Plack::Middleware::Auth::Form - some updates and a possible name change

I'll make a new release of Plack::Middleware::Auth::Form soon. There are quite a few fixes in the Plack::Middleware::Auth::Form repository gathered since the last release. It is all from external contributors - thanks a lot!

The bug reported in #75896: Cookie Expiry Date not set for "remember" session is quite interesting. Apparently Plack::Middleware::Session sends the session cookie on each request and if you don't set Expiry Date each time it will happily unset it.

I am thinking about changing the name to WebPrototypes::LoginForm. Some people did not like the name Plack::Middleware::Auth::Form from the start, because it is a bit more high-level then the other Auth middlewares, and now I have two more elements for quick web application prototyping under the WebPrototypes namespace.

Blog writing and assuming stupidity

Writing a blog is not easy. People did not change much since the 'bread and circuses' times. You need to spicy your writing up with strong statements or you'll not get any audience. On the other hand ridiculing someone while having a very superficial knowledge of the matter makes you a bully.

What happened there? Again, it is hard to tell anything interesting without some speculation - and possibly I'll have to apologize to Dave for this - but I think Dave has read "You must hate version control systems, we won't be using any" and assumed that this is is from a company that superficially rejected version control because they did not want to learn or, in other words, from someone that assumed that version control is useless. Talk about beams and eyes. That's not to say that I vouch for the 'pipelines' system or for replacing version control with it. I still don't know much about these pipelines - but new ideas don't have to work in every possible aspect to be worthwhile and you'll not have a break-through idea if you always stick to the accepted wisdom.

It is easy to assume stupidity - on average people are mediocre - but the internet is a big search space - expect to be surprised from time to time :)

Verbs and Nouns

There is a popular, if a bit long and blurry, rant by Steve Yegge: Execution in the Kingdom of Nouns - it is about how we overuse nouns and under-use verbs when programming in Java. Of course it is not different in other object oriented imperative languages. Programs do something, subroutines do something - verbs should be at least as prominent as nouns in programming - but when we need to write an application we build it out of objects. Even if it is a web application - something that translates the HTTP request into the HTTP response - we code it as an object with fields and all that stuff. Even if we code against an API that defines the web application as a subroutine reference, we still write it as an object and then make a closure over it to pass to the backend.

Do we overuse nouns? Or maybe it is that actions are opaque and unstructured - and when we need to get to the the details, the parts that compose them - then it is more natural to treat them as things? Wouldn't it be easier to incorporate streaming in PSGI if the application there was an object with methods and attributes?

WebNano - code experiments

WebNano is only a few hundreds lines - but you can arrange it in many many ways - and then you need to test it with all kinds of URL schemas and controller architecture. I do a lot of exploratory coding - testing all the possible arrangements. I feel that I keep forgetting about the things that suggested me to choose one design over others. Maybe I'll keep some notes here. In the past two weeks I tried a few things:

1. Keeping the parsed path as an attribute in the controller.
2. Additionally to the above I tried adding three more controller methods: 'action_name', 'action_args' and 'action_postfix'.
3. I wrote two additional test controllers for the simple url schema, both redirecting handling to DvdDatabase::Controller::Dvd::Record for the case where we have a record to handle: overriding local_dispatch, overriding handle

The conclusions:

1. having the path as attribute is handy for code retrieving the record
2. the additional controller methods help with writing custom dispatchers
3. splitting the processing to two controllers - one for the case where you have one object to work on (like viewing, editing, deleting), second for the case where we don't (like listing, creating) is very clean - you can have the object as controller attribute
4. the the additional dispatcher methods are less useful for that more clean architecture
5. the biggest problem was always preventing the methods that require the object to be called when we don't have the record id on the path (like '/view' when we assume that it should be '/1/view') - and the best method to do that is having the two controller classes
6. overriding 'handle' is actually simpler - because it is a very simple method

Why Bread::Board looks mostly redundant

This is based on two assumptions - that you don't use BB as a kind of Service Locator (but I agree with for example Dependency Injection != using a DI container that this is an anti-pattern) and what 'mostly follows' that the product of your BB container is just one object - the application class. I believe these are good guidelines for software architecture. With those two assumptions all that BB gives you is that you can name your partial results and then use them in later computations, but Perl has a good support for this - it is called variables.

For example let's take the original example from Bread::Board synopsis:

	use Bread::Board;
	my $c = container 'MyApp' => as {
	service 'log_file_name' => "logfile.log";
	service 'logger' => (
	class => 'FileLogger',
	lifecycle => 'Singleton',
	dependencies => [
	depends_on('log_file_name'),
	]
	);
	container 'Database' => as {
	service 'dsn' => "dbi:SQLite:dbname=my-app.db";
	service 'username' => "user234";
	service 'password' => "****";
	service 'dbh' => (
	block => sub {
	my $s = shift;
	require DBI;
	DBI->connect(
	$s->param('dsn'),
	$s->param('username'),
	$s->param('password'),
	) || die "Could not connect";
	},
	dependencies => wire_names(qw[dsn username password])
	);
	};
	service 'application' => (
	class => 'MyApplication',
	dependencies => {
	logger => depends_on('logger'),
	dbh => depends_on('Database/dbh'),
	}
	);
	};
	no Bread::Board; # removes keywords
	# get an instance of MyApplication
	# from the container
	my $app = $c->resolve( service => 'application' );

view raw gistfile1.pl hosted with ❤ by GitHub

Now - let's do the same with just variables:

	my $log_file_name = "logfile.log";
	my $logger = FileLogger->new( log_file_name => $log_file_name );
	my $dsn = "dbi:SQLite:dbname=my-app.db";
	my $username = "user234";
	my $password = "****";
	my $dbh = do {
	require DBI;
	DBI->connect(
	$dsn,
	$username,
	$password,
	) || die "Could not connect";
	};
	my $application = MyApplication->new(
	logger => $logger,
	dbh => $dbh,
	);

view raw gistfile1.pl hosted with ❤ by GitHub

You can also feel fancy and do it with Moose lazy attributes:

	{
	package Factory;
	use Moose;
	has log_file_name => ( is => 'ro', default => "logfile.log" );
	has logger => ( is => 'ro', lazy_build => 1 );
	sub _build_logger { FileLogger->new( log_file_name => shift->log_file_name ) }
	has dsn => ( is => 'ro', default => "dbi:SQLite:dbname=my-app.db" );
	has username => ( is => 'ro', default => "user234" );
	has password => ( is => 'ro', default => "****" );
	has dbh => ( is => 'ro', lazy_build => 1 );
	sub _build_dbh {
	my $self = shift;
	require DBI;
	return DBI->connect(
	$self->dsn,
	$self->username,
	$self->password,
	) || die "Could not connect";
	};
	has application => ( is => 'ro', lazy_build => 1 );
	sub _build_application {
	my $self = shift;
	return MyApplication->new(
	logger => $self->logger,
	dbh => $self->dbh,
	)
	}
	}
	my $application = Factory->new()->application;

view raw gistfile1.pl hosted with ❤ by GitHub

This is not longer than the BB example and it uses generic tools.

Mason 2

Mason 2 looks very interesting. First of all it has the a file a page modus operandi that works so well for PHP, then it has all the template inheritance and Moose template candies that look very powerful, finally the page code works in the request scope - i.e. it can access the page parameters and stuff from attributes which is so much more convenient then passing these values around as method parameters as you do in Catalyst. The only part lacking from my cursory look at the documentation is anything that works in the application scope. Most probably it is just that I did not found anything in the most exposed documents - but this omission still looks ominous.