Fork me on GitHub
#fulcro
<
2020-05-05
>
Matthew02:05:16

What does fulcro inspect’s query tab expect from the server? I’ve set up a development environment where my app can hit a node server at the /api endpoint, but the query tab keeps bugging out and I suspect it’s because my endpoint isn’t set up properly. I’m listening to post requests at /api on the host. It’s all transit encoding and decoding. Where is the query placed into the request - body, params? Is there documentation on what contract a server should uphold when responding with a pathom parser result? This boiler plate is taken care of in fulcro’s clj examples, but I’m struggling to mimic it with a cljs node server.

Matthew04:05:22

I can send EQL queries to the server in the body of a post and return pathom parser results. But this is just my own set up. Not sure what type of contract fulcro inspect expects for its queries, but it’s not working with my set up.

dvingo13:05:48

You may want to try using the electron app version

dvingo13:05:24

I've been having trouble with the chrome extension lately (randomly goes blank and I can't use it) the app version seems to be working for me

Matthew13:05:43

Yea it sounds like the same issue. Thanks, I’ll try it out.

AJ Snow04:05:05

my best guess would be to get an implementation that does work with the inspect and work to narrow down the differences, but I know that's probably not very helpful.

AJ Snow04:05:27

I'm struggling to get a working implementation of a button. In the video series Tony uses the comment block to evaluate stuff but I'm trying to get a working button with just static data.

AJ Snow05:05:58

my guess would be maybe give the component an initial state, and have an on click event that passes new state to the component. I'm not sure yet tho. I think I need to look at transact more

AJ Snow05:05:08

oh snap I got it ugh, every time it's always a misplaced brace or something

jaihindhreddy07:05:39

Consider using Parinfer or Paredit to manage parens. Way easier with either of those IMO. "Highlight matching paren" and "rainbow parens" are also valuable because they make spotting these issues much easier.

AJ Snow22:05:20

I have them I just don't always know where to put the items I'm working with. I guess it's just something i'll have to get used to. Thanks!

murtaza5211:05:00

is there a function to generate test / sample data given a defattr ? I would like to generate datomic schema entity given a collection of deafattr, this is helpful for test data.

Eugen12:05:17

hi, I just watched some of the videos on fulcro and it looks amazing. I do have some questions about data security and authorization

Eugen12:05:34

how is that handled in fulcro? let's say I have an app and I send a JWT token with user info, the user is hydrated with all his permissions and needs to access a graph of data where there are one to many relationships and he does not have access to all of the items in a collection. Another case is when he does not have access some attributes/fields of a piece of date

Chris O’Donnell13:05:17

@eugen.stan The usual approach is to build those authorization rules into your pathom resolvers in the backend. The simplest thing to do is omit any data the response should not have from the resolver's results. You can also add an error message and render an error message in the client. I wrote a blog post describing how to accomplish the omission strategy: https://chrisodonnell.dev/posts/giftlist/api_auth/.

❤️ 8
Eugen13:05:01

thanks, I will read the article

Eugen13:05:07

my experience comes from graphql resolvers and there I had some issues with this

Eugen13:05:44

the solution there is to delegate to business layer https://graphql.org/learn/authorization/

Eugen13:05:51

and not keep it in the resolvers

Chris O’Donnell13:05:19

At the end of the day, resolvers are how data gets into the response. Whether you choose to build an abstraction layer that the resolvers call to get data or build authorization into the resolvers directly, authorization should be done inside the resolvers in some way.

👍 4
Eugen13:05:48

I saw your solution uses the id an I believe you check for the id to be in the table and allow access based on that. In more complex scenarios that is not enough. I also recommend hydrating the user completely (the authz permissions if any) instead of keeping just the ID - unless this data is cached by pathom in the de-normalized tables

Chris O’Donnell13:05:54

I put together the simplest example I could in the post. If putting more user data into env suits your purposes, then I encourage you to do that. 🙂

Eugen13:05:09

sure, thanks - I think puting that in words might be useful for people who just start with it

Eugen13:05:58

btw, how do you handle pagination?

Eugen13:05:44

I know limit and offset are easy to do most of the time but key set pagination is required in cases where you deal with lots of data

Eugen13:05:32

hmm ... I think I found my answer here, but feel free to share your experience https://github.com/walkable-server/realworld-fulcro/blob/master/src/conduit/ui/pagination.cljs

Chris O’Donnell13:05:56

I have not done keyset pagination with fulcro and pathom. You have the freedom to pass params in the client and pull them out in the server with your queries, so it shouldn't be terribly difficult. There's an example of limit/offset pagination in the fulcro book you could adapt at http://book.fulcrologic.com/#_paginating_large_lists.

Chris O’Donnell13:05:20

Careful with the example you linked; it's written in fulcro 2, not fulcro 3.

fjolne18:05:12

@eugen.stan jfyi pathom has ::pc/transform attribute in resolvers/mutations options map, which can be used for authorization i typically have a few of global higher-order authorization functions (like user-guard, admin-guard etc) which check whether the session user is authorized to view/modify the inputs and return nothing/error in case they are not, and then just add ::pc/transform (comp some-guard another-guard ,,,) to options map

fjolne18:05:28

so these guard functions are essentially middlewares, and it seems like they don’t suffer from the shortcomings mentioned in the GraphQL article (+ they’re composable)

Chris O’Donnell18:05:26

That's a nice idea!

🎉 4
Eugen19:05:27

thanks @UDQ2UEPMY, I don't quite get it now but then I just started learning about fulcro and pathom . Do you have a gist / some code that you can share ?

Eugen06:05:59

thanks. I will see how I can adapt those to permissions instead of groups

fjolne13:05:35

@eugen.stan it just occurred to me that calling parser this way is insecure if you use pc/open-ident-reader, as it’s possible to augment the env from the query via :pathom/context, like

(parser {} `[{([:fake :ident]
               {:pathom/context {::current-admin {:admin/id true}}})
              [:some-admin-data]}])
so it’s better to either 1) do a more low-level check (such as validating session directly from the env) or 2) use unaugmented env for the parser call (e.g. by putting the original env into the env itself) ::pc/transform is unaffected, i modified the gist for clarity https://gist.github.com/fjolne/a6e3b852d2da890c043fbe3076e0d122/revisions hope it won’t affect your implementation, just decided it would be better to say rather than not to say

👍 4
Eugen13:05:53

I am not there yet. I will come back to this. Thanks.

Jakub Holý (HolyJak)13:05:01

@tony.kay I see ::report/row-style is still missing from report-options. Do you plan to change it or should I send a PR to add it there?

murtaza5213:05:19

I have defined some entities / attributes using RAD. This is one of the outputs that I see from start-databases

Datomic pull query to derive output is [:farm/name #:farm{:address [:address/id]} #:farm{:crops [:crop/id]} #:farm{:sales [:sales/id]}]
Now what will be the query to retrieve all farms, I have tried the below but it returns nil -
(parser {} [:farm/name]) 

Jakub Holý (HolyJak)17:05:01

I don't know this but it looks weird. Is there a single farm? Shouldn't you be providing an ident such as [:farm/name "Farm 1"]?

murtaza5219:05:41

@holyjak I am trying to retrieve all farms in the farm table. So basically return names for all the farms.

👍 4
tony.kay15:05:44

@holyjak the current design is that you specify a body item if you want to customize rows…that one cannot be a style because it needs to have a sub-query

Jakub Holý (HolyJak)15:05:01

Well, you use ::report/row-style in the code and it is possible to use it to replace the default table row component, it just isn't documented in report options so I wasn't sure if it should. I'll write later about how I use and a possibly missing customization point.

janezj17:05:15

Yes, thanks, I created mutations.clj and mutations.cljs and placed there mutations with the same name one for server and one for client just to get rid of :sym

tony.kay15:05:08

well, actually, it could be I guess

tony.kay15:05:14

feel free to take a shot 🙂

janezj16:05:45

I have simple mutation and I found some wierd behavior (I have workaround, but not an explanation) 1. will print aaaaaa... at load time 2. will NOT compile without (1) ( log/debug "aaaa") : Unable to resolve symbol: server in this context

(pc/defmutation test-with-email
                [env {server :server, attach? :attach?}]
                (log/debug "aaaaaaaaaaaaaaaaaaaaa") (1)
                (log/debug server)                  (2) 
                (println server attach?))

Chris O’Donnell16:05:35

@UQ5QFFX54 If pc stands for pathom connect, you should provide an options map following your params vector (https://wilkerlucio.github.io/pathom/v2/pathom/2.2.0/connect/connect-mutations.html#_creating_mutations).

Eric Ihli17:05:26

Just trying out fulcro. Relatively new to Clojure. Followed along with the docs here and got to a confusing part. http://book.fulcrologic.com/#_organizing_source > http://book.fulcrologic.com/#_running_the_server > The Clojure REPL will automatically start in the user namespace. > ... > If you start the server with (start) you should be able to load... My REPL starts in the shadow.user . Fixed by simply (in-ns 'user), but are the docs outdated? Did I miss something? Is there something like an init-repl-ns that can be set to user so the repl does start in the user ns rather than the shadow.user ns?

fjolne17:05:56

the docs are right, it’s expected that you start a REPL for your main server (which serves /api), not for shadow’s dev server (which is typically used to switch to CLJS REPL) so, you need to run both shadow (for CLJS compilation and hotreload) and main server (which serves API and assets) in parallel

Eric Ihli18:05:22

Gotcha. Thanks!

🎉 4
Matthew22:05:13

I’ve just set up fulcro inspect electron and I’m successfully hitting my node cljs API endpoint from the Query tab. But I keep getting {:foo :com.wsscode.pathom.core/not-found}. The parser endpoint is working when I test it separately. I think fulcro is expecting a contract from the server that I’m not abiding by. I’m currently returning an “application/transit+json” response with a transit encoded body of the parser response. Is there something else needed in the response headers? Any ideas?

Matthew23:05:50

Middleware wasn’t encoding transit in response properly. All good 😁.