The last time Hackerfall tried to access this page, it returned a not found error. A cached version of the page is below, or click here to continue anyway

Announcing Lotus v0.4.0

Announcing Lotus v0.4.0

Posted by Luca Guidi on June 23, 2015

Features: additional architecture, database migrations, HTML5 form helpers, CSRF Protection, Force SSL. New Core Team member, Rails Girls Summer of Code and Guides!

Before to dive into the details of this release, we want to say thank you to our beloved Community. In a year we went from an initial release with few features and people around Lotus, to a technology that is having an impact on the Ruby ecosystem.

Without you this wouldn’t be possible.


We have listened to developers who are building applications with Lotus, the most two requested features were migrations and form helpers. They will be happy about today’s release.

Database Migrations

Database migrations is a great way to manage schema for SQL storages. We have introduced a generator for them and a set of shell commands for database operations.

% bundle exec lotus generate migration create_books create db/migrations/20150623091551_create_books.rb

Let’s edit it:

Lotus::Model.migration do change do create_table :books do primary_key :id foreign_key :author_id, :authors, on_delete: :cascade, null: false column :code, String, null: false, unique: true, size: 128 column :title, String, null: false column :price, Integer, null: false, default: 100 # cents check { price > 0 } end end end

We use an API to define schema changes and how to revert them. Methods like #create_table, #primary_key or #column are intuitive and feels like natural a translation from SQL to Ruby world.

Then we can create and migrate with lotus db create and lotus db migrate, or use lotus db prepare as a shortcut.

Read the full announcement.

HTML5 Form Helpers

HTML5 forms helpers are a feature that we’re really proud to ship today. They are a powerful Ruby API that doesn’t require to monkey-patch ERb, they are template engine independent and the cleaner code solution for Ruby:

Here an example of form to create a book.

<%= form_for :book, routes.books_path, class: 'form-horizontal' do div class: 'form-group' do label :title text_field :title, class: 'form-control' end submit 'Create' end %>

It produces:

<form action="/books" id="book-form" method="POST" class="form-horizontal"> <input type="hidden" name="_csrf_token" value="e54fe87c03c8acb84f50826e969df4f00210af315f2e27e064741ecc09155a75"> <div class="form-group"> <label for="book-title">Title</label> <input type="text" name="book[title]" id="book-title" value=""> </div> <button type="submit">Create</button> </form>

Read the full announcement.

Application Architecture

Lotus is a modular web framework that can adapt to different scenarios: from small HTTP endpoints to large applications.

We apply a great philosophy called Monolith First.

With our default architecture called Container, we can host several Lotus and Rack based apps within the same Ruby process. This helps to have fast code iterations when we develop a new product, without worrying about how it will be deployed. Microservices are too expensive at the beginning.

Lotus offers a gentle guidance to build component based softwares. Each application under apps/ can be a customer facing UI, admin pane, HTTP API, metrics, etc..

These modules use their own Ruby namespace, so they are ready to be extracted into separate deliverables at the later stages of our product.

While the scenario depicted above helps to assemble large products, we sometimes have the need to add a small application to our existing environment. With today release we introduce a new architecture called: Application.

% lotus new admin --arch=app

The command above will generate a new application that has a structure similar to Ruby on Rails.

% tree -L 1 . Gemfile Rakefile app config db lib public spec 6 directories, 3 files

The main difference here is that we still apply Clean Architecture like we do with Container. That means the core of our application lives in lib/.

% tree lib lib admin entities repositories admin.rb config mapping.rb 4 directories, 2 files


Lotus commitment for a secure web continues with the introduction of two new features.

Force SSL

The first is about SSL. No one should deploy a product without taking care about the privacy of our users. Using an encrypted connection is the first step for a safe data transmission.

We now support a mechanism to force secure connections in production environments.

# apps/web/application.rb module Web class Application < Lotus::Application configure do # ... force_ssl true end end end

CSRF Protection

The second is a protection against Cross Site Request Forgery (CSRF) attacks. This is one of the most common threats for web applications, as of today Lotus apps have a defense mechanism for that.

It’s activated automatically when we enable sessions.

Breaking Changes

We care a lot about the stability of our public APIs, because it involves companies investment on Lotus. Each breaking change is thoughtfully evaluated and we wait for minor releases like this to make developers aware of them.

Designing a large software like Lotus is hard and we make mistakes. Before to hit 1.0, we want to be sure that we have fixed them.

Environment Configurations

Until 0.3 environment configurations (.env) were placed under config/ directory. For compatibility with other tools, now Lotus expects them at the root of the project. See the change.


Lotus::Interactor::Result no longer makes available its instance variables automatically. We need to explicitly expose them. See the change.

Pluralized RESTful Routes

RESTful Routes have now the correct pluralization and singularization for their names. See the change.

New Core Team Member

Today we’re pleased to announce that Alfonso Uceda is joining our Core Team.

I still remember when a few months ago Alfonso confessed in chat that he never did OSS before, but he wanted to start with Lotus. It took some time to get the first pull request accepted, but he put all his effort to reach the goal and he’s now a committer.

Alfonso is the proof that you can always start contributing to Open Source.

Rails Girls Summer of Code

One initiative that we’re actively supporting to let new people to get involved with software development is Rails Girls Summer of Code.

It’s crowdfunded program to let students to be paid for their work in Open Source. We’re a technology partner and big fans of RGSoC.

It’s gonna be a thrilling summer!


We strive for an open Community, where everyone can feel safe and accepted. We have a Code of Conduct to handle any eventual controversy, but at the same time we’re proactively leading by example.

However, we have a problem here: our Core Team is made of three men.

The lack of diversity worries us, and we recognize it as big problem to fix. Lotus has still a small Community, but we want to grow it right.

We want to start a new chapter by talking with code charity organizations and individuals who are new to our industry. We want to hear their stories, we want to listen to their problems and understand how we can help.

As last thing I want to say thank you to all the people who helped with this release: Trung L, Alfonso Uceda, My Mai, Hiu Nguyn, Ngc Nguyn, Tom Kadwill, Arjan van der Gaag, Jeremy Friesen, Matthew Bellantoni and Bohdan V..


During the past months the most common request for new developers were about guides. Lotus brings new ideas that need to be explained to people who never get exposed to it.

We want to be beginner friendly. We wrote a new extensive section in our website to explain what’s Lotus, what priciples it applies and how to build the first application.


Lotus can be considered today a good choice to build web applications with Ruby. We’ll continue to deliver value and new features starting from tomorrow.

Happy hacking.

Continue reading on