Fork me on GitHub
#re-frame
<
2017-11-05
>
jeaye02:11:45

I think I've hit an impasse with re-frame-async-flow-fx. https://gist.github.com/jeaye/db469d6fb0709a5498863b747cd48a89

jeaye02:11:48

This seems very reasonable to me, but doesn't seem to be supported. Thoughts?

jeaye02:11:06

This breaks not only this use case, but also the use case I had planned for representing, basically, the "core game loop" of "when this happens, do this" and expecting to be able to jump back to the top.

sandbags10:11:09

I am finally getting around to building my next app. I have to reflect that I don't have a lot of time for writing software these days and, right now, I don't have the cash to invest in development help. So I need to make some decent up-front choices. These boil down to something like Luminus (which I haven't used but is largely built out of bits I have) and re-frame (which I have messed with a decent amount recently). My natural inclination is to pick re-frame because I think it's a great model for building apps. Two lingering problems that I have: (1) I've never quite worked out what the right story is for authentication, (2) this app is a good fit for GraphQL rather than a REST based approach but I'm inexperienced with GraphQL. Obviously not an issue with a server based approach. Anyone have any good advice or questions that could help me figure out the way forward?

mikethompson10:11:11

@jeaye re-frame-async-flow does not implement looping, or reset, which is what you seem to need. There's a lot of requirements out there, and re-frame-async-flow can't handle them all. But I'd encourage you to do some copy/paste reuse, and then modify it to your particular needs. Add a reset? flag, which resets the existing state perhaps.

mikethompson10:11:26

@sandbags Regarding (1) there's Memento in https://github.com/Day8/re-frame/blob/master/docs/External-Resources.md (but I can't vouch for it, just know it is there, in the list)

sandbags10:11:34

@mikethompson do you guys build secure apps with re-frame? or essentially open ones?

mikethompson11:11:10

Long story, but whitelisting IP addresses (serverside) is all we need to do.

sandbags11:11:34

ah, convenient but sadly not viable for me

sandbags11:11:54

i did briefly look into token based auth and while i liked it i am sure i read about a number of significant downsides

mikethompson11:11:00

I'd wait for others to explain how they do it

sandbags11:11:36

hrmmm... also, to use re-com or not

sandbags11:11:10

since this is a product for clients and, ergo, i have little control over browser environment i guess not is probably the safer route

mikethompson11:11:32

It does mandate a modern browser (it uses flexbox)

mikethompson11:11:40

There are some using IE9

mikethompson11:11:47

No many though, these days

sandbags11:11:56

Oh... i kind of took from your warning on the HP (maybe some time ago) "If you're not using desktop Chrome all bets are off"

mikethompson11:11:10

Yeah, that's still a safe interpretation. There's no attempt to help with mobile. And the browser has to have a good flexbox implementation.

pesterhazy11:11:56

I secure apps using cookies 🙂

sandbags11:11:05

@pesterhazy i haven't done any serious webapp work since about '11 so forgive my being rusty... you have some kind of "login" endpoint that sets a value in the cookie that the client can send back with future requests to authenticate them? Do you use any particular libraries for this?

sandbags11:11:09

presumably that would be very similar to the token authentication

pesterhazy11:11:23

you basically let the browser do the work for you

pesterhazy11:11:41

yeah you make a request to /login, to which the server replies with

Set-Cookie: sessionId=asdf

pesterhazy11:11:22

then all subsequent requests to the server will include the cookie (with XHR you need to set the appropriate option to include credentials

sandbags11:11:41

okay, that sounds simple enough

pesterhazy11:11:30

it works basically like in the stereotypical /cgi-bin/search.pl app from 1998

mikethompson11:11:30

Ahh, those were the days. Perl ruled the web

mikethompson11:11:43

I have tried very hard to minimize my knowledge in this area for as long as possible, so take what I'm about to suggest with a grain of salt but ... are JWTs possibly useful in this space? Also, at a practical level, I would have thought you'd get sensible implementation from Luminus, by default.

pesterhazy11:11:49

yes JWT tokens are the relevant alternative, but I don't see the benefit over just cookies in most cases, plus they add a bunch of complexity (cryptographic and otherwise)

mikethompson11:11:14

But, like i said, ignore me. i know nothing.

pesterhazy11:11:30

that can't possibly be true 🙂

sandbags11:11:49

Yeah JWT looked good and I did try using them (not entirely successfully) in a re-frame applet a while back but literally as I was thinking "this is very good" I came across a couple of articles that suggested they had serious downsides (e.g. from memory, no good way to invalidate them once issued)

sandbags11:11:23

@mikethompson do you know anyone else who is using re-com on mobile?

sandbags11:11:41

i guess it's a relevant question for me as i'd like data entry, at least, to be functional on mobile

mikethompson11:11:05

re-com dosen't try to work on modile

sandbags11:11:27

right, i'm just not sure how to interpret that

sandbags11:11:38

one can not try and fly perfectly

sandbags11:11:48

it's almost the zen of anything, not trying 🙂

sandbags11:11:31

thanks for the link to soda-ash

sandbags11:11:57

although i've no idea what semantic-ui-react is yet, i might just fall back on something simpler

mikethompson11:11:58

Nothing that fancy. We have never built a re-com app for mobile. And mobile was never a consideration in the design. Perhaps instead: https://github.com/gadfly361/soda-ash

mikethompson11:11:03

I'd ask more questions here a bit later and see what answers you get.

sandbags11:11:15

hrmm... seems there is something called Sodium (https://github.com/deg/sodium) that is a re-frame friendly wrapper around soda-ash

sandbags11:11:38

of course i begin to feel alligators around my armpits

pesterhazy11:11:21

honestly I think if you're going to use bootstrap, you'll have the least problems by - not using any react/reagent wrappers - just generating the boostrap dom via hiccup - not using the bootstrap components that require JS

sandbags11:11:45

@pesterhazy i think you may be right, that was kind of the "something simpler" i was alluding to above

sandbags11:11:00

all singing & all dancing can come later

pesterhazy11:11:06

the problem with pre-baked component libraries (as opposed to css frameworks) is that they never do things in exactly the way you want them to

pesterhazy11:11:30

to get from 90% to 100% you'll need to drill into the code, possibly fork the library

sandbags11:11:58

i will have enough of a job, i think, getting up to speed with GraphQL

pesterhazy11:11:28

one alternative is to start with a framework like re-com to get started quickly and then switch to generating your own hiccup as the project matures

pesterhazy11:11:46

IMO the more you can copy and paste at the beginning, the better

sandbags11:11:24

yeah although once you settle on something like that the cognitive effort of ripping it out and doing something else later always approaches some kind of limit

pesterhazy11:11:25

re-com mixes with just pure bootstrap reasonably well though so you can go incrementally

sandbags11:11:28

This is a side-project around the consultancy so i have to be very aware of such limits 🙂

sandbags11:11:06

@mikethompson are you guys a for-hire dev shop?

mikethompson11:11:41

Not us. We develop products and flog them.

mikethompson12:11:01

So, not service oriented.

mikethompson12:11:55

Are you in US or Europe or elsewhere?

mikethompson12:11:39

Europe seems quite the hot bed for re-frame dev.

ajs12:11:21

I've read of a few Clojure shops using semantic-ui in production, it's always recommended favorably. I've played with it and it's pretty nice.

ajs12:11:51

@sandbags and it works on mobile

sandbags12:11:25

@ajs good to hear, thanks

ajs12:11:29

The Soda-ash wrapper is light and simple, you can read its code in one minute.

sandbags12:11:58

oh well, maybe that's a reasonable choice then

sandbags12:11:17

i'll still probably bootstrap with js-less Bootstrap

pesterhazy12:11:37

I've liked what I've seen about bootstrap4

sandbags12:11:45

gaaaaaaaahhhhhhh!

pesterhazy12:11:05

although it's been a long time in development, and I'm the worst person to ask about CSS

sandbags12:11:22

Is re-com going to rehost on BS4?

sandbags12:11:14

re-frame-template deployed, away we go

metametadata12:11:06

@sandbags take a look at this article if you're going to implement your own auth: https://blog.plan99.net/building-account-systems-f790bf5fdbe0 🙂

gadfly36112:11:53

I wrote soda-ash .. baking-soda is the same thing but for bootstrap (ultra thin wrapper)

ajs13:11:29

How do you like bs vs semantic?

gadfly36113:11:09

I like semantic more

gadfly36113:11:44

However, i have been writing css from scratch mostly

gadfly36113:11:49

Before, i have used @madvas https://github.com/madvas/cljs-react-material-ui in production and it works great

ajs13:11:04

I don't like material, personally. The design doesn't make it obvious what is clickable in many instances. And all material websites look exactly like a Google service or Android.

gadfly36113:11:09

That's definitely fair, i have enjoyed material for websites that are predominantly used on a mobile device .. but i dont think material translates as intuitively to desktop

lovuikeng15:11:06

both from gadfly361, starting and polishing with re-surface (https://github.com/gadfly361/re-surface) and soda-ash, further fine-grained with stylefy https://github.com/Jarzka/stylefy

gadfly36115:11:15

Havent seen stylefy 👀

gadfly36115:11:34

Looks interesting!

lovuikeng15:11:13

semantic-ui provides more modern Web UI, with *semantic*

lovuikeng15:11:44

yes, that stylefy looks cool indeed 🙂

sandbags16:11:01

@metametadata thanks for that article... now i think about it login with google-id or some such is probably a much better idea. Anyone done that kind of integration in a re-frame app?

sandbags16:11:47

sounds like i should definitely be giving soda-ash a look

sandbags16:11:10

although i am mainly wondering if i can just find a few more clients and funnel some cash into someone else building this for me

sandbags16:11:18

i am terrible application developer

ajs16:11:21

That's a great article

ajs16:11:51

@sandbags cemerick' s friend library can help with oauth. Maybe other tools also can. We use friend, but that was implemented years ago.

pesterhazy17:11:51

for Google OAuth, you actually don't need any library

pesterhazy17:11:40

this article explains how to do things in React Native, but a similar strategy works for the Web: http://rationalappdev.com/logging-into-react-native-apps-with-facebook-or-google/

pesterhazy17:11:04

correction: you don't need a client-side library. You do need some server-side-code

ajs17:11:39

Right, and cemerick's friend library is what we use

ajs17:11:39

Right, and cemerick's friend library is what we use

brunex17:11:04

Nov 05, 2017 5:54:09 PM com.google.javascript.jscomp.LoggerErrorManager println
WARNING: /Users/BruNeX/Code/gecko/target/cljsbuild-compiler-1/node_modules/react/cjs/react.production.min.js:5: WARNING - dangerous use of the global this object

brunex17:11:21

anyone can help? getting this error when trying to compile reagent 8 alpah2 with react from npm, but only when :optimizations advanced

brunex17:11:31

if is :none kinda works

mikethompson20:11:00

@brunex I don't know the specifics here but, generally, the moment you run into :advanced issues you set :pseudo-names true and :pretty-print true. See https://clojurescript.org/reference/compiler-options

mikethompson20:11:26

Then you might get better clues