Sinatra is aDSLfor quickly creating web applications in Ruby with minimal effort:
# myapp.rb
require'sinatra'
get'/'do
'Hello world!'
end
Install the gems needed:
gem install sinatra
gem install rackup
gem install puma#or any other server (optional step)
And run with:
ruby myapp.rb
View at:http://localhost:4567
The code you changed will not take effect until you restart the server. Please restart the server every time you change or use a code reloader likererunor rack-unreloader.
It is recommended to also rungem install puma
,which Sinatra will
pick up if available.
- Sinatra
- Table of Contents
- Routes
- Conditions
- Return Values
- Custom Route Matchers
- Static Files
- Views / Templates
- Filters
- Helpers
- Configuration
- Lifecycle Events
- Environments
- Error Handling
- Rack Middleware
- Testing
- Sinatra::Base - Middleware, Libraries, and Modular Apps
- Scopes and Binding
- Command Line
- Requirement
- The Bleeding Edge
- Versioning
- Further Reading
In Sinatra, a route is an HTTP method paired with a URL-matching pattern. Each route is associated with a block:
get'/'do
..showsomething..
end
post'/'do
..createsomething..
end
put'/'do
..replacesomething..
end
patch'/'do
..modifysomething..
end
delete'/'do
..annihilatesomething..
end
options'/'do
..appeasesomething..
end
link'/'do
..affiliatesomething..
end
unlink'/'do
..separatesomething..
end
Routes are matched in the order they are defined. The first route that matches the request is invoked.
Routes with trailing slashes are different from the ones without:
get'/foo'do
# Does not match "GET /foo/"
end
Route patterns may include named parameters, accessible via the
params
hash:
get'/hello/:name'do
# matches "GET /hello/foo" and "GET /hello/bar"
# params['name'] is 'foo' or 'bar'
"Hello#{params['name']}!"
end
You can also access named parameters via block parameters:
get'/hello/:name'do|n|
# matches "GET /hello/foo" and "GET /hello/bar"
# params['name'] is 'foo' or 'bar'
# n stores params['name']
"Hello#{n}!"
end
Route patterns may also include splat (or wildcard) parameters, accessible
via theparams['splat']
array:
get'/say/*/to/*'do
# matches /say/hello/to/world
params['splat']# => [ "hello", "world" ]
end
get'/download/*.*'do
# matches /download/path/to/file.xml
params['splat']# => [ "path/to/file", "xml" ]
end
Or with block parameters:
get'/download/*.*'do|path,ext|
[path,ext]# => [ "path/to/file", "xml" ]
end
Route matching with Regular Expressions:
get/\/hello\/([\w]+)/do
"Hello,#{params['captures'].first}!"
end
Or with a block parameter:
get%r{/hello/([\w]+)}do|c|
# Matches "GET /meta/hello/world", "GET /hello/world/1234" etc.
"Hello,#{c}!"
end
Route patterns may have optional parameters:
get'/posts/:format?'do
# matches "GET /posts/" and any extension "GET /posts/json", "GET /posts/xml" etc
end
Routes may also utilize query parameters:
get'/posts'do
# matches "GET /posts?title=foo&author=bar"
title=params['title']
author=params['author']
# uses title and author variables; query is optional to the /posts route
end
By the way, unless you disable the path traversal attack protection (see below), the request path might be modified before matching against your routes.
You may customize theMustermann
options used for a given route by passing in a:mustermann_opts
hash:
get'\A/posts\z',:mustermann_opts=>{:type=>:regexp,:check_anchors=>false}do
# matches /posts exactly, with explicit anchoring
"If you match an anchored pattern clap your hands!"
end
It looks like acondition,but it isn't one! These options will
be merged into the global:mustermann_opts
hash described
below.
Routes may include a variety of matching conditions, such as the user agent:
get'/foo',:agent=>/Songbird (\d\.\d)[\d\/]*?/do
"You're using Songbird version#{params['agent'][0]}"
end
get'/foo'do
# Matches non-songbird browsers
end
Other available conditions arehost_name
andprovides
:
get'/',:host_name=>/^admin\./do
"Admin Area, Access denied!"
end
get'/',:provides=>'html'do
haml:index
end
get'/',:provides=>['rss','atom','xml']do
builder:feed
end
provides
searches the request's Accept header.
You can easily define your own conditions:
set(:probability){|value|condition{rand<=value}}
get'/win_a_car',:probability=>0.1do
"You won!"
end
get'/win_a_car'do
"Sorry, you lost."
end
For a condition that takes multiple values use a splat:
set(:auth)do|*roles|# <- notice the splat here
conditiondo
unlesslogged_in?&&roles.any?{|role|current_user.in_role?role}
redirect"/login/",303
end
end
end
get"/my/account/",:auth=>[:user,:admin]do
"Your Account Details"
end
get"/only/admin/",:auth=>:admindo
"Only admins are allowed here!"
end
The return value of a route block determines at least the response body passed on to the HTTP client or at least the next middleware in the Rack stack. Most commonly, this is a string, as in the above examples. But other values are also accepted.
You can return an object that would either be a valid Rack response, Rack body object or HTTP status code:
- An Array with three elements:
[status (Integer), headers (Hash), response body (responds to #each)]
- An Array with two elements:
[status (Integer), response body (responds to #each)]
- An object that responds to
#each
and passes nothing but strings to the given block - A Integer representing the status code
That way we can, for instance, easily implement a streaming example:
classStream
defeach
100.times{|i|yield"#{i}\n"}
end
end
get('/'){Stream.new}
You can also use thestream
helper method (described below) to reduce
boilerplate and embed the streaming logic in the route.
As shown above, Sinatra ships with built-in support for using String patterns and regular expressions as route matches. However, it does not stop there. You can easily define your own matchers:
classAllButPattern
definitialize(except)
@except=except
end
defto_pattern(options)
returnself
end
defparams(route)
return{}unless@except===route
end
end
defall_but(pattern)
AllButPattern.new(pattern)
end
getall_but("/index")do
#...
end
Note that the above example might be over-engineered, as it can also be expressed as:
get/.*/do
passifrequest.path_info=="/index"
#...
end
Static files are served from the./public
directory. You can specify
a different location by setting the:public_folder
option:
set:public_folder,__dir__+'/static'
Note that the public directory name is not included in the URL. A file
./public/css/style.css
is made available as
http://example.com/css/style.css
.
Use the:static_cache_control
setting (seebelow) to add
Cache-Control
header info.
Each template language is exposed via its own rendering method. These methods simply return a string:
get'/'do
erb:index
end
This rendersviews/index.erb
.
Instead of a template name, you can also just pass in the template content directly:
get'/'do
code="<%= Time.now %>"
erbcode
end
Templates take a second argument, the options hash:
get'/'do
erb:index,:layout=>:post
end
This will renderviews/index.erb
embedded in the
views/post.erb
(default isviews/layout.erb
,if it exists).
Any options not understood by Sinatra will be passed on to the template engine:
get'/'do
haml:index,:format=>:html5
end
You can also set options per template language in general:
set:haml,:format=>:html5
get'/'do
haml:index
end
Options passed to the render method override options set viaset
.
Available Options:
- locals
- List of locals passed to the document. Handy with partials. Example:erb "<%= foo %>",:locals => {:foo => "bar" }
- default_encoding
- String encoding to use if uncertain. Defaults to settings.default_encoding.
- views
- Views folder to load templates from. Defaults tosettings.views.
- layout
- Whether to use a layout (trueorfalse). If it's a Symbol, specifies what template to use. Example: erb:index,:layout =>!request.xhr?
- content_type
- Content-Type the template produces. Default depends on template language.
- scope
- Scope to render template under. Defaults to the application instance. If you change this, instance variables and helper methods will not be available.
- layout_engine
- Template engine to use for rendering the layout. Useful for languages that do not support layouts otherwise. Defaults to the engine used for the template. Example:set:rdoc,:layout_engine =>:erb
- layout_options
- Special options only used for rendering the layout. Example: set:rdoc,:layout_options => {:views => 'views/layouts' }
Templates are assumed to be located directly under the./views
directory. To use a different views directory:
set:views,settings.root+'/templates'
One important thing to remember is that you always have to reference
templates with symbols, even if they're in a subdirectory (in this case,
use::'subdir/template'
or'subdir/template'.to_sym
). You must use a
symbol because otherwise rendering methods will render any strings
passed to them directly.
get'/'do
haml'%div.title Hello World'
end
Renders the template string. You can optionally specify:path
and
:line
for a clearer backtrace if there is a filesystem path or line
associated with that string:
get'/'do
haml'%div.title Hello World',:path=>'examples/file.haml',:line=>3
end
Some languages have multiple implementations. To specify what implementation to use (and to be thread-safe), you should simply require it first:
require'rdiscount'
get('/'){markdown:index}
Dependency | haml |
File Extension | .haml |
Example | haml:index,:format =>:html5 |
Dependency | erubi or erb (included in Ruby) |
File Extensions | .erb,.rhtmlor.erubi(Erubi only) |
Example | erb:index |
Dependency | builder |
File Extension | .builder |
Example | builder { |xml| xml.em "hi" } |
It also takes a block for inline templates (seeexample).
Dependency | nokogiri |
File Extension | .nokogiri |
Example | nokogiri { |xml| xml.em "hi" } |
It also takes a block for inline templates (seeexample).
Dependency | sass-embedded |
File Extension | .sass |
Example | sass:stylesheet,:style =>:expanded |
Dependency | sass-embedded |
File Extension | .scss |
Example | scss:stylesheet,:style =>:expanded |
Dependency | liquid |
File Extension | .liquid |
Example | liquid:index,:locals => {:key => 'value' } |
Since you cannot call Ruby methods (except foryield
) from a Liquid
template, you almost always want to pass locals to it.
Dependency | Anyone of: RDiscount, RedCarpet, kramdown, commonmarker pandoc |
File Extensions | .markdown,.mkdand.md |
Example | markdown:index,:layout_engine =>:erb |
It is not possible to call methods from Markdown, nor to pass locals to it. You therefore will usually use it in combination with another rendering engine:
erb:overview,:locals=>{:text=>markdown(:introduction)}
Note that you may also call themarkdown
method from within other
templates:
%h1HelloFromHaml!
%p=markdown(:greetings)
Since you cannot call Ruby from Markdown, you cannot use layouts written in
Markdown. However, it is possible to use another rendering engine for the
template than for the layout by passing the:layout_engine
option.
Dependency | RDoc |
File Extension | .rdoc |
Example | rdoc:README,:layout_engine =>:erb |
It is not possible to call methods from RDoc, nor to pass locals to it. You therefore will usually use it in combination with another rendering engine:
erb:overview,:locals=>{:text=>rdoc(:introduction)}
Note that you may also call therdoc
method from within other templates:
%h1HelloFromHaml!
%p=rdoc(:greetings)
Since you cannot call Ruby from RDoc, you cannot use layouts written in
RDoc. However, it is possible to use another rendering engine for the
template than for the layout by passing the:layout_engine
option.
Dependency | Asciidoctor |
File Extension | .asciidoc,.adocand.ad |
Example | asciidoc:README,:layout_engine =>:erb |
Since you cannot call Ruby methods directly from an AsciiDoc template, you almost always want to pass locals to it.
Dependency | Markaby |
File Extension | .mab |
Example | markaby { h1 "Welcome!" } |
It also takes a block for inline templates (seeexample).
Dependency | Rabl |
File Extension | .rabl |
Example | rabl:index |
Dependency | Slim Lang |
File Extension | .slim |
Example | slim:index |
Dependency | yajl-ruby |
File Extension | .yajl |
Example | yajl:index, :locals => {:key => 'qux' }, :callback => 'present', :variable => 'resource' |
The template source is evaluated as a Ruby string, and the
resulting json variable is converted using#to_json
:
json={:foo=>'bar'}
json[:baz]=key
The:callback
and:variable
options can be used to decorate the rendered
object:
varresource={"foo":"bar","baz":"qux"};
present(resource);
Templates are evaluated within the same context as route handlers. Instance variables set in route handlers are directly accessible by templates:
get'/:id'do
@foo=Foo.find(params['id'])
haml'%h1= @foo.name'
end
Or, specify an explicit Hash of local variables:
get'/:id'do
foo=Foo.find(params['id'])
haml'%h1= bar.name',:locals=>{:bar=>foo}
end
This is typically used when rendering templates as partials from within other templates.
A layout is usually just a template that callsyield
.
Such a template can be used either through the:template
option as
described above, or it can be rendered with a block as follows:
erb:post,:layout=>falsedo
erb:index
end
This code is mostly equivalent toerb:index,:layout =>:post
.
Passing blocks to rendering methods is most useful for creating nested layouts:
erb:main_layout,:layout=>falsedo
erb:admin_layoutdo
erb:user
end
end
This can also be done in fewer lines of code with:
erb:admin_layout,:layout=>:main_layoutdo
erb:user
end
Currently, the following rendering methods accept a block:erb
,haml
,
liquid
,slim
.Also, the generalrender
method accepts a block.
Templates may be defined at the end of the source file:
require'sinatra'
get'/'do
haml:index
end
__END__
@@ layout
%html
!= yield
@@ index
%div.title Hello world.
NOTE: Inline templates defined in the source file that requires Sinatra are
automatically loaded. Callenable:inline_templates
explicitly if you
have inline templates in other source files.
Templates may also be defined using the top-leveltemplate
method:
template:layoutdo
"%html\n=yield\n"
end
template:indexdo
'%div.title Hello World!'
end
get'/'do
haml:index
end
If a template named "layout" exists, it will be used each time a template
is rendered. You can individually disable layouts by passing
:layout => false
or disable them by default via
set:haml,:layout => false
:
get'/'do
haml:index,:layout=>!request.xhr?
end
To associate a file extension with a template engine, use
Tilt.register
.For instance, if you like to use the file extension
tt
for Haml templates, you can do the following:
Tilt.registerTilt[:haml],:tt
First, register your engine with Tilt, then create a rendering method:
Tilt.registerMyAwesomeTemplateEngine,:myat
helpersdo
defmyat(*args)render(:myat,*args)end
end
get'/'do
myat:index
end
Renders./views/index.myat
.Learn more about
Tilt.
To implement your own template lookup mechanism you can write your
own#find_template
method:
configuredo
set:views,['./views/a','./views/b']
end
deffind_template(views,name,engine,&block)
Array(views).eachdo|v|
super(v,name,engine,&block)
end
end
Before filters are evaluated before each request within the same context as the routes will be and can modify the request and response. Instance variables set in filters are accessible by routes and templates:
beforedo
@note='Hi!'
request.path_info='/foo/bar/baz'
end
get'/foo/*'do
@note#=> 'Hi!'
params['splat']#=> 'bar/baz'
end
After filters are evaluated after each request within the same context as the routes will be and can also modify the request and response. Instance variables set in before filters and routes are accessible by after filters:
afterdo
putsresponse.status
end
Note: Unless you use thebody
method rather than just returning a
String from the routes, the body will not yet be available in the after
filter, since it is generated later on.
Filters optionally take a pattern, causing them to be evaluated only if the request path matches that pattern:
before'/protected/*'do
authenticate!
end
after'/create/:slug'do|slug|
session[:last_slug]=slug
end
Like routes, filters also take conditions:
before:agent=>/Songbird/do
#...
end
after'/blog/*',:host_name=>'example.com'do
#...
end
Use the top-levelhelpers
method to define helper methods for use in
route handlers and templates:
helpersdo
defbar(name)
"#{name}bar "
end
end
get'/:name'do
bar(params['name'])
end
Alternatively, helper methods can be separately defined in a module:
moduleFooUtils
deffoo(name)"#{name}foo "end
end
moduleBarUtils
defbar(name)"#{name}bar "end
end
helpersFooUtils,BarUtils
The effect is the same as including the modules in the application class.
A session is used to keep state during requests. If activated, you have one session hash per user session:
enable:sessions
get'/'do
"value ="<<session[:value].inspect
end
get'/:value'do
session['value']=params['value']
end
To improve security, the session data in the cookie is signed with a session
secret usingHMAC-SHA1
.This session secret should optimally be a
cryptographically secure random value of an appropriate length which for
HMAC-SHA1
is greater than or equal to 64 bytes (512 bits, 128 hex
characters). You would be advised not to use a secret that is less than 32
bytes of randomness (256 bits, 64 hex characters). It is thereforevery
importantthat you don't just make the secret up, but instead use a secure
random number generator to create it. Humans are extremely bad at generating
random values.
By default, a 32 byte secure random session secret is generated for you by Sinatra, but it will change with every restart of your application. If you have multiple instances of your application, and you let Sinatra generate the key, each instance would then have a different session key which is probably not what you want.
For better security and usability it's recommendedthat you generate a secure random secret and store it in an environment variable on each host running your application so that all of your application instances will share the same secret. You should periodically rotate this session secret to a new value. Here are some examples of how you might create a 64-byte secret and set it:
Session Secret Generation
$ ruby -e "require 'securerandom'; puts SecureRandom.hex(64)"
99ae8af...snip...ec0f262ac
Session Secret Environment Variable
Set aSESSION_SECRET
environment variable for Sinatra to the value you
generated. Make this value persistent across reboots of your host. Since the
method for doing this will vary across systems this is for illustrative
purposes only:
#echo "export SESSION_SECRET=99ae8af...snip...ec0f262ac" >> ~/.bashrc
Session Secret App Config
Set up your app config to fail-safe to a secure random secret
if theSESSION_SECRET
environment variable is not available:
require'securerandom'
set:session_secret,ENV.fetch('SESSION_SECRET'){SecureRandom.hex(64)}
If you want to configure it further, you may also store a hash with options
in thesessions
setting:
set:sessions,:domain=>'foo.com'
To share your session across other apps on subdomains of foo.com, prefix the domain with a.like this instead:
set:sessions,:domain=>'.foo.com'
Note thatenable:sessions
actually stores all data in a cookie. This
might not always be what you want (storing lots of data will increase your
traffic, for instance). You can use any Rack session middleware in order to
do so, one of the following methods can be used:
enable:sessions
set:session_store,Rack::Session::Pool
Or to set up sessions with a hash of options:
set:sessions,:expire_after=>2592000
set:session_store,Rack::Session::Pool
Another option is tonotcallenable:sessions
,but instead pull in
your middleware of choice as you would any other middleware.
It is important to note that when using this method, session based protectionwill not be enabled by default.
The Rack middleware to do that will also need to be added:
useRack::Session::Pool,:expire_after=>2592000
useRack::Protection::RemoteToken
useRack::Protection::SessionHijacking
See 'Configuring attack protection' for more information.
To immediately stop a request within a filter or route use:
halt
You can also specify the status when halting:
halt410
Or the body:
halt'this will be the body'
Or both:
halt401,'go away!'
With headers:
halt402,{'Content-Type'=>'text/plain'},'revenge'
It is of course possible to combine a template withhalt
:
halterb(:error)
A route can punt processing to the next matching route usingpass
:
get'/guess/:who'do
passunlessparams['who']=='Frank'
'You got me!'
end
get'/guess/*'do
'You missed!'
end
The route block is immediately exited and control continues with the next matching route. If no matching route is found, a 404 is returned.
Sometimespass
is not what you want, instead, you would like to get the
result of calling another route. Simply usecall
to achieve this:
get'/foo'do
status,headers,body=callenv.merge("PATH_INFO"=>'/bar')
[status,headers,body.map(&:upcase)]
end
get'/bar'do
"bar"
end
Note that in the example above, you would ease testing and increase
performance by simply moving"bar"
into a helper used by both/foo
and
/bar
.
If you want the request to be sent to the same application instance rather
than a duplicate, usecall!
instead ofcall
.
Check out the Rack specification if you want to learn more aboutcall
.
It is possible and recommended to set the status code and response body with
the return value of the route block. However, in some scenarios, you might
want to set the body at an arbitrary point in the execution flow. You can do
so with thebody
helper method. If you do so, you can use that method from
thereon to access the body:
get'/foo'do
body"bar"
end
afterdo
putsbody
end
It is also possible to pass a block tobody
,which will be executed by the
Rack handler (this can be used to implement streaming,see "Return Values").
Similar to the body, you can also set the status code and headers:
get'/foo'do
status418
headers\
"Allow"=>"BREW, POST, GET, PROPFIND, WHEN",
"Refresh"=>"Refresh: 20; https://ietf.org/rfc/rfc2324.txt"
body"I'm a teapot!"
end
Likebody
,headers
andstatus
with no arguments can be used to access
their current values.
Sometimes you want to start sending out data while still generating parts of
the response body. In extreme examples, you want to keep sending data until
the client closes the connection. You can use thestream
helper to avoid
creating your own wrapper:
get'/'do
streamdo|out|
out<<"It's gonna be legen -\n"
sleep0.5
out<<"(wait for it)\n"
sleep1
out<<"- dary!\n"
end
end
This allows you to implement streaming APIs, Server Sent Events,and can be used as the basis forWebSockets.It can also be used to increase throughput if some but not all content depends on a slow resource.
Note that the streaming behavior, especially the number of concurrent
requests, highly depends on the webserver used to serve the application.
Some servers might not even support streaming at all. If the server does not
support streaming, the body will be sent all at once after the block passed
tostream
finishes executing. Streaming does not work at all with Shotgun.
If the optional parameter is set tokeep_open
,it will not callclose
on
the stream object, allowing you to close it at any later point in the
execution flow.
You can have a look at thechat example
It's also possible for the client to close the connection when trying to
write to the socket. Because of this, it's recommended to check
out.closed?
before trying to write.
In the request scope, thelogger
helper exposes aLogger
instance:
get'/'do
logger.info"loading data"
#...
end
This logger will automatically take your Rack handler's logging settings into account. If logging is disabled, this method will return a dummy object, so you do not have to worry about it in your routes and filters.
Note that logging is only enabled forSinatra::Application
by default, so
if you inherit fromSinatra::Base
,you probably want to enable it yourself:
classMyApp<Sinatra::Base
configure:production,:developmentdo
enable:logging
end
end
To avoid any logging middleware to be set up, set thelogging
option to
nil
.However, keep in mind thatlogger
will in that case returnnil
.A
common use case is when you want to set your own logger. Sinatra will use
whatever it will find inenv['rack.logger']
.
When usingsend_file
or static files you may have mime types Sinatra
doesn't understand. Usemime_type
to register them by file extension:
configuredo
mime_type:foo,'text/foo'
end
You can also use it with thecontent_type
helper:
get'/'do
content_type:foo
"foo foo foo"
end
For generating URLs you should use theurl
helper method, for instance, in
Haml:
%a{:href=>url('/foo')}foo
It takes reverse proxies and Rack routers into account - if present.
This method is also aliased toto
(seebelowfor an example).
You can trigger a browser redirect with theredirect
helper method:
get'/foo'do
redirectto('/bar')
end
Any additional parameters are handled like arguments passed tohalt
:
redirectto('/bar'),303
redirect'http://www.google.com/','wrong place, buddy'
You can also easily redirect back to the page the user came from with
redirect back
:
get'/foo'do
"<a href='/bar'>do something</a>"
end
get'/bar'do
do_something
redirectback
end
To pass arguments with a redirect, either add them to the query:
redirectto('/bar?sum=42')
Or use a session:
enable:sessions
get'/foo'do
session[:secret]='foo'
redirectto('/bar')
end
get'/bar'do
session[:secret]
end
Setting your headers correctly is the foundation for proper HTTP caching.
You can easily set the Cache-Control header like this:
get'/'do
cache_control:public
"cache it!"
end
Pro tip: Set up caching in a before filter:
beforedo
cache_control:public,:must_revalidate,:max_age=>60
end
If you are using theexpires
helper to set the corresponding header,
Cache-Control
will be set automatically for you:
beforedo
expires500,:public,:must_revalidate
end
To properly use caches, you should consider usingetag
orlast_modified
.
It is recommended to call those helpersbeforedoing any heavy lifting, as
they will immediately flush a response if the client already has the current
version in its cache:
get"/article/:id"do
@article=Article.findparams['id']
last_modified@article.updated_at
etag@article.sha1
erb:article
end
It is also possible to use a weak ETag:
etag@article.sha1,:weak
These helpers will not do any caching for you, but rather feed the necessary information to your cache. If you are looking for a quick reverse-proxy caching solution, try rack-cache:
require"rack/cache"
require"sinatra"
useRack::Cache
get'/'do
cache_control:public,:max_age=>36000
sleep5
"hello"
end
Use the:static_cache_control
setting (seebelow) to add
Cache-Control
header info to static files.
According to RFC 2616, your application should behave differently if the
If-Match or If-None-Match header is set to*
,depending on whether the
resource requested is already in existence. Sinatra assumes resources for
safe (like get) and idempotent (like put) requests are already in existence,
whereas other resources (for instance post requests) are treated as new
resources. You can change this behavior by passing in a:new_resource
option:
get'/create'do
etag'',:new_resource=>true
Article.create
erb:new_article
end
If you still want to use a weak ETag, pass in a:kind
option:
etag'',:new_resource=>true,:kind=>:weak
To return the contents of a file as the response, you can use thesend_file
helper method:
get'/'do
send_file'foo.png'
end
It also takes options:
send_file'foo.png',:type=>:jpg
The options are:
- filename
- File name to be used in the response, defaults to the real file name.
- last_modified
- Value for Last-Modified header, defaults to the file's mtime.
- type
- Value for Content-Type header, guessed from the file extension if missing.
- disposition
- Value for Content-Disposition header, possible values:nil (default),:attachmentand:inline
- length
- Value for Content-Length header, defaults to file size.
- status
- Status code to be sent. Useful when sending a static file as an error page. If supported by the Rack handler, other means than streaming from the Ruby process will be used. If you use this helper method, Sinatra will automatically handle range requests.
The incoming request object can be accessed from request level (filter,
routes, error handlers) through therequest
method:
# app running on http://example.com/example
get'/foo'do
t=%w[text/csstext/htmlapplication/javascript]
request.accept# ['text/html', '*/*']
request.accept?'text/xml'# true
request.preferred_type(t)# 'text/html'
request.body# request body sent by the client (see below)
request.scheme# "http"
request.script_name# "/example"
request.path_info# "/foo"
request.port# 80
request.request_method# "GET"
request.query_string# ""
request.content_length# length of request.body
request.media_type# media type of request.body
request.host# "example.com"
request.get?# true (similar methods for other verbs)
request.form_data?# false
request["some_param"]# value of some_param parameter. [] is a shortcut to the params hash.
request.referrer# the referrer of the client or '/'
request.user_agent# user agent (used by:agent condition)
request.cookies# hash of browser cookies
request.xhr?# is this an ajax request?
request.url# "http://example.com/example/foo"
request.path# "/example/foo"
request.ip# client IP address
request.secure?# false (would be true over ssl)
request.forwarded?# true (if running behind a reverse proxy)
request.env# raw env hash handed in by Rack
end
Some options, likescript_name
orpath_info
,can also be written:
before{request.path_info="/"}
get"/"do
"all requests end up here"
end
Therequest.body
is an IO or StringIO object:
post"/api"do
request.body.rewind# in case someone already read it
data=JSON.parserequest.body.read
"Hello#{data['name']}!"
end
You can use theattachment
helper to tell the browser the response should
be stored on disk rather than displayed in the browser:
get'/'do
attachment
"store it!"
end
You can also pass it a file name:
get'/'do
attachment"info.txt"
"store it!"
end
Sinatra offers atime_for
helper method that generates a Time object from
the given value. It is also able to convertDateTime
,Date
and similar
classes:
get'/'do
passifTime.now>time_for('Dec 23, 2016')
"still time"
end
This method is used internally byexpires
,last_modified
and akin. You
can therefore easily extend the behavior of those methods by overriding
time_for
in your application:
helpersdo
deftime_for(value)
casevalue
when:yesterdaythenTime.now-24*60*60
when:tomorrowthenTime.now+24*60*60
elsesuper
end
end
end
get'/'do
last_modified:yesterday
expires:tomorrow
"hello"
end
Thefind_template
helper is used to find template files for rendering:
find_templatesettings.views,'foo',Tilt[:haml]do|file|
puts"could be#{file}"
end
This is not really useful. But it is useful that you can actually override this method to hook in your own lookup mechanism. For instance, if you want to be able to use more than one view directory:
set:views,['views','templates']
helpersdo
deffind_template(views,name,engine,&block)
Array(views).each{|v|super(v,name,engine,&block)}
end
end
Another example would be using different directories for different engines:
set:views,:haml=>'templates',:default=>'views'
helpersdo
deffind_template(views,name,engine,&block)
_,folder=views.detect{|k,v|engine==Tilt[k]}
folder||=views[:default]
super(folder,name,engine,&block)
end
end
You can also easily wrap this up in an extension and share it with others!
Note thatfind_template
does not check if the file really exists but
rather calls the given block for all possible paths. This is not a
performance issue, sincerender
will usebreak
as soon as a file is
found. Also, template locations (and content) will be cached if you are not
running in development mode. You should keep that in mind if you write a
really crazy method.
Run once, at startup, in any environment:
configuredo
# setting one option
set:option,'value'
# setting multiple options
set:a=>1,:b=>2
# same as `set:option, true`
enable:option
# same as `set:option, false`
disable:option
# you can also have dynamic settings with blocks
set(:css_dir){File.join(views,'css')}
end
Run only when the environment (APP_ENV
environment variable) is set to
:production
:
configure:productiondo
...
end
Run when the environment is set to either:production
or:test
:
configure:production,:testdo
...
end
You can access those options viasettings
:
configuredo
set:foo,'bar'
end
get'/'do
settings.foo?# => true
settings.foo# => 'bar'
...
end
Sinatra is using Rack::Protectionto defend your application against common, opportunistic attacks. You can easily disable this behavior (which will open up your application to tons of common vulnerabilities):
disable:protection
To skip a single defense layer, setprotection
to an options hash:
set:protection,:except=>:path_traversal
You can also hand in an array in order to disable a list of protections:
set:protection,:except=>[:path_traversal,:remote_token]
By default, Sinatra will only set up session based protection if:sessions
have been enabled. See 'Using Sessions'. Sometimes you may want to set up
sessions "outside" of the Sinatra app, such as in the config.ru or with a
separateRack::Builder
instance. In that case, you can still set up session
based protection by passing the:session
option:
set:protection,:session=>true
- absolute_redirects
- If disabled, Sinatra will allow relative redirects, however, Sinatra will no longer conform with RFC 2616 (HTTP 1.1), which only allows absolute redirects.
- Enable if your app is running behind a reverse proxy that has not been set up properly. Note that theurlhelper will still produce absolute URLs, unless you pass infalseas the second parameter.
- Disabled by default.
- add_charset
- Mime types thecontent_typehelper will automatically add the charset info to. You should add to it rather than overriding this option:settings.add_charset << "application/foobar"
- app_file
- Path to the main application file, used to detect project root, views and public folder and inline templates.
- bind
- IP address to bind to (default:0.0.0.0or localhostif your `environment` is set to development). Only used for built-in server.
- default_content_type
- Content-Type to assume if unknown (defaults to"text/html"). Set tonilto not set a default Content-Type on every response; when configured so, you must set the Content-Type manually when emitting content or the user-agent will have to sniff it (or, ifnosniffis enabled in Rack::Protection::XSSHeader, assumeapplication/octet-stream).
- default_encoding
- Encoding to assume if unknown (defaults to"utf-8").
- dump_errors
- Display errors in the log. Enabled by default unless environment is "test".
- environment
- Current environment. Defaults toENV['APP_ENV'],or "development"if not available.
- logging
- Use the logger.
- lock
- Places a lock around every request, only running processing on request per Ruby process concurrently.
- Enabled if your app is not thread-safe. Disabled by default.
- method_override
- Use_methodmagic to allow put/delete forms in browsers that don't support it.
- mustermann_opts
- A default hash of options to pass to Mustermann.new when compiling routing paths.
- port
- Port to listen on. Only used for built-in server.
- prefixed_redirects
- Whether or not to insertrequest.script_nameinto redirects if no absolute path is given. That wayredirect '/foo'would behave likeredirect to('/foo').Disabled by default.
- protection
- Whether or not to enable web attack protections. See protection section above.
- public_dir
- Alias forpublic_folder.See below.
- public_folder
- Path to the folder public files are served from. Only used if static file serving is enabled (seestaticsetting below). Inferred fromapp_filesetting if not set.
- quiet
- Disables logs generated by Sinatra's start and stop commands. falseby default.
- reload_templates
- Whether or not to reload templates between requests. Enabled in development mode.
- root
- Path to project root folder. Inferred fromapp_filesetting if not set.
- raise_errors
- Raise unhandled errors (will stop application). Enabled by default when environmentis set to"test",disabled otherwise.
- Any explicitly defined error handlers always override this setting. See the "Error" section below.
- run
- If enabled, Sinatra will handle starting the web server. Do not enable if using rackup or other means.
- running
- Is the built-in server running now? Do not change this setting!
- server
- Server or list of servers to use for built-in server. Order indicates priority, default depends on Ruby implementation.
- server_settings
- If you are using a WEBrick web server, presumably for your development environment, you can pass a hash of options toserver_settings, such asSSLEnableorSSLVerifyClient.However, web servers such as Puma do not support this, so you can set server_settingsby defining it as a method when you call configure.
- sessions
- Enable cookie-based sessions support using Rack::Session::Cookie.See 'Using Sessions' section for more information.
- session_store
- The Rack session middleware used. Defaults to Rack::Session::Cookie.See 'Using Sessions' section for more information.
- show_exceptions
- Show a stack trace in the browser when an exception happens. Enabled by default whenenvironmentis set to"development", disabled otherwise.
- Can also be set to:after_handlerto trigger app-specified error handling before showing a stack trace in the browser.
- static
- Whether Sinatra should handle serving static files.
- Disable when using a server able to do this on its own.
- Disabling will boost performance.
- Enabled by default in classic style, disabled for modular apps.
- static_cache_control
- When Sinatra is serving static files, set this to add Cache-Controlheaders to the responses. Uses the cache_controlhelper. Disabled by default.
- Use an explicit array when setting multiple values: set:static_cache_control, [:public,:max_age => 300]
- threaded
- If set totrue,will tell server to use EventMachine.deferfor processing the request.
- traps
- Whether Sinatra should handle system signals.
- views
- Path to the views folder. Inferred fromapp_filesetting if not set.
- x_cascade
- Whether or not to set the X-Cascade header if no route matches. Defaults totrue.
There are 2 lifecycle events currently exposed by Sinatra. One when the server starts and one when it stops.
They can be used like this:
on_startdo
puts"===== Booting up ====="
end
on_stopdo
puts"===== Shutting down ====="
end
Note that these callbacks only work when using Sinatra to start the web server.
There are three predefinedenvironments
:"development"
,
"production"
and"test"
.Environments can be set through the
APP_ENV
environment variable. The default value is"development"
.
In the"development"
environment all templates are reloaded between
requests, and specialnot_found
anderror
handlers display stack
traces in your browser. In the"production"
and"test"
environments,
templates are cached by default.
To run different environments, set theAPP_ENV
environment variable:
APP_ENV=production ruby my_app.rb
You can use predefined methods:development?
,test?
andproduction?
to
check the current environment setting:
get'/'do
ifsettings.development?
"development!"
else
"not development!"
end
end
Error handlers run within the same context as routes and before filters,
which means you get all the goodies it has to offer, likehaml
,erb
,
halt
,etc.
When aSinatra::NotFound
exception is raised, or the response's status
code is 404, thenot_found
handler is invoked:
not_founddo
'This is nowhere to be found.'
end
Theerror
handler is invoked any time an exception is raised from a route
block or a filter. But note in development it will only run if you set the
show exceptions option to:after_handler
:
set:show_exceptions,:after_handler
A catch-all error handler can be defined witherror
and a block:
errordo
'Sorry there was a nasty error'
end
The exception object can be obtained from thesinatra.error
Rack variable:
errordo
'Sorry there was a nasty error - '+env['sinatra.error'].message
end
Pass an error class as an argument to create handlers for custom errors:
errorMyCustomErrordo
'So what happened was...'+env['sinatra.error'].message
end
Then, if this happens:
get'/'do
raiseMyCustomError,'something bad'
end
You get this:
So what happened was... something bad
Alternatively, you can install an error handler for a status code:
error403do
'Access forbidden'
end
get'/secret'do
403
end
Or a range:
error400..510do
'Boom'
end
Sinatra installs specialnot_found
anderror
handlers when
running under the development environment to display nice stack traces
and additional debugging information in your browser.
Whenraise_errors
option istrue
,errors that are unhandled are raised
outside of the application. Additionally, any errors that would have been
caught by the catch-all error handler are raised.
For example, consider the following configuration:
# First handler
errorMyCustomErrordo
'A custom message'
end
# Second handler
errordo
'A catch-all message'
end
Ifraise_errors
isfalse
:
- When
MyCustomError
or descendant is raised, the first handler is invoked. The HTTP response body will contain"A custom message"
. - When any other error is raised, the second handler is invoked. The HTTP
response body will contain
"A catch-all message"
.
Ifraise_errors
istrue
:
- When
MyCustomError
or descendant is raised, the behavior is identical to whenraise_errors
isfalse
,described above. - When any other error is raised, the second handler isnotinvoked, and
the error is raised outside of the application.
- If the environment is
production
,the HTTP response body will contain a generic error message, e.g."An unhandled lowlevel error occurred. The application logs may have details."
- If the environment is not
production
,the HTTP response body will contain the verbose error backtrace. - Regardless of environment, if
show_exceptions
is set to:after_handler
, the HTTP response body will contain the verbose error backtrace.
- If the environment is
In thetest
environment,raise_errors
is set totrue
by default. This
means that in order to write a test for a catch-all error handler,
raise_errors
must temporarily be set tofalse
for that particular test.
Sinatra rides onRack,a minimal standard interface for Ruby web frameworks. One of Rack's most interesting capabilities for application developers is support for "middleware" -- components that sit between the server and your application monitoring and/or manipulating the HTTP request/response to provide various types of common functionality.
Sinatra makes building Rack middleware pipelines a cinch via a top-level
use
method:
require'sinatra'
require'my_custom_middleware'
useRack::Lint
useMyCustomMiddleware
get'/hello'do
'Hello World'
end
The semantics ofuse
are identical to those defined for the
Rack::BuilderDSL
(most frequently used from rackup files). For example, theuse
method
accepts multiple/variable args as well as blocks:
useRack::Auth::Basicdo|username,password|
username=='admin'&&password=='secret'
end
Rack is distributed with a variety of standard middleware for logging,
debugging, URL routing, authentication, and session handling. Sinatra uses
many of these components automatically based on configuration so you
typically don't have touse
them explicitly.
You can find useful middleware in rack, rack-contrib, or in theRack wiki.
Sinatra tests can be written using any Rack-based testing library or framework. Rack::Test is recommended:
require'my_sinatra_app'
require'minitest/autorun'
require'rack/test'
classMyAppTest<Minitest::Test
includeRack::Test::Methods
defapp
Sinatra::Application
end
deftest_my_default
get'/'
assert_equal'Hello World!',last_response.body
end
deftest_with_params
get'/meet',:name=>'Frank'
assert_equal'Hello Frank!',last_response.body
end
deftest_with_user_agent
get'/',{},'HTTP_USER_AGENT'=>'Songbird'
assert_equal"You're using Songbird!",last_response.body
end
end
Note: If you are using Sinatra in the modular style, replace
Sinatra::Application
above with the class name of your app.
Defining your app at the top-level works well for micro-apps but has
considerable drawbacks when building reusable components such as Rack
middleware, Rails metal, simple libraries with a server component, or even
Sinatra extensions. The top-level assumes a micro-app style configuration
(e.g., a single application file,./public
and./views
directories, logging, exception detail page, etc.). That's where
Sinatra::Base
comes into play:
require'sinatra/base'
classMyApp<Sinatra::Base
set:sessions,true
set:foo,'bar'
get'/'do
'Hello world!'
end
end
The methods available toSinatra::Base
subclasses are exactly the same
as those available via the top-level DSL. Most top-level apps can be
converted toSinatra::Base
components with two modifications:
- Your file should require
sinatra/base
instead ofsinatra
; otherwise, all of Sinatra's DSL methods are imported into the main namespace. - Put your app's routes, error handlers, filters, and options in a subclass
of
Sinatra::Base
.
Sinatra::Base
is a blank slate. Most options are disabled by default,
including the built-in server. SeeConfiguring
Settingsfor details on
available options and their behavior. If you want behavior more similar
to when you define your app at the top level (also known as Classic
style), you can subclassSinatra::Application
:
require'sinatra/base'
classMyApp<Sinatra::Application
get'/'do
'Hello world!'
end
end
Contrary to common belief, there is nothing wrong with the classic style. If it suits your application, you do not have to switch to a modular application.
The main disadvantage of using the classic style rather than the modular style is that you will only have one Sinatra application per Ruby process. If you plan to use more than one, switch to the modular style. There is no reason you cannot mix the modular and classic styles.
If switching from one style to the other, you should be aware of slightly different default settings:
Setting | Classic | Modular | Modular |
---|---|---|---|
app_file | file loading sinatra | file subclassing Sinatra::Base | file subclassing Sinatra::Application |
run | $0 == app_file | false | false |
logging | true | false | true |
method_override | true | false | true |
inline_templates | true | false | true |
static | true | File.exist?(public_folder) | true |
There are two common options for starting a modular app, actively
starting withrun!
:
# my_app.rb
require'sinatra/base'
classMyApp<Sinatra::Base
#... app code here...
# start the server if ruby file executed directly
run!ifapp_file== $0
end
Start with:
ruby my_app.rb
Or with aconfig.ru
file, which allows using any Rack handler:
# config.ru (run with rackup)
require'./my_app'
runMyApp
Run:
rackup -p 4567
Write your app file:
# app.rb
require'sinatra'
get'/'do
'Hello world!'
end
And a correspondingconfig.ru
:
require'./app'
runSinatra::Application
Aconfig.ru
file is recommended if:
- You want to deploy with a different Rack handler (Passenger, Unicorn, Heroku,...).
- You want to use more than one subclass of
Sinatra::Base
. - You want to use Sinatra only for middleware, and not as an endpoint.
There is no need to switch to aconfig.ru
simply because you
switched to the modular style, and you don't have to use the modular
style for running with aconfig.ru
.
Not only is Sinatra able to use other Rack middleware, any Sinatra application can, in turn, be added in front of any Rack endpoint as middleware itself. This endpoint could be another Sinatra application, or any other Rack-based application (Rails/Hanami/Roda/...):
require'sinatra/base'
classLoginScreen<Sinatra::Base
enable:sessions
get('/login'){haml:login}
post('/login')do
ifparams['name']=='admin'&¶ms['password']=='admin'
session['user_name']=params['name']
else
redirect'/login'
end
end
end
classMyApp<Sinatra::Base
# middleware will run before filters
useLoginScreen
beforedo
unlesssession['user_name']
halt"Access denied, please <a href='/login'>login</a>."
end
end
get('/'){"Hello#{session['user_name']}."}
end
Sometimes you want to create new applications at runtime without having to
assign them to a constant. You can do this withSinatra.new
:
require'sinatra/base'
my_app=Sinatra.new{get('/'){"hi"}}
my_app.run!
It takes the application to inherit from as an optional argument:
# config.ru (run with rackup)
require'sinatra/base'
controller=Sinatra.newdo
enable:logging
helpersMyHelpers
end
map('/a')do
runSinatra.new(controller){get('/'){'a'}}
end
map('/b')do
runSinatra.new(controller){get('/'){'b'}}
end
This is especially useful for testing Sinatra extensions or using Sinatra in your own library.
This also makes using Sinatra as middleware extremely easy:
require'sinatra/base'
useSinatrado
get('/'){...}
end
runRailsProject::Application
The scope you are currently in determines what methods and variables are available.
Every Sinatra application corresponds to a subclass ofSinatra::Base
.
If you are using the top-level DSL (require 'sinatra'
), then this
class isSinatra::Application
,otherwise it is the subclass you
created explicitly. At the class level, you have methods likeget
or
before
,but you cannot access therequest
orsession
objects, as
there is only a single application class for all requests.
Options created viaset
are methods at class level:
classMyApp<Sinatra::Base
# Hey, I'm in the application scope!
set:foo,42
foo# => 42
get'/foo'do
# Hey, I'm no longer in the application scope!
end
end
You have the application scope binding inside:
- Your application class body
- Methods defined by extensions
- The block passed to
helpers
- Procs/blocks used as a value for
set
- The block passed to
Sinatra.new
You can reach the scope object (the class) like this:
- Via the object passed to configure blocks (
configure { |c|... }
) settings
from within the request scope
For every incoming request, a new instance of your application class is
created, and all handler blocks run in that scope. From within this scope you
can access therequest
andsession
objects or call rendering methods like
erb
orhaml
.You can access the application scope from within the request
scope via thesettings
helper:
classMyApp<Sinatra::Base
# Hey, I'm in the application scope!
get'/define_route/:name'do
# Request scope for '/define_route/:name'
@value=42
settings.get("/#{params['name']}")do
# Request scope for "/#{params['name']}"
@value# => nil (not the same request)
end
"Route defined!"
end
end
You have the request scope binding inside:
- get, head, post, put, delete, options, patch, link and unlink blocks
- before and after filters
- helper methods
- templates/views
The delegation scope just forwards methods to the class scope. However, it
does not behave exactly like the class scope, as you do not have the class
binding. Only methods explicitly marked for delegation are available, and you
do not share variables/state with the class scope (read: you have a different
self
). You can explicitly add method delegations by calling
Sinatra::Delegator.delegate:method_name
.
You have the delegate scope binding inside:
- The top-level binding, if you did
require "sinatra"
- An object extended with the
Sinatra::Delegator
mixin
Have a look at the code for yourself: here's the Sinatra::Delegator mixin beingextending the main object.
Sinatra applications can be run directly:
ruby myapp.rb [-h] [-x] [-q] [-e ENVIRONMENT] [-p PORT] [-o HOST] [-s HANDLER]
Options are:
-h # help
-p # set the port (default is 4567)
-o # set the host (default is 0.0.0.0)
-e # set the environment (default is development)
-s # specify rack server/handler (default is puma)
-q # turn on quiet mode for server (default is off)
-x # turn on the mutex lock (default is off)
Paraphrasing from this StackOverflow answer by Konstantin
Sinatra doesn't impose any concurrency model but leaves that to the underlying Rack handler (server) like Puma or WEBrick. Sinatra itself is thread-safe, so there won't be any problem if the Rack handler uses a threaded model of concurrency.
The following Ruby versions are officially supported:
- Ruby
- The stable releasesare fully supported and recommended.
- TruffleRuby
- The latest stable release of TruffleRuby is supported.
- JRuby
- The latest stable release of JRuby is supported. It is not recommended to use C extensions with JRuby.
Versions of Ruby before 2.7.8 are no longer supported as of Sinatra 4.0.0.
Sinatra should work on any operating system supported by the chosen Ruby implementation.
Running Sinatra on a not officially supported Ruby flavor means that if things only break there we assume it's not our issue but theirs.
If you would like to use Sinatra's latest bleeding-edge code, feel free to run your application against the main branch, it should be rather stable.
We also push out prerelease gems from time to time, so you can do a
gem install sinatra --pre
to get some of the latest features.
If you want to run your application with the latest Sinatra, using Bundleris the recommended way.
First, install bundler, if you haven't:
gem install bundler
Then, in your project directory, create aGemfile
:
source'https://rubygems.org'
gem'sinatra',:github=>'sinatra/sinatra'
# other dependencies
gem'haml'# for instance, if you use haml
Note that you will have to list all your application's dependencies in
theGemfile
.Sinatra's direct dependencies (Rack and Tilt) will,
however, be automatically fetched and added by Bundler.
Now you can run your app like this:
bundleexecruby myapp.rb
Sinatra followsSemantic Versioning,both SemVer and SemVerTag.
- Project Website- Additional documentation, news, and links to other resources.
- Contributing- Find a bug? Need help? Have a patch?
- Issue tracker
- Mailing List
- IRC: #sinatra onFreenode
- Sinatra & Friendson Discord
- Sinatra Book- Cookbook Tutorial
- Sinatra Recipes- Community contributed recipes
- API documentation for thelatest release or thecurrent HEADon RubyDoc
- CI Actions