[erlang-questions] web frameworks - yet another question about ...

Joe Armstrong erlang@REDACTED
Thu Aug 25 14:01:57 CEST 2011

I seem to have asked the same question in many ways ...

I want to build a simple generic web server.

By my way of thinking I should just have to write a single module,
that exports a very simple interface.

Suppose I define such a module, call this my_server.

I'd like to write this as follows:


    request(Who, Command, URI, Args, Headers, Data) ->
         {reply, Headers, Data1}

   Where for example,

       Who = "joe"
       Command = 'GET' | 'POST' | 'PUT' | ...
       URI = "/path/to/thing"
       Args = [{Key,Val}]        (parsed part of URI , ie a parsed
AAA=BBB&CCC=DDD& ... part of the query
       Headers and Data and the HTML headers and any other POST data

   To run the server - I'd just say:

      gen_http_server:start(Por, my_server)

    I want the generic bit to handle all the other nasty stuff that I
don't want to know about. By this I mean user
management. I want "Who" to be a fully authenticated user - or
possibly the atom 'unknown' if the user is not authenticated.

I wish to hide all the details of user management from the interface.
Things like "I forgot my password"
captchas to prevent abuse, preventing false account creation, black
listing malicious IPS etc.

I want all this part to be handled by the generic party of the server.

I realize this is asking a lot and is fairly complicated - but all I
want to do is to define
the semantics of my web site. I don't care about templating languages
and all that stuff.
Given an parsed (or even unparsed) request generating a bundle of HTML
or js or css
is relatively trivial - the difficult bit (to me) seems to be all this
attendant muck to
authenticate users, prevent abuse, blacking abusers, take care of
forgotten passwords etc.

If people want to make yet another web framework then please make
one that handles the user management part of the problem.

In an ideal world I should just need three (ish) modules to make my web server.

    - a semantics module (as I described)
    - a user management module (missing)
    - a storage module (missing)

With suitable abstract interfaces one should be able to pick and mix
user management
and backed storage - making different trade-offs between availability
security and reliability
which keeping the interfaces constant.

has anybody any advice for how to make the user-management layer?


More information about the erlang-questions mailing list