v|
super(v, name, engine, &block)
d
Before filters are evaluated before each request within the same context as the routes will be and can modify the request and response. Instance variables set in filters are accessible by routes and templates:
re do
ote = 'Hi!'
quest.path_info = '/foo/bar/baz'
'/foo/*' do
ote #=> 'Hi!'
rams['splat'] #=> 'bar/baz'
After filters are evaluated after each request within the same context as the routes will be and can also modify the request and response. Instance variables set in before filters and routes are accessible by after filters:
r do
ts response.status
Note: Unless you use the body
method rather than just returning a
String from the routes, the body will not yet be available in the after
filter, since it is generated later on.
Filters optionally take a pattern, causing them to be evaluated only if the request path matches that pattern:
re '/protected/*' do
thenticate!
r '/create/:slug' do |slug|
ssion[:last_slug] = slug
Like routes, filters also take conditions:
re :agent => /Songbird/ do
...
r '/blog/*', :host_name => 'example.com' do
...
Use the top-level helpers
method to define helper methods for use in
route handlers and templates:
ers do
f bar(name)
"#{name}bar"
d
'/:name' do
r(params['name'])
Alternatively, helper methods can be separately defined in a module:
le FooUtils
f foo(name) "#{name}foo" end
le BarUtils
f bar(name) "#{name}bar" end
ers FooUtils, BarUtils
The effect is the same as including the modules in the application class.
A session is used to keep state during requests. If activated, you have one session hash per user session:
le :sessions
'/' do
alue = " << session[:value].inspect
'/:value' do
ssion['value'] = params['value']
To improve security, the session data in the cookie is signed with a session
secret using HMAC-SHA1
. This session secret should optimally be a
cryptographically secure random value of an appropriate length which for
HMAC-SHA1
is greater than or equal to 64 bytes (512 bits, 128 hex
characters). You would be advised not to use a secret that is less than 32
bytes of randomness (256 bits, 64 hex characters). It is therefore very
important that you don't just make the secret up, but instead use a secure
random number generator to create it. Humans are extremely bad at generating
random values.
By default, a 32 byte secure random session secret is generated for you by Sinatra, but it will change with every restart of your application. If you have multiple instances of your application, and you let Sinatra generate the key, each instance would then have a different session key which is probably not what you want.
For better security and usability it's recommended that you generate a secure random secret and store it in an environment variable on each host running your application so that all of your application instances will share the same secret. You should periodically rotate this session secret to a new value. Here are some examples of how you might create a 64 byte secret and set it:
Session Secret Generation
by -e "require 'securerandom'; puts SecureRandom.hex(64)"
8af...snip...ec0f262ac
Session Secret Generation (Bonus Points)
Use the sysrandom gem to
prefer use of system RNG facilities to generate random values instead of
userspace OpenSSL
which MRI Ruby currently defaults to:
m install sysrandom
ding native extensions. This could take a while...
essfully installed sysrandom-1.x
m installed
by -e "require 'sysrandom/securerandom'; puts SecureRandom.hex(64)"
8af...snip...ec0f262ac
Session Secret Environment Variable
Set a SESSION_SECRET
environment variable for Sinatra to the value you
generated. Make this value persistent across reboots of your host. Since the
method for doing this will vary across systems this is for illustrative
purposes only:
ho "export SESSION_SECRET=99ae8af...snip...ec0f262ac" >> ~/.bashrc
Session Secret App Config
Setup your app config to fail-safe to a secure random secret
if the SESSION_SECRET
environment variable is not available.
For bonus points use the sysrandom gem here as well:
ire 'securerandom'
r- require 'sysrandom/securerandom'
:session_secret, ENV.fetch('SESSION_SECRET') { SecureRandom.hex(64) }
If you want to configure it further, you may also store a hash with options
in the sessions
setting:
:sessions, :domain => 'foo.com'
To share your session across other apps on subdomains of foo.com, prefix the domain with a . like this instead:
:sessions, :domain => '.foo.com'
Note that enable :sessions
actually stores all data in a cookie. This
might not always be what you want (storing lots of data will increase your
traffic, for instance). You can use any Rack session middleware in order to
do so, one of the following methods can be used:
le :sessions
:session_store, Rack::Session::Pool
Or to set up sessions with a hash of options:
:sessions, :expire_after => 2592000
:session_store, Rack::Session::Pool
Another option is to not call enable :sessions
, but instead pull in
your middleware of choice as you would any other middleware.
It is important to note that when using this method, session based protection will not be enabled by default.
The Rack middleware to do that will also need to be added:
Rack::Session::Pool, :expire_after => 2592000
Rack::Protection::RemoteToken
Rack::Protection::SessionHijacking
See 'Configuring attack protection' for more information.
To immediately stop a request within a filter or route use:
You can also specify the status when halting:
410
Or the body:
'this will be the body'
Or both:
401, 'go away!'
With headers:
402, {'Content-Type' => 'text/plain'}, 'revenge'
It is of course possible to combine a template with halt
:
erb(:error)
A route can punt processing to the next matching route using pass
:
'/guess/:who' do
ss unless params['who'] == 'Frank'
ou got me!'
'/guess/*' do
ou missed!'
The route block is immediately exited and control continues with the next matching route. If no matching route is found, a 404 is returned.
Sometimes pass
is not what you want, instead you would like to get the
result of calling another route. Simply use call
to achieve this:
'/foo' do
atus, headers, body = call env.merge("PATH_INFO" => '/bar')
tatus, headers, body.map(&:upcase)]
'/bar' do
ar"
Note that in the example above, you would ease testing and increase
performance by simply moving "bar"
into a helper used by both /foo
and
/bar
.
If you want the request to be sent to the same application instance rather
than a duplicate, use call!
instead of call
.
Check out the Rack specification if you want to learn more about call
.
It is possible and recommended to set the status code and response body with
the return value of the route block. However, in some scenarios you might
want to set the body at an arbitrary point in the execution flow. You can do
so with the body
helper method. If you do so, you can use that method from
there on to access the body:
'/foo' do
dy "bar"
r do
ts body
It is also possible to pass a block to body
, which will be executed by the
Rack handler (this can be used to implement streaming, see “Return Values”).
Similar to the body, you can also set the status code and headers:
'/foo' do
atus 418
aders \
"Allow" => "BREW, POST, GET, PROPFIND, WHEN",
"Refresh" => "Refresh: 20; https://ietf.org/rfc/rfc2324.txt"
dy "I'm a tea pot!"
Like body
, headers
and status
with no arguments can be used to access
their current values.
Sometimes you want to start sending out data while still generating parts of
the response body. In extreme examples, you want to keep sending data until
the client closes the connection. You can use the stream
helper to avoid
creating your own wrapper:
'/' do
ream do |out|
out << "It's gonna be legen -\n"
sleep 0.5
out << " (wait for it) \n"
sleep 1
out << "- dary!\n"
d
This allows you to implement streaming APIs, Server Sent Events, and can be used as the basis for WebSockets. It can also be used to increase throughput if some but not all content depends on a slow resource.
Note that the streaming behavior, especially the number of concurrent
requests, highly depends on the web server used to serve the application.
Some servers might not even support streaming at all. If the server does not
support streaming, the body will be sent all at once after the block passed
to stream
finishes executing. Streaming does not work at all with Shotgun.
If the optional parameter is set to keep_open
, it will not call close
on
the stream object, allowing you to close it at any later point in the
execution flow. This only works on evented servers, like Thin and Rainbows.
Other servers will still close the stream:
ng polling
:server, :thin
ections = []
'/subscribe' do
register a client's interest in server events
ream(:keep_open) do |out|
connections << out
# purge dead connections
connections.reject!(&:closed?)
d
'/:message' do
nnections.each do |out|
# notify client that a new message has arrived
out << params['message'] << "\n"
# indicate client to connect again
out.close
d
acknowledge
essage received"
It's also possible for the client to close the connection when trying to
write to the socket. Because of this, it's recommended to check
out.closed?
before trying to write.
In the request scope, the logger
helper exposes a Logger
instance:
'/' do
gger.info "loading data"
...
This logger will automatically take your Rack handler's logging settings into account. If logging is disabled, this method will return a dummy object, so you do not have to worry about it in your routes and filters.
Note that logging is only enabled for Sinatra::Application
by default, so
if you inherit from Sinatra::Base
, you probably want to enable it yourself:
s MyApp < Sinatra::Base
nfigure :production, :development do
enable :logging
d
To avoid any logging middleware to be set up, set the logging
setting to
nil
. However, keep in mind that logger
will in that case return nil
. A
common use case is when you want to set your own logger. Sinatra will use
whatever it will find in env['rack.logger']
.
When using send_file
or static files you may have mime types Sinatra
doesn't understand. Use mime_type
to register them by file extension:
igure do
me_type :foo, 'text/foo'
You can also use it with the content_type
helper:
'/' do
ntent_type :foo
oo foo foo"
For generating URLs you should use the url
helper method, for instance, in
Haml:
href => url('/foo')} foo
It takes reverse proxies and Rack routers into account, if present.
This method is also aliased to to
(see below for an example).
You can trigger a browser redirect with the redirect
helper method:
'/foo' do
direct to('/bar')
Any additional parameters are handled like arguments passed to halt
:
rect to('/bar'), 303
rect 'http://www.google.com/', 'wrong place, buddy'
You can also easily redirect back to the page the user came from with
redirect back
:
'/foo' do
a href='/bar'>do something</a>"
'/bar' do
_something
direct back
To pass arguments with a redirect, either add them to the query:
rect to('/bar?sum=42')
Or use a session:
le :sessions
'/foo' do
ssion[:secret] = 'foo'
direct to('/bar')
'/bar' do
ssion[:secret]
Setting your headers correctly is the foundation for proper HTTP caching.
You can easily set the Cache-Control header like this:
'/' do
che_control :public
ache it!"
Pro tip: Set up caching in a before filter:
re do
che_control :public, :must_revalidate, :max_age => 60
If you are using the expires
helper to set the corresponding header,
Cache-Control
will be set automatically for you:
re do
pires 500, :public, :must_revalidate
To properly use caches, you should consider using etag
or last_modified
.
It is recommended to call those helpers before doing any heavy lifting, as
they will immediately flush a response if the client already has the current
version in its cache:
"/article/:id" do
rticle = Article.find params['id']
st_modified @article.updated_at
ag @article.sha1
b :article
It is also possible to use a weak ETag:
@article.sha1, :weak
These helpers will not do any caching for you, but rather feed the necessary information to your cache. If you are looking for a quick reverse-proxy caching solution, try rack-cache:
ire "rack/cache"
ire "sinatra"
Rack::Cache
'/' do
che_control :public, :max_age => 36000
eep 5
ello"
Use the :static_cache_control
setting (see below) to add
Cache-Control
header info to static files.
According to RFC 2616, your application should behave differently if the
If-Match or If-None-Match header is set to *
, depending on whether the
resource requested is already in existence. Sinatra assumes resources for
safe (like get) and idempotent (like put) requests are already in existence,
whereas other resources (for instance post requests) are treated as new
resources. You can change this behavior by passing in a :new_resource
option:
'/create' do
ag '', :new_resource => true
ticle.create
b :new_article
If you still want to use a weak ETag, pass in a :kind
option:
'', :new_resource => true, :kind => :weak
To return the contents of a file as the response, you can use the send_file
helper method:
'/' do
nd_file 'foo.png'
It also takes options:
_file 'foo.png', :type => :jpg
The options are:
The incoming request object can be accessed from request level (filter,
routes, error handlers) through the request
method:
p running on http://example.com/example
'/foo' do
= %w[text/css text/html application/javascript]
quest.accept # ['text/html', '*/*']
quest.accept? 'text/xml' # true
quest.preferred_type(t) # 'text/html'
quest.body # request body sent by the client (see below)
quest.scheme # "http"
quest.script_name # "/example"
quest.path_info # "/foo"
quest.port # 80
quest.request_method # "GET"
quest.query_string # ""
quest.content_length # length of request.body
quest.media_type # media type of request.body
quest.host # "example.com"
quest.get? # true (similar methods for other verbs)
quest.form_data? # false
quest["some_param"] # value of some_param parameter. [] is a shortcut to the params hash.
quest.referrer # the referrer of the client or '/'
quest.user_agent # user agent (used by :agent condition)
quest.cookies # hash of browser cookies
quest.xhr? # is this an ajax request?
quest.url # "http://example.com/example/foo"
quest.path # "/example/foo"
quest.ip # client IP address
quest.secure? # false (would be true over ssl)
quest.forwarded? # true (if running behind a reverse proxy)
quest.env # raw env hash handed in by Rack
Some options, like script_name
or path_info
, can also be written:
re { request.path_info = "/" }
"/" do
ll requests end up here"
The request.body
is an IO or StringIO object:
"/api" do
quest.body.rewind # in case someone already read it
ta = JSON.parse request.body.read
ello #{data['name']}!"
You can use the attachment
helper to tell the browser the response should
be stored on disk rather than displayed in the browser:
'/' do
tachment
tore it!"
You can also pass it a file name:
'/' do
tachment "info.txt"
tore it!"
Sinatra offers a time_for
helper method that generates a Time object from
the given value. It is also able to convert DateTime
, Date
and similar
classes:
'/' do
ss if Time.now > time_for('Dec 23, 2016')
till time"
This method is used internally by expires
, last_modified
and akin. You
can therefore easily extend the behavior of those methods by overriding
time_for
in your application:
ers do
f time_for(value)
case value
when :yesterday then Time.now - 24*60*60
when :tomorrow then Time.now + 24*60*60
else super
end
d
'/' do
st_modified :yesterday
pires :tomorrow
ello"
The find_template
helper is used to find template files for rendering:
_template settings.views, 'foo', Tilt[:haml] do |file|
ts "could be #{file}"
This is not really useful. But it is useful that you can actually override this method to hook in your own lookup mechanism. For instance, if you want to be able to use more than one view directory:
:views, ['views', 'templates']
ers do
f find_template(views, name, engine, &block)
Array(views).each { |v| super(v, name, engine, &block) }
d
Another example would be using different directories for different engines:
:views, :sass => 'views/sass', :haml => 'templates', :default => 'views'
ers do
f find_template(views, name, engine, &block)
_, folder = views.detect { |k,v| engine == Tilt[k] }
folder ||= views[:default]
super(folder, name, engine, &block)
d
You can also easily wrap this up in an extension and share with others!
Note that find_template
does not check if the file really exists but
rather calls the given block for all possible paths. This is not a
performance issue, since render
will use break
as soon as a file is
found. Also, template locations (and content) will be cached if you are not
running in development mode. You should keep that in mind if you write a
really crazy method.
Run once, at startup, in any environment:
igure do
setting one option
t :option, 'value'
setting multiple options
t :a => 1, :b => 2
same as `set :option, true`
able :option
same as `set :option, false`
sable :option
you can also have dynamic settings with blocks
t(:css_dir) { File.join(views, 'css') }
Run only when the environment (APP_ENV
environment variable) is set to
:production
:
igure :production do
.
Run when the environment is set to either :production
or :test
:
igure :production, :test do
.
You can access those options via settings
:
igure do
t :foo, 'bar'
'/' do
ttings.foo? # => true
ttings.foo # => 'bar'
.
Sinatra is using Rack::Protection to defend your application against common, opportunistic attacks. You can easily disable this behavior (which will open up your application to tons of common vulnerabilities):
ble :protection
To skip a single defense layer, set protection
to an options hash:
:protection, :except => :path_traversal
You can also hand in an array in order to disable a list of protections:
:protection, :except => [:path_traversal, :session_hijacking]
By default, Sinatra will only set up session based protection if :sessions
have been enabled. See 'Using Sessions'. Sometimes you may want to set up
sessions “outside” of the Sinatra app, such as in the config.ru or with a
separate Rack::Builder
instance. In that case you can still set up session
based protection by passing the :session
option:
:protection, :session => true
There are three predefined environments
: "development"
,
"production"
and "test"
. Environments can be set through the
APP_ENV
environment variable. The default value is "development"
.
In the "development"
environment all templates are reloaded between
requests, and special not_found
and error
handlers display stack
traces in your browser. In the "production"
and "test"
environments,
templates are cached by default.
To run different environments, set the APP_ENV
environment variable:
ENV=production ruby my_app.rb
You can use predefined methods: development?
, test?
and production?
to
check the current environment setting:
'/' do
settings.development?
"development!"
se
"not development!"
d
Error handlers run within the same context as routes and before filters,
which means you get all the goodies it has to offer, like haml
, erb
,
halt
, etc.
When a Sinatra::NotFound
exception is raised, or the response's status
code is 404, the not_found
handler is invoked:
found do
his is nowhere to be found.'
The error
handler is invoked any time an exception is raised from a route
block or a filter. But note in development it will only run if you set the
show exceptions option to :after_handler
:
:show_exceptions, :after_handler
The exception object can be obtained from the sinatra.error
Rack variable:
r do
orry there was a nasty error - ' + env['sinatra.error'].message
Custom errors:
r MyCustomError do
o what happened was...' + env['sinatra.error'].message
Then, if this happens:
'/' do
ise MyCustomError, 'something bad'
You get this:
hat happened was... something bad
Alternatively, you can install an error handler for a status code:
r 403 do
ccess forbidden'
'/secret' do
3
Or a range:
r 400..510 do
oom'
Sinatra installs special not_found
and error
handlers when
running under the development environment to display nice stack traces
and additional debugging information in your browser.
Sinatra rides on Rack, a minimal standard interface for Ruby web frameworks. One of Rack's most interesting capabilities for application developers is support for “middleware” – components that sit between the server and your application monitoring and/or manipulating the HTTP request/response to provide various types of common functionality.
Sinatra makes building Rack middleware pipelines a cinch via a top-level
use
method:
ire 'sinatra'
ire 'my_custom_middleware'
Rack::Lint
MyCustomMiddleware
'/hello' do
ello World'
The semantics of use
are identical to those defined for the
Rack::Builder DSL
(most frequently used from rackup files). For example, the use
method
accepts multiple/variable args as well as blocks:
Rack::Auth::Basic do |username, password|
ername == 'admin' && password == 'secret'
Rack is distributed with a variety of standard middleware for logging,
debugging, URL routing, authentication, and session handling. Sinatra uses
many of these components automatically based on configuration so you
typically don't have to use
them explicitly.
You can find useful middleware in rack, rack-contrib, or in the Rack wiki.
Sinatra tests can be written using any Rack-based testing library or framework. Rack::Test is recommended:
ire 'my_sinatra_app'
ire 'minitest/autorun'
ire 'rack/test'
s MyAppTest < Minitest::Test
clude Rack::Test::Methods
f app
Sinatra::Application
d
f test_my_default
get '/'
assert_equal 'Hello World!', last_response.body
d
f test_with_params
get '/meet', :name => 'Frank'
assert_equal 'Hello Frank!', last_response.body
d
f test_with_user_agent
get '/', {}, 'HTTP_USER_AGENT' => 'Songbird'
assert_equal "You're using Songbird!", last_response.body
d
Note: If you are using Sinatra in the modular style, replace
Sinatra::Application
above with the class name of your app.
Defining your app at the top-level works well for micro-apps but has
considerable drawbacks when building reusable components such as Rack
middleware, Rails metal, simple libraries with a server component, or even
Sinatra extensions. The top-level assumes a micro-app style configuration
(e.g., a single application file, ./public
and ./views
directories, logging, exception detail page, etc.). That's where
Sinatra::Base
comes into play:
ire 'sinatra/base'
s MyApp < Sinatra::Base
t :sessions, true
t :foo, 'bar'
t '/' do
'Hello world!'
d
The methods available to Sinatra::Base
subclasses are exactly the same
as those available via the top-level DSL. Most top-level apps can be
converted to Sinatra::Base
components with two modifications:
sinatra/base
instead of sinatra
;
otherwise, all of Sinatra's DSL methods are imported into the main
namespace.Sinatra::Base
.Sinatra::Base
is a blank slate. Most options are disabled by default,
including the built-in server. See Configuring Settings for details on
available options and their behavior. If you want behavior more similar
to when you define your app at the top level (also known as Classic
style), you can subclass Sinatra::Application
:
ire 'sinatra/base'
s MyApp < Sinatra::Application
t '/' do
'Hello world!'
d
Contrary to common belief, there is nothing wrong with the classic style. If it suits your application, you do not have to switch to a modular application.
The main disadvantage of using the classic style rather than the modular style is that you will only have one Sinatra application per Ruby process. If you plan to use more than one, switch to the modular style. There is no reason you cannot mix the modular and the classic styles.
If switching from one style to the other, you should be aware of slightly different default settings:
Setting | Classic | Modular | Modular |
---|---|---|---|
app_file | file loading sinatra | file subclassing Sinatra::Base | file subclassing Sinatra::Application |
run | $0 == app_file | false | false |
logging | true | false | true |
method_override | true | false | true |
inline_templates | true | false | true |
static | true | File.exist?(public_folder) | true |
There are two common options for starting a modular app, actively
starting with run!
:
_app.rb
ire 'sinatra/base'
s MyApp < Sinatra::Base
... app code here ...
start the server if ruby file executed directly
n! if app_file == $0
Start with:
my_app.rb
Or with a config.ru
file, which allows using any Rack handler:
nfig.ru (run with rackup)
ire './my_app'
MyApp
Run:
up -p 4567
Write your app file:
p.rb
ire 'sinatra'
'/' do
ello world!'
And a corresponding config.ru
:
ire './app'
Sinatra::Application
A config.ru
file is recommended if:
Sinatra::Base
.There is no need to switch to a config.ru
simply because you
switched to the modular style, and you don't have to use the modular
style for running with a config.ru
.
Not only is Sinatra able to use other Rack middleware, any Sinatra application can in turn be added in front of any Rack endpoint as middleware itself. This endpoint could be another Sinatra application, or any other Rack-based application (Rails/Hanami/Roda/…):
ire 'sinatra/base'
s LoginScreen < Sinatra::Base
able :sessions
t('/login') { haml :login }
st('/login') do
if params['name'] == 'admin' && params['password'] == 'admin'
session['user_name'] = params['name']
else
redirect '/login'
end
d
s MyApp < Sinatra::Base
middleware will run before filters
e LoginScreen
fore do
unless session['user_name']
halt "Access denied, please <a href='/login'>login</a>."
end
d
t('/') { "Hello #{session['user_name']}." }
Sometimes you want to create new applications at runtime without having to
assign them to a constant. You can do this with Sinatra.new
:
ire 'sinatra/base'
pp = Sinatra.new { get('/') { "hi" } }
pp.run!
It takes the application to inherit from as an optional argument:
nfig.ru (run with rackup)
ire 'sinatra/base'
roller = Sinatra.new do
able :logging
lpers MyHelpers
'/a') do
n Sinatra.new(controller) { get('/') { 'a' } }
'/b') do
n Sinatra.new(controller) { get('/') { 'b' } }
This is especially useful for testing Sinatra extensions or using Sinatra in your own library.
This also makes using Sinatra as middleware extremely easy:
ire 'sinatra/base'
Sinatra do
t('/') { ... }
RailsProject::Application
The scope you are currently in determines what methods and variables are available.
Every Sinatra application corresponds to a subclass of Sinatra::Base
.
If you are using the top-level DSL (require 'sinatra'
), then this
class is Sinatra::Application
, otherwise it is the subclass you
created explicitly. At class level you have methods like get
or
before
, but you cannot access the request
or session
objects, as
there is only a single application class for all requests.
Options created via set
are methods at class level:
s MyApp < Sinatra::Base
Hey, I'm in the application scope!
t :foo, 42
o # => 42
t '/foo' do
# Hey, I'm no longer in the application scope!
d
You have the application scope binding inside:
helpers
set
Sinatra.new
You can reach the scope object (the class) like this:
configure { |c| ... }
)settings
from within the request scopeFor every incoming request, a new instance of your application class is
created, and all handler blocks run in that scope. From within this scope you
can access the request
and session
objects or call rendering methods like
erb
or haml
. You can access the application scope from within the request
scope via the settings
helper:
s MyApp < Sinatra::Base
Hey, I'm in the application scope!
t '/define_route/:name' do
# Request scope for '/define_route/:name'
@value = 42
settings.get("/#{params['name']}") do
# Request scope for "/#{params['name']}"
@value # => nil (not the same request)
end
"Route defined!"
d
You have the request scope binding inside:
The delegation scope just forwards methods to the class scope. However, it
does not behave exactly like the class scope, as you do not have the class
binding. Only methods explicitly marked for delegation are available, and you
do not share variables/state with the class scope (read: you have a different
self
). You can explicitly add method delegations by calling
Sinatra::Delegator.delegate :method_name
.
You have the delegate scope binding inside:
require "sinatra"
Sinatra::Delegator
mixinHave a look at the code for yourself: here's the Sinatra::Delegator mixin being extending the main object.
Sinatra applications can be run directly:
myapp.rb [-h] [-x] [-q] [-e ENVIRONMENT] [-p PORT] [-o HOST] [-s HANDLER]
Options are:
help
set the port (default is 4567)
set the host (default is 0.0.0.0)
set the environment (default is development)
specify rack server/handler (default is thin)
turn on quiet mode for server (default is off)
turn on the mutex lock (default is off)
Paraphrasing from this StackOverflow answer by Konstantin
Sinatra doesn't impose any concurrency model, but leaves that to the underlying Rack handler (server) like Thin, Puma or WEBrick. Sinatra itself is thread-safe, so there won't be any problem if the Rack handler uses a threaded model of concurrency. This would mean that when starting the server, you'd have to specify the correct invocation method for the specific Rack handler. The following example is a demonstration of how to start a multi-threaded Thin server:
p.rb
ire 'sinatra/base'
s App < Sinatra::Base
t '/' do
"Hello, World"
d
run!
To start the server, the command would be:
--threaded start
The following Ruby versions are officially supported:
Versions of Ruby prior to 2.2.2 are no longer supported as of Sinatra 2.0.
We also keep an eye on upcoming Ruby versions.
The following Ruby implementations are not officially supported but still are known to run Sinatra:
Not being officially supported means if things only break there and not on a supported platform, we assume it's not our issue but theirs.
We also run our CI against ruby-head (future releases of MRI), but we can't guarantee anything, since it is constantly moving. Expect upcoming 2.x releases to be fully supported.
Sinatra should work on any operating system supported by the chosen Ruby implementation.
If you run MacRuby, you should gem install control_tower
.
Sinatra currently doesn't run on Cardinal, SmallRuby, BlueRuby or any Ruby version prior to 2.2.
If you would like to use Sinatra's latest bleeding-edge code, feel free to run your application against the master branch, it should be rather stable.
We also push out prerelease gems from time to time, so you can do a
install sinatra --pre
to get some of the latest features.
If you want to run your application with the latest Sinatra, using Bundler is the recommended way.
First, install bundler, if you haven't:
install bundler
Then, in your project directory, create a Gemfile
:
ce 'https://rubygems.org'
'sinatra', :github => 'sinatra/sinatra'
her dependencies
'haml' # for instance, if you use haml
Note that you will have to list all your application's dependencies in
the Gemfile
. Sinatra's direct dependencies (Rack and Tilt) will,
however, be automatically fetched and added by Bundler.
Now you can run your app like this:
le exec ruby myapp.rb
Sinatra follows Semantic Versioning, both SemVer and SemVerTag.