Setting Up a Sinatra App

3 min readJun 8, 2020

In my opinion, one of the most tedious but essential parts of creating a new project with any type of language, framework, or library is the creation or setup process. Forgetting one thing can cause issues down the line, and cause you to spend valuable time trying to debug and fix the issues. So here’s an easy to follow guide on how I set up my Sinatra apps.

File Structure

The first step is creating the file structure. This can be done manually, which is time-consuming and prone to mistakes, or it can be done automatically for you through the Corneal gem. Corneal’s main function is to create all of the files and directories needed to make a Sinatra app run. It can be installed through the command $gem install corneal and run to create a new app with $corneal new APPNAMEHERE. If you use Github, I find that it’s best to create a repository first, clone it, then create the Sinatra app by using the same name as the repository. That way your project will have Git set up and you can just add the rest of your project files later.

After the app is set up, $bundle install should be run to install all of the gems in the gem file.

Database

Now it’s time to create a migration. By using $rake db:create_migration NAME=migration_name_here you can have Rake create the migration file for you. After all of your migrations are written and complete, running $rake db:migrate will run the migrations.

It’s important that we create some seed data. Creating the file seeds.rb in the db directory and writing code that creates rows allows us to run $rake db:seed and populate the database with dummy data. This is perfect for testing out your app’s database during development.

Security

It’s critical that sensitive information is hashed, preventing prying eyes from getting a hold of it. Sinatra makes this easy. By simply adding the has_secure_password macro to our User class, this makes it so that by including the column password_digest of type string in your Users table, passwords are automatically hashed using bycrypt. The method .authenticate(params[:password]) can be called on a class with a password_digest column set up and returns true or false depending on if the passwords match.

Sessions

Sessions aren’t enabled by default in Sinatra, so we need to enable them! This can be done by adding enable :sessions and set :session_secret, “supersecretstringhere" to the configure block in application_controller.rb. Make sure that the session secret is something that isn’t easily guessable, and would be hard to crack via brute force or dictionary attack methods. This is incredibly important because sessions secrets are used to encrypt cookies. If an attacker were to have access to the session key, they could create their own cookies enabling them to impersonate users and send malicious requests. You can read more about session secrets in this article.

Controllers

When working with controllers, it’s best to seperate routes into separate controller files, respective to their model. That way everything is much more organized and can be read easier. This requires that for each new controller file, the line use ClassNameController is added to your config.ru file. Make sure that you add them above the $run ApplicationController line and you’ll be all set! Also, while we’re in here, it’s important that we add use Rack::MethodOverride on top of all the other use lines. This is so we can create routes not supported by Sinatra out of the box, such as patch and delete.

And that’s about it! You should be ready to start creating your awesome new Sinatra app.