From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!.POSTED!not-for-mail From: Tonton Newsgroups: gmane.lisp.guile.user Subject: Re: Lightweight web modules for Guile? Date: Sun, 15 Jul 2018 02:06:52 +0200 Message-ID: <20180715020652.18b7d929@merlin.browniehive.net> References: <20180629032920.56f44c76@merlin.browniehive.net> NNTP-Posting-Host: blaine.gmane.org Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; boundary="Sig_/7Js_q0E_FCkYR/WzFaoZsIH"; protocol="application/pgp-signature" X-Trace: blaine.gmane.org 1531613124 15930 195.159.176.226 (15 Jul 2018 00:05:24 GMT) X-Complaints-To: usenet@blaine.gmane.org NNTP-Posting-Date: Sun, 15 Jul 2018 00:05:24 +0000 (UTC) Cc: guile-user@gnu.org, sph@posteo.eu To: Amirouche Boubekki Original-X-From: guile-user-bounces+guile-user=m.gmane.org@gnu.org Sun Jul 15 02:05:20 2018 Return-path: Envelope-to: guile-user@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by blaine.gmane.org with esmtp (Exim 4.84_2) (envelope-from ) id 1feUXP-00042H-5W for guile-user@m.gmane.org; Sun, 15 Jul 2018 02:05:19 +0200 Original-Received: from localhost ([::1]:43762 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1feUZU-00006M-7u for guile-user@m.gmane.org; Sat, 14 Jul 2018 20:07:28 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:60862) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1feUZ3-00006D-Tv for guile-user@gnu.org; Sat, 14 Jul 2018 20:07:03 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1feUZ0-0007Ff-Mv for guile-user@gnu.org; Sat, 14 Jul 2018 20:07:01 -0400 Original-Received: from mx1.riseup.net ([198.252.153.129]:42320) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1feUZ0-0007FH-BD for guile-user@gnu.org; Sat, 14 Jul 2018 20:06:58 -0400 Original-Received: from piha.riseup.net (piha-pn.riseup.net [10.0.1.163]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client CN "*.riseup.net", Issuer "COMODO RSA Domain Validation Secure Server CA" (verified OK)) by mx1.riseup.net (Postfix) with ESMTPS id CDD4F1A0547; Sat, 14 Jul 2018 17:06:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak; t=1531613217; bh=Ua2kIIrDvi9YIxF5r0Z8ccMagy0UliZYXVmviieY3SM=; h=Date:From:To:Cc:Subject:In-Reply-To:References:From; b=FGgCRrSmf1VXonovftwagL8UEeXtb2R0iYEyweuQbDsYgkaxhNHFVIvoxZbAniIg7 s5SljcY3M4xG5zHeHAQW5nqR/ol/3vGh1hDj5OizQEZm1rRnR7q2DY/3ON68F5zlol dV+p/OswGUjvdCMXCLITntLaixM3nI5uLDqRnn6I= X-Riseup-User-ID: 546AFD95184A0D19D4774A1B6D6E353670415274239F8E709508D765DB5BF234 Original-Received: from [127.0.0.1] (localhost [127.0.0.1]) by piha.riseup.net with ESMTPSA id 391874356A; Sat, 14 Jul 2018 17:06:54 -0700 (PDT) In-Reply-To: X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 198.252.153.129 X-BeenThere: guile-user@gnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: General Guile related discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guile-user-bounces+guile-user=m.gmane.org@gnu.org Original-Sender: "guile-user" Xref: news.gmane.org gmane.lisp.guile.user:14715 Archived-At: --Sig_/7Js_q0E_FCkYR/WzFaoZsIH Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Hey! Sorry about the long response time, lost myself for a while. :-) Thanks a lot for the thorough walkthrough Amirouche! I've not had time to continue the web project recently, but look very much forward to continue exploring both artanis and the web-projects/helpers mentioned in these threads. Especially the web-app project of tantalum. Again, thanks. :-) On Sun, 01 Jul 2018 13:15:13 +0200 Amirouche Boubekki wrote: > On 2018-06-29 03:29, Tonton wrote: > > Hey, I'm wanting to write a web page using guile, I'll need a module=20 > > that can > > help me with the web part. I like haunt, but I'll need a few dynamic > > elements[1]. So I've been looking at and trying artanis. It is=20 > > potentially > > awesome and does a lot of things I'm not familiar with - and I have yet= =20 > > to > > make it work. (I just sent a request for aid to the artanis list) > >=20 > > Are there other libraries or modules that eases web development?=20 > > Anything > > between artanis and "plain" guile? =20 >=20 > The sad story is that there is no such thing as "plain" guile for doing > webdev. I think I have done a fair amount of work around webdev without > resorting to Artanis. The last of them is called 'presence'. It's wip=20 > stalled > dynamic blog engine. It stalled because I have a bug in the frontend for= =20 > which > I use biwascheme. So, it's a REST API with, so called, Single Page=20 > Application > written fully in Scheme [0] >=20 > I forked that project and got rid of the parts that are still (!)=20 > controversial, > that is my database with, so called, minikanren querying and the=20 > biwascheme part. > And made a git repository called guile-web [1]. If you want, it's=20 > backend framework > for webdev, let's call it that. In reality it's no more that thin=20 > helpers on top > of 'plain' guile, an opinionated choice. >=20 > So here is what it bundles: >=20 > - sha2 + hmac for cryptographically signing cookies, copied from scheme=20 > industria >=20 > - argon2 bindings a new breed of memory & cpu strong [2] for hashing=20 > passwords [3] > I translated how Python Django use that very same library. AFAIK there= =20 > is no > argon2 package in guix, yet... >=20 > - The entry point of the server is web:main but the interesting stuff is= =20 > in > the handler [4]. Which is basically the equivalent of the router. It's= =20 > simply > takes guile REQUEST and a BODY. Yes it's plain Guile. And dispatch=20 > based > on request method and request path like any good backend router > using ice-9 match. It doesn't support regex, but who cares?! It=20 > doesn't > support reversing url through a string indirection because it's an=20 > antipattern. > Let's argue about that last point: The arguments about named routes=20 > are: >=20 > a) It allows to rework the url path later _without changing the name= =20 > route_. > If the path change is very likely that the logic of the path=20 > changed, otherwise > why would you change the path in the first place? A slim chance=20 > you made a > mistake and the original design. That's why you should give a=20 > fair amount > of thought when design the request path routes but not too much!= =20 > What I mean > by that is that path are at the end of the day a detail. Not much= =20 > endusers > take advantage of it. Let's now, imagine I made a mistake=20 > (unlikely!) but > I want to rework my routes and will leave the name of the route=20 > unchanged > EVEN IF the logic behind changed? That would mean leaving some=20 > debt behind > in the code, but it's ok because it's just a string (or a=20 > symbol). Very poor > pratice, when you rework/refactor a codebase you should leave it= =20 > better the > best you can, especially if it's easy to do! In this case, you=20 > have to retype > all (yes all the path!) that changed in the codebase. Nobody said= =20 > it is not > boring dull code. That's coding is, some fun, some boring stuff. >=20 > b) It makes possible to reverse urls with a simple >=20 > (router-reverse 'name-of-the-route path-parameter-one=20 > path-parameter-two) >=20 > This. is. boilerplate. code. Very useless abstraction. Because=20 > the alternative > is much simpler and lower the call stack depth and "complexity",= =20 > which will > ease reading the code. Behold the alternative to the above=20 > snipped: >=20 > (string-append "/name/of/the/route/" path-paramater-one "/"=20 > path-paramater-two) >=20 > Simple clean and newbie friendly. No need to abstract that path=20 > are made of > strings with more strings! >=20 > A Python dev, might tell you: >=20 > "I know better, I know object hierarchy <-> request path router.=20 > It's magiq!" >=20 > I am a Python. Gone there, Seen that. It's a pain. It's the of coding= =20 > that some > part of the code are dull and not 'funky' not algorithm heavy and dull= =20 > easy. > Rejoice about that, that's more time to think about interesting stuff! >=20 > - The router calls controllers with whatever they need as argument=20 > REQUEST > or BODY depending on the case. In guile-web, I inlined that code in=20 > the > handler aka. router: >=20 > (render-html (template "index" "H=C3=A9llo Guilers")) >=20 > Template is the base template procedure, that will return the sxml=20 > shell, and in > this case will return the "index" as body class and "H=C3=A9llo Guiler= s" as=20 > > content. render-html will translate that sxml to a plain guile=20 > response. SXML > is awesome. Look at it closely. How much more complicated it can=20 > become than > that! Look at Python mixt or JavaScript JSX or worse vuex if you want= =20 > to have > an idea of how simple things can be made complicated! >=20 > - There is also a helper for rendering static assets in development. >=20 > - There is a 'decode' procedure to translate query strings into=20 > association list > =20 > https://github.com/a-guile-mind/guile-web/blob/master/src/web/decode.scm#= L45 >=20 > - There is a few helper for return 200, 303, 403, 404, 500, see: > =20 > https://github.com/a-guile-mind/guile-web/blob/master/src/web/helpers.scm >=20 > That's all! >=20 > What is missing is handling multipart mime type form encoded stuff. That= =20 > means > you can not handle form submission and uploads, yet. Patch very welcome.= =20 > It worked > around it in 'presence' because 'presence' sends scheme expression as=20 > request body. > I simply need to 'read/safe' that. >=20 > My opinion about Artanis is not very great because I don't find Django=20 > and Rails > good for the long term. They deliver the wrong abstraction. ORM, regex=20 > routers, whatnot, global states, whatnot?! >=20 > [0]=20 > https://github.com/a-guile-mind/presence/blob/master/src/web.scm#L822 > [1] git clone https://github.com/a-guile-mind/guile-web/ > [2] It means it's very difficult to brute force the password even if > one has both salt and pepper > [3] Mind this https://github.com/a-guile-mind/guile-web/issues/3 > [4]=20 > https://github.com/a-guile-mind/guile-web/blob/master/src/web.scm#L53 >=20 > Also there is guile-sqlite3 https://notabug.org/civodul/guile-sqlite3/ >=20 > > (Another possibility I entertained is to use haunt and have the dynamic > > elements be a separate html page populated by a separate process on the > > server. The page would then only be linked to from the rest of the=20 > > pages and > > would hardcode paths for css and the rest. Not a very good solution,=20 > > but > > maybe the simplest right now.) > > =20 >=20 > I would not do this, if I were you. >=20 > > [1]: I need to embed messages from a pump.io account on the index page. > > I would also like to try integrating with one or two other web > > applications. > >=20 > > Tonton > > :-) =20 >=20 >=20 > Happy hacking! >=20 --=20 I use gpg to sign my emails. All the symbols you may see at the bottom of this mail is my cryptographic signature. It can be ignored, or used to check that it really is me sending this email. Learn more by asking me or see: https://u.fsf.org/zb or https://ssd.eff.org/ --Sig_/7Js_q0E_FCkYR/WzFaoZsIH Content-Type: application/pgp-signature Content-Description: OpenPGP digital signature -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEJpQ8ER/dPhCuYhy5z+UMpbuBoZAFAltKkBwACgkQz+UMpbuB oZAD1Q//XMmjESNf9AvRtsVZ0B12+j57aas64dqTKOS2HmsYaekflSr8Svd5c0jw oPKvHPmCD0Uk5orm+CWS0iTfshtUqalU5vwwMOwaMOFdNT10CRQGjCeYy06BoF6r 8XlPu119QhSIP706hlmFWyuZrQkATdtuaQwOKSursqrjcKD3dSBr51kPXJWb+VH7 86c1EaevChOgJ5FiNMFHqXKfJUCPfMVJQcT0FDGhpnVnFr5+dpQc8xID5c2KzC4M TIhfNODw5rq1QM6ZROd/xUMaGXw/4UthQ5LTTDK8sN6Hu7q/Ngo5tDG3T2/vD8yz IUlvl9uh9LMIuZLJ92jc6p9XSs5t1rfVfHn+oTGFsfCe4rXsxNm/qAbG1iNWEtij xkUwb18St5kzB4mIu4msoL+O8Jz5SNfFN22W0AeDc9TdXROfV+dCZx9Vx6zKDFeV g2jszGzx4OAn9OPhYgQwqV6mQ/Vx2eYE4Nfm7PvsBOeFmrpGm6igU+D5+nF19ipS bYwnxiYVExSoOSk26E3kb9UaC++jWfesKiTOnlPe3kIRKN95XPsA0F6ZNgUamnDZ ebq8AI/HIX2OqUl5houcglJUtubD2kWtpoQP2NxZ4+7FQT2J9gQAYTMB7utYfiKD 8ztmyU6OfowzxnokqMX6Ul6ya9P5f2Bm4AsdB7GP0Zcg10MsL9c= =LTZU -----END PGP SIGNATURE----- --Sig_/7Js_q0E_FCkYR/WzFaoZsIH--