Express 3
135 views
Skip to first unread message
Stephane
Jun 16, 2012, 7:53:36 PM6/16/12
to zap...@googlegroups.com
Hi,
I could use some feedback regarding the migration to Express 3.
The discussion so far is here:
https://github.com/zappajs/zappajs/issues/7
To paraphrase: Hypee and I have been trying to get things to work, but
the changes in Express 3 will impact Zappa and probably force changes to
the Zappa API. The main issues we've found center around @view and
layouts (but I haven't been able to run the Zappa test suite with
Express3 yet, so there might be other areas where changes may be needed).
S.
I could use some feedback regarding the migration to Express 3.
The discussion so far is here:
https://github.com/zappajs/zappajs/issues/7
To paraphrase: Hypee and I have been trying to get things to work, but
the changes in Express 3 will impact Zappa and probably force changes to
the Zappa API. The main issues we've found center around @view and
layouts (but I haven't been able to run the Zappa test suite with
Express3 yet, so there might be other areas where changes may be needed).
S.
Pascal Gay
Jun 17, 2012, 2:53:16 PM6/17/12
to zap...@googlegroups.com
About the test suite, I remember having done a minor change to make it work with Express 3.
I'll check that, maybe that's already working with my Zappa/Express 3 branch.
Stephane
Jun 17, 2012, 8:46:22 PM6/17/12
to zap...@googlegroups.com
After a full day of work I think I finally got things to work. All tests
pass except for the chatrooms tests, which didn't work in 0.3.9 either.
(The chatroom example program works though; the tests need to be fixed.)
The patch is on github[1] and I would greatly appreciate any feedback
people may have (pull and checkout the "express3_simple_views"
branch[2], or simply apply the patch to ZappaJS 0.3.9).
[1]
https://github.com/zappajs/zappajs/commit/296ede6d1fc5a6dad13b22eb950c7bb28585101b
[2] https://github.com/zappajs/zappajs/tree/express3_simple_views
I'm especially interested in "my code uses this feature and it doesn't
work anymore" types of report -- either so that we can work on a fix, or
document a migration strategy.
S.
## Known caveats ##
* Zappa inline views (`@view`) are not visible from the templating
engines, so for example you cannot do:
@view 'index.jade': 'include foo.jade' # not sure about jade syntax
@view 'foo.jade': ...
However I added an (alpha, untested) new option for Zappa that should
export on disk any @view templates; so something like this might work:
require('zappa') export_views:'zappa', ->
@view 'index.jade': 'include zappa/foo.jade'
@view 'foo.jade': ...
* Express3 doesn't support `register` anymore, so `@app.register` will
fail. Zappa's `@register` still works and supports any modules that
provide a `compile` method.
* Express3 `render` doesn't support `layout` anymore; Zappa's `@render`
still does.
* Most templating engines do not work out-of-the-box with Express3. You
must use the `consolidate`[3] version of these engines.
[3] https://github.com/visionmedia/consolidate.js
For example, with `eco`:
# app.engine added in Express3
@app.engine 'eco', require('consolidate').eco
@set 'view engine': 'eco'
pass except for the chatrooms tests, which didn't work in 0.3.9 either.
(The chatroom example program works though; the tests need to be fixed.)
The patch is on github[1] and I would greatly appreciate any feedback
people may have (pull and checkout the "express3_simple_views"
branch[2], or simply apply the patch to ZappaJS 0.3.9).
[1]
https://github.com/zappajs/zappajs/commit/296ede6d1fc5a6dad13b22eb950c7bb28585101b
[2] https://github.com/zappajs/zappajs/tree/express3_simple_views
I'm especially interested in "my code uses this feature and it doesn't
work anymore" types of report -- either so that we can work on a fix, or
document a migration strategy.
S.
## Known caveats ##
* Zappa inline views (`@view`) are not visible from the templating
engines, so for example you cannot do:
@view 'index.jade': 'include foo.jade' # not sure about jade syntax
@view 'foo.jade': ...
However I added an (alpha, untested) new option for Zappa that should
export on disk any @view templates; so something like this might work:
require('zappa') export_views:'zappa', ->
@view 'index.jade': 'include zappa/foo.jade'
@view 'foo.jade': ...
* Express3 doesn't support `register` anymore, so `@app.register` will
fail. Zappa's `@register` still works and supports any modules that
provide a `compile` method.
* Express3 `render` doesn't support `layout` anymore; Zappa's `@render`
still does.
* Most templating engines do not work out-of-the-box with Express3. You
must use the `consolidate`[3] version of these engines.
[3] https://github.com/visionmedia/consolidate.js
For example, with `eco`:
# app.engine added in Express3
@app.engine 'eco', require('consolidate').eco
@set 'view engine': 'eco'
Luke Hutchison
Mar 10, 2013, 7:59:16 AM3/10/13
to zap...@googlegroups.com
Hi,
I am investigating using ZappaJS for a project. The latest version mentioned on the website http://zappajs.org/ is 0.3.1; the email below talks about issues with integration of Express3 in version 0.3.9, although I found a version 0.4.18 in the zappajs/jappajs fork on GitHub. I hope the docs can be updated! :-)
I'm pretty excited by Zappa, but can't figure out how to use it to do non-trivial things. I have quite a few questions:
(1) Is version 0.4.18 now completely compatible with Express3? Are there remaining caveats like the ones in the quoted email below?
(2) I want to integrate passport.js or similar for authentication, and I want to be able to mark routes and sockets as only accessible to authenticated users, or to users with given roles (e.g. admins). What's the right way to do this with Zappa?
(3) I want to be able to reuse the HTTP auth for websockets, something like https://github.com/alphapeter/socket.io-express . Does Zappa need this sort of glue?
(4) I want to enable CSRF protection for websockets, which is built into connect.js, but has to be added after the cookieParser() and session() middleware: http://www.senchalabs.org/connect/middleware-csrf.html . Does Zappa enable CSRF protection? (I assume not, because there is no user authentication built in by default, as far as I can tell?)
(5) Is it possible to enable SPDY in Zappa? (It is now supported in Express.) (More generally, how does SPDY interplay with SSL, WebSockets, HTTP-to-WebSocket handoff, user auth etc. in this context? I'm under the impression I need to implement everything twice: HTTP[+SSL][+WebSockets] plus SPDY routes to handle the two cases separately?)
Thank you,
Luke H
step...@shimaore.net
Mar 10, 2013, 9:57:32 AM3/10/13
to zap...@googlegroups.com
Hello,
> I am investigating using ZappaJS for a project. The latest version
> mentioned on the website http://zappajs.org/ is 0.3.1; the email below
> talks about issues with integration of Express3 in version 0.3.9, although
> I found a version 0.4.18 in the zappajs/jappajs fork on GitHub. I hope the
> docs can be updated! :-)
Nobody currently working on the project owns the zappajs.org domain, so
there isn't much we can do until it expires.
[ That's https://github.com/zappajs/zappajs/issues/59 ]
> (1) Is version 0.4.18 now completely compatible with Express3? Are there
> remaining caveats like the ones in the quoted email below?
That email mostly documented problems with migrating code from Express 2
to Express 3; most of these are issues generic to Express 3 (especially
due to the fact that Express 3 moved to async templating). The one issue
specific to Zappa (dynamic views in filesystem) has been resolved for a
while.
> (2) I want to integrate passport.js or similar for authentication, and I
> want to be able to mark routes and sockets as only accessible to
> authenticated users, or to users with given roles (e.g. admins). What's the
> right way to do this with Zappa?
If I take the example on the passport.js Overview page[1] it should
translate into:
@post '/login', passport.authenticate 'local',
successRedirect: '/'
failureRedirect: '/login'
[1] http://passportjs.org/guide/
In that example ZappaJS will wrap the callback, but it can still work as
usual with the (req,res,next) parameters.
The example on the Authorize page[2] would translate into:
# Our authorization middleware.
my_auth = passport.authorize 'twitter-authz',
failureRedirect:'/account'
# Middleware applies only to this route.
@get '/connect/twitter/callback', my_auth, ->
user = @req.user
account = @req.account
# etc.
[2] http://passportjs.org/guide/authorize/
and as usual in Express if you want to apply some middleware to all
requests:
# Middleware applies to all routes.
@use my_auth
> (3) I want to be able to reuse the HTTP auth for websockets, something like
> https://github.com/alphapeter/socket.io-express . Does Zappa need this sort
> of glue?
Inside ZappaJS Socket.IO code you can do
@session (error,session) ->
which will retrieve the associated Express session.
By default this features is enabled in single-server mode out-of-the-box
as long as your page includes the ZappaJS client-side script.
However (and as far as I know this is unique to ZappaJS) it also works
if you split Express code on one pool of servers and Socket.IO code on
another pool of server, which should be more scalable.
Obviously it doesn't rely on cookies but uses a more complex algorithm[3]
which accesses both sides independently and then binds them through the
back-end database.
[3] https://github.com/zappajs/zappajs/blob/master/docs/share.png
There are complete, working examples demonstrating the distributed
feature.[4][5]
[4]
https://github.com/zappajs/zappajs/blob/master/examples/share_express.coffee
[5]
https://github.com/zappajs/zappajs/blob/master/examples/share_express.coffee
> (4) I want to enable CSRF protection for websockets, which is built into
> connect.js, but has to be added after the cookieParser() and session()
> middleware: http://www.senchalabs.org/connect/middleware-csrf.html . Does
> Zappa enable CSRF protection?
To follow the example on that web page you would do:
@use 'cookieParser', session:{secret:'keyboard cat'},
'bodyParser', 'csrf'
> (I assume not, because there is no user
> authentication built in by default, as far as I can tell?)
ZappaJS is just a wrapper around Express and Socket.IO, with (I hope!)
sensible defaults but no hard opinions on how you should do your job. :)
> (5) Is it possible to enable SPDY in Zappa?
I've never looked into it but judging from the doc[6] it shouldn't be too
hard to integrate.
[6] https://github.com/indutny/node-spdy
In the meantime the following might work, based on the example under
"usage with express" on that page:
# Use `zappa.app` instead of `zappa.run`
zapp = zappa.app ->
# Your regular ZappaJS code here
server = spdy.createServer options, zapp.app
server.listen 443
> (More generally, how does SPDY interplay with SSL, WebSockets,
> HTTP-to-WebSocket handoff, user auth etc. in this context? I'm under the
> impression I need to implement everything twice: HTTP[+SSL][+WebSockets]
> plus SPDY routes to handle the two cases separately?)
My reading of SPDY is that it is a framer that replace multiple TCP
connections to a server with a single one and multiplexes requests over
that connection. Not sure what "SPDY routes" would mean in that case
(the only API available is server-side `push`), the same way that you
don't differentiate HTTP vs HTTPS requests today for example
(i.e. Express routing is based on URIs, not on protocols).
S.
> I am investigating using ZappaJS for a project. The latest version
> mentioned on the website http://zappajs.org/ is 0.3.1; the email below
> talks about issues with integration of Express3 in version 0.3.9, although
> I found a version 0.4.18 in the zappajs/jappajs fork on GitHub. I hope the
> docs can be updated! :-)
there isn't much we can do until it expires.
[ That's https://github.com/zappajs/zappajs/issues/59 ]
> (1) Is version 0.4.18 now completely compatible with Express3? Are there
> remaining caveats like the ones in the quoted email below?
to Express 3; most of these are issues generic to Express 3 (especially
due to the fact that Express 3 moved to async templating). The one issue
specific to Zappa (dynamic views in filesystem) has been resolved for a
while.
> (2) I want to integrate passport.js or similar for authentication, and I
> want to be able to mark routes and sockets as only accessible to
> authenticated users, or to users with given roles (e.g. admins). What's the
> right way to do this with Zappa?
translate into:
@post '/login', passport.authenticate 'local',
successRedirect: '/'
failureRedirect: '/login'
[1] http://passportjs.org/guide/
In that example ZappaJS will wrap the callback, but it can still work as
usual with the (req,res,next) parameters.
The example on the Authorize page[2] would translate into:
# Our authorization middleware.
my_auth = passport.authorize 'twitter-authz',
failureRedirect:'/account'
# Middleware applies only to this route.
@get '/connect/twitter/callback', my_auth, ->
user = @req.user
account = @req.account
# etc.
[2] http://passportjs.org/guide/authorize/
and as usual in Express if you want to apply some middleware to all
requests:
# Middleware applies to all routes.
@use my_auth
> (3) I want to be able to reuse the HTTP auth for websockets, something like
> https://github.com/alphapeter/socket.io-express . Does Zappa need this sort
> of glue?
@session (error,session) ->
which will retrieve the associated Express session.
By default this features is enabled in single-server mode out-of-the-box
as long as your page includes the ZappaJS client-side script.
However (and as far as I know this is unique to ZappaJS) it also works
if you split Express code on one pool of servers and Socket.IO code on
another pool of server, which should be more scalable.
Obviously it doesn't rely on cookies but uses a more complex algorithm[3]
which accesses both sides independently and then binds them through the
back-end database.
[3] https://github.com/zappajs/zappajs/blob/master/docs/share.png
There are complete, working examples demonstrating the distributed
feature.[4][5]
[4]
https://github.com/zappajs/zappajs/blob/master/examples/share_express.coffee
[5]
https://github.com/zappajs/zappajs/blob/master/examples/share_express.coffee
> (4) I want to enable CSRF protection for websockets, which is built into
> connect.js, but has to be added after the cookieParser() and session()
> middleware: http://www.senchalabs.org/connect/middleware-csrf.html . Does
> Zappa enable CSRF protection?
@use 'cookieParser', session:{secret:'keyboard cat'},
'bodyParser', 'csrf'
> (I assume not, because there is no user
> authentication built in by default, as far as I can tell?)
sensible defaults but no hard opinions on how you should do your job. :)
> (5) Is it possible to enable SPDY in Zappa?
hard to integrate.
[6] https://github.com/indutny/node-spdy
In the meantime the following might work, based on the example under
"usage with express" on that page:
# Use `zappa.app` instead of `zappa.run`
zapp = zappa.app ->
# Your regular ZappaJS code here
server = spdy.createServer options, zapp.app
server.listen 443
> (More generally, how does SPDY interplay with SSL, WebSockets,
> HTTP-to-WebSocket handoff, user auth etc. in this context? I'm under the
> impression I need to implement everything twice: HTTP[+SSL][+WebSockets]
> plus SPDY routes to handle the two cases separately?)
connections to a server with a single one and multiplexes requests over
that connection. Not sure what "SPDY routes" would mean in that case
(the only API available is server-side `push`), the same way that you
don't differentiate HTTP vs HTTPS requests today for example
(i.e. Express routing is based on URIs, not on protocols).
S.
Reply all
Reply to author
Forward
0 new messages