Fork me on GitHub
#clojurescript
<
2024-05-09
>
john15:05:35

So with all this web3 stuff, the "backend" is being abstracted into these "smart contract" languages. You've got these crypto networks like https://internetcomputer.org/ that essentially let you build these SPA like apps where the backend is just this script that you upload and the system handles all authentication/authorization/access-control, etc. I want that, but for web2... no coins, I just pay for the service and I get authentication/authorization/role-based-access that I can upload using some minimalistic, declarative way, and the rest of the logic I'll do on the front end. I feel like 90% of webapps could be built that way.

respatialized15:05:44

https://jasongullickson.com/an-operating-system-for-the-web.html funnily enough I just read this earlier today, but the system described is not implemented yet

๐Ÿ‘€ 1
Toby Clemson20:05:18

Weโ€™re building a platform just like this: https://go-atomic.io/products/logicblocks (using Clojure :star-struck:)

๐Ÿ”ฅ 1
Chris McCormick19:05:55

@U050PJ2EU depending on your use-case you might even be able to do authentication/authorization/role-based-access completely client side using cryptography. This is how protocols like Nostr work. The secret key is kept by the user and the web app client side and covers all of that. Then you can use a "dumb" sync/store backend for clients to exchange data with each other or sync across devices etc. I've been thinking a lot about this as a model lately.

๐Ÿ‘€ 1
john20:05:06

Yeah, zero trust / e2ee

john20:05:26

How do you prevent bad guys from stealing your org id/key and dossing your quotas?

Chris McCormick07:05:55

What do you mean by "org id/key"? Each user's private key should stay in the web app and never be sent to the server using standard web security practices.

Chris McCormick08:05:09

Generally the pattern is the app will create a keypair for the user if they don't have an "account" yet, and then give them a 12-word phrase to write down that they can use to re-generate the key (i.e. the account) in future or on other devices. This replaces the email + password in a regular app. The user becomes responsible for those secrets, which has its own tradeoffs. In nostr you get something called an 'nsec' which you store yourself somewhere and you can use that to gain access to your account from any client. Of course you then need to trust that the client apps don't do anything with your secret, but we trust a lot of software with a lot more than this anyway, and generally these apps are open so you can see the source.

john11:05:50

How does an app developer make money distributing apps on the platform?

Chris McCormick11:05:23

I am not sure about that. I think a model that could work is selling a one-time license key to unlock "pro" features. A person could go in and compile their own version skipping the license key but in practice people seem to be happy to pay for open source apps for example in the app store and a similar model could work. Not sure.

Chris McCormick11:05:59

An app which is doing this is http://typingmind.com - from what the developer has said the app is mostly frontend code that communicates with LLM APIs and you can buy a license key to unlock pro features in the web app. This is pretty similar to oldschool shareware days.

Adam Helins10:05:18

Eventually, I have high hopes for Decentralized Ids and Verifiable Credentials regarding that sort of matters, specs have been designed to handle a much wider range of scenarios than purely web3 (whatever that means ๐Ÿ˜›). But those are still very niche at the moment.

john15:05:45

Does some backend-as-a-service thing exist like that, like web3 but for web2?

john15:05:14

Yeah, serverless is getting there

john15:05:51

I want it to be language level though. Just upload some code - maybe edn

cvic15:05:07

Declarative ftw.

john15:05:02

You could make the backend logic CLJS code, package it with the webapp with the html, js, etc, have the client upload the backend logic to the backend service when accessing it, and the backend service checks the cryptographic signature to verify you signed it and then runs the code. So all I really have to do is buy and organizational ID from you, then give my customers the url and my artifact off the EDN and then your backend service takes care of the rest

cvic15:05:14

I have to check again the state of Clojurescript for Cloudflare workers in 2024... https://github.com/borkdude/aoc-proxy/blob/main/src/index.cljs

john15:05:32

Yeah, you could wrap a service around those

cvic15:05:01

Got to do some more research

thheller15:05:05

isn't that the whole promise behind firebase too?

john15:05:26

Was thinking that too - firebase is close

cvic15:05:42

This looks interesting https://github.com/borkdude/bebo

๐Ÿ‘€ 1
john15:05:46

Take care of google/fb/twitter auth, etc

john15:05:02

Pretty much a wrapper around firebase that allows me to treat it like InternetComputer, where my backend is just a language level service, preferably clj or cljs

cvic15:05:02

Something like https://github.com/denoland/fresh for Clojurescript would be cool.

respatialized17:05:33

https://tailscale.com/use-cases/secure-saas Iโ€™m not sure if this is an exact fit, but I think Tailscale might be an effective auth/security layer, although at the added cost of running an https://tailscale.com/kb/1112/userspace-networking alongside your app

Chris McCormick20:05:29

Whoops I left my comment on the wrong thread. I think what you describe is possible with a backend which is literally just a "dumb store" that relays data between clients/devices for sync, and authentication/authorization etc. is handled by client side keypairs. This is how the Nostr protocol works.

john20:05:32

Yeah it's pretty easy to set up. I'll check out Nostr

Chris McCormick08:05:15

I've been planning a TODO app which is 100% client side and uses Nostr as the store/sync layer. Vapourware currently. ๐Ÿ˜…

Noyal Jose16:05:31

People who have used vue or svelte, how does cljs compare to them these days. If I choose cljs over them will I face trouble when I get stuck because of the small size of the community

p-himik16:05:23

You're comparing a language to UI frameworks, so apples to oranges.

Noyal Jose16:05:24

I've seen people compare reagent/reframe to vue and svelte. Should I modify the question?

p-himik16:05:01

Yes, that comparison makes more sense.

p-himik16:05:52

And as for that question, just check how active #C0620C0C8 and #C073DKH9P are in terms of questions being answered.

Noyal Jose16:05:04

It's encouraging to see there's lots of activity there. Nothing much comes up when I search for cljs, reagent, reframe in YouTube

Noyal Jose16:05:25

Like they do show up but it's almost always old videos

p-himik16:05:51

Yeah, the YT niche is largely vacant. Most of the stuff is about Clojure itself.