#elixir-lang - 25 March 2019
« Back 1 day Forward 1 day »
[10:35:06] RJ2: made myself a new phoenix project the standard way, live reload works when i change templates etc, but it doesn't re-run webpack if i modify a CSS file
[10:42:26] RJ2: i used the mix templates to create the project, so it's the default phoenix setup, which includes live_reload - so assumed css and js assets would live reload too
[10:56:06] RJ2: oh, it would work.. but i have inotify issues with my VM's mounted disk.. setting webpack to watch with poll works fine :)
[12:10:31] dysfun: like first off you will have to choose between outsourcing to an external service which probably uses JWT or insourcing in which case you have more flexibility
[12:19:39] gwillickers: i've used ueberauth in a bunch of projects but recently started looking at pow
[12:55:12] OliverMT: tbh, the one you are using is literally an elixir implementation of spring security :D
[12:56:12] bind: I guess when I would like to not let my phoenix application crash when the repo cannot connect to the db server ... I would have to write some custom supervision logic/subtree instead of adding it directly to the app supervisor?
[12:58:56] dysfun: OliverMT: no it's terrible and i wish i could justify the time required to replace it
[12:58:56] bind: the auth solution dysfun uses and is very good as you mention OliverMT is available somewhere on GH/hex or rather closed source?
[13:00:01] OliverMT: letting you annotate with module attrs at the top to set specific roles for specific actions
[13:01:02] OliverMT: it's very not-in-your-way, it gives you some structure for how to do user id, anon, roles etc
[13:01:34] OliverMT: it's intentionally in your way in the app you do because it forces you to think about the security to do *anything*
[13:01:59] OliverMT: that you have a different view at how to enforce team wide security patterns doesn't mean it's shit
[13:02:19] dysfun: and that's fine for some use cases, but it's tedious if you know what you're doing and how to do it and have to figure out how to adapt to its way of doing things
[13:03:58] OliverMT: might not be for you, but it's authed up uhm... four(?) projects in prod so far
[13:04:11] OliverMT: it should be said, this was made internally before guardian and ueberauth etc came to be
[13:05:08] OliverMT: but it's all dynamic ACL db backed auth now, based off an auth struct passed on to the resolvers/contexts
[13:30:08] bind: personally in the projects I currently working on there also has to be db backed auth and access control
[13:32:56] bind: (based on an auth struct which is resolved pretty early using a plug and some auth token)
[13:40:37] OliverMT: *any* context function has always at least two params, because param1 is an auth struct
[13:41:01] OliverMT: that passes user_id, roles, anonymous, metadata and some app specific convenience booleans like is_admin and is_company_admin (multi tenant saas)
[13:41:16] OliverMT: if a context needs to call other contexts to grab related data, the auth struct is passed on
[13:41:42] OliverMT: that way each context only has to deal with local security, as in the auth passed only needs to deal with the Thing that a given context deals with
[13:42:22] OliverMT: if you need more fine grained control like that, for example you should be alllowed to expand and look at users if those users are linked from a comment (needed for GQL, ebcause we need to be able to expand a user dynamically from the query), you can just pass on some opts like you would do in idiomatic elixir
[13:43:18] OliverMT: I find myself very rarely using roles lately, it's mostly is_admin and user_id / company_id for derived row based acl
[13:45:30] benwilson512: we're pairing it with my new postgres / event based system so there's this lovely record of grant / revoke events
[13:47:07] OliverMT: not very hard to workaround just delegating to a simple absinthe schema run directly though
[14:37:39] bind: OliverMT: do you also have a way to mark some calls to your context as :internal? for example when you have system-wide tasks such as application startup logic, periodic tasks..
[14:38:24] OliverMT: nah, if you need housekeeping functions that are outside this auth pattern then of course you can have that
[14:39:50] bind: OliverMT: so you would have that functionality separetly callable without auth struct?
[14:59:05] drangon: Hey I am curious to if it is possible to have the phoenix server serve an angular application that has routing
[18:00:15] starbelly: atoms rather... I don't full agree with it... I don't personally have come not to like `foo?` and `foo!` but if it brings better interop, which it would... I'm all for it
[19:55:38] bind: OliverMT: I know that you wont allow a passing stranger like me to have a look... so you have things like user_id, a list of roles, a boolean indicating anonymousity, some (request/user) metadata and some other app specific booleans wrapped inside the auth struct? (currently using a user struct directly here)
[21:43:02] RJ2: can someone recommend a reasonably well designed, idiomatic HTTP client library for a restful json api that i can have a look at? I want to write one, and would like a crash course on how things are done in modern elixir
[21:46:29] Radar: RJ2: I wrote an interface to Elastic Search here using the HTTPotion package: http://github.com/radar/elastic
[21:52:38] ericmj: RJ2: you can use your favorite erlang library. httpotion and httpoison wraps ibrowse and hackney respectively, but I would recommend using underlying the libraries directly
[22:00:18] ericmj: RJ2: make sure you don't learn the anti-patterns `HTTPoison.Base` and `HTTPotion.Base`
[22:22:00] plsm: hi. I'm just looking at elixir for a personal project. Are the books suggested on the official site a good place to start with elixir?
[22:56:14] bind: ericmj: I see ... but I guess it is more a "you have to get a feeling for it" thing to know when it would be useful to have a "use"-able module?
[22:57:13] ericmj: it's technically not related `use` since `use` is just another way of calling a macro
[22:58:35] ericmj: the Base modules generate duplicate code that you solve by using defdelegate or usually just a simple `import`
[23:01:26] bind: I see ... looking at https://hexdocs.pm/httpoison/HTTPoison.Base.html ... these functions could indeed be just imported and your own module could then present it's own api only without all those additional functions