More Related Content Similar to RoR vs-nodejs-by-jcskyting (20) RoR vs-nodejs-by-jcskyting3. WHY~?!
• Ruby on Rails: 想開發網站,AlphaCamp ihower
• Node.js: front-end interview (javascript, full-stack)
4. Rails vs Node.js
Ruby
Rails
Rails server engine /
event driven gem
include many many
CRUD / DataBase / safe
sync
javascript
express / koa / sails ..
node.js
npm any you want
speed / realtime / anyway
you want
async
10. Rails vs Node.js
• 透過 Rails method,換 database 不必改 code
• 優點: 開發快、不爽就換 DB
• 缺點: 對DataBase的個別特性瞭解有限、不熟悉
Event.joins(:category)
# SELECT "events".* FROM "events" INNER JOIN "categories" ON "categories"."id" =
"events"."category_id"
Event.includes(:category, :attendees)
# SELECT "events".* FROM "events"
# SELECT "categories".* FROM "categories" WHERE "categories"."id" IN (1,2,3...)
# SELECT "attendees".* FROM "attendees" WHERE "attendees"."event_id" IN (4, 5, 6,
7, 8...)
11. Rails vs Node.js
• not only Ruby, numerous Rails helper method
html 重覆使⽤用
<%= render :partial => 'form', :locals => { :f => f } %>
form
<%= form_for @event, :url => { :controller => 'events', :action =>
'update', :id => @event } do |f| %>
<%= f.textarea :description, :class=>”w100p”, :rows =>10 %>
<%= f.submit "Update" %>
<% end %>
controller method 重覆使⽤用
before_action :set_event, :only => [ :show, :edit, :update, :destroy]
session read/write
session[:hahaha]
12. Rails vs Node.js
• Rails have some Security Design (實戰聖經)
跨站偽造請求CSRF(Cross-site request forgery)
Rails內建了CSRF防禦功能,也就是所有的POST請求,都必須加上⼀一個安全驗證碼
HTML:
<input type="hidden" name="authenticity_token" value="zFGT
+TiykMj7Tsip3sY5G7iELupGD3BttZ8x6F2diThGOVH9+nEoXxkeLOhuLx9kGaWRoOh
ZuwY+OXzXU3EevA==">
Parameters:
{"utf8"=>"✓", "authenticity_token"=>"HC4eVH/
wdojRqSJFk8xYdobZPByVTFkh2WiCbK6HYb+WRtxQvTPOHzP5xgQjJX4JJ/
iDVjsakkpSzs9ToGv2Ow==", "issue"=>{"title"=>"yaya", "description"=>"what the
fuck"}, "commit"=>"建⽴立議題"}
13. Rails vs Node.js
• Rails have some Security Design(實戰聖經)
跨站腳本攻擊XSS(Cross-Site Scripting)
惡意的使⽤用者可以將惡意的Script放在網⾴頁上讓其他使⽤用者執⾏行
要防範這個問題的⽅方法,就是要逸出使⽤用者輸⼊入的內容,例如將<script>變成
<script>,使之顯⽰示出來的時候不讓瀏覽器去執⾏行,Rails預設全部逸出
若要開放讓使⽤用者可以張貼簡單的HTML內容,使⽤用⽩白名單功能
14. Rails vs Node.js
• Rails have some Security Design(實戰聖經)
log敏感資訊過濾(預設)
Processing UsersController#create (for 127.0.0.1 at 2009-01-02 11:02:33) [POST]
Parameters: {"user"=>{"name"=>"susan",
"password_confirmation"=>"[FILTERED]", "password"=>"[FILTERED]"},
"commit"=>"Register", "action"=>"create",
"authenticity_token"=>"9efc03bcc37191d8a6dc3676e2e7890ecdfda0b5",
"controller"=>"users"}
17. Rails intro
MVC
Model-View-Control
route.rb
HTTP request
GET /users/1
Browser
UsersController
end
def show
@user = User.find(params[:id])
respond_to do |format|
format.html
format.xml
end
end
def index
......
end
Model
Database
#show.html.erb
<html>
<h1>User Profile</h1>
<p><%= @user.nickname %></p>
</html>
View
Controller Action
18. Rails intro
Rails ?
• Justin Gehtland Java :Rails = 3.5 : 1
• Proc.net PHP : Rails = 10 : 1
• JavaEye JAVA : Rails = 10 : 1
• thegiive PHP : Rails = 8 : 1
19. Rails vs Node.js
Ruby
Rails
Rails server engine /
event driven gem
include many many
CRUD / DataBase / safe
javascript
express / koa / sails ..
node.js
npm any you want
speed / realtime /
anyway you want
21. 再⾒見⼿手札 theword.tw
FB: 再⾒見⼿手札 www.facebook.com/theword.tw
「再⾒見⼿手札 vs 健保卡註記器捐意願、安寧意願」
在法律上,再⾒見⼿手札是沒有法律效⼒力的
然⽽而實務上,醫院、醫師皆會以家屬意願為主(⽽而⾮非以健保卡註記為
主,⽣生⼈人不可得罪..)
因此健保卡註記就只剩下意願傳達的功能了…(沒辦法,你無法彈起
來告醫師違背你的⽣生前意願)
既然只是意願傳達,那就不需要這麼⿇麻煩了,動兩下⼿手指,讓「再
⾒見⼿手札」幫你搞定吧~!!