Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Roadmap? #183

Open
sigrlami opened this issue Nov 5, 2016 · 6 comments
Open

Roadmap? #183

sigrlami opened this issue Nov 5, 2016 · 6 comments

Comments

@sigrlami
Copy link

sigrlami commented Nov 5, 2016

Is there any vision on how the framework will be developed after 1.0? What problems should be addressed, which new features in need? Maybe it's documented somewhere?

ping @mightybyte @gregorycollins @imalsogreg

@imalsogreg
Copy link
Contributor

Good question! Some things that just came to mind that I would like:

@sigrlami
Copy link
Author

sigrlami commented Nov 6, 2016

I think, I would like to see

  • Benchmarks
  • Proper HTTPS/SSL support
  • Proper Role base management (probably related to external AuthUser, and abstracting this type in general)
  • minor - updated official website + some learning materials

I think making Snap first choice for most Haskell web projects is a nice goal.

Maybe we should make community survey on what people most interested in?

@mightybyte
Copy link
Member

@sigrlami Thanks for your input. HTTPS/SSL support should be working. I commented on your issue with something to try.

Regarding role based access control...I have implemented that before in a proprietary project and it ended up being VERY complex. We decided not to open source it because it was pretty customized to our use case and it required sophisticated database-fu. With Snap, we made a very intentional choice to make everything database-agnostic. So I would not develop something like that as a part of the core Snap Framework.

I think this is one area where Snap (and Haskell in general) differs from web frameworks in other languages. We are more loosely connected. We don't choose, say, a form package for you. You can use digestive-functors, reform, or anything else. The same thing goes for database libraries and many other things. Many people think of Servant as a web framework in and of itself, but you can even use Servant with Snap via the servant-snap package!

I completely agree with you on website, learning materials, and overall goal. I'm all for a survey to see what users are interested in.

My personal efforts lately have been focused on integration with the more recent Haskell web developments such as Groundhog, Reflex, and Servant. So I am working to lower the barrier to entry to building apps based on these technologies. While this work is most definitely related to Snap, most of it is taking place outside the core Snap Framework. The biggest piece that is a part of the framework is the auth snaplet generalization mentioned by @imalsogreg.

@nurpax
Copy link
Contributor

nurpax commented Nov 7, 2016

Is role-based access control something people have asked for? It sounds like something that's complicated to do generically but can also be pretty easy if your app doesn't need very sophisticated roles. At least I'd probably just roll my own if I was developing an app that needed that.

What about sessionless authentication like JWT? I developed a prototype JWT-based authenticator snaplet for one of my projects in https://github.com/nurpax/snap-reactjs-todo/tree/master/src/Snap/Snaplet/SqliteSimple. It felt like shoehorning it into the Auth backend interface would've been quite a bit of work, and I wasn't sure if you can do without sessions. However, it'd still be nice to use some of the Auth functionality like password resets etc.

I'd also prefer the Auth module not to depend on Heist.

+1 for learning materials & updated website.

@sigrlami
Copy link
Author

sigrlami commented Nov 7, 2016

@mightybyte Thank you for response. I understand your position.

While it's nice to have very abstract framework, newcomers might not see what set of technologies best suited for building modern web application with Haskell. I'm in favor of Reflex and Servant, using them myself in company projects. Then framework docs/materials should recommend best possible set of libraries and note that it can be applied with any desired compound.

Is there anything else you want to see included?

I'll prepare a survey and share it with you. Maybe we need another communication channel?

@sigrlami
Copy link
Author

sigrlami commented Nov 7, 2016

@nurpax I think abstracting Auth datatype can lead to easy sessionless authentification. Removing Heist as dependency also a good point.

@mightybyte @nurpax I have custom made role-based subsystem, that I'm tweaking between 3 projects. While I can do in-house abstraction, I thought it's something most modern application need and will be useful to have. But I can't tell currently how hard it is to abstract.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

4 participants