11 March Putting HTTP status codes to use with Rails
Note: I have released a Rails plugin that creates an exception class for every HTTP status to your Rails application and adds a default handler for these exceptions, based on the examples in this post.
We are currently implementing an API for Floorplanner, so other sites can use the service Floorplanner offers for their own needs. The Floorplanner website is developed with Rails, so we are trying to be a good Rails citizen and create a API based on REST.
REST embraces the HTTP protocol by coupling URIs to resources and HTTP methods GET, PUT, POST and DELETE) to actions for manipulating them. Today, I tried to embrace the HTTP protocol even more by using its various status codes for Floorplanner’s particular needs.
Most people will know the HTTP 404 status code, which a server returns if you request a page that does not exist. But there are many more interesting codes that can be put to good use as well. The Forbidden status code (403) can for instance be returned if you try to access a another user’s floorplan. Moreover, Floorplanner offers paid subscriptions that include additional functionality. If you try to access this functionality with an account without the necessary privileges, an Upgrade Required status code (426) can be returned. And if you forgot to pay your subscription fee, a Payment Required code (402) can be returned to indicate this.
However, in the end, users wants to see a nice and informative page that tells them what is wrong without cryptic error codes. This is easily possible by leveraging some new features in Rails 2. First of all, we define some custom exceptions that can be raised if some of these conditions occur is wrong:
class PermissionDenied < StandardError # no further implementation necessary end class AccountExpired < StandardError # no further implementation necessary end
Now, we can raise these exceptions when needed in our controllers:
def show @plan = Floorplan.find(params[:id]) raise PermissionDenied unless @plan.user == current_user # ... end def login # ... raise AccountExpired if current_user.account_expired? # ... end
Normally, raised exceptions will trigger an Internal server error (HTTP status code 500). The new exceptions will be handled manually to return the intended status code and serve a pretty page explaining what is wrong. Exceptions can be caught using the rescue_from method. If we put the code in the Application controller, it will automagically work for all our controllers. DRY.
class ApplicationController < ActionController::Base rescue_from PermissionDenied { |e| http_status_code(:forbidden, e) } rescue_from AccountExpired { |e| http_status_code(:payment_required, e) } # Returns a HTTP status code, with a nice error page def http_status_code(status, exception) # store the exception so its message can be used in the view @exception = exception # Only add the error page to the status code if the reuqest-format was HTML respond_to do |format| format.html { render :template => "shared/status_#{status.to_s}", :status => status } format.any { head status } # only return the status code end end end
Now, it is easy to create super fancy pages by editing the views file like app/views/shared/status_forbidden.html.erb.
Note that you cannot and should not use this method for handling internal server errors with status code 500. These should not occur because we have thought of every possible way our code will be used and misused… in theory. In practice, we installed the exception notifier plugin, so we receive a message if one of these occurs and get our asses back to work.
9 Comments - Tags: exceptions, HTTP status, http_status_exceptions, rails
Tim Knip's profile