Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
  • Apr 04 11:42
    alexgeek commented #1528
  • Apr 03 16:19
    alexgeek commented #1528
  • Apr 03 16:19
    alexgeek commented #1528
  • Mar 30 19:15
    bejayoharen opened #1532
  • Mar 27 16:47
    notzippy closed #1531
  • Mar 27 16:47
    notzippy commented #1531
  • Mar 27 16:46
    notzippy closed #1528
  • Mar 27 16:46
    notzippy commented #1528
  • Mar 27 16:39
    notzippy closed #1529
  • Mar 25 23:02
    Dmdv opened #1531
  • Mar 24 12:19
    jsdecena commented #1528
  • Mar 24 08:48
    ptman commented #1528
  • Mar 24 02:06
    jsdecena commented #1528
  • Mar 12 20:02
    notzippy commented #1373
  • Mar 12 19:36
    parochi commented #1373
  • Mar 10 18:11
    harekumar commented #1528
  • Mar 07 14:32
    Zykatious closed #1530
  • Mar 07 14:32
    Zykatious commented #1530
  • Mar 07 01:26
    Zykatious edited #1530
  • Mar 07 01:26
    Zykatious opened #1530
Erin L Ptáček
@boboTjones
I've worked with lots of frameworks in my career and absolutely none of them do this, and because of that, user controlled input is still the Achilles' heel of web apps.
Bonus, the code that dumps the route map can also dump the parameters templates. This could be used for unit testing.
*routes map
Thanks in advance XD
Erin L Ptáček
@boboTjones
Oh, another argument in favor of parameter validation earlier rather than later -- why do all the work of starting to build the response and then discard all of that work if foo != bar
Obviously, that's over simplified. But I've just audited an app that checks the same parameter 4 times while routing a request object through 3 helpers and then punts the request back with a 403. For a small app, that's not a big deal, but for an app handling 100K+ requests per second, intuitively that seems like a waste of resources and cloud billable time.
Erin L Ptáček
@boboTjones
And possibly I will regret this, but I volunteer.
Tim Goddard
@pruby
I don't want to tell anyone else how to build their framework, but I'd second that the above is, in principle, a very good idea. See for example how .Net MVC applications often have a request object and response object from endpoints. My job is security testing, and I can tell you definitively that forcing input to conform to a schema, in that case by safely deserialising it to a well-defined type, takes a significant axe to certain types of security issues.
You could do this, for example, by using a type with some annotations along the lines of "take this from the body, this from parameter X, etc", and populating an instance of that type before the endpoint is even called.
Of course, you can already do that with the JSON body at least.
.Net calls these "Data Transfer Objects"
Erin L Ptáček
@boboTjones
That's why I brought it up. I'm tired of being an input validation janitor.
Mitsutaka Kato
@mikyk10
Hi there, is there any plan to accept/merge PRs to develop? I am willing to fix my PR if there's a problem.
Paul
@ptman:kapsi.fi
[m]
afaik yes, but notzippy and brendensoares are somewhat busy
Steve
@notzippy
Currently go1.16 is causing issues, im looking into fixing that atm
Will be happy to accept PR's as well
Paul
@ptman:kapsi.fi
[m]
notzippy, what's the problem with go1.16? I didn't notice anything yet
Steve
@notzippy
@ptman:kapsi.fi tracking it here, I just went through the steps of creating a new app and got the same error revel/revel#1528
Paul
@ptman:kapsi.fi
[m]
thanks
shadtaylor
@shadtaylor
so how is everyone auto starting the revel application on a webserver? if you reboot or shutdown the machine for maintenance you have to remember to revel run everytime? Is there a built in setting I am missing or do I have to create a startup .sh?
Paul
@ptman:kapsi.fi
[m]
systemd
and I run revel in docker as well
or the revel based app, to be more accurate
shadtaylor
@shadtaylor
k, I will try the systemd service route, as I have seen this method, just making sure I wasn't missing something
Brenden Soares
@brendensoares
I always ran it manually lol
not ideal
and prod env it's ideal to statically compile and run it
Paul
@ptman:kapsi.fi
[m]
shadtaylor, have some service manager look after it
Brenden Soares
@brendensoares
but there are many options and opinions
Paul
@ptman:kapsi.fi
[m]
whichever one you prefer
docker can autostart
systemd can autostart
supervisord is an option
use whichever you find easiest
shadtaylor
@shadtaylor
got it thansk
thanks
Garrett Flanders
@flanyanero
I would like to use revel to implement subdomain level routing. But it appears as though I can't create multiple "routers" to handle that (like labstack Echo does). Does anyone know of an example or how to do that?
Brenden Soares
@brendensoares
https://github.com/search?q=org%3Arevel+subdomain&type=issues
revel/revel#536
revel/revel#358
would be great to finally get this added
Steve
@notzippy
@ericmoon This is fixed now
Steve
@notzippy
Issue was that go 1.16 actively removes packages from go.mod if they are not in the source tree. Not really a fan of this but what can you do ?
The fix was to add a dependency to the missing module in the init.go file like 
import (
    "github.com/revel/revel"
    _ "github.com/revel/modules"

)
Caeril the Cowardly
@caeril
New revel project doesn't want to run on account of a module reference to github.com/myesui/uuid which doesn't exist
https://pastebin.com/pG9yqu5s
Caeril the Cowardly
@caeril
IS there any straightforward way of suppressing this "Downloading related packages" boot procedure?
Paul
@ptman:kapsi.fi
[m]
@caeril don't run from source
Make a build