[erlang-questions] Erlang web framework
Tristan Sloughter
tristan.sloughter@REDACTED
Sun Dec 11 06:49:31 CET 2011
Ah ok, yes, that makes sense. I'll give this a look. Thanks.
On Sat, Dec 10, 2011 at 11:44 PM, Andrew Berman <rexxe98@REDACTED> wrote:
> Tristan,
>
> I don't have code I can share with you as it's closed source, but,
> basically, I think of my Webmachine layer as a completely separate
> application from my website. Essentially it solely provides an API to
> handle all the business logic. As such, my front-end (i.e. the website) is
> now free to worry solely about the front-end and can be written using any
> framework or language you want. With that in mind, I am writing a very
> AJAX-centric and HTML5 app so the front-end logic resides in the JavaScript
> (which I write in CoffeeScript). However, because my API layer has
> security built into it, the front-end must provide credentials to use the
> API. I don't want to store those credentials in the JavaScript and I
> didn't want to use HTML5 sessionStorage to store secure data, so I put
> Misultin between the two. So, Misultin acts as a proxy server of sorts. A
> request comes in, if it is a login URL or logout URL or any other "special"
> URL that needs additional processing, I have Misultin take care of it.
> Otherwise, Misultin just forwards the request on to Webmachine and then
> forwards the response back to the front-end. Misultin also takes care of
> the sessioning on login and logout (I do this manually) and on all other
> requests by adding the proper auth info to the Authentication header (I'm
> using OAuth 2).
>
> So if you look here:
> https://github.com/ostinelli/misultin/blob/master/examples/misultin_rest.erlyou can see an example of how you can intercept specific URLs and then a
> general function to capture the other URLs. So when a request comes in, I
> do my processing and then use httpc to make a request to the API layer.
> Then I take the result and just return it in the Misultin function.
>
> Does that make sense?
>
> --Andrew
>
> On Sat, Dec 10, 2011 at 6:40 PM, Tristan Sloughter <
> tristan.sloughter@REDACTED> wrote:
>
>> Andrew, do you have an example of using it as an intermediate between the
>> frontend and Webmachine? I was just looking through your examples and
>> couldn't find one and was hoping too. Because yes, I have Webmachine call
>> out while handling the request session information and authentication and
>> wanted to give your way a shot.
>>
>> Thanks,
>> Tristan
>>
>> On Sat, Dec 10, 2011 at 7:50 PM, Andrew Berman <rexxe98@REDACTED> wrote:
>>
>>> I'm doing something similar to Tristan. I'm using Webmachine in the
>>> backend which houses all the db, business, and security logic and using
>>> SpineJS and CoffeeScript for my front-end which communicates with
>>> Webmachine using JSON. After writing a web app this way, I have to say
>>> that it is more difficult than most prepackaged frameworks, however, it
>>> allows you a complete separation of concern, forces you to really think
>>> about your security, and also forces you to focus on a solid, usable REST
>>> API. The cool thing is that you are using your own REST API and if you're
>>> looking for an API for your service/web app, you can find and fix any pain
>>> points that someone else might encounter using your API.
>>>
>>> Unlike Tristan, however, I separated all my sessioning into a completely
>>> separate web app from the main Webmachine web app. I saw the Webmachine
>>> app as something I wanted to keep as a completely standalone service and so
>>> I basically wrote an intermediate app using Misultin which proxies messages
>>> from the front-end to Webmachine adding any necessary authentication
>>> tokens, dealing with sessions, and any web security features. As for web
>>> security, this is built into my Misultin app and I followed this guide:
>>> http://guides.rubyonrails.org/security.html. It's pretty easy to
>>> implement them yourself.
>>>
>>> I haven't used Opa, but I have used NodeJS and I was very tempted to use
>>> it for the intermediate app. You might want to look at Express for NodeJS
>>> if you're looking for more of a framework.
>>>
>>> Hope this helps,
>>>
>>> Andrew
>>>
>>>
>>> On Sat, Dec 10, 2011 at 2:06 PM, Tristan Sloughter <
>>> tristan.sloughter@REDACTED> wrote:
>>>
>>>> I've tried pretty much every Erlang web framework (some more than
>>>> others).
>>>>
>>>> Could you explain what you mean about Lift's security, 'ajax+html
>>>> component security'?
>>>>
>>>> The main frameworks are: ChicagoBoss (Railish), Nitrogen (evet-based
>>>> architecture), Zotonic (a CMS/framework in my opinion, they may just say
>>>> CMS), Erlang Web (the one I have least played with but does seem the most
>>>> OTP fitting) and Erlyweb.
>>>>
>>>> I haven't personally been happy with building full projects in any of
>>>> these (though Zotonic has been GREAT for projects that just need a CMS like
>>>> my wedding website, and Chicago BOSS looks great for MVC style Erlang web
>>>> development) and now I'm doing my own which is based on Webmachine and
>>>> Batman.js with security based on resource access control using Seresye (
>>>> https://github.com/afiniate/seresye) and an Erlang security framework
>>>> Genbu.
>>>>
>>>> So the idea is the client is built completely in Batman.js and
>>>> communicates (JSON) with the Webmachine based RESTful interface of the
>>>> backend (which I am greatly simplifying the necessary steps needed to
>>>> build). And then all security on the backend is based on the idea of
>>>> writing a rules engine with Seresye which will be simplified for web
>>>> resource/db use as part of Genbu (which I am moving all web session,
>>>> authentication logic from Maru to).
>>>>
>>>> I hope to have the pieces for Genbu and Maru and an example, for others
>>>> to start using it, committed tomorrow or sometime this week, but
>>>> http://claimstrade.github.com/maru/ is the "idea" -- well its more
>>>> than an idea I am building this while building a real business on top of
>>>> it. So it is taking what I find I need as I build the business and then
>>>> adding it to the framework, or taking out and moving to the framework. Also
>>>> is based on a couple years of Webmachine based web development and what I
>>>> saw went wrong in some cases as we did so.
>>>>
>>>> That said, and even though this is an Erlang list so I hope I'm not
>>>> yelled at :), I have to also point you at Opa (http://opalang.org/)
>>>> because I really like it for building sites. And it is very secure
>>>> and statically typed (even your frontend code is compiled and type
>>>> checked!).
>>>>
>>>> Tristan
>>>>
>>>> On Sat, Dec 10, 2011 at 3:41 PM, eigenfunction <emeka_1978@REDACTED>wrote:
>>>>
>>>>> Hi everybody, i would loke to get my feet wet into erlang web
>>>>> development so i wanted to ask: what is the state of erlang web
>>>>> frameworks? i did google a little bit and found a couple of
>>>>> interesting projects. But having written some web applications in
>>>>> webobjects before, security is paramount for me. I have been playing
>>>>> with "scala lift" lately and wanted to know if the erlang community
>>>>> has something of the sort, i mean easy ajax + html component security.
>>>>> Or something in the line of smaltalk seaside. Thank you very much
>>>>> indeed.
>>>>> _______________________________________________
>>>>> erlang-questions mailing list
>>>>> erlang-questions@REDACTED
>>>>> http://erlang.org/mailman/listinfo/erlang-questions
>>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> erlang-questions mailing list
>>>> erlang-questions@REDACTED
>>>> http://erlang.org/mailman/listinfo/erlang-questions
>>>>
>>>>
>>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20111210/67d2bf85/attachment.htm>
More information about the erlang-questions
mailing list