Skip to main content

Rhino: Rails, but Faster to MVP

· 4 min read
Ehsan Mirdamadi
Ehsan Mirdamadi
Rhino Project Maintainer

One of the toughest parts of building an MVP isn't coming up with the idea, it's getting something functional out the door without drowning in boilerplate code. Every hour spent writing controllers, setting up authentication, and plugging in authorization logic is an hour not spent validating the actual product. Rhino exists to cut that overhead. It's an abstraction layer on top of Ruby on Rails designed specifically to help you move fast, handle the boring parts, and still leave room for custom logic when you need it.

Model-Driven Development

At its core, Rhino operates on a core principle: Model-Driven Development. Once your data model is defined, Rhino automatically generates a comprehensive and exposed REST API. This API includes built-in authorization and authentication, and its endpoints are fully documented with an OpenAPI schema, all following best practices. Each entity you define is automatically exposed via URLs. No extra controller code.

Instead of the traditional MVC setup where you juggle models, views, and controllers, Rhino collapses a big part of that stack. Models and associations are pre-fetched by default. And if at some point you need custom endpoints that don't map neatly onto entities, you're never locked in. You can drop down to raw Rails and build them yourself. Rhino just takes the bulk of the grunt work off your plate.

Authentication That Just Works

One of the most common pain points when building an MVP is authentication. You want users to log in securely, maybe even sign in with Google or GitHub, but you don't want to spend days configuring gems, wiring up tokens, and fighting with sessions. Rhino handles this straight out of the box.

For cookie-based auth, Rhino relies on the devise_token_auth gem, which is a tried and tested standard in the Rails world. If you want OAuth flows, it integrates Omniauth to cover social logins without you having to piece it all together yourself. The setup is minimal, but the flexibility is still there. You don't need to reinvent the wheel; Rhino already ships it attached to the car.

Authorization Without the Headaches

Authentication is only half the battle. Once someone is logged in, you need to decide what they're allowed to do. This is where most projects bog down, building role-based access, scoping resources, making sure one user can't peek into another user's data. Rhino handles this cleanly by using Pundit, a gem built around policies.

Every resource in Rhino has an owner. That ownership model can be global (everyone can see it), user-specific (a user owns and manages their own data), or organization-based (an org and its members access data depending on roles and permissions). By default, a user is the admin of their own data, but if you're building multi-tenant apps, Rhino's organization module shifts ownership to the org level automatically.

Policies are where the magic happens. Rhino ships with a set of default policies out of the box, which enforces basic read/write rules for resources. If you need more control, you just drop in a custom policy under the policies/ directory. Policies have two main parts: a scope (who can query a resource at all) and action methods (what operations that user can perform once they're in). That means you're not hardcoding permissions all over your app, the logic lives in one place, enforced consistently.

This setup eliminates one of the messiest parts of MVP building. You have a centralized, predictable way to manage permissions. And because Rhino enforces these policies by default, you're not going to forget to add that one missing check.

Why Rhino Works So Well for MVPs

The real strength of Rhino isn't that it does anything Rails couldn't. It's that it packages up the things you need most when building an MVP—REST APIs, auth, authorization, background jobs, websockets—into a setup where the defaults are good enough to ship. You don't have to make a dozen decisions on day one just to get a basic app running.

At the same time, Rhino doesn't trap you. If your app grows beyond the defaults, you can always fall back to Rails. Need a weird custom endpoint? Build it. Want to tweak authorization rules? Write your own policy. Rhino is opinionated about the boring stuff but still leaves space for customization when your product requires it.

That balance—fast out of the box, flexible when you need it—is what makes Rhino a strong choice for MVPs. It's Rails with the speed and ergonomics turned up, and it frees you up to focus on what actually matters: proving whether your product idea works.

This blog post is part of our ongoing series exploring the Rhino framework's architecture and capabilities.