Am I handling the architecture of my Rails site correct?

Question

this is a rather subjective question. I am looking for expert opinion because this is the first time I'm architecting an enterprise rails application.

I decided to make my site completely AJAX based and I'm not using Rails AJAX helpers at all. Reason being: I'm new to web development and I like to know what's happening behind the code I'm writing.

Also, this is a fairly large dashboard based analytics application and I'm absolutely not using any erb tags. All data comes and goes using AJAX.

So, whenever I need any data, I write a rails route like this

match "people/all" => "people#all"

respond_to do |format|
    format.json { all json is rendered here }
end

Same goes for POST calls.

Am I doing it right?

The next thing I'm going to do is to add CSRF token security ( if it doesn't match, controller will send no AJAX back )

I'm also driving an API for mobile apps off this project but the API is protected with keys.

I know maybe something like ember or a micro framework could have been a better choice but I chose rails because my application is going to have loads of features so I stuck with rails instead of diving into another framework.

So,

1. Is it in some way bad to make rails views without erb tags and do everything with AJAX?

2. Is my app going to be vulnerable in any way?

thanks.

Answer 1

You shouldn't be doing any of this yourself, Rails does this for you, including handling CSRF tokens. Your application controller should already be doing this.

Use resources :people in your routes. The route to "get all people" should simply be /people, not /people/all.

Examine a scaffold-generated controller to figure out how your routes should map to the seven default RESTful actions.