– we create awesome web applications
vitaly 50x50
May 12th 2009

Yes We Can. "require" over HTTP, That Is.

vitaly ruby, hack, webdev

Wouldn’t it be cool if you could just require “http://my-host/my-lib.rb” in ruby?

Now You Can! Using our “http_require” gem! :-)

test.rb:

require "http_require"
# this will download bar.rb and eval it
require "http://example.com/foo/bar.rb"

If a remote file (or one of its local dependencies) requires something that can’t be found locally, it will try to find it remotely from the same location as the parent.

Example

http://example.com/test/foo.rb:

# this will load "http://example.com/test/foo/bar.rb"
# if "foo/bar" is not available locally
require "foo/bar"

Stacktrace

http_require properly sets filename on eval so that the file’s URI appears in the stacktrace:

http://example.com/foo/foo.rb:

puts :foo
require 'bar'
def foo
  bar
end

http://example.com/foo/bar.rb

puts :bar
def bar
  raise
end

$ irb
>> require 'http_require'
=> true
>> require 'http://example.com/foo/bar.rb'
foo
bar
=> nil
>> foo
RuntimeError:
    from http://localhost:2000/bar.rb:3:in `bar'
    from http://localhost:2000/foo.rb:5:in `foo'
    from (irb):3
>>

Installation

sudo gem install astrails-http_require --source http://gems.github.com/

Sources

You can find sources on github

UPDATE:

There seems to be lots of similar comments that I’d like to answer here:

  • Q: This is a HUGE security hole

  • A: No it isn’t. running it directly from the web is no less secure then downloading it and then running locally. you can use same security protections, for example SSH tunnel, or SSL like you would for any other kind of ‘code delivery’ e.g. rsync, scp etc. If you control the source and the ‘tunnel’ then this is no less secure, and if you don’t, then no other method is secure unless you start encrypting/signing files.

  • Q: Why on earth would you do something crazy like this?
  • A: It is kind of cool :) Seriously though I do have a real usage in mind for this (more on that later), meanwhile consider rails app templates (rails -m app_template.rb) which do support running templates form the web, and no one seems to be crying out laud about a huge security hole :) Unfortunately though rails templates do not support (not out of the box) breaking down such remote templates into subfiles. you will need to do manual path mangeling (see app_lego for example). I guess http_require can be used to do it cleaner.

We are hiring
The Rails 4 Way

We are proud that our own Vitaly Kushner co-authored "The Rails 4 Way" together with Rails legend Obie Fernandes of Hashrocket fame.

"The Rails 4 Way" is the latest edition of the most comprehensive, authoritative guide to delivering production-quality code with Rails 4.