Aloe Express Questions

  1. 8 weeks ago

    Robert L

    Mar 28 Pre-Release Testers, Xojo Pro

    Ok, I'm finally jumping into Aloe Express as I really would like to use the full power of the web (JavaScript libraries/CSS/etc) yet use my knowledge of Xojo for the server side of things.

    I have a few questions, and if I can be directed to either the docs or a conversation thread, I'll be a happy coder. :)

    • I see that it uses a variant of Mustache for templating. Does it support all of the same functionality that MustacheJS does or only a subset?
    • How do I secure /data so that only those that have logged in are able to have access? For example, is there an easy way to support JSON Web Tokens, or something similar/better/more appropriate?
    • Is there builtin support against CSRF?
    • Has anyone had any issue integrating Javascript libraries like ChartJS or PristineJS

    Thank you!!!

    @RobertLitchfield:

    I'm in crunch mode, so a couple of quick answers for now...

    I see that it uses a variant of Mustache for templating. Does it support all of the same functionality that MustacheJS does or only a subset? You can use any client-side templating solution that you'd like. There are demos included that show both client and server-side templating techniques.

    How do I secure /data so that only those that have logged in are able to have access? For example, is there an easy way to support JSON Web Tokens, or something similar/better/more appropriate? I don't use JSON Web Tokens myself, but yes, there are plenty of ways to provide secure APIs via Aloe. You can pretty much use any security model that you'd like.

    Is there builtin support against CSRF? No. However, I highly recommend running Aloe-based apps behind something like nginx, which would make implementing CSRF protection a bit easier.

    Has anyone had any issue integrating Javascript libraries like ChartJS or PristineJS? Yes. I have Aloe-based middleware that serves up dynamic ChartJS for use on a Squarespace Web site, and another that is used for charting within NetSuite.

    Let me know if you have any other questions, and I hope you find Aloe helpful.

  2. Tim D

    Mar 28 Pre-Release Testers, Xojo Pro, XDC Speakers Answer Richmond, VA

    @RobertLitchfield:

    I'm in crunch mode, so a couple of quick answers for now...

    I see that it uses a variant of Mustache for templating. Does it support all of the same functionality that MustacheJS does or only a subset? You can use any client-side templating solution that you'd like. There are demos included that show both client and server-side templating techniques.

    How do I secure /data so that only those that have logged in are able to have access? For example, is there an easy way to support JSON Web Tokens, or something similar/better/more appropriate? I don't use JSON Web Tokens myself, but yes, there are plenty of ways to provide secure APIs via Aloe. You can pretty much use any security model that you'd like.

    Is there builtin support against CSRF? No. However, I highly recommend running Aloe-based apps behind something like nginx, which would make implementing CSRF protection a bit easier.

    Has anyone had any issue integrating Javascript libraries like ChartJS or PristineJS? Yes. I have Aloe-based middleware that serves up dynamic ChartJS for use on a Squarespace Web site, and another that is used for charting within NetSuite.

    Let me know if you have any other questions, and I hope you find Aloe helpful.

  3. Robert L

    Mar 28 Pre-Release Testers, Xojo Pro

    Thank you Tim...

  4. Robert L

    Mar 28 Pre-Release Testers, Xojo Pro

    Another question...
    Context: I'm looking at using the server side template and the document talks about passing data to the template through the template.data.

    Question: What if I have more than one set of data to be passed, how would that be done? Is it as simple as adding a couple more Data properties to the MustacheLite class, or is there more too it than that?

  5. Tim you have done an awesome job with Aloe.

    I too am looking into using it for a web app and providing APIs. In light of the questions above are there any plans on creating a 'web app' starter which includes some of these features ?

    Personally I'd think that such a starter could be the next option up from Aloe Express and be paid for. I'd be happy to buy ☺

  6. Tim D

    Mar 28 Pre-Release Testers, Xojo Pro, XDC Speakers Richmond, VA

    I think it's easier than that.

    You could combine data from multiple data sources in the MustacheLite instance's Data property (a JSONItem), and just prefix them in the template.

  7. Tim D

    Mar 28 Pre-Release Testers, Xojo Pro, XDC Speakers Richmond, VA

    @John J : Thanks for the kind feedback! I appreciate it.

    I think that you can combine the functionality that the demos cover to create a full-featured Web app or site. That being said, the "sessions" demo is about as close to a starter app as I have available.

  8. Understood thanks Tim.

    I was thinking something akin to MBS web starter kit in terms of functionality.

    Seems there's a business opportunity waiting for someone here..

  9. Robert L

    Mar 29 Pre-Release Testers, Xojo Pro

    Maybe last question??? :)

    If I do serverside templates and load the data in the Xojo application itself, which requires a login, is there a risk of the data being available like an API would be?

    From what I understand, all the processing of the template (the {{ }} items) is on the Server side, so the browser isn't actually pulling the data like React would. Do I have this correct?

    RJL

  10. Tim D

    Mar 29 Pre-Release Testers, Xojo Pro, XDC Speakers Richmond, VA

    Correct. With server-side templating, data is not pushed / pulled to / from the client. That, and speed, are two of the benefits of this technique.

  11. Having said that theres no reason why client side could not be done ? You have an ajax example there although it is just replacing the html body.

  12. Robert L

    Mar 30 Pre-Release Testers, Xojo Pro

    @John J
    The reason I'm hesitant about client side is that the client is pulling the data, therefore you need to have a mechanism for the browser to access your database. While I know there are secure ways of doing that as React/Angular/Vue are designed that way, it is just one less security item I need to worry about.

or Sign Up to reply!