Following some discussions here I understand clearly that Phoenix core-team doesn’t aim something like Rails or Django. That is great, so they can focus on more essential features.
So I’m just curious to know what you guys would think about initiatives of extending Phoenix to create more specialized web-frameworks? For example with built-in features like authentication, authorization, administration, advanced library for file upload and attachment…
How hard or feasible would that be? Am I dreaming too big?
Do you think such a web-framework will have some success?
Is Phoenix a good foundation for building nice frameworks that could compete well with existing framework like rails, django, symfony, laravel… from built-in “features” point of view?
About administration - there are “admin templates” out there, but the main problem is that this work only for simple CRUDs and you overgrow such tool faster than you think. And hacking around it afterwards is more troublesome than writing custom one from the day 1.
File uploads? Just upload them to the file storage directly (all S3-likes have possibility to do so) and do not handle it within your application or you will have bad time.
Just for clarification, none of these are built-in to rails, all of them are added through libs and you have to install them one-by-one, pretty much how we do on elixir, so not sure what’s the difference.
Right, anyway, not sure if I understand, but your idea would be to create a framework to gather all these tools so people do not need to install them one by one? Is that it?
If that’s the case, I think it can be worth it for some people, but personally, I would not use it, because I think it’s kind of a overkill to add so many features and actually not using some of them for example. I like the idea of gradually adding the libs to the stuff that you really need, instead of adding a huge amount of libs and then turning off what you ended up not using.
It makes sense. So it would be preferable if one can add those features as packages but the difference would be that thoses packages would be maintained by the core-team of the framework core-team. This way it would be more reassuring for the users.
I think this already happens now to some extent. For example LiveView isn’t technically a part of Phoenix but it’s mainly maintained by the creator of Phoenix. Maybe over time more LV-like libraries will be created where they add something useful to most web apps but it’s opt-in via external package.
The only real thing I miss from Rails is an ActiveStorage equivalent. Arc IMO just doesn’t come close. But hopefully the upcoming LV based file upload functionality helps improve the situation, although I don’t think it will be as integrated as ActiveStorage on the back-end.
Not disagreeing with you, but integrating every such mini framework is a pain in the rear and it’s always a rather involved process that is very error-prone the minute you need to stray even a little off the beaten path.
There has to be a better way of doing it. I keep thinking about working on intelligent generators but real life keeps getting in the way. Maybe I’ll get to it one day.
You’re right, I find myself reusing a lot of pieces of code by just changing some terms on the fly. I’m also thinking of creating some kind of interactive generator to speed up some repetitive tasks for my Phoenix projects.
I just found it always lacking in some “not terrible, but annoying way”. And with tools like Comeonin building own authentication in application is a breeze. Also TBH I avoid implementing my own auth if possible, and instead I try to rely on external services via OpenID/OAuth/LDAP (however that second one is not really authorisation protocol).
So this is pretty easy to make your own system with already existing libraries (I just do not get popularity of Guardian, but that is different topic) so I do not really see a point in making something that will be Swiss knife, because Swiss knifes in theory are capable of anything, but I am yet to see someone who uses it for more than the bottle opener
I am definitely behind on the Elixir’s good practices lately – do we have blog posts on how to very quickly and easily roll your own authentication? And even if we do and if it’s indeed quick and easy, aren’t we forgetting that “rolling your own” is practically one of the most famous anti-patterns when it comes to security?
There’s an interesting discussion to be had, and the line between “a lot of batteries included that get in the way” and “bare bones that makes adding auth harder than it should be” is quite thin – that much I’ll immediately concede.
But this “it’s very easy to do it yourself”, I am not seeing it. When I was helping a few friends bootstrap their business last year, it took me days to fine-tune Coherence (and then Pow after I gave up on it) to work exactly as they wanted (they had several requirements that weren’t matching the default behaviour).
Maybe I am a bad programmer. But I can recognise when friction is higher than it should be. Authentication, authorisation, file uploads, serving static files if they so choose (not everybody wants to master nginx or knows how to setup CloudFlare), utilising Webpack correctly – these are very common and well-known knobs people want to be able to use in apps. Surely there can’t be any harm if they eventually get added to the mix phx.new generator options (provided the community agrees on de facto implementations first).
I was searching and has libraries like pow, Guardian or canary for this, no?
And the idea for something like active storage is nice.
And they are doing something for upload using the live view, I saw in the last conference here:
but the guy tells it haas some problems with security, etc…