This page is not created by, affiliated with, or supported by Slack Technologies, Inc.
2017-11-05
Channels
- # bangalore-clj (5)
- # beginners (77)
- # boot (29)
- # cider (11)
- # clojure (110)
- # clojure-dev (5)
- # clojure-greece (1)
- # clojure-poland (1)
- # clojure-russia (11)
- # clojure-spec (1)
- # clojurescript (143)
- # clojurex (1)
- # core-async (1)
- # css (1)
- # cursive (40)
- # data-science (1)
- # datomic (6)
- # figwheel (4)
- # fulcro (45)
- # immutant (5)
- # off-topic (4)
- # onyx (8)
- # portkey (9)
- # re-frame (112)
- # shadow-cljs (30)
- # spacemacs (3)
I think I've hit an impasse with re-frame-async-flow-fx
. https://gist.github.com/jeaye/db469d6fb0709a5498863b747cd48a89
This breaks not only this use case, but also the use case I had planned for representing, basically, the "core game loop" of "when this happens, do this" and expecting to be able to jump back to the top.
I am finally getting around to building my next app. I have to reflect that I don't have a lot of time for writing software these days and, right now, I don't have the cash to invest in development help. So I need to make some decent up-front choices. These boil down to something like Luminus (which I haven't used but is largely built out of bits I have) and re-frame (which I have messed with a decent amount recently). My natural inclination is to pick re-frame because I think it's a great model for building apps. Two lingering problems that I have: (1) I've never quite worked out what the right story is for authentication, (2) this app is a good fit for GraphQL rather than a REST based approach but I'm inexperienced with GraphQL. Obviously not an issue with a server based approach. Anyone have any good advice or questions that could help me figure out the way forward?
@jeaye re-frame-async-flow
does not implement looping, or reset, which is what you seem to need.
There's a lot of requirements out there, and re-frame-async-flow
can't handle them all. But I'd encourage you to do some copy/paste reuse, and then modify it to your particular needs. Add a reset?
flag, which resets the existing state perhaps.
@sandbags Regarding (1) there's Memento in https://github.com/Day8/re-frame/blob/master/docs/External-Resources.md (but I can't vouch for it, just know it is there, in the list)
@mikethompson do you guys build secure apps with re-frame? or essentially open ones?
Long story, but whitelisting IP addresses (serverside) is all we need to do.
i did briefly look into token based auth and while i liked it i am sure i read about a number of significant downsides
I'd wait for others to explain how they do it
since this is a product for clients and, ergo, i have little control over browser environment i guess not is probably the safer route
It does mandate a modern browser (it uses flexbox)
There are some using IE9
No many though, these days
Oh... i kind of took from your warning on the HP (maybe some time ago) "If you're not using desktop Chrome all bets are off"
Yeah, that's still a safe interpretation. There's no attempt to help with mobile. And the browser has to have a good flexbox implementation.
Perhaps instead: https://github.com/gadfly361/soda-ash
I secure apps using cookies 🙂
@pesterhazy i haven't done any serious webapp work since about '11 so forgive my being rusty... you have some kind of "login" endpoint that sets a value in the cookie that the client can send back with future requests to authenticate them? Do you use any particular libraries for this?
you basically let the browser do the work for you
yeah you make a request to /login
, to which the server replies with
Set-Cookie: sessionId=asdf
then all subsequent requests to the server will include the cookie (with XHR you need to set the appropriate option to include credentials
@pesterhazy thanks
it works basically like in the stereotypical /cgi-bin/search.pl
app from 1998
Ahh, those were the days. Perl ruled the web
I've found this comparison useful: https://stackoverflow.com/questions/3220660/local-storage-vs-cookies
I have tried very hard to minimize my knowledge in this area for as long as possible, so take what I'm about to suggest with a grain of salt but ... are JWTs possibly useful in this space? Also, at a practical level, I would have thought you'd get sensible implementation from Luminus, by default.
yes JWT tokens are the relevant alternative, but I don't see the benefit over just cookies in most cases, plus they add a bunch of complexity (cryptographic and otherwise)
But, like i said, ignore me. i know nothing.
that can't possibly be true 🙂
Yeah JWT looked good and I did try using them (not entirely successfully) in a re-frame applet a while back but literally as I was thinking "this is very good" I came across a couple of articles that suggested they had serious downsides (e.g. from memory, no good way to invalidate them once issued)
@mikethompson do you know anyone else who is using re-com on mobile?
i guess it's a relevant question for me as i'd like data entry, at least, to be functional on mobile
re-com dosen't try to work on modile
although i've no idea what semantic-ui-react is yet, i might just fall back on something simpler
Nothing that fancy. We have never built a re-com app for mobile. And mobile was never a consideration in the design. Perhaps instead: https://github.com/gadfly361/soda-ash
I'd ask more questions here a bit later and see what answers you get.
hrmm... seems there is something called Sodium (https://github.com/deg/sodium) that is a re-frame friendly wrapper around soda-ash
honestly I think if you're going to use bootstrap, you'll have the least problems by - not using any react/reagent wrappers - just generating the boostrap dom via hiccup - not using the bootstrap components that require JS
@pesterhazy i think you may be right, that was kind of the "something simpler" i was alluding to above
the problem with pre-baked component libraries (as opposed to css frameworks) is that they never do things in exactly the way you want them to
to get from 90% to 100% you'll need to drill into the code, possibly fork the library
one alternative is to start with a framework like re-com to get started quickly and then switch to generating your own hiccup as the project matures
IMO the more you can copy and paste at the beginning, the better
yeah although once you settle on something like that the cognitive effort of ripping it out and doing something else later always approaches some kind of limit
re-com mixes with just pure bootstrap reasonably well though so you can go incrementally
This is a side-project around the consultancy so i have to be very aware of such limits 🙂
@mikethompson are you guys a for-hire dev shop?
Not us. We develop products and flog them.
So, not service oriented.
Are you in US or Europe or elsewhere?
Europe seems quite the hot bed for re-frame dev.
:flag-eu:
I've read of a few Clojure shops using semantic-ui in production, it's always recommended favorably. I've played with it and it's pretty nice.
I've liked what I've seen about bootstrap4
although it's been a long time in development, and I'm the worst person to ask about CSS
@mikethompson actually, shouldn't re-com be on https://github.com/Day8/re-frame/blob/master/docs/External-Resources.md ?
@sandbags take a look at this article if you're going to implement your own auth: https://blog.plan99.net/building-account-systems-f790bf5fdbe0 🙂
I wrote soda-ash .. baking-soda is the same thing but for bootstrap (ultra thin wrapper)
Before, i have used @madvas https://github.com/madvas/cljs-react-material-ui in production and it works great
I don't like material, personally. The design doesn't make it obvious what is clickable in many instances. And all material websites look exactly like a Google service or Android.
That's definitely fair, i have enjoyed material for websites that are predominantly used on a mobile device .. but i dont think material translates as intuitively to desktop
both from gadfly361, starting and polishing with re-surface
(https://github.com/gadfly361/re-surface) and soda-ash
, further fine-grained with stylefy
https://github.com/Jarzka/stylefy
@metametadata thanks for that article... now i think about it login with google-id or some such is probably a much better idea. Anyone done that kind of integration in a re-frame app?
although i am mainly wondering if i can just find a few more clients and funnel some cash into someone else building this for me
@sandbags cemerick' s friend library can help with oauth. Maybe other tools also can. We use friend, but that was implemented years ago.
for Google OAuth, you actually don't need any library
this article explains how to do things in React Native, but a similar strategy works for the Web: http://rationalappdev.com/logging-into-react-native-apps-with-facebook-or-google/
correction: you don't need a client-side library. You do need some server-side-code
Nov 05, 2017 5:54:09 PM com.google.javascript.jscomp.LoggerErrorManager println
WARNING: /Users/BruNeX/Code/gecko/target/cljsbuild-compiler-1/node_modules/react/cjs/react.production.min.js:5: WARNING - dangerous use of the global this object
anyone can help? getting this error when trying to compile reagent 8 alpah2 with react from npm, but only when :optimizations advanced
@brunex I don't know the specifics here but, generally, the moment you run into :advanced
issues you set :pseudo-names
true
and :pretty-print
true. See https://clojurescript.org/reference/compiler-options
Then you might get better clues