Lessons learned building a small blog engine

[Amirouche Boubekki]

Héllo all,


Last week end I tried to build a blog engine.

  git clone https://github.com/a-guile-mind/presence

In the backend I used GNU Guile and the following:

- wiredtiger with feature-space database which rely
  on microkanren for querying. I learned nothing new
  in this regard, except that now I know well enough
  the API (which is rather simple anyway).

  Here is an example query to fetch comments associated
  with object having UID as unique identifier:

  (run* (uid? username? website? body? published-at?)
    (fresh ()
      (fs:queryo uid? 'comment/uid uid)
      (fs:queryo uid? 'comment/username username?)
      (fs:queryo uid? 'comment/website website?)
      (fs:queryo uid? 'comment/body body?)
      (fs:queryo uid? 'comment/published-at published-at?)))

  This is somewhat equivalent to:

    SELECT comment/username comment/website comment/body 
comment/published-at
    WHERE comment/uid = uid;

  feature space is not typed and can be called schemaless
  like document databases like mongodb except it doesn't have
  a concept of collection and transaction can span several
  documents.

- I created small bindings for argon2i [0] which is cryptographic
  library that is useful for hashing password.

  [0] https://github.com/P-H-C/phc-winner-argon2

  The public API is missing the use of a pepper which is
  a secret not stored in the database.

- I also use industria sha-2 for signing "cookies".
  Here is the interesting code if you plan on using
  industria it can be helpful:

    (define (make-hash string)
      (let ((hash (make-sha-512)))
        (sha-512-update! hash (string->utf8 string))
        (sha-512-update! hash (string->utf8 secret))
        (sha-512-finish! hash)
        (sha-512->string hash)))

    (define (string-sign string)
      (let ((hash (make-hash string)))
        (string-append string "$" hash)))

    (define (string-verify string)
      (match (string-split string #\$)
        ((value signature) (if (string=? signature (make-hash value))
                               value
                               #f))
        (_ #f)))

  secret is a global variable.

Frontend side I used BiwaScheme using my frontend framework
that takes inspiration from ReactJS. This is where there is
a bug I don't know how to fix, yet. It's linked to autocomplete
feature of firefox which is documented that it can be disabled
but actually it can not...

This work is based on https://github.com/a-guile-mind/guile-web


Happy hacking!

--
Amirouche ~ amz3 ~ http://www.hyperdev.fr

argon2.scm
Description: Text document

hmac.scm
Description: Text document

sha-2.scm
Description: Text document