Ah ok, yes, that makes sense. I'll give this a look. Thanks.<br><br><div class="gmail_quote">On Sat, Dec 10, 2011 at 11:44 PM, Andrew Berman <span dir="ltr"><<a href="mailto:rexxe98@gmail.com">rexxe98@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Tristan,<div><br></div><div>I don't have code I can share with you as it's closed source, but, basically, I think of my Webmachine layer as a completely separate application from my website. Essentially it solely provides an API to handle all the business logic. As such, my front-end (i.e. the website) is now free to worry solely about the front-end and can be written using any framework or language you want. With that in mind, I am writing a very AJAX-centric and HTML5 app so the front-end logic resides in the JavaScript (which I write in CoffeeScript). However, because my API layer has security built into it, the front-end must provide credentials to use the API. I don't want to store those credentials in the JavaScript and I didn't want to use HTML5 sessionStorage to store secure data, so I put Misultin between the two. So, Misultin acts as a proxy server of sorts. A request comes in, if it is a login URL or logout URL or any other "special" URL that needs additional processing, I have Misultin take care of it. Otherwise, Misultin just forwards the request on to Webmachine and then forwards the response back to the front-end. Misultin also takes care of the sessioning on login and logout (I do this manually) and on all other requests by adding the proper auth info to the Authentication header (I'm using OAuth 2).</div>
<div><br></div><div>So if you look here: <a href="https://github.com/ostinelli/misultin/blob/master/examples/misultin_rest.erl" target="_blank">https://github.com/ostinelli/misultin/blob/master/examples/misultin_rest.erl</a> you can see an example of how you can intercept specific URLs and then a general function to capture the other URLs. So when a request comes in, I do my processing and then use httpc to make a request to the API layer. Then I take the result and just return it in the Misultin function.</div>
<div><br></div><div>Does that make sense?</div><span class="HOEnZb"><font color="#888888"><div><br></div><div>--Andrew</div></font></span><div class="HOEnZb"><div class="h5"><div><br><div class="gmail_quote">On Sat, Dec 10, 2011 at 6:40 PM, Tristan Sloughter <span dir="ltr"><<a href="mailto:tristan.sloughter@gmail.com" target="_blank">tristan.sloughter@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Andrew, do you have an example of using it as an intermediate between the frontend and Webmachine? I was just looking through your examples and couldn't find one and was hoping too. Because yes, I have Webmachine call out while handling the request session information and authentication and wanted to give your way a shot.<div>
<br></div><div>Thanks,</div><div>Tristan<br><br><div class="gmail_quote"><div>On Sat, Dec 10, 2011 at 7:50 PM, Andrew Berman <span dir="ltr"><<a href="mailto:rexxe98@gmail.com" target="_blank">rexxe98@gmail.com</a>></span> wrote:<br>
</div><div><div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
I'm doing something similar to Tristan. I'm using Webmachine in the backend which houses all the db, business, and security logic and using SpineJS and CoffeeScript for my front-end which communicates with Webmachine using JSON. After writing a web app this way, I have to say that it is more difficult than most prepackaged frameworks, however, it allows you a complete separation of concern, forces you to really think about your security, and also forces you to focus on a solid, usable REST API. The cool thing is that you are using your own REST API and if you're looking for an API for your service/web app, you can find and fix any pain points that someone else might encounter using your API.<div>
<br></div><div>Unlike Tristan, however, I separated all my sessioning into a completely separate web app from the main Webmachine web app. I saw the Webmachine app as something I wanted to keep as a completely standalone service and so I basically wrote an intermediate app using Misultin which proxies messages from the front-end to Webmachine adding any necessary authentication tokens, dealing with sessions, and any web security features. As for web security, this is built into my Misultin app and I followed this guide: <a href="http://guides.rubyonrails.org/security.html" target="_blank">http://guides.rubyonrails.org/security.html</a>. It's pretty easy to implement them yourself.</div>
<div><br></div><div>I haven't used Opa, but I have used NodeJS and I was very tempted to use it for the intermediate app. You might want to look at Express for NodeJS if you're looking for more of a framework.</div>
<div><br></div><div>Hope this helps,</div><div><br></div><div>Andrew<div><div><br><br><div class="gmail_quote">On Sat, Dec 10, 2011 at 2:06 PM, Tristan Sloughter <span dir="ltr"><<a href="mailto:tristan.sloughter@gmail.com" target="_blank">tristan.sloughter@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">I've tried pretty much every Erlang web framework (some more than others). <div><br><div>Could you explain what you mean about Lift's security, 'ajax+html component security'? </div>
<div><br></div><div>The main frameworks are: ChicagoBoss (Railish), Nitrogen (evet-based architecture), Zotonic (a CMS/framework in my opinion, they may just say CMS), Erlang Web (the one I have least played with but does seem the most OTP fitting) and Erlyweb.<br>
<br>I haven't personally been happy with building full projects in any of these (though Zotonic has been GREAT for projects that just need a CMS like my wedding website, and Chicago BOSS looks great for MVC style Erlang web development) and now I'm doing my own which is based on Webmachine and Batman.js with security based on resource access control using Seresye (<a href="https://github.com/afiniate/seresye" target="_blank">https://github.com/afiniate/seresye</a>) and an Erlang security framework Genbu. </div>
<div><br></div><div>So the idea is the client is built completely in Batman.js and communicates (JSON) with the Webmachine based RESTful interface of the backend (which I am greatly simplifying the necessary steps needed to build). And then all security on the backend is based on the idea of writing a rules engine with Seresye which will be simplified for web resource/db use as part of Genbu (which I am moving all web session, authentication logic from Maru to).</div>
<div><br></div><div>I hope to have the pieces for Genbu and Maru and an example, for others to start using it, committed tomorrow or sometime this week, but <a href="http://claimstrade.github.com/maru/" target="_blank">http://claimstrade.github.com/maru/</a> is the "idea" -- well its more than an idea I am building this while building a real business on top of it. So it is taking what I find I need as I build the business and then adding it to the framework, or taking out and moving to the framework. Also is based on a couple years of Webmachine based web development and what I saw went wrong in some cases as we did so.</div>
<div><br></div><div>That said, and even though this is an Erlang list so I hope I'm not yelled at :), I have to also point you at Opa (<a href="http://opalang.org/" target="_blank">http://opalang.org/</a>) because I really like it for building sites. And it is very secure and statically typed (even your frontend code is compiled and type checked!).</div>
<span><font color="#888888">
<div><br></div><div>Tristan</div></font></span><div><div><div><br><div class="gmail_quote">On Sat, Dec 10, 2011 at 3:41 PM, eigenfunction <span dir="ltr"><<a href="mailto:emeka_1978@yahoo.com" target="_blank">emeka_1978@yahoo.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Hi everybody, i would loke to get my feet wet into erlang web<br>
development so i wanted to ask: what is the state of erlang web<br>
frameworks? i did google a little bit and found a couple of<br>
interesting projects. But having written some web applications in<br>
webobjects before, security is paramount for me. I have been playing<br>
with "scala lift" lately and wanted to know if the erlang community<br>
has something of the sort, i mean easy ajax + html component security.<br>
Or something in the line of smaltalk seaside. Thank you very much<br>
indeed.<br>
_______________________________________________<br>
erlang-questions mailing list<br>
<a href="mailto:erlang-questions@erlang.org" target="_blank">erlang-questions@erlang.org</a><br>
<a href="http://erlang.org/mailman/listinfo/erlang-questions" target="_blank">http://erlang.org/mailman/listinfo/erlang-questions</a><br>
</blockquote></div><br></div></div></div></div>
<br>_______________________________________________<br>
erlang-questions mailing list<br>
<a href="mailto:erlang-questions@erlang.org" target="_blank">erlang-questions@erlang.org</a><br>
<a href="http://erlang.org/mailman/listinfo/erlang-questions" target="_blank">http://erlang.org/mailman/listinfo/erlang-questions</a><br>
<br></blockquote></div><br></div></div></div>
</blockquote></div></div></div><br></div>
</blockquote></div><br></div>
</div></div></blockquote></div><br>