Ok, I’m finally jumping into Aloe Express as I really would like to use the full power of the web (JavaScript libraries/CSS/etc) yet use my knowledge of Xojo for the server side of things.
I have a few questions, and if I can be directed to either the docs or a conversation thread, I’ll be a happy coder.
I see that it uses a variant of Mustache for templating. Does it support all of the same functionality that MustacheJS does or only a subset?
How do I secure /data so that only those that have logged in are able to have access? For example, is there an easy way to support JSON Web Tokens, or something similar/better/more appropriate?
Is there builtin support against CSRF?
Has anyone had any issue integrating Javascript libraries like ChartJS or PristineJS
I’m in crunch mode, so a couple of quick answers for now…
I see that it uses a variant of Mustache for templating. Does it support all of the same functionality that MustacheJS does or only a subset? You can use any client-side templating solution that you’d like. There are demos included that show both client and server-side templating techniques.
How do I secure /data so that only those that have logged in are able to have access? For example, is there an easy way to support JSON Web Tokens, or something similar/better/more appropriate? I don’t use JSON Web Tokens myself, but yes, there are plenty of ways to provide secure APIs via Aloe. You can pretty much use any security model that you’d like.
Is there builtin support against CSRF? No. However, I highly recommend running Aloe-based apps behind something like nginx, which would make implementing CSRF protection a bit easier.
Has anyone had any issue integrating Javascript libraries like ChartJS or PristineJS? Yes. I have Aloe-based middleware that serves up dynamic ChartJS for use on a Squarespace Web site, and another that is used for charting within NetSuite.
Let me know if you have any other questions, and I hope you find Aloe helpful.
Another question…
Context: I’m looking at using the server side template and the document talks about passing data to the template through the template.data.
Question: What if I have more than one set of data to be passed, how would that be done? Is it as simple as adding a couple more Data properties to the MustacheLite class, or is there more too it than that?
I too am looking into using it for a web app and providing APIs. In light of the questions above are there any plans on creating a ‘web app’ starter which includes some of these features ?
Personally I’d think that such a starter could be the next option up from Aloe Express and be paid for. I’d be happy to buy ?
@John James : Thanks for the kind feedback! I appreciate it.
I think that you can combine the functionality that the demos cover to create a full-featured Web app or site. That being said, the “sessions” demo is about as close to a starter app as I have available.
If I do serverside templates and load the data in the Xojo application itself, which requires a login, is there a risk of the data being available like an API would be?
From what I understand, all the processing of the template (the {{ }} items) is on the Server side, so the browser isn’t actually pulling the data like React would. Do I have this correct?
@John James
The reason I’m hesitant about client side is that the client is pulling the data, therefore you need to have a mechanism for the browser to access your database. While I know there are secure ways of doing that as React/Angular/Vue are designed that way, it is just one less security item I need to worry about.
