What would you think about a new web-framework that extends Phoenix with rails-like or django-like built-in features?

Following some discussions here I understand clearly that Phoenix core-team doesn’t aim something like Rails or Django. That is great, so they can focus on more essential features.

So I’m just curious to know what you guys would think about initiatives of extending Phoenix to create more specialized web-frameworks? For example with built-in features like authentication, authorization, administration, advanced library for file upload and attachment

How hard or feasible would that be? Am I dreaming too big? :laughing:
Do you think such a web-framework will have some success?
Is Phoenix a good foundation for building nice frameworks that could compete well with existing framework like rails, django, symfony, laravel… from built-in “features” point of view?

I’m really interested in what you think. Thanks.

8 Likes

This sounds more like a bunch of generators and not a separate framework.

Which would require instrumentation and working on the BEAM bytecode. Or advanced generators that operate on Elixir’s raw source files.

Doesn’t sound at all simple, to me at least.

2 Likes

There is a reason why Jose didn’t created authentication framework for Phoenix despite all of his experience with Devise.

Authorization with pattern matching is dumb easy, example:

defmodule MyApp.Authorization do
  def can?(action, user, resource)

  def can?(_action, %User{id: id}, %Article{author_id: id}), do: true
  def can?(:edit, %User{role: :editor}, _article), do: true
  def can?(:create, _user, _article), do: true

  # All undefined actions aren't allowed
  def can?(_action, _user, _article), do: false
end

About administration - there are “admin templates” out there, but the main problem is that this work only for simple CRUDs and you overgrow such tool faster than you think. And hacking around it afterwards is more troublesome than writing custom one from the day 1.

File uploads? Just upload them to the file storage directly (all S3-likes have possibility to do so) and do not handle it within your application or you will have bad time.

9 Likes

Ok it has the merit of being clear! :laughing:

Can you give more details about why authentication framework is a bad idea? I found something like Pow really handful, at least for my use cases.

Just for clarification, none of these are built-in to rails, all of them are added through libs and you have to install them one-by-one, pretty much how we do on elixir, so not sure what’s the difference.

9 Likes

In fact I didn’t use rails but Django have most of that as built-in features.

2 Likes

Right, anyway, not sure if I understand, but your idea would be to create a framework to gather all these tools so people do not need to install them one by one? Is that it?

If that’s the case, I think it can be worth it for some people, but personally, I would not use it, because I think it’s kind of a overkill to add so many features and actually not using some of them for example. I like the idea of gradually adding the libs to the stuff that you really need, instead of adding a huge amount of libs and then turning off what you ended up not using.

1 Like

It makes sense. So it would be preferable if one can add those features as packages but the difference would be that thoses packages would be maintained by the core-team of the framework core-team. This way it would be more reassuring for the users.

1 Like

I think this already happens now to some extent. For example LiveView isn’t technically a part of Phoenix but it’s mainly maintained by the creator of Phoenix. Maybe over time more LV-like libraries will be created where they add something useful to most web apps but it’s opt-in via external package.

The only real thing I miss from Rails is an ActiveStorage equivalent. Arc IMO just doesn’t come close. But hopefully the upcoming LV based file upload functionality helps improve the situation, although I don’t think it will be as integrated as ActiveStorage on the back-end.

5 Likes

IMO having each item as a module is more flexible. Pow is awesome and really simple to setup for example.

All of that functionality is great, just doesn’t need to exist as a single unit IMO.

1 Like

Not disagreeing with you, but integrating every such mini framework is a pain in the rear and it’s always a rather involved process that is very error-prone the minute you need to stray even a little off the beaten path.

There has to be a better way of doing it. I keep thinking about working on intelligent generators but real life keeps getting in the way. Maybe I’ll get to it one day.

5 Likes

You’re right, I find myself reusing a lot of pieces of code by just changing some terms on the fly. I’m also thinking of creating some kind of interactive generator to speed up some repetitive tasks for my Phoenix projects.

I have always loved the idea of a basic auth system being built in (something like what’s in the Phoenix book would suffice) - reasons here:

I’ve always thought it was a personal failing not being able to persuade Chris that it was a good idea… I might try again one day :003:

1 Like

I just found it always lacking in some “not terrible, but annoying way”. And with tools like Comeonin building own authentication in application is a breeze. Also TBH I avoid implementing my own auth if possible, and instead I try to rely on external services via OpenID/OAuth/LDAP (however that second one is not really authorisation protocol).

So this is pretty easy to make your own system with already existing libraries (I just do not get popularity of Guardian, but that is different topic) so I do not really see a point in making something that will be Swiss knife, because Swiss knifes in theory are capable of anything, but I am yet to see someone who uses it for more than the bottle opener :wink:

2 Likes

A database admin panel with pretty defaults for dev environment might be nice. I don’t know if such a thing exists on hex (I haven’t looked)

4 Likes

for do this sample of Authorization it was needed install some library?
I am new on phoenix and I was asking me something for this these days…

Also true. Would be nice if there were just some standard guide to “preferred integrations”?

2 Likes

No need for anything… this is just pure Elixir code with powerful pattern match.

1 Like

Press X for doubt, as the meme goes.

I am definitely behind on the Elixir’s good practices lately – do we have blog posts on how to very quickly and easily roll your own authentication? And even if we do and if it’s indeed quick and easy, aren’t we forgetting that “rolling your own” is practically one of the most famous anti-patterns when it comes to security?

There’s an interesting discussion to be had, and the line between “a lot of batteries included that get in the way” and “bare bones that makes adding auth harder than it should be” is quite thin – that much I’ll immediately concede.

But this “it’s very easy to do it yourself”, I am not seeing it. When I was helping a few friends bootstrap their business last year, it took me days to fine-tune Coherence (and then Pow after I gave up on it) to work exactly as they wanted (they had several requirements that weren’t matching the default behaviour).

Maybe I am a bad programmer. But I can recognise when friction is higher than it should be. Authentication, authorisation, file uploads, serving static files if they so choose (not everybody wants to master nginx or knows how to setup CloudFlare), utilising Webpack correctly – these are very common and well-known knobs people want to be able to use in apps. Surely there can’t be any harm if they eventually get added to the mix phx.new generator options (provided the community agrees on de facto implementations first).

14 Likes

I was searching and has libraries like pow, Guardian or canary for this, no?
And the idea for something like active storage is nice.
And they are doing something for upload using the live view, I saw in the last conference here:


but the guy tells it haas some problems with security, etc…
1 Like