[Ur] Multitenancy

[Simon Van Casteren]

Hi,

I'm in the process of making a new application for music schools, using
ur/web for front and backend. I'm at the point where I have two customers
and am starting to implement support for multiple clients/tenants in one DB
(postgres). I've been planning to implement multitenancy from the start,
but haven't had the time yet.

Has anyone implemented a form of multitenancy in ur/web before?

I see two areas that need consideration.

1. Deciding which user belongs to which tenant. Ideally I'd have a seperate
url for each tenant that I can give out to my clients (=the schools), do
some dns magic to send them all to the same exe, extract the tenantname
from the url and save the tenantId in a cookie. Also ideally, the user's
url would not change, ie. All urls should go to myschool.coolschools.be
during a session, not getting redirected at all. This is all in an ideal
situation of course.

2. Database access: I'll have tenantId columns in all tables + foreign keys
and indexes on these columns. I'm a bit afraid I'll forget adding tenantId
= cookie.tenantid somewhere, so I was thinking I could make a function that
takes a sql_exp and a tenantId and adds these clauses to all tables
involved. Not 100% sure that will work but I think it's possible, I haven't
had to dive into the internals of sql_exp yet. Secondly, I wonder if I can
somehow declare my endpoints to be tenantdepandent (all but the most
general will be) maybe via newtyping the transaction datatype and then
allowing the execute only sql queries that have the above function applied.
Just dreaming out loud here.

I'd be very interested in any ideas or examples!

Simon
___
Ur mailing list
Ur@impredicative.com
http://www.impredicative.com/cgi-bin/mailman/listinfo/ur

Re: [Ur] Multitenancy

[Simon Van Casteren]

I considered it briefly as I was doing some research on the topic. It's the
first time I'll be running and deploying a SaaS app myself (I've so far
always been on the programming side only) so it felt more natural to me to
keep everything inside a single application. Running the application right
now consists of me ssh'ing into a Linode and running the exe by hand. If I
want to split this into one application per database (which does guarantee
data security better, that's really nice) then deployment seems to become
much more complicated.

But let's say I do go that route. Is using one of the new deployment tools
a good idea for a just-started scenario? I appreciate how ur/web uses very
basic and simple tools, eg: Using curl in the Worldffi project to do HTTP
requests, not having editor tooling but having the compiler use standard
error formatting so emacs picks it up automatically. This is in strong
contrast to the javascript community where I normally reside, which likes
to re-implement things a lot. So I'd like to know what advice the community
has on the right tools for setting up a new application and database
automatically (probably via the C FFI?) and then running and updating them
together. I would like to note that adding and running new clients without
any manual work is strongly preferred.

Because I don't have any idea of how I would handle this adding and
deploying of clients, I can't weigh the two alternatives: Complicating the
app with tenantIds, or complicating the deployment with seperate apps.

2018-05-13 15:31 GMT+02:00 Adam Chlipala :

> Can you explain why you don't want to run separate applications with
> separate databases?
>
>
> On 05/13/2018 05:50 AM, Simon Van Casteren wrote:
>
> Hi,
>
> I'm in the process of making a new application for music schools, using
> ur/web for front and backend. I'm at the point where I have two customers
> and am starting to implement support for multiple clients/tenants in one DB
> (postgres). I've been planning to implement multitenancy from the start,
> but haven't had the time yet.
>
> Has anyone implemented a form of multitenancy in ur/web before?
>
> I see two areas that need consideration.
>
> 1. Deciding which user belongs to which tenant. Ideally I'd have a
> seperate url for each tenant that I can give out to my clients (=the
> schools), do some dns magic to send them all to the same exe, extract the
> tenantname from the url and save the tenantId in a cookie. Also ideally,
> the user's url would not change, ie. All urls should go to
> myschool.coolschools.be during a session, not getting redirected at all.
> This is all in an ideal situation of course.
>
> 2. Database access: I'll have tenantId columns in all tables + foreign
> keys and indexes on these columns. I'm a bit afraid I'll forget adding
> tenantId = cookie.tenantid somewhere, so I was thinking I could make a
> function that takes a sql_exp and a tenantId and adds these clauses to all
> tables involved. Not 100% sure that will work but I think it's possible, I
> haven't had to dive into the internals of sql_exp yet. Secondly, I wonder
> if I can somehow declare my endpoints to be tenantdepandent (all but the
> most general will be) maybe via newtyping the transaction datatype and then
> allowing the execute only sql queries that have the above function applied.
> Just dreaming out loud here.
>
> I'd be very interested in any ideas or examples!
>
> Simon
>
>
>
> ___
> Ur mailing list
> Ur@impredicative.com
> http://www.impredicative.com/cgi-bin/mailman/listinfo/ur
>
>
___
Ur mailing list
Ur@impredicative.com
http://www.impredicative.com/cgi-bin/mailman/listinfo/ur

Re: [Ur] Multitenancy

[Simon Van Casteren]

Thanks everybody for the help. I was running my exe in standalone mode, so
I didn't realise when you're running in fastCGI mode that Nginx will start
processes for you. As I said, I don't have any frame of reference so I ask
silly questions :).

As I see it now, I'll probably have an API endpoint "new_tenant" that will
run the following:

* Run a shell script to set up a new DB and load default data.
* Write the necessary config for a new fastCGI server with the new
connection string into my nginx config and reload nginx, as I've read this
should not impact the other servers. I'll probably add some notification to
myself whenever I do this so I don't silently start thousands of servers
when something goes wrong.

It would be nice if I could have urweb do this. Is there a way to run shell
scripts for urweb? And what about interacting stuff with file system? Both
I have not seen happen in urweb, since it's mostly not necessary. Am I
better off using the FFI for these things? I saw the BazQux reader uses the
FFI to call into Haskell, that seems very nice even though it's probably
overkill for this use case.

Simon

2018-05-13 16:13 GMT+02:00 Rob Manhatton :

> After a light google, it seems that terraform's linode support isn't super
> mature yet, so if you're comfortable doing all the apps on the same VM and
> database end point then hold off on terraform a few more months (although
> you will really like having nearly 100% of your systems backed by code when
> you have bandwidth to look into it).
>
> On May 13, 2018 9:03:28 AM CDT, Adam Chlipala  wrote:
>
>> I'm not sure which aspect of deployment you're worried about.  With
>> Apache, you can configure as many FastCGI applications as you'd like, and
>> they will all be started automatically on each reboot.  It only takes a few
>> lines of configuration per application.  Similarly, creating a new database
>> is a few lines of shell script, using the .sql file that the Ur/Web
>> compiler produces for an application.  All of the details are independent
>> of application specifics.
>>
>> I am not aware of any existing tools for doing these simple steps
>> automatically, but it should be easy to roll an all-inclusive shell script.
>>
>> On 05/13/2018 09:48 AM, Simon Van Casteren wrote:
>>
>> I considered it briefly as I was doing some research on the topic. It's
>> the first time I'll be running and deploying a SaaS app myself (I've so far
>> always been on the programming side only) so it felt more natural to me to
>> keep everything inside a single application. Running the application right
>> now consists of me ssh'ing into a Linode and running the exe by hand. If I
>> want to split this into one application per database (which does guarantee
>> data security better, that's really nice) then deployment seems to become
>> much more complicated.
>>
>> But let's say I do go that route. Is using one of the new deployment
>> tools a good idea for a just-started scenario? I appreciate how ur/web uses
>> very basic and simple tools, eg: Using curl in the Worldffi project to do
>> HTTP requests, not having editor tooling but having the compiler use
>> standard error formatting so emacs picks it up automatically. This is in
>> strong contrast to the javascript community where I normally reside, which
>> likes to re-implement things a lot. So I'd like to know what advice the
>> community has on the right tools for setting up a new application and
>> database automatically (probably via the C FFI?) and then running and
>> updating them together. I would like to note that adding and running new
>> clients without any manual work is strongly preferred.
>>
>> Because I don't have any idea of how I would handle this adding and
>> deploying of clients, I can't weigh the two alternatives: Complicating the
>> app with tenantIds, or complicating the deployment with seperate apps.
>>
>> 2018-05-13 15:31 GMT+02:00 Adam Chlipala :
>>
>>> Can you explain why you don't want to run separate applications with
>>> separate databases?
>>>
>>>
>>> On 05/13/2018 05:50 AM, Simon Van Casteren wrote:
>>>
>>> Hi,
>>>
>>> I'm in the process of making a new application for music schools, using
>>> ur/web for front and backend. I'm at the point where I have two customers
>>> and am starting to implement support for multiple clients/tenants in one DB
>>> (postgres). I've been planning to implement multitenancy from the start,
>>> but haven't had the time yet.
>>

Re: [Ur] Multitenancy

[Simon Van Casteren]

In general, not really. And at the moment I don't have time to implement
the automation so I for sure will do it manually. But I plan to add a
"Demo" button where people can check out the whole application with some
demo data and can do whatever they want. I wanted to implement that also as
a seperate tenant, and after a few days of inactivity delete those "demo
tenants".

Secondly, as a client I would appreciate it if I could buy this product and
immediately get my environment up and running, so not having to wait
minutes-hours until I can start using what I bought. This is not that
important right now, but I would like to have the possibility.

2018-05-13 20:11 GMT+02:00 Adam Chlipala :

> I'm confused about something: do you really expect to add new tenants
> frequently enough that it would be a problem for you to have to log into
> the server and run a shell script each time?  Would it even be a problem if
> you had to edit configuration files manually on the server each time?
>
> On 05/13/2018 02:02 PM, Simon Van Casteren wrote:
>
>> As I see it now, I'll probably have an API endpoint "new_tenant" that
>> will run the following:
>>
>> * Run a shell script to set up a new DB and load default data.
>> * Write the necessary config for a new fastCGI server with the new
>> connection string into my nginx config and reload nginx, as I've read this
>> should not impact the other servers. I'll probably add some notification to
>> myself whenever I do this so I don't silently start thousands of servers
>> when something goes wrong.
>>
>
> ___
> Ur mailing list
> Ur@impredicative.com
> http://www.impredicative.com/cgi-bin/mailman/listinfo/ur
>
___
Ur mailing list
Ur@impredicative.com
http://www.impredicative.com/cgi-bin/mailman/listinfo/ur

Re: [Ur] calling javascript code in

[Simon Van Casteren]

This is a very cool trick! I happened to need this: I'm making a filtering
page with a ton of checkboxes, and every time I check any one of them, I
want to reload stuff from the server. My first solution was to add my
"reloadStuff" function in every onchange handler of every checkbox. I've
now replaced that with the trick mentioned above: one dyn tag which depends
on the signals of every checkbox source, and it renders a script tag when
something changes. Much cleaner! Have to be a little bit careful that I
don't start abusing this though.

Side note: the 

Re: [Ur] calling javascript code in

[Simon Van Casteren]

Active doesn't let you do rpc requests though, but if you don't need that
then active works as well, didn't think about that either...

Op do 5 jul. 2018 om 15:59 schreef Adam Chlipala :

> Oh, right.  The  tag should do just as well, in that case.
> You'd need to return an empty XML document explicitly, but that's not hard.
>
> On 07/05/2018 09:43 AM, Simon Van Casteren wrote:
> > Side note: the 

[Ur] Property-based testing + Contract driven development

[Simon Van Casteren]

Hey,

My current urweb project is getting quite big and there's a few places
where property-based testing would be very handy. I've not found anything
online though that can do this for urweb. Is anybody working on this?
Porting Quickcheck or one of its derivatives from Haskell or PureScript
would probably be the fast way to go.

Secondly, I've found contract driven development to work extremely well
with property-based testing. Again the same question: Has anyone used it in
urweb? I'm just looking for a handy way to specify pre/post conditions and
somehow have the compiler strip them out of production code.

Thanks for any help

Simon
___
Ur mailing list
Ur@impredicative.com
http://www.impredicative.com/cgi-bin/mailman/listinfo/ur

[Ur] Reading files uploaded by a user

[Simon Van Casteren]

Hey everybody,

Does anybody have experience with reading files uploaded by a user in
Ur/Web? My use case: I'm building an application used by (music) schools
and migrating their data into my database is a big thing. Medium-sized
schools often have more than 1000 students following classes, so adding
them one by one via an online form is a big time investment, especially
since students don't just have names but also addresses, phone numbers,
email addresses and pre-existing enrollments.

I want to provide import functionality of this data and I feel CSV files
are probably the best way to go with this. Microsoft Excel exports these,
database programs can export these they're human-readable, etc.

I know Ur/Web supports file upload with the file and blob types, but I
don't know where to go from there. Probably I'll have to use the C FFI to
then read these files, but I honestly don't know where to begin. I don't
know what the internal representation of these types is, nor would I know
where to begin searching how to then process these into Ur/Web data
structures.

Ideally I would have a function that just does:

blob -> transaction (list string)

or something, maybe providing an encoding if needed. I really don't know
where to begin here, so any help is much appreciated!

BTW: Thanks for Ur/Web, it's been a godsend for me.

Simon
___
Ur mailing list
Ur@impredicative.com
http://www.impredicative.com/cgi-bin/mailman/listinfo/ur

Re: [Ur] Reading files uploaded by a user

[Simon Van Casteren]

Using textboxes is indeed a good idea. I think with some help text, it
should be no problem for my users to understand how to use this.

That CSV.parse function is really good for inspiration. I'll probably
change it a bit so I can provide parsing and validation functions per field
so I can give a bit more feedback to users when parsing fails, but it's so
nice to have something to start with. I need to look some more into the UPO
repo, it's some very nice code.

I'll definitely be writing up some stuff about my experience with Ur/Web
once the development calms down and my first clients run stable, but that
might take a while. My whole application is in Dutch at the moment, but I'm
definitely planning to translate it to English as well. It will all come,
but will take some more time :).

Simon

Op za 11 aug. 2018 om 22:54 schreef Adam Chlipala :

> On 08/11/2018 04:34 PM, Simon Van Casteren wrote:
>
> I want to provide import functionality of this data and I feel CSV files
> are probably the best way to go with this. Microsoft Excel exports these,
> database programs can export these they're human-readable, etc.
>
> I know Ur/Web supports file upload with the file and blob types, but I
> don't know where to go from there.
>
>
> I just use textboxes for CSV upload, in a few different production
> deployments based on UPO <http://upo.csail.mit.edu/>.  I have to admit,
> it isn't obvious that there shouldn't be a [blob -> string] function in the
> standard library, so I'd be open to adding that, too, if it sounds like the
> demand is there.
>
> BTW: Thanks for Ur/Web, it's been a godsend for me.
>
>
> Glad to hear you're getting some mileage out of it!  I'm sure the crowd
> here will be interested to hear more details of your applications, when
> they're far enough along (and I like to add links from the Ur project site).
> ___
> Ur mailing list
> Ur@impredicative.com
> http://www.impredicative.com/cgi-bin/mailman/listinfo/ur
>
___
Ur mailing list
Ur@impredicative.com
http://www.impredicative.com/cgi-bin/mailman/listinfo/ur

[Ur] Struggling to figure out mapping of record

[Simon Van Casteren]

Hi everybody, I'm struggling to get my validation functions the way I
really like them. What I would like to do is start from a record of input
fields that have a certain type, eg:

{Age: option float, FirstName: string}

I then have a function that will validate the values of this record, and
either return an error in the form of a string, or a type b, for every
field.

{Age: option float -> either string int, FirstName: string -> either string
string}

(either is just a sum type with two values Left and Right like in Haskell,
I should make a PR to get this into the stdlib, but that's not relevant
now).

How can I now apply this record of functions to this record of values?
Output should be of the type:

{Age: either string int, FirstName: either string string}

I feel Ur should be able to do it but I can't figure it out. I keep going
back to Top.map2, but there the "to" and "from" types should be type level
functions from a certain K to a and b, but my records are monomorphic and
don't really have any relation between them except for the record of
mapping functions. (Not sure if all my terminology is correct here but I
hope you understand what I mean)

Any help much appreciated!

Simon
___
Ur mailing list
Ur@impredicative.com
http://www.impredicative.com/cgi-bin/mailman/listinfo/ur

Re: [Ur] Struggling to figure out mapping of record

[Simon Van Casteren]

It's so hard to think on this "level" for me. But I got it working! The
approach is obvious now that you told me, but I've spent many hours
thinking about it. Thanks so much for the help!

On Sat, Aug 18, 2018, 3:00 PM Adam Chlipala  wrote:

> On 08/18/2018 08:43 AM, Simon Van Casteren wrote:
> > {Age: option float, FirstName: string}
> >
> > [...]
> >
> > {Age: option float -> either string int, FirstName: string -> either
> > string string}
> >
> > [...] Output should be of the type:
> >
> > {Age: either string int, FirstName: either string string}
> >
> > I feel Ur should be able to do it but I can't figure it out. I keep
> > going back to Top.map2, but there the "to" and "from" types should be
> > type level functions from a certain K to a and b, but my records are
> > monomorphic and don't really have any relation between them except for
> > the record of mapping functions.
>
> Actually, your records look like each field has a particular fundamental
> type pair, e.g. [option float] and [int] for [Age] and [string] and
> [string] for [FirstName].  So you can build a type-level record of pairs
> of types, that is, with kind [{(Type * Type)}], and use [map2] very
> naturally!
>
> ___
> Ur mailing list
> Ur@impredicative.com
> http://www.impredicative.com/cgi-bin/mailman/listinfo/ur
>
___
Ur mailing list
Ur@impredicative.com
http://www.impredicative.com/cgi-bin/mailman/listinfo/ur

[Ur] Tooling: type of an expression

[Simon Van Casteren]

Urweb tooling is pretty limited compared to other languages. I knew that
when I started with it and so far I'm OK with it. Honestly, most of the
"modern" tooling I see in other ecosystems is a waste of time.

However, the one thing that would really cut dev time in half for me in
Ur/web (slightly exaggerated for effect) would be being able to have the
compiler tell me the type of an expression. You can go multiple levels deep
here:

- type of an identifier
- type of an expression at top level
- type of an expression in function definition, let-binding, etc

I'm sending this email to the mailing list to ask if something like this is
remotely possible, what kind of approach we can take and how we could go
about implementing it.

Any help much appreciated

Simon
___
Ur mailing list
Ur@impredicative.com
http://www.impredicative.com/cgi-bin/mailman/listinfo/ur

Re: [Ur] Tooling: type of an expression

[Simon Van Casteren]

I think that would get me to the first level: getting types of identifiers.
Do you see any way to evaluate expressions and getting the types of those?

This is something that would definitely be worth it for me, so I'll be
implementing it unless I can't figure it out :).

Simon

On Thu, Oct 11, 2018, 5:20 AM Adam Chlipala  wrote:

> I'm sure it's more than just remotely possible and is just a question of
> someone getting hands dirty and writing the code!  The baseline of a
> whole-program compiler could make it trickier than for many other
> toolsets, but it could work to periodically run "compiles" through type
> inference, saving the results to hidden files.
>
> On 10/10/2018 08:22 PM, Simon Van Casteren wrote:
> > Urweb tooling is pretty limited compared to other languages. I knew
> > that when I started with it and so far I'm OK with it. Honestly, most
> > of the "modern" tooling I see in other ecosystems is a waste of time.
> >
> > However, the one thing that would really cut dev time in half for me
> > in Ur/web (slightly exaggerated for effect) would be being able to
> > have the compiler tell me the type of an expression. You can go
> > multiple levels deep here:
> >
> > - type of an identifier
> > - type of an expression at top level
> > - type of an expression in function definition, let-binding, etc
> >
> > I'm sending this email to the mailing list to ask if something like
> > this is remotely possible, what kind of approach we can take and how
> > we could go about implementing it.
> >
> > Any help much appreciated
>
> ___
> Ur mailing list
> Ur@impredicative.com
> http://www.impredicative.com/cgi-bin/mailman/listinfo/ur
>
___
Ur mailing list
Ur@impredicative.com
http://www.impredicative.com/cgi-bin/mailman/listinfo/ur

Re: [Ur] Tooling: type of an expression

[Simon Van Casteren]

Is there a possibility for -dumpTypes to also dump values in let bindings?

Op do 11 okt. 2018 om 16:33 schreef Adam Chlipala :

> Well, you could take advantage of the type-inference daemon and run a new
> compilation job with your extra expression added to the build.
> On 10/11/2018 02:56 AM, Simon Van Casteren wrote:
>
> I think that would get me to the first level: getting types of
> identifiers. Do you see any way to evaluate expressions and getting the
> types of those?
>
> This is something that would definitely be worth it for me, so I'll be
> implementing it unless I can't figure it out :).
>
> Simon
>
> On Thu, Oct 11, 2018, 5:20 AM Adam Chlipala  wrote:
>
>> I'm sure it's more than just remotely possible and is just a question of
>> someone getting hands dirty and writing the code!  The baseline of a
>> whole-program compiler could make it trickier than for many other
>> toolsets, but it could work to periodically run "compiles" through type
>> inference, saving the results to hidden files.
>>
>> On 10/10/2018 08:22 PM, Simon Van Casteren wrote:
>> > Urweb tooling is pretty limited compared to other languages. I knew
>> > that when I started with it and so far I'm OK with it. Honestly, most
>> > of the "modern" tooling I see in other ecosystems is a waste of time.
>> >
>> > However, the one thing that would really cut dev time in half for me
>> > in Ur/web (slightly exaggerated for effect) would be being able to
>> > have the compiler tell me the type of an expression. You can go
>> > multiple levels deep here:
>> >
>> > - type of an identifier
>> > - type of an expression at top level
>> > - type of an expression in function definition, let-binding, etc
>> >
>> > I'm sending this email to the mailing list to ask if something like
>> > this is remotely possible, what kind of approach we can take and how
>> > we could go about implementing it.
>> >
>> > Any help much appreciated
>>
> ___
> Ur mailing list
> Ur@impredicative.com
> http://www.impredicative.com/cgi-bin/mailman/listinfo/ur
>
___
Ur mailing list
Ur@impredicative.com
http://www.impredicative.com/cgi-bin/mailman/listinfo/ur

Re: [Ur] Property-based testing + Contract driven development

[Simon Van Casteren]

Hey,

Unfortunately, nothing so far. All I have in my current project is unit
tests, which are just an assert coupled with a page that runs it and
generates output on a page.

Simon

On Sat, Nov 3, 2018, 8:07 AM Artyom Shalkhakov  Hi Simon,
>
> What has been done about this? I'm very interested in making testing easy
> to do in Ur/Web.
>
> On Mon, Jul 9, 2018, 2:52 PM Simon Van Casteren <
> simon.van.caste...@gmail.com> wrote:
>
>> Hey,
>>
>> My current urweb project is getting quite big and there's a few places
>> where property-based testing would be very handy. I've not found anything
>> online though that can do this for urweb. Is anybody working on this?
>> Porting Quickcheck or one of its derivatives from Haskell or PureScript
>> would probably be the fast way to go.
>>
>> Secondly, I've found contract driven development to work extremely well
>> with property-based testing. Again the same question: Has anyone used it in
>> urweb? I'm just looking for a handy way to specify pre/post conditions and
>> somehow have the compiler strip them out of production code.
>>
>> Thanks for any help
>>
>> Simon
>> ___
>> Ur mailing list
>> Ur@impredicative.com
>> http://www.impredicative.com/cgi-bin/mailman/listinfo/ur
>>
> ___
> Ur mailing list
> Ur@impredicative.com
> http://www.impredicative.com/cgi-bin/mailman/listinfo/ur
>
___
Ur mailing list
Ur@impredicative.com
http://www.impredicative.com/cgi-bin/mailman/listinfo/ur

[Ur] SQL table.field IN list

[Simon Van Casteren]

Hi,

Am I correct in thinking that the standard library/compiler doesn't support
SQL "IN" statements? It's something that I use a lot in my programs, and in
psql for example you can just do:

SELECT *
FROM uw_lesson_lessons
WHERE uw_id in (1, 2, 3)

I made my own function to handle this, using a bunch of sql_or statements:

fun inlist
  [a ::: Type]
  [otherfields ::: {Type}]
  [tablename :: Name]
  [columnname :: Name]
  [otherfields ~ [columnname = a]]
  (_ : sql_injectable a)
  (ids: list a)
: sql_exp ([tablename = [columnname = a] ++ otherfields]) ([]) ([]) bool
  =
  List.foldl
(fn id acc => (SQL {acc} OR {{tablename}}.{columnname} = {[id]}))
(WHERE {[False]})
ids

I'm not sure about the performance characteristics of this though. Anyway,
just wondering if it is already supported but I can't find it, or it's not
supported at all?

Thanks

Simon
___
Ur mailing list
Ur@impredicative.com
http://www.impredicative.com/cgi-bin/mailman/listinfo/ur

[Ur] Securing sessions in Ur/Web

[Simon Van Casteren]

Hey,

I've been thinking about this the better part of the day, but I can't
figure out the right approach here.

When a person logs in, username-password style, I make a cookie with this
form:

{ Role: 
, Email: string
, CreatedOn: time}

I'm saving the role in the cookie, so subsequent security checks in the
page generators and rpc functions don't need to hit the database. Some of
my pages query multiple functions that do this check, so that's why I
thought to keep it out of the database.

Now, I'm not a security expert, but as far as I could figure out from my
research, this should be safe as Ur/Web takes care of bot XSS and XSRF
problems. Only somebody forging the cookie from scratch could cause a
problem. So I decided to add a Signature field to the above cookie that
contains the HMAC-SHA256 digest of the 3 above fields. I have a few
problems/questions about this.

1. Is this safe? Is this a good solution? Or am I better off abandoning the
whole thing and going back to putting just a SessionId inside a cookie and
going to the database with that SessionId to check for authorization? Or
another solution that I'm not thinking of at the moment?

2. A problem I'm having is storing the key that is needed to run the
digest. My plan was to pass it via an environment variable to my program,
but getenv inside a page generator causes the compiler to complain, saying
that it could cause side-effects... Anybody have any ideas how to handle
this? I feel like putting my key in plain text inside my source code is not
very good, but maybe I'm wrong about that?

Any help much appreciated!

Simon
___
Ur mailing list
Ur@impredicative.com
http://www.impredicative.com/cgi-bin/mailman/listinfo/ur

Re: [Ur] Securing sessions in Ur/Web

[Simon Van Casteren]

Hey Adam,

As always, thanks a lot for your insights.

1. Yeah after some experimentation I understood the builtin cookie security
mechanism is there for XSRF attacks only. That's why I made my own cookie
forgery protection by hashing the contents of the cookie and always
checking that digest when reading the cookie. I feel that that is pretty
safe (and much faster than always hitting the database) since the only
problem I can think of with that is somebody actually getting a hold of the
cookie itself, but once that happens you're pretty much screwed anyway?

2. Agreed on the password business. The authentication part of my
application is not final, but at the moment I'm supporting two methods.
One, which is the preferred one, is via email: You input your email, I send
you a email with a (limited time) authentication link, you click it and
you're authenticated. I saw it used in a few places, I liked it and it was
easy for me to implement, so I thought I'd steal it. Secondly I have
classic username-password, since I want that as a last resort anyway. I
also still plan to provide sign in via Twitter / Google / Facebook but
haven't had the time to implement them yet (all of them take quite some
time to implement). The more of these I get implemented, the more I'll hide
the username-password route.

All of these sign-in strategies can probably be packaged up as nicely as
with the GitHub example you've implemented. A ready made directory of
authorization strategies should be available at some point for the Ur/Web
community, much easier to use that in any other language, exciting!

However, the way how to authenticate is orthogonal to the authorization
part and how I save that in cookies/DB tables, but point well taken.

3. Getenv being tagged as only having bening effect is much appreciated! I
was thinking that seemed weird, but wasn't sure. You have a point with the
key being in the binary. One thing I did think was nice about environment
variables was that I could pass a different key to each of my server
processes. I run a seperate Ur/Web server for each of my clients, so if one
key gets compromised, it doesn't affect the others.

Anyway, thanks a lot for the advice, you're an inspiration. For me it
basically comes down to either A. Trusting my signed cookie-setup to be
secure, or B. refactoring my app to mitigate the performance hit from using
the database to check the role of a user based on just a SessionId in a
cookie. With that I mean, ensuring I only "get" the session once in every
page generation function and passing the session around to all the
"repository" functions.

Op zo 20 jan. 2019 om 23:10 schreef Adam Chlipala :

> On 1/18/19 10:14 AM, Simon Van Casteren wrote:
>
> When a person logs in, username-password style, I make a cookie with this
> form:
>
> { Role: 
> , Email: string
> , CreatedOn: time}
>
> I'm saving the role in the cookie, so subsequent security checks in the
> page generators and rpc functions don't need to hit the database.
>
> Actually, that's an insecure method.  The Ur/Web implementation is not
> meant to prevent cookie forgery!  Rather, it just tries to make sure any
> side-effecting operation that reads a cookie was triggered by an explicit
> form submission within your application (that's XSRF protection).
>
> 1. Is this safe? Is this a good solution? Or am I better off abandoning
> the whole thing and going back to putting just a SessionId inside a cookie
> and going to the database with that SessionId to check for authorization?
> Or another solution that I'm not thinking of at the moment?
>
> Creating a unique and effectively unguessable session identifier to store
> in the database is a pretty good solution.  Actually, however, I recommend
> avoiding implementing your own authentication whenever possible!  You could
> consider using the Ur/Web World library <https://github.com/urweb/world>,
> which is growing in a lazy manner, as different usage modes are requested.
> Specifically, it's only been used for authentication via GitHub, as far as
> I know.
>
> Passwords are just a sordid business, so best to avoid or at least push
> off onto some other web service, IMO.
>
> 2. A problem I'm having is storing the key that is needed to run the
> digest. My plan was to pass it via an environment variable to my program,
> but getenv inside a page generator causes the compiler to complain, saying
> that it could cause side-effects... Anybody have any ideas how to handle
> this? I feel like putting my key in plain text inside my source code is not
> very good, but maybe I'm wrong about that?
>
> I don't see a fundamental security advantage of a sensitive value in a
> source file (and therefore compiled into the application) v

[Ur] Mandatory nginx conf: merge_slashes off

[Simon Van Casteren]

Hi,

I just ran into an awful problem combining urweb with nginx. By default,
nginx by default merges double slashes in urls, eg:
http://www.bla.com//users becomes http//www.bla.com/users. This can be a
problem for UrWeb applications since a double slash is actually how urweb
encodes the unit or () value.

The solution is to use the option: "merge_slashes off".

It's not a bug in either application so I didnt want me make an issue for
it, but this could be useful info for other people running Ur/Web programs
behind nginx...

Simon
___
Ur mailing list
Ur@impredicative.com
http://www.impredicative.com/cgi-bin/mailman/listinfo/ur

Re: [Ur] Mandatory nginx conf: merge_slashes off

[Simon Van Casteren]

It doesn't happen often of course, since you rarely use unit in a page or
RPC function. How I ran into it was actually via the now fixed bug
https://github.com/urweb/urweb/issues/117, I made some ADT's that got
around that bug by declaring all constructors to have at least one
parameter, unit if nothing else. That came back to bite me now...

A page with this signature:

val page: unit -> string -> transaction page

Would be affected by the issue I described. This obviously won't happen
much outside of you making a mistake (for example because first the
function took just a unit, then you added the string parameter), but
because it doesn't happen often and it's actually nginx making the
"mistake", I still thought it could help someone out in the future!

Simon

On Fri, 25 Jan 2019 at 13:57, Adam Chlipala  wrote:

> Thanks for sharing that wisdom!  Somehow I remember making a special
> effort to encode empty strings with underscores, precisely to avoid this
> problem (though it was appearing in Apache, if I recall correctly).  Can
> you point us to an example where it arises, in a URL that an Ur/Web app
> generates itself?
>
> On 1/25/19 5:13 AM, Simon Van Casteren wrote:
>
> Hi,
>
> I just ran into an awful problem combining urweb with nginx. By default,
> nginx by default merges double slashes in urls, eg:
> http://www.bla.com//users becomes http//www.bla.com/users. This can be a
> problem for UrWeb applications since a double slash is actually how urweb
> encodes the unit or () value.
>
> The solution is to use the option: "merge_slashes off".
>
> It's not a bug in either application so I didnt want me make an issue for
> it, but this could be useful info for other people running Ur/Web programs
> behind nginx...
>
> Simon
>
> ___
> Ur mailing list
> Ur@impredicative.com
> http://www.impredicative.com/cgi-bin/mailman/listinfo/ur
>
___
Ur mailing list
Ur@impredicative.com
http://www.impredicative.com/cgi-bin/mailman/listinfo/ur

Re: [Ur] Mandatory nginx conf: merge_slashes off

[Simon Van Casteren]

If it's not much work, I'd say yes. What I mentioned won't happen often,
but it was an extremely annoying thing to track down.

Simon

Op za 26 jan. 2019 om 19:33 schreef Adam Chlipala :

> Reviewing a PR just now, I'm reminded that the logic I half-recalled to
> avoid empty serializations is only for strings.  Would it be worth changing
> [unit] serialization to avoid empty serializations there, too?
>
> On 1/25/19 8:21 AM, Simon Van Casteren wrote:
>
> It doesn't happen often of course, since you rarely use unit in a page or
> RPC function. How I ran into it was actually via the now fixed bug
> https://github.com/urweb/urweb/issues/117, I made some ADT's that got
> around that bug by declaring all constructors to have at least one
> parameter, unit if nothing else. That came back to bite me now...
>
> A page with this signature:
>
> val page: unit -> string -> transaction page
>
> Would be affected by the issue I described. This obviously won't happen
> much outside of you making a mistake (for example because first the
> function took just a unit, then you added the string parameter), but
> because it doesn't happen often and it's actually nginx making the
> "mistake", I still thought it could help someone out in the future!
>
> Simon
>
> On Fri, 25 Jan 2019 at 13:57, Adam Chlipala  wrote:
>
>> Thanks for sharing that wisdom!  Somehow I remember making a special
>> effort to encode empty strings with underscores, precisely to avoid this
>> problem (though it was appearing in Apache, if I recall correctly).  Can
>> you point us to an example where it arises, in a URL that an Ur/Web app
>> generates itself?
>>
>> On 1/25/19 5:13 AM, Simon Van Casteren wrote:
>>
>> Hi,
>>
>> I just ran into an awful problem combining urweb with nginx. By default,
>> nginx by default merges double slashes in urls, eg:
>> http://www.bla.com//users becomes http//www.bla.com/users. This can be a
>> problem for UrWeb applications since a double slash is actually how urweb
>> encodes the unit or () value.
>>
>> The solution is to use the option: "merge_slashes off".
>>
>> It's not a bug in either application so I didnt want me make an issue for
>> it, but this could be useful info for other people running Ur/Web programs
>> behind nginx...
>>
>> Simon
>>
>> ___
> Ur mailing list
> Ur@impredicative.com
> http://www.impredicative.com/cgi-bin/mailman/listinfo/ur
>
___
Ur mailing list
Ur@impredicative.com
http://www.impredicative.com/cgi-bin/mailman/listinfo/ur

[Ur] Explicitly asking for a sql rollback

[Simon Van Casteren]

Hey,

I'm wondering if there is a way to explicitly ask for a sql rollback. I
think the only way you can now trigger a rollback would be by calling the
"error" function and providing an xbody.

I have two use cases for which I think an explicit rollback mechanism (not
sure how that would look like) would be handy. My main use case is rolling
back everything when a validation is not ok. I don't use the "error"
function because I can't return structured error messages. When I save some
form with 5 fields, I mostly return an error object with the same 5 fields,
so I can provide precise feedback to the user. Having to clean up all my
sql work is huge drag and a source of subtle bugs.

My second use case is testing with the database. I know some people frown
upon incorporating the database into your tests, but I think that's silly
so I'll ignore that. If have quite some tests that load stuff into the
database as a setup step, then run some tricky query procedure, check the
results, and then clear the DB again. This last step is again a big
annoyance and a source of incorrectly failing tests.

Does anyone have a good way of doing the 2 above things? Should we have an
explicit "rollback" call? Probably it's quite a dangerous thing to have,
but especially the first described problem is a source of serious bugs,
especially in complex backend procedures.

Any help much appreciated!

Simon
___
Ur mailing list
Ur@impredicative.com
http://www.impredicative.com/cgi-bin/mailman/listinfo/ur

Re: [Ur] Explicitly asking for a sql rollback

[Simon Van Casteren]

About your first comment,

Yes I have the same code habit of first running validations and then doing
the actual work. As long as stuff stays kind of simple that is manageable.
But a place where this has caused some serious bugs was in my import page.
So I have a function that runs validations and then makes the resource in
the database. Now, my import page makes many of these at once, based on a
CSV file format (see one of my previous questions). However when one fails,
I'd like the whole import to fail. A complete rollback operation would make
this much easier and less error-prone since I now have to delete all the
previous saved resource when one resource fails to save. It was more of a
question on how to do it though, since providing an explicit rollback is
probably more dangerous than it's worth.

On the second part,

Yes, the test harness could do that, and it's kind of what I'm doing now.
It's OK, but it's a bit slower and a bit more heavy handed. I'm ok with it
though, I would still use the rolback operation here as well though, if it
was available. It's not necessary though.

Simon

On Sun, Feb 3, 2019, 1:29 PM Adam Chlipala  On 2/3/19 5:24 AM, Simon Van Casteren wrote:
>
> I'm wondering if there is a way to explicitly ask for a sql rollback. I
> think the only way you can now trigger a rollback would be by calling the
> "error" function and providing an xbody.
>
> I have two use cases for which I think an explicit rollback mechanism (not
> sure how that would look like) would be handy. My main use case is rolling
> back everything when a validation is not ok. I don't use the "error"
> function because I can't return structured error messages. When I save some
> form with 5 fields, I mostly return an error object with the same 5 fields,
> so I can provide precise feedback to the user. Having to clean up all my
> sql work is huge drag and a source of subtle bugs.
>
> Let me check that I understand: you want a transaction to return a
> structured value that will actually be processed further by legit code, say
> the client-side code that has called your server-side RPC?  However, you
> will undo all database effects, so that the transaction that leaked a
> result back to legit code that is now "apocryphal" in terms of database
> effects?  Wouldn't it be nicer to maintain a data structure in your RPC
> handler that batches all database updates until you are sure you really
> want to run them?  I wouldn't expect to see it complicate the code much.
> In fact, I would naturally write database updates *after* all validation,
> so that no special code complication is needed.
>
> My second use case is testing with the database. I know some people frown
> upon incorporating the database into your tests, but I think that's silly
> so I'll ignore that. If have quite some tests that load stuff into the
> database as a setup step, then run some tricky query procedure, check the
> results, and then clear the DB again. This last step is again a big
> annoyance and a source of incorrectly failing tests.
>
> I actually never use automated tests myself, but, if you do, they probably
> want to start each test with a predictable, pristine database state, and
> likely very small states suffice, right?  So then why not make your testing
> harness manage all this business outside of Ur/Web?
> ___
> Ur mailing list
> Ur@impredicative.com
> http://www.impredicative.com/cgi-bin/mailman/listinfo/ur
>
___
Ur mailing list
Ur@impredicative.com
http://www.impredicative.com/cgi-bin/mailman/listinfo/ur

Re: [Ur] Explicitly asking for a sql rollback

[Simon Van Casteren]

Yeah I figured that would cause more problems than it would solve but still
glad I asked. I might rewrite my import like you said. It is a better way
of doing things.

Thanks!

On Sun, Feb 3, 2019, 3:14 PM Adam Chlipala  On 2/3/19 7:54 AM, Simon Van Casteren wrote:
> > About your first comment,
> >
> > Yes I have the same code habit of first running validations and then
> > doing the actual work. As long as stuff stays kind of simple that is
> > manageable. But a place where this has caused some serious bugs was in
> > my import page. So I have a function that runs validations and then
> > makes the resource in the database. Now, my import page makes many of
> > these at once, based on a CSV file format (see one of my previous
> > questions). However when one fails, I'd like the whole import to fail.
> > A complete rollback operation would make this much easier and less
> > error-prone since I now have to delete all the previous saved resource
> > when one resource fails to save. It was more of a question on how to
> > do it though, since providing an explicit rollback is probably more
> > dangerous than it's worth.
>
> Right.  This part sounds doable by splitting your import functionality
> into separate validation and database insertion.  It sounds like a small
> drag, but at least it only locally affects your use case.
>
> One example of a pain arising from general database rollback is: imagine
> a nicely encapsulated function that allocates a message-passing channel,
> stashes it in an appropriate database table, and returns it to the
> caller (perhaps declared as an abstract type, so the caller doesn't even
> know a channel is involved).  The caller uses the rollback function you
> asked for, but the caller also hangs onto and uses the channel.  Now we
> have a scary ability to break application-wide invariants: rollback is,
> in effect, a way to mess with "private fields" of library modules!
>
>
> ___
> Ur mailing list
> Ur@impredicative.com
> http://www.impredicative.com/cgi-bin/mailman/listinfo/ur
>
___
Ur mailing list
Ur@impredicative.com
http://www.impredicative.com/cgi-bin/mailman/listinfo/ur

[Ur] Pre-compressing static assets

[Simon Van Casteren]

Hey everybody,

I've been breaking my head today on how to do pre-compression of static
assets, mainly the app.*.js bundle. Currently I'm having Nginx do
on-the-fly compression using brotli at lvl 4. This causes my app.*.js
bundle to shrink from 1.8 MB to 145 kB. This is really good already, but
running it at lvl 11 gets me a 90 kB bundle, still 50% less than what I
have now! Running it at lvl 11 takes around 5 seconds (on my underpowered
server) though, which is really quite long.

In a normal situation I'd run the brotli compressor at build or deployment
time, but the app.*.js bundle is never on the filesystem, so I haven't
found a way to do this pre-compression in an Ur/Web context.

Anybody has any ideas?

Simon
___
Ur mailing list
Ur@impredicative.com
http://www.impredicative.com/cgi-bin/mailman/listinfo/ur

Re: [Ur] Pre-compressing static assets

[Simon Van Casteren]

Alrighty, good to know. I'll put it on my list of stuff to do once I dig
into the compiler.

Thanks!

Op di 21 mei 2019 om 17:36 schreef Adam Chlipala :

> I can't think of a good way to do it with Ur/Web as it stands. It should
> be a pretty simple tweak to the compiler to specify an external program
> to run to transform this JavaScript code.
>
> On 5/21/19 9:05 AM, Simon Van Casteren wrote:
> > Hey everybody,
> >
> > I've been breaking my head today on how to do pre-compression of
> > static assets, mainly the app.*.js bundle. Currently I'm having Nginx
> > do on-the-fly compression using brotli at lvl 4. This causes my
> > app.*.js bundle to shrink from 1.8 MB to 145 kB. This is really good
> > already, but running it at lvl 11 gets me a 90 kB bundle, still 50%
> > less than what I have now! Running it at lvl 11 takes around 5 seconds
> > (on my underpowered server) though, which is really quite long.
> >
> > In a normal situation I'd run the brotli compressor at build or
> > deployment time, but the app.*.js bundle is never on the filesystem,
> > so I haven't found a way to do this pre-compression in an Ur/Web context.
> >
> > Anybody has any ideas?
> >
> > Simon
>
> ___
> Ur mailing list
> Ur@impredicative.com
> http://www.impredicative.com/cgi-bin/mailman/listinfo/ur
>
___
Ur mailing list
Ur@impredicative.com
http://www.impredicative.com/cgi-bin/mailman/listinfo/ur

[Ur] Joining Nullable to Non-nullable fields

[Simon Van Casteren]

Hey everybody,

Something that's been bothering me for some time now. Is it possible to
OUTER JOIN a nullable field to a non-nullable field? I keep getting type
errors and can't figure out how to tell the compiler he should only do the
join for the records that the nullable field is non-null... SQL surely
allows this, but I haven't figured it out in Ur/Web yet.

Any help much appreciated!

Keep up the good work.

Simon
___
Ur mailing list
Ur@impredicative.com
http://www.impredicative.com/cgi-bin/mailman/listinfo/ur

Re: [Ur] Joining Nullable to Non-nullable fields

[Simon Van Casteren]

This works, absolutely awesome! Thanks!

Op do 6 jun. 2019 om 14:46 schreef Athene Noctua :

> I had an issue with outer joins a while ago, it's not exactly what you
> describe but maybe the answer could help:
>
> http://www.impredicative.com/pipermail/ur/2017-July/002645.html
>
> Cheers
>
> On Thu, Jun 6, 2019, 13:56 Simon Van Casteren <
> simon.van.caste...@gmail.com> wrote:
>
>> Hey everybody,
>>
>> Something that's been bothering me for some time now. Is it possible to
>> OUTER JOIN a nullable field to a non-nullable field? I keep getting type
>> errors and can't figure out how to tell the compiler he should only do the
>> join for the records that the nullable field is non-null... SQL surely
>> allows this, but I haven't figured it out in Ur/Web yet.
>>
>> Any help much appreciated!
>>
>> Keep up the good work.
>>
>> Simon
>> ___
>> Ur mailing list
>> Ur@impredicative.com
>> http://www.impredicative.com/cgi-bin/mailman/listinfo/ur
>>
> ___
> Ur mailing list
> Ur@impredicative.com
> http://www.impredicative.com/cgi-bin/mailman/listinfo/ur
>
___
Ur mailing list
Ur@impredicative.com
http://www.impredicative.com/cgi-bin/mailman/listinfo/ur

Re: [Ur] Any interest in bringing up a platform for virtual conferences?

[Simon Van Casteren]

I'm also interested. I've been thinking about video conf and recordings for
my music school application (www.classy.school), and it's just a really
good thing to have integrated into any app. So I'd be interested in doing
some work for it.

(How much is always the issue of course... Especially now that my daughter
can't go to school on top of a full time job.)

Simon

On Fri, 20 Mar 2020, 23:47 Adam Chlipala,  wrote:

> Some of you may remember the Ur/Web People Organizer (UPO) library
>  that I've mentioned a few times.  It's an
> Ur/Web component library for rapid creation of applications to organize
> people -- a pretty broad remit.  It uses a lot of metaprogramming to write
> your application for you based on your database schema.
>
> Suddenly an important variant of coordinating people is running a virtual
> event.  For instance, many planned conferences have moved to online
> substitutes, on short notice.  Events often have subtle differences from
> each other while sharing many logistical elements.
>
> I wonder what interest there is out there in developing enough new UPO
> components to support virtual events.  For instance, I think it needs good
> ways to interact with video-conferencing software to livestream talks with
> Q&A, and to make the recorded videos available easily afterward in
> perpetuity, integrated within sites that take advantage of rich, per-event
> data schemas.
>
> Would anyone like to join me in trying to plan out the required
> functionality and divvy up the coding work?
>
> Full disclosure: I'm still developing a startup-company concept that could
> take advantage of that support.  The company is about, basically, a very
> simplified IDE for snapping UPO components together, so that people without
> programming experience can do it.  My idea is that the underlying,
> programmer-focused library remains open forever, though.
> ___
> Ur mailing list
> Ur@impredicative.com
> http://www.impredicative.com/cgi-bin/mailman/listinfo/ur
>
___
Ur mailing list
Ur@impredicative.com
http://www.impredicative.com/cgi-bin/mailman/listinfo/ur

[Ur] Blogpost

[Simon Van Casteren]

Hi everybody,

In case anyone is interested, I wrote a blog post some time ago about my
experiences with Ur/Web.

http://frigoeu.github.io/urweb1.html

Simon
___
Ur mailing list
Ur@impredicative.com
http://www.impredicative.com/cgi-bin/mailman/listinfo/ur

Re: [Ur] Blogpost

[Simon Van Casteren]

That's interesting! I'm gonna give that a try and see what happens.

Simon

On Mon, 27 Apr 2020, 14:36 Vladimir Shabanov,  wrote:

> In case anyone is interested, I wrote a blog post some time ago about my
> experiences with Ur/Web.
>
> http://frigoeu.github.io/urweb1.html
>
>
> Great post. I agree that build times for large projects is perhaps the
> most annoying thing in Ur/Web.
>
> They caused mostly by excessive inlining. To cut them down I'm generating
> neverInline pragmas for almost all or my functions. Since JavaScript
> supports functions as values it works very well for frontend (and reduces
> app.js file size as well). Backend requires polymorphic functions to be
> inlined but most of them live in standard library so I just don't
> generate neverInline pragmas for them.
>
> Here's pragma generation from my Makefile
>
> neverInline.urp: *.ur
> @perl -n -e 'use File::Basename; $$ARGV =~ s/.ur//; s/\(\*.*\*\)//;
> /.*( val|^val| fun|^fun) +([^ ()]+)/ && print "neverInline $$2\nneverInline
> ",ucfirst(basename($$ARGV)),"/$$2\n"' $^ | grep -vE "
> (not|inlined|functions)$$" | sort | uniq | grep -ve "^$$" > $@
>
> And of course I'm using Ur/Web daemon (and thinking to try your LSP server
> as well).
> ___
> Ur mailing list
> Ur@impredicative.com
> http://www.impredicative.com/cgi-bin/mailman/listinfo/ur
>
___
Ur mailing list
Ur@impredicative.com
http://www.impredicative.com/cgi-bin/mailman/listinfo/ur

Re: [Ur] Blogpost

[Simon Van Casteren]

Good catch, I updated to use List.app! I kept the queryL1 into .app though,
I feel it's a bit cleared for people who don't know Ur/Web... small thing
though.

Simon

Op wo 29 apr. 2020 om 15:23 schreef Adam Chlipala :

> Thanks so much for sharing this link, which I've added to the Ur web site.
>
> One bit of Ur/Web style advice: I recommend List.app over List.mapM for
> cases where you just want to perform a side effect on each list element,
> rather than constructing a new list.  That change in your examples would
> make them a bit shorter and epsilon more time-and-memory-efficient.
>
> You also have an example of queryL1 followed by List.mapM.  I would just
> use queryI1 there.
>
> On 4/27/20 2:28 AM, Simon Van Casteren wrote:
> > Hi everybody,
> >
> > In case anyone is interested, I wrote a blog post some time ago about
> > my experiences with Ur/Web.
> >
> > http://frigoeu.github.io/urweb1.html
> >
> > Simon
>
> ___
> Ur mailing list
> Ur@impredicative.com
> http://www.impredicative.com/cgi-bin/mailman/listinfo/ur
>
___
Ur mailing list
Ur@impredicative.com
http://www.impredicative.com/cgi-bin/mailman/listinfo/ur

Re: [Ur] Change grammar to swap precedence of "&&" and "||"?

[Simon Van Casteren]

All good. I mostly write this stuff with parentheses anyway.

Op za 16 mei 2020 om 01:08 schreef Ace :

> Strongly agree with this change
>
> On Fri, May 15, 2020, 11:59 Ziv Scully  wrote:
>
>> Strong vote in favor of this change. (In Ur/Web code I've written, this
>> change would either be a no-op or fix bugs that I have just learned exist!)
>>
>> On Fri, May 15, 2020 at 2:48 PM Adam Chlipala 
>> wrote:
>>
>>> Way back when, in Ur/Web's grammar, I apparently gave these two
>>> quintessential Boolean operators different relative precedences, compared
>>> to other widely used languages, as has been pointed out
>>> .  Would anyone object to
>>> swapping them?  It's entirely possible that there has not yet been written
>>> an Ur/Web program that would parse differently depending on this choice,
>>> but it seems worth checking for strong opinions.  A week from posting this
>>> message, I'll consider it safe to take the proposed action, if no one has
>>> complained.
>>> ___
>>> Ur mailing list
>>> Ur@impredicative.com
>>> http://www.impredicative.com/cgi-bin/mailman/listinfo/ur
>>>
>> ___
>> Ur mailing list
>> Ur@impredicative.com
>> http://www.impredicative.com/cgi-bin/mailman/listinfo/ur
>>
> ___
> Ur mailing list
> Ur@impredicative.com
> http://www.impredicative.com/cgi-bin/mailman/listinfo/ur
>
___
Ur mailing list
Ur@impredicative.com
http://www.impredicative.com/cgi-bin/mailman/listinfo/ur

[Ur] Better date & time support in Ur/Web + PostgreSQL

[Simon Van Casteren]

I've been building www.classy.school for some time with Ur/Web now. It's an
application for music schools and a lot of it revolves around schedules:
Who has lessons at what time, which teacher, which room, etc etc.

In Ur/Web's "standard library" there are 2 types to represent dates / times:

   - Basis.time (Corresponds to unix epoch milliseconds IIRC). Contains
   both date and time
   - Datetime.t (Corresponds to a C struct IIRC). A bit more structure than
   Basis.time

I don't work with these two types at all. I defined two other types:

   - calendardate. This is actually a type synonym for Basis.time, but only
   because it makes it possible to serialize this to sql values. All
   operations on this type only change the date part, so year - month - day.
   It contains no timezone info.
   - clocktime: { Hour: int, Minute: int}. (I don't need seconds, but it
   wouldn't hurt to add it as well). I have to serialize / deserialize this
   whenever it goes into the DB, very annoying.

I've found this to be a much easier representation to work with for my
domain. Example: When you enroll with a teacher for some private lessons,
you often do it for x (eg: 10) lessons on a certain weekday on a certain
time. This time I have in my datamodel as a clocktime. The actual
"timestamps" of every lesson are seperate. Another benefit: Comparing
calendardates is much easier than comparing Basis.time / Datetime.t.

Anyway, I've been thinking for some time to propose to upstream all of this
/ some of this into the standard library, if there is any interest for it.
With that I'd also serialize them into the correct PostgreSQL types
(calendardate -> date, clocktime -> time without timezone). Afterwards, I
want to look into adding support for some SQL operators on these,
especially adding a clocktime to a date (which then becomes a PostgreSQL
timestamp without timezone, not sure yet how to model this in the type
system). Being able to do this in SQL would be huge for my application.

So long story short, I'd mainly like to know if adding this stuff to the
standard library would be welcomed. If not, I'll keep all this in my
personal repo and put the SQL stuff in my urweb fork, but I thought I'd ask
:).

Simon
___
Ur mailing list
Ur@impredicative.com
http://www.impredicative.com/cgi-bin/mailman/listinfo/ur