Hello,
> I am investigating using ZappaJS for a project. The latest version
> mentioned on the website
http://zappajs.org/ is 0.3.1; the email below
> talks about issues with integration of Express3 in version 0.3.9, although
> I found a version 0.4.18 in the zappajs/jappajs fork on GitHub. I hope the
> docs can be updated! :-)
Nobody currently working on the project owns the
zappajs.org domain, so
there isn't much we can do until it expires.
[ That's
https://github.com/zappajs/zappajs/issues/59 ]
> (1) Is version 0.4.18 now completely compatible with Express3? Are there
> remaining caveats like the ones in the quoted email below?
That email mostly documented problems with migrating code from Express 2
to Express 3; most of these are issues generic to Express 3 (especially
due to the fact that Express 3 moved to async templating). The one issue
specific to Zappa (dynamic views in filesystem) has been resolved for a
while.
> (2) I want to integrate passport.js or similar for authentication, and I
> want to be able to mark routes and sockets as only accessible to
> authenticated users, or to users with given roles (e.g. admins). What's the
> right way to do this with Zappa?
If I take the example on the passport.js Overview page[1] it should
translate into:
@post '/login', passport.authenticate 'local',
successRedirect: '/'
failureRedirect: '/login'
[1]
http://passportjs.org/guide/
In that example ZappaJS will wrap the callback, but it can still work as
usual with the (req,res,next) parameters.
The example on the Authorize page[2] would translate into:
# Our authorization middleware.
my_auth = passport.authorize 'twitter-authz',
failureRedirect:'/account'
# Middleware applies only to this route.
@get '/connect/twitter/callback', my_auth, ->
user = @req.user
account = @req.account
# etc.
[2]
http://passportjs.org/guide/authorize/
and as usual in Express if you want to apply some middleware to all
requests:
# Middleware applies to all routes.
@use my_auth
Inside ZappaJS Socket.IO code you can do
@session (error,session) ->
which will retrieve the associated Express session.
By default this features is enabled in single-server mode out-of-the-box
as long as your page includes the ZappaJS client-side script.
However (and as far as I know this is unique to ZappaJS) it also works
if you split Express code on one pool of servers and Socket.IO code on
another pool of server, which should be more scalable.
Obviously it doesn't rely on cookies but uses a more complex algorithm[3]
which accesses both sides independently and then binds them through the
back-end database.
[3]
https://github.com/zappajs/zappajs/blob/master/docs/share.png
There are complete, working examples demonstrating the distributed
feature.[4][5]
[4]
https://github.com/zappajs/zappajs/blob/master/examples/share_express.coffee
[5]
https://github.com/zappajs/zappajs/blob/master/examples/share_express.coffee
To follow the example on that web page you would do:
@use 'cookieParser', session:{secret:'keyboard cat'},
'bodyParser', 'csrf'
> (I assume not, because there is no user
> authentication built in by default, as far as I can tell?)
ZappaJS is just a wrapper around Express and Socket.IO, with (I hope!)
sensible defaults but no hard opinions on how you should do your job. :)
> (5) Is it possible to enable SPDY in Zappa?
I've never looked into it but judging from the doc[6] it shouldn't be too
hard to integrate.
[6]
https://github.com/indutny/node-spdy
In the meantime the following might work, based on the example under
"usage with express" on that page:
# Use `
zappa.app` instead of `zappa.run`
zapp =
zappa.app ->
# Your regular ZappaJS code here
server = spdy.createServer options,
zapp.app
server.listen 443
> (More generally, how does SPDY interplay with SSL, WebSockets,
> HTTP-to-WebSocket handoff, user auth etc. in this context? I'm under the
> impression I need to implement everything twice: HTTP[+SSL][+WebSockets]
> plus SPDY routes to handle the two cases separately?)
My reading of SPDY is that it is a framer that replace multiple TCP
connections to a server with a single one and multiplexes requests over
that connection. Not sure what "SPDY routes" would mean in that case
(the only API available is server-side `push`), the same way that you
don't differentiate HTTP vs HTTPS requests today for example
(i.e. Express routing is based on URIs, not on protocols).
S.