12

UPDATE 1: I made a lot of progress on this one. I pretty much gave up (at least for now, but maybe long term) on the idea of allowing user-uploaded modules. However, I am developing a structure so that several modules can be defined and loaded. A module will be initialised, set its own routes, and have a 'public" directory for Javascript to be served. The more I see it, the more I realise that I can (should) also move the calls that are now system-wide in a module called "system".

UPDATE 2: I have made HUGE progress on this. I am about to commit tons of code on GitHub which will allow people to do really, really good modular programming (with modules exposing both client and server side code) using Node and Express. Please stay tuned.

UPDATE 3: I rewrote this thing as a system to register modules and enable them to communicate via a event/hooks system. It's coming along extremely nicely. I have tons of code already good to go -- I am just porting it to the new system. Feel free to have a look at the project on GitHub: https://github.com/mercmobily/hotplate )

UPDATE 4: This is good. It turns out that my idea about a module being client AND server is really working.

UPDATE 5: The module is getting closer to something usable. I implemented a new loader which will take into account what an init() function will invokeAll() -- and will make sure that modules providing that hook will be loaded first. This opens up hotplate to a whole new level.

UPDATE 6: Hotplate is now close to 12000 lines of code. By the time it's finished, sometime in February, I imagine it will be close to 20000 lines of code. It does a lot of stuff, and it all started here on StackOverflow! I need it to develop my own SaaS, so I really need to get it finished by February (so that I can sprint to July and finish the first version of BookingDojo). Thanks everybody!

I am writing something that will probably turn into a pretty big piece of software. The short story is that it's nodejs + Express + Mongodb/Mongoose + Dojo (client side).

NOTE: Questions in this text are marked as [Q1], [Q2], etc.

Coming from a Drupal background (and knowing how coooomplex it has evolved, something I would like to avoid), I am a bit of a module freak. At the moment, I've done the application's boilerplate (hotplate: https://github.com/mercmobily/hotplate ). It does all of the boring stuff (users, workspaces, password reminder, etc.) and it's missing quite a few pieces.

I would like to come up with a design that will allow modules in a similar fashion as Drupal (but possibly better). That is:

  • Modules can define new routes, and handle them
  • Modules are installed system-wide, and then each workspace can enable a set list of them

The initial architecture could be something along those lines:

  • A "modules" directory, where there is one directory per module
  • Each module has a directory for "public" files for the Javascript side of things
  • Each module would have public/startup.js which would be included in the app's javascript
  • Each module would have server/node.js which would be included on the fly by the server if/when needed
  • There would be one route defined, something like /app/:workspaceid/modules/MODULE_NAME/.* with a middleware that checks if that workspace has MODULE_NAME enabled -- and if it does, calls a module's function with the passed parameter

[Q1]: Does this some vaguely sane?

Issues:

  • I want to make this dynamic. I would like modules to be required when needed on the spot. This should be easy enough to do, by requiring things on the fly.

  • server/node.js would have a function called, but that function feels/looks an awful lot like a router itself

[Q2] Do you have any specific hints about this one?

These don't seem to be too much of a concern. However, the real question comes when you talk about security.

  • Privacy. This is a nasty one. At the moment, all the calls will make the right queries to mongoDb filtering by workspaceId. I would like to enforce some way so that there is no clear access to the database by the modules, so that each module doesn't have access to data that belongs to other workspaces

  • User-defined modules. I would love to give users the ability to upload their own modules (and maybe make them available to other users). But, this effectively means allowing people to upload code that will be executed by node itself! How would you go about this?

[Q3] How would you go about these privacy/security issues? Is there any way for example to run the user-uploaded code in a sort of node sandbox? What about access to file system etc.?

Thanks!

Merc
  • 16,277
  • 18
  • 79
  • 122
  • Have you taken a look at the calipso CMS? (http://calip.so/) I believe parts of the design was inspired by Drupal. Unfortunately it doesn't seem like its been maintained recently. – badunk Sep 04 '12 at 09:58
  • That's more of a CMS. What I am after is a modular way of developing generic modules that will work for client and server sides. I think I managed! – Merc Sep 07 '12 at 15:58
  • glad to see you solved it, however calip.so does have an event-driven module system. You would have to buy into the CMS part too, of course. – badunk Sep 07 '12 at 21:38
  • @Merc: want the bounty? answer the question so i can give it to you – mkoryak Sep 07 '12 at 22:30
  • @mkoryak: really want this bounty. But, I cannot really answer it until at least most of the modules I wrote for Hotplate are functional. Will try and do that today. badunk: Sorry, I wasn't quite clear. I was after something *focussed* on a lightweight solution to create modules that work client/side and server/side. – Merc Sep 08 '12 at 00:09
  • @merc, well you got a good foundation there, you got 3 days to get the project working to get the bounty. Otherwise it expires. Im learning nodejs myself right now and your project is very helpful to me. Thanks! – mkoryak Sep 08 '12 at 02:24
  • This can't, and shouldn't, be rushed. In 2 days I will have a very strong foundation. However, for every step I take, I discover that I really, really need to make sure things are done the right way. I had a system for common Validators (client and server). While "porting" that to Hotplate, I realised that I needed a more generic way to share code in general between client and server -- and did that. Validators are simply a special case of that. I think I am onto something amazing, to be honest. I will do my best to get as much as possible done in 2 days :D – Merc Sep 09 '12 at 00:32
  • @mkoryak: see my latest GitHub commit to see what I mean. I added the ability to share code now. It's neat, and it simply wouldn't be possible (not this nicely) without using this system. (I am not 100% convinced by the way I actually send the functions to the client, but that's another story) – Merc Sep 09 '12 at 02:52
  • @mkoryak: Thanks for the bounty. It was a bit of a marathon to complete "core" over the week-end. I will make sure I complete `auth` as well this week, so that you can start using it for real. And then well, documentation. – Merc Sep 10 '12 at 02:40
  • @mkoryak: Development continues. VERY shortly, I will have a version 0.1 that is actually usable. Did you see the developments on GitHub? I am adding the ability to automatically add Dojo stores. I will soon have a functional "something" with login, password, etc. Thanks for the bounty again! – Merc Sep 14 '12 at 04:05
  • i followed you on github. ill watch the project. NP for the bounty, you earned it – mkoryak Sep 14 '12 at 14:42

1 Answers1

5

In the end, I answered this myself -- the hard way. The answer: hotplate, https://github.com/mercmobily/hotplate

It does most of what I describe above. More importantly, with hotPlate (using hotPage and hotClientPages, available by default), you can write a module which

  1. Defines some routes
  2. Defines a "public" directory with the UI
  3. Defines specific CSS and JS files that must be loaded when loading that module
  4. Is able to add route-specific JSes if needed

Status: I am accepting this answer as I am finished developing Hotplate's "core", which was the point of this answer. I still need to "do" things (for example, once I've written docs, I will make sure "hotplate" is the only directory in the module, without having an example server there). However, the foundation is there. In terms of "core", it's only really missing the "auth" side of the story (which will require a lot of thinking, since I want to make it so that it's db agnostic AND interfacing with passport). The Dojo widgets are a great bonus, although this framework can be used with anything (and in fact backbone-specific code would be sweeeeet).

What hotplate DOESN'T do:

What hotplate DOESn'T do, is give users the ability to upload modules which will then be loaded in the application. This is extremely tricky. The client side wouldn't be so bad (the user could define Javascript to upload, and there could be a module to do that, no worries). The server side, however, is tricky at best. There are just too many things that can go wrong (the client might upload a blocking piece of code, or they could start reading the file system, they would have access to the full database, and so on). The solution to these issues are possible, but none of them are easy (you can cage the user's node environment and get it to run on a different port, for example, and so on) but some problems will stay. But, there is always hope.

Merc
  • 16,277
  • 18
  • 79
  • 122