Kurisu
What would you think about a new web-framework that extends Phoenix with rails-like or django-like built-in features?
Following some discussions here I understand clearly that Phoenix core-team doesn’t aim something like Rails or Django. That is great, so they can focus on more essential features.
So I’m just curious to know what you guys would think about initiatives of extending Phoenix to create more specialized web-frameworks? For example with built-in features like authentication, authorization, administration, advanced library for file upload and attachment…
How hard or feasible would that be? Am I dreaming too big? ![]()
Do you think such a web-framework will have some success?
Is Phoenix a good foundation for building nice frameworks that could compete well with existing framework like rails, django, symfony, laravel… from built-in “features” point of view?
I’m really interested in what you think. Thanks.
Most Liked
dimitarvp
Press X for doubt, as the meme goes.
I am definitely behind on the Elixir’s good practices lately – do we have blog posts on how to very quickly and easily roll your own authentication? And even if we do and if it’s indeed quick and easy, aren’t we forgetting that “rolling your own” is practically one of the most famous anti-patterns when it comes to security?
There’s an interesting discussion to be had, and the line between “a lot of batteries included that get in the way” and “bare bones that makes adding auth harder than it should be” is quite thin – that much I’ll immediately concede.
But this “it’s very easy to do it yourself”, I am not seeing it. When I was helping a few friends bootstrap their business last year, it took me days to fine-tune Coherence (and then Pow after I gave up on it) to work exactly as they wanted (they had several requirements that weren’t matching the default behaviour).
Maybe I am a bad programmer. But I can recognise when friction is higher than it should be. Authentication, authorisation, file uploads, serving static files if they so choose (not everybody wants to master nginx or knows how to setup CloudFlare), utilising Webpack correctly – these are very common and well-known knobs people want to be able to use in apps. Surely there can’t be any harm if they eventually get added to the mix phx.new generator options (provided the community agrees on de facto implementations first).
hauleth
- No
- No
- No
- Please, no
- For sake of gods, no
- Nooooooooooooooo
There is a reason why Jose didn’t created authentication framework for Phoenix despite all of his experience with Devise.
Authorization with pattern matching is dumb easy, example:
defmodule MyApp.Authorization do
def can?(action, user, resource)
def can?(_action, %User{id: id}, %Article{author_id: id}), do: true
def can?(:edit, %User{role: :editor}, _article), do: true
def can?(:create, _user, _article), do: true
# All undefined actions aren't allowed
def can?(_action, _user, _article), do: false
end
About administration - there are “admin templates” out there, but the main problem is that this work only for simple CRUDs and you overgrow such tool faster than you think. And hacking around it afterwards is more troublesome than writing custom one from the day 1.
File uploads? Just upload them to the file storage directly (all S3-likes have possibility to do so) and do not handle it within your application or you will have bad time.
kelvinst
Just for clarification, none of these are built-in to rails, all of them are added through libs and you have to install them one-by-one, pretty much how we do on elixir, so not sure what’s the difference.
Popular in Discussions
Other popular topics
Categories:
Sub Categories:
Forums
Popular Tags
- #ecto
- #liveview
- #troubleshooting
- #learning-elixir
- #deployment
- #library
- #erlang
- #testing
- #genserver
- #mix
- #absinthe
- #remote-other
- #otp
- #plug
- #how-to-question
- #macros
- #postgres
- #channels
- #elixirconf
- #exunit
- #discussion
- #code-sync
- #javascript
- #podcasts
- #onsite
- #dialyzer
- #docker
- #authentication
- #umbrella
- #full-time-contract
- #podcasts-by-brainlid
- #ecto-query
- #elixir-ls
- #phoenix_html
- #iex
- #blog-post
- #graphql
- #genstage
- #ai
- #websockets
- #supervisor
- #advent-of-code
- #elixirconf-us
- #distillery
- #processes
- #forms
- #api
- #metaprogramming
- #security
- #performance









