Digital Software Blog - C++, Scala, Javascript, U++, ReactJS, Spray.io

Binary permissions

June 21, 2014 by Daniel Kos·0 Comments

While still working on Path and Form component I decided to write a bit about user authorization and especially about permissions part. So what about it? Very often in smaller projects (that don’t use any framework mechanisms for this purpose) at database level I saw user’s permissions designed like this:

There is an user and a permission table connected in an user_permission relation. To check if user has given permission simple query is required:

select permission_id
  from permission
 where user_id = ${userId}
   and permission_id = ${permissionId}

select permission_id

from permission

where user_id = ${userId}

and permission_id = ${permissionId}

It could be wrapped up in some handy function like this (I use Scala and ScalikeJDBC here):

def hasPermission(userId:Int, permissionId: Int) = {
	val pid = sql"""
	   select permission_id
		 from user_permission
		where user_id = ${userId}
		  and permission_id = ${permissionId}
	""".single().apply().getOrElse(-1)
	pid >= 0
}

def hasPermission(userId:Int, permissionId: Int) = {

val pid = sql"""

select permission_id

from user_permission

where user_id = ${userId}

and permission_id = ${permissionId}

""".single().apply().getOrElse(-1)

pid >= 0

}

So what’s wrong with it?. Firstly it can slow down other parts of the application. If your logic requires checking permission many times (in loop for example to do something with each order line) delay can be noticeable. Of course it can be cached in some kind of user permission dictionary but that leads to code complexity increasing. Secondly and that’s more important (at least from my point of view) is adding new permission. In the code one could have permission names defined like this:

object Permission {
	val ADDING_CONTRACT = 1
	val EDITING_CONTRACT = 2
	val REMOVING_CONTRACT = 3
	val EXPORTING_TO_EXCEL = 4
}

object Permission {

val ADDING_CONTRACT = 1

val EDITING_CONTRACT = 2

val REMOVING_CONTRACT = 3

val EXPORTING_TO_EXCEL = 4

}

and use it in a clean and readable way like that (of course it can be simplified more):

if (hasPermission(loggedUser.userId, Permission.ADDING_CONTRACT)) {
	...
}

if (hasPermission(loggedUser.userId, Permission.ADDING_CONTRACT)) {

...

}

But when new permission will be required two steps are needed to take:

Adding new permission in the database
Adding new variable in the Permission object

And the biggest pain here is keeping permission variables in sync with values in the database. If you used serial id (auto generated id) in the permission table and regenerated its data then you cannot be sure about consistency anymore. And developer that wants to add new permission must have database access or he has to bother database administrator.

Is there better solution? I wouldn’t be writing all this if there weren’t 🙂 Instead of having permission and user_permission table let’s just add binary “permission” field in the user table. I usually make it 32 bytes long so it’s capable to store 256 permissions. Each byte keeps 8 permissions – one per bit. In PostgreSql it’s defined as bytea type:

CREATE TABLE user
(
    user_id INT PRIMARY KEY NOT NULL,
    user_name VARCHAR(128) NOT NULL,
    password VARCHAR(50),
    permission BYTEA(32)
);

CREATE TABLE user

(

user_id INT PRIMARY KEY NOT NULL,

user_name VARCHAR(128) NOT NULL,

password VARCHAR(50),

permission BYTEA(32)

);

To set a proper bit in the permission array byte slot (n in setFlag function) must be calculated and then bit number of this slot determined (offset in example below). Byte slot is simply a permission value divided by 8 (or shifted right by 3 bits) and offset is 1 moved left by number of bits taken from the rest of permission dividing. To check if permission is set exactly the same operations are needed except the last one where and is used to check if bit is on or off.

object UserAuthorization {
	private def setFlag(flag: Int, flags: Array[Byte]) {
		val n = flag >> 3
		val offset = flag - (n << 3)
		val mask = flags(n) | (1 << offset)
		flags.update(n, mask.toByte)
	}

	private def hasFlag(flag: Int, flags: Array[Byte]): Boolean = {
		val n = flag >> 3
		val offset = flag - (n << 3)
		(flags(n) & (1 << offset)) != 0
	}

	def packPermissions(permissions: Seq[Int]): Array[Byte] = {
		val packedPermissions = Array.ofDim[Byte](32)
		permissions.foreach(right => setFlag(right, packedPermissions))
		packedPermissions
	}

	def hasPermission(permission: Int, permissions: Array[Byte]): Boolean = {
		hasFlag(permission, permissions)
	}

	def hasNotification(notification: Int, notifications: Array[Byte]): Boolean = {
		hasFlag(notification, notifications)
	}
}

object UserAuthorization {

private def setFlag(flag: Int, flags: Array[Byte]) {

val n = flag >> 3

val offset = flag - (n << 3)

val mask = flags(n) | (1 << offset)

flags.update(n, mask.toByte)

}

private def hasFlag(flag: Int, flags: Array[Byte]): Boolean = {

val n = flag >> 3

val offset = flag - (n << 3)

(flags(n) & (1 << offset)) != 0

}

def packPermissions(permissions: Seq[Int]): Array[Byte] = {

val packedPermissions = Array.ofDim[Byte](32)

permissions.foreach(right => setFlag(right, packedPermissions))

packedPermissions

}

def hasPermission(permission: Int, permissions: Array[Byte]): Boolean = {

hasFlag(permission, permissions)

}

def hasNotification(notification: Int, notifications: Array[Byte]): Boolean = {

hasFlag(notification, notifications)

}

packPermissions function converts array of permission numbers into array of permission bits that can be stored in the database. Below is an example of loading user and its permissions (and notifications which are handled in the same way). User class also has simplified version of hasPermission where only permission number is passed.

case class User(
	userId: Long,
	userName: String,
	token: String,
	permissions: Array[Byte],
	notifications: Array[Byte]
) {
	def hasPermission(permission: Int): Boolean = {
		UserAuthorization.hasPermission(permission, permissions)
	}

	def hasNotification(notification: Int): Boolean = {
		UserAuthorization.hasNotification(notification, notifications)
	}
}

object User {
	def find(userName: String, password: String): Option[User] = {
		sql"""
			select
				user_id,
				user_name,
				token,
				permission,
				notification
			  from user
			 where user_name = $userName
			   and password = $password
		""".map(r => User(
			r.int("user_id"),
			r.string("user_name"),
			r.string("token"),
			r.bytes("permission"),
			r.bytes("notification")
		)).single().apply()
	}
}

case class User(

userId: Long,

userName: String,

token: String,

permissions: Array[Byte],

notifications: Array[Byte]

) {

def hasPermission(permission: Int): Boolean = {

UserAuthorization.hasPermission(permission, permissions)

}

def hasNotification(notification: Int): Boolean = {

UserAuthorization.hasNotification(notification, notifications)

}

object User {

def find(userName: String, password: String): Option[User] = {

sql"""

select

user_id,

user_name,

token,

permission,

notification

from user

where user_name = $userName

and password = $password

""".map(r => User(

r.int("user_id"),

r.string("user_name"),

r.string("token"),

r.bytes("permission"),

r.bytes("notification")

)).single().apply()

}

I hope the code above is clear to you and you’re able to figure everything out. The advantages of this approach are:

Space needed to keep permissions both in the database and the code (only 32 bytes per user instead of 2048 (user_id + permission_id) * 4 bytes).
Speed of loading (it’s a no cost actually).
Speed of access – all permissions are loaded on user authentication, no caching required.
Permissions are defined only on the code side. There is no need to synchronize with database values. If anyone wants to add new permission he simply adds a new variable in Permission object.
Every coder can add new permission. There is no need to have access to the database.

And that’s it. I used this solution in my two last projects and it worked very well.

React / Client side routing – Path component

May 11, 2014 by Daniel Kos·0 Comments

React is view only library. I really like that it doesn’t try to be a full stack solution. Thanks to that it’s easy to fill the gaps with the library you know and prefer. And routing is one of those gap. In my first react’s app I simply took a look at complementary tools page and chose directorjs for a start. It worked well although very soon I stumbled across few annoying bugs (like not calling route action on init). Workarounds exist but looks like author has no time recently to provide proper fixes. But bugs are not a problem actually. Directorjs simply doesn’t fit conceptually to react. They are two different worlds. So I looked further. The next promising library was react router component. Composable routes in a way one compose react’s comonents was exactly what I was looking for. Unfortunately I have to give up on it because it was a nodejs component and I needed simple and pure javascript solution. And it was too big for my needs. Finally I decided to create my own routing component. Of course it doesn’t have so many features – for example it lacks server side routing (I use scala and spray for that) or server side component rendering but it solves client side routing (for now without supporting html5 history). Sources can be find here: https://github.com/unodgs/react-path-router. Screenshot from github demo:

And the demo source file:

/** @jsx React.DOM */
var About = React.createClass({
	render: function() {
		return (
			<h1>This is a routing demo!</h1>
		);
	}
});

var UserList = React.createClass({
	render: function() {
		var _this = this;

		var users = [
			{id: 1001, username: 'unodgs', password: 'topsecret', firstName: 'Daniel', lastName: 'Kos'},
			{id: 1002, username: 'admin', password: 'admin', firstName: 'Jack', lastName: 'Strong'},
			{id: 1003, username: 'mike', password: 'mike123', firstName: 'Mike', lastName: 'Weak'},
			{id: 1004, username: 'frodo', password: 'ppp222', firstName: 'Michael', lastName: 'Watson'}
		];

		var usersHtml = _.map(users, function(u) {
			return (
				<tr>
					<td>{u.username}</td>
					<td>{u.password}</td>
					<td>{u.firstName}</td>
					<td>{u.lastName}</td>
					<td><A url={_this.props.componentUrl} path={"edit/" + u.id}>Edit</A></td>
				</tr>
			);
		});

		return (
			<table className="table">
				<thead>
					<th>Username</th>
					<th>Password</th>
					<th>First name</th>
					<th>Last name</th>
					<th></th>
				</thead>
				<tbody>
					{usersHtml}
				</tbody>
			</table>
		);
	}
});

var UserEdit = React.createClass({
	render: function() {
		return (
			<Paths>
				<Path url={this.props.url} name="/">
					<form role="form">
						<div className="form-group">
							<label>Username</label>
							<input className="form-control"/>
						</div>
						<div className="form-group">
							<label>Password</label>
							<input type="password" className="form-control"/>
						</div>
						<div className="form-group">
							<label>First name</label>
							<input className="form-control"/>
						</div>
						<div className="form-group">
							<label>Last name</label>
							<input className="form-control"/>
						</div>
						<A className="btn btn-default" url={this.props.componentUrl} path="addfriend">Add friend</A>
					</form>
				</Path>
				<Path url={this.props.url} name="/addfriend">
					<h1>Adding friend form :)</h1>
				</Path>
			</Paths>
		);
	}
});

var UsersModule = React.createClass({
	render: function() {
		return (
			<Paths>
				<Path url={this.props.url} name="/" render={UserList}/>
				<Path url={this.props.url} name="edit/:userId" render={UserEdit}/>
			</Paths>
		);
	}
});

var ClientsModule = React.createClass({
	render: function() {
		return (
			<h1>This is a client list!</h1>
		);
	}
});

var App = React.createClass({
	render: function() {
		var menu = [
			{
				url: 'users',
				name: 'Users'
			},
			{
				url: 'clients',
				name: 'Clients'
			},
			{
				url: 'about',
				name: 'About'
			}
		];

		var _this = this;

		var drawMenu = function(menu) {
			var mm = _.map(menu, function(m) {
				var currentUrl = PathUtils.current();
				var menuUrl = PathUtils.combine(_this.props.parentUrl, m.url);

				return (
					<li className={menuUrl === currentUrl ? "active": ""}>
						<A url={_this.props.componentUrl} path={m.url}>{m.name}</A>
					</li>
				);
			});
			return (
				<nav className="navbar navbar-default navbar-top" role="navigation">
					<ul className="nav navbar-nav">{mm}</ul>
				</nav>
			);
		};

		var menuHtml = drawMenu(menu);

		return (
			<div>
				{menuHtml}
				<div className="container">
					<Path url={this.props.url} name="users" render={UsersModule}/>
					<Path url={this.props.url} name="clients" render={ClientsModule}/>
					<Path url={this.props.url} name="about" render={About}/>
				</div>
			</div>
		);
	}
});

PathInit(<App/>, document.body);

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

/** @jsx React.DOM */

var About = React.createClass({

render: function() {

return (

<h1>This is a routing demo!</h1>

);

}

});

var UserList = React.createClass({

render: function() {

var _this = this;

var users = [

{id: 1001, username: 'unodgs', password: 'topsecret', firstName: 'Daniel', lastName: 'Kos'},

{id: 1002, username: 'admin', password: 'admin', firstName: 'Jack', lastName: 'Strong'},

{id: 1003, username: 'mike', password: 'mike123', firstName: 'Mike', lastName: 'Weak'},

{id: 1004, username: 'frodo', password: 'ppp222', firstName: 'Michael', lastName: 'Watson'}

];

var usersHtml = _.map(users, function(u) {

return (

<tr>

<td>{u.username}</td>

<td>{u.password}</td>

<td>{u.firstName}</td>

<td>{u.lastName}</td>

</tr>

);

});

return (

<thead>

<th>Username</th>

<th>Password</th>

<th>First name</th>

</thead>

<tbody>

{usersHtml}

</tbody>

</table>

);

}

});

var UserEdit = React.createClass({

render: function() {

return (

<Paths>

<label>Username</label>

</div>

<label>Password</label>

</div>

<label>First name</label>

</div>

</div>

<A className="btn btn-default" url={this.props.componentUrl} path="addfriend">Add friend</A>

</form>

</Path>

<h1>Adding friend form :)</h1>

</Path>

</Paths>

);

}

});

var UsersModule = React.createClass({

render: function() {

return (

<Paths>

</Paths>

);

}

});

var ClientsModule = React.createClass({

render: function() {

return (

<h1>This is a client list!</h1>

);

}

});

var App = React.createClass({

render: function() {

var menu = [

{

url: 'users',

{

url: 'clients',

{

url: 'about',

}

];

var _this = this;

var drawMenu = function(menu) {

var mm = _.map(menu, function(m) {

var currentUrl = PathUtils.current();

var menuUrl = PathUtils.combine(_this.props.parentUrl, m.url);

return (

</li>

);

});

return (

</nav>

);

};

var menuHtml = drawMenu(menu);

return (

<div>

{menuHtml}

</div>

);

}

});

PathInit(<App/>, document.body);

To initialize router PathInit function must be used. First argument is the main react component instance and the second is a dom node to which rendered component will be attached to. Having done that in App component we can now use <Path/>.

<Path url={this.props.url} name="users" render={UsersModule}/>
<Path url={this.props.url} name="/clients" render={ClientsModule}/>
<Path url={this.props.url} name="about/" render={About}/>

url is a constant attribute that must be passed to the Path to allow it properly analyze the url. It contains previous part of an url that was matched in the parent component and the “next url” that will be parsed in the context of current component (component that Path belongs to). I hope React authors allow in the future to define attributes that are automatically transferred from parent component. That would allow to avoid this boilerplate making Path declaration clearer. Anyway for now url is required to be provided by the user. Second attribute name defines part of the url that must be matched to render component pointed by render attribute. Name don’t distinguish between /clients, clients/ and clients. They are all equivalent. Name can also contains many parts: /clients/new, /clients/under/32 and so on. What’s more interesting it can contains parameters like that:

/client/:id
/group/:groupName/user/:userId

If such an url is matched, every parameter that was found is passed to the rendered component in it’s props. In the case above id would be accessed by this.props.id and the gorupName by this.props.groupName.

Path also passes one more parameter in the props of rendered component. It’s a componentUrl and it contains current component’s url. In the combination with an A component it can be used to build links in a safe way (that means you won’t need to change urls everywhere if for example one of the parent component’s name will change). In the example it’s used like this:

<li className={menuUrl === currentUrl ? "active": ""}>
	<A url={_this.props.componentUrl} path={m.url}>{m.name}</A>
</li><span style="background-color: #ffffff; font-family: Roboto, 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 16px; line-height: 1.625;"> </span>

</li><span style="background-color: #ffffff; font-family: Roboto, 'Helvetica Neue', Helvetica, Arial, sans-serif; font-size: 16px; line-height: 1.625;"> </span>

Sometimes instead of building separate components and passing them as render attribute in many Paths it’s easier to choose what to render directly in one component.

<Paths>
	<Path url={this.props.url} name="/tab0">
		Content of the first tab
	</Path>
	<Path url={this.props.url} name="/tab1">
		Content of the second tab
	</Path>
</Paths>

<Paths>

Content of the first tab

</Path>

Content of the second tab

</Path>

</Paths>

Paths can be replaced with anything (<div> for example). It’s there only because in react you cannot return tags without common parent.

And pretty much that’s all :). I certainly will keep on working on Path component but I think it’s a good start for everyone that would like to develop something similar adjusted to his requirements. The current code is only 196 lines and should be easy to follow. See you.

Spray and static content

May 6, 2014 by Daniel Kos·0 Comments

When I was creating my first application in spray framework I used spray’s directive to serve static content:

trait StaticService extends HttpService {
	val staticRoute = {
		path("") {
			getFromResource("web/index.html")
		} ~ {
			getFromResourceDirectory("web")
		}
	}
}

object AkkaImplicits {
	implicit val system = ActorSystem("cryptex-system")
	implicit val timeout = Timeout(5, TimeUnit.SECONDS)
}

class CryptExServiceActor extends Actor with ApiService with StaticService {
	def actorRefFactory = context
	def receive = runRoute(apiRoute ~ staticRoute)
}

object Main extends App with SSLConfiguration {
	import AkkaImplicits._

	val transactionManager = system.actorOf(Props[TransactionManager], "cryptex-transaction-manager")
	val handler = system.actorOf(Props[CryptExServiceActor], "cryptex-service")
	IO(Http) ? Http.Bind(handler, interface = "localhost", port = 8080)
}

trait StaticService extends HttpService {

val staticRoute = {

path("") {

getFromResource("web/index.html")

} ~ {

getFromResourceDirectory("web")

}

object AkkaImplicits {

implicit val system = ActorSystem("cryptex-system")

implicit val timeout = Timeout(5, TimeUnit.SECONDS)

}

class CryptExServiceActor extends Actor with ApiService with StaticService {

def actorRefFactory = context

def receive = runRoute(apiRoute ~ staticRoute)

}

object Main extends App with SSLConfiguration {

import AkkaImplicits._

val transactionManager = system.actorOf(Props[TransactionManager], "cryptex-transaction-manager")

val handler = system.actorOf(Props[CryptExServiceActor], "cryptex-service")

IO(Http) ? Http.Bind(handler, interface = "localhost", port = 8080)

}

As you can see the main actor combines routes from apiRoute (handles all rest requests) and staticRoute (handles static content that is located in src/main/resources/web). Static route returns index.html if no path is provided in the url and any other resource from web directory otherwise). That works pretty well but has three disadvantages:

If any file from web directory will change hitting F5 in the browser will return previous content until spray server is restarted. That is very annoying during developing app’s frontend when one wants to see changes immediately.
Restarting spray server takes time. Sure it’s relatively not that long (on my machine around 3-4 sec) but still too slow for convenient development process.
Returning file content to the user requires JVM involving. Whatever they told you it’s not the best way to do it. And it’s better to save CPU cycles for more important tasks.

I decided to use nginx for that task (it’s small and fast with low memory footprint http server). Here’s my configuration (it’s based on one of the gists but unfortunately I don’t remember the author):

worker_processes  1;

events {
	worker_connections  1024;
}

http {
	server {
		listen                    9090 ssl;
		server_name               cryptex;
		charset                   utf8;

		ssl                       on;
		ssl_certificate           cryptex.cert;
		ssl_certificate_key       cryptex.key;

		ssl_session_timeout       5m;

		ssl_protocols             SSLv2 SSLv3 TLSv1;
		ssl_ciphers               HIGH:!aNULL:!MD5;
		ssl_prefer_server_ciphers on;

		access_log                logs/cryptex.access.log combined;
		error_log                 logs/cryptex.error.log debug;

		location / {
			include mime.types;
			root    web;
			index   index.html;
		}

		location /api {
			add_header "Access-Control-Allow-Origin" $http_origin;
			add_header "Access-Control-Allow-Credentials" "true";

			proxy_pass         http://localhost:8080;
			proxy_redirect     https:// http://;

			proxy_set_header   Host             $host;
			proxy_set_header   X-Real-IP        $remote_addr;
			proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
		}
	}
}

worker_processes 1;

events {

worker_connections 1024;

}

http {

server {

listen 9090 ssl;

server_name cryptex;

charset utf8;

ssl on;

ssl_certificate cryptex.cert;

ssl_certificate_key cryptex.key;

ssl_session_timeout 5m;

ssl_protocols SSLv2 SSLv3 TLSv1;

ssl_ciphers HIGH:!aNULL:!MD5;

ssl_prefer_server_ciphers on;

access_log logs/cryptex.access.log combined;

error_log logs/cryptex.error.log debug;

location / {

include mime.types;

root web;

index index.html;

}

location /api {

add_header "Access-Control-Allow-Origin" $http_origin;

add_header "Access-Control-Allow-Credentials" "true";

proxy_pass http://localhost:8080;

proxy_redirect https:// http://;

proxy_set_header Host $host;

proxy_set_header X-Real-IP $remote_addr;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

}

To run nginx I created following script start_nginx.sh:

mkdir -p logs
mkdir -p temp
sudo nginx -p $(pwd) -c nginx.conf

mkdir -p logs

mkdir -p temp

sudo nginx -p $(pwd) -c nginx.conf

Notice the -p parameter. Without it nginx looks for provided configuration file (in my example called nginx.conf) in its default configuration directory. What’s interesting on Windows this parameter is not required. I was really surprised with this platform inconsistency.

To stop nginx you must run following command (nginx process it’s not “killable” (at least on windows)):

sudo nginx -p $(pwd) -c nginx.conf -s stop

1	sudo nginx -p $(pwd) -c nginx.conf -s stop

If everything is ok nginx will start listening on localhost:9000 and from now on it will be responsible for serving files from the web directory. I forgot to mention that I moved web folder outside resources folder to avoid including it in the final jar file.

Spray application is listening on localhost:8080 and all requests coming from localhost:9000/api/* are forwarded there. In my case I use ssl on port 9000 so I had to add following line:

proxy_redirect     https:// http://;

1	proxy_redirect https:// http://;

This line transforms https prefix into http one. Of course you can use ssl on spray side as well but it’s unnecessary protection doubling.

And that’s all. Hope that will help someone 🙂

React / Form component II

May 4, 2014 by Daniel Kos·0 Comments

I’ve been working on my form component and here it is: https://github.com/unodgs/react-semanticui-forms. Of course this is still work in progress and it’s missing few essential parts like select tag or better form definition errors handling but I’m already using it in my apps so why not you ;). Below screenshot from example app (from github repo):

Since the last time I made following changes:

ref is no longer needed in Submit declaration
data property was changed to dataFn. Now it points to this.dataFn (that comes from FormMixin). Unfortunately there is no (known to me) way of making it unnecessary (provided implicitly by Form component). But I can live with that – I hope future versions of react will make it possible.
dataFn must be provided in every component (including Form)

This is the code of the form from the screenshot:

var PersonalDataForm = React.createClass({
	mixins: [FormMixin],
	render: function() {
		return (
			<Form errorMsg={this.state.errorMsg} successMsg={this.state.successMsg} header="Personal data" formFn={this.formFn} ref="form" visible={this.props.visible}>
				<div className="two fields">
					<TextField label="First name" ref="firstName" formFn={this.formFn} notEmpty/>
					<TextField label="Last name" ref="lastName" formFn={this.formFn} notEmpty/>
				</div>
				<EmailField label="Email" ref="email" formFn={this.formFn} notEmpty/>
				<TextField label="Username" ref="userName" formFn={this.formFn} notEmpty/>
				<div className="two fields">
					<PasswordField label="Password" ref="password" formFn={this.formFn} notEmpty minLength="6"/>
					<PasswordField label="Repeat password" ref="repeat" valueFrom="password" formFn={this.formFn} notEmpty matchRef="password"/>
				</div>
				<Submit formFn={this.formFn}/>
			</Form>
		);
	}
});

var PersonalDataForm = React.createClass({

mixins: [FormMixin],

render: function() {

return (

</div>

</div>

</Form>

);

}

});

For now my form component is strictly connected with semantic ui css framework but I’m working on make it css independent. I hope you’ll find it useful. I’m aware of others similar components but none of them fits my needs. What I was missing the most was inability to freely mix form inputs with form layout. See you soon.

React / Form component

April 29, 2014 by Daniel Kos·0 Comments

As you probably already know React is quite a new gamer in SPA world. In contrast to AngularJS it prefers functional approach to deal with complex and interactive UI. After creating two projects with Angular I decided to try it out with my new application. I will describe overall impression later, here I want to share my problems with form component.

My application consists of many forms like settings, user profile, registration panel etc. Each of them:

has input elements and submit button
loads initial data via ajax
stores entered data via ajax
blocks form during ajax calls
has nice progress indicator

I could create each of those form in classical way described in react documentation but that would be cumbersome and generated too much code. This is what I wanted to achieve:

var PersonalDataForm = React.createClass({
	onSuccess: function(data) {
		return "Form saved successfully";
	},
	onError: function(e) {
		if(e.status == 101)
			return "Duplicate user name";
		else
			return null;
	},
	render: function() {
		return(
			<Formu url='/api/account/personal' onScucces={this.onSuccess} onError={this.onError}>
				<div className="two fields">
					<TextField label="First name" ref="firstName" notEmpty/>
					<TextField label="Last name" ref="lastName" notEmpty/>
				</div>
				<EmailField label="Email" ref="email" notEmpty/>
				<TextField label="Username" ref="userName" notEmpty/>
				<div className="two fields">
					<PasswordField label="Password" ref="password" notEmpty minLength="6"/>
					<PasswordField label="Repeat password" ref="repeat" notEmpty matchRef="password" errorMsg="Repeated password does not match"/>
				</div>
				<SubmitButton/>
			</Form>
		);
	}
});

var PersonalDataForm = React.createClass({

onSuccess: function(data) {

return "Form saved successfully";

onError: function(e) {

if(e.status == 101)

return "Duplicate user name";

else

return null;

render: function() {

return(

</div>

</div>

</Form>

);

}

});

Every kind of html input is wrapped in a react component that stores input type, its value and other necessary parameters as well as internal state if component is a little bit complex. Then Form component iterates over its children, creates validation rules for validation plugin (which in my case comes from http://semantic-ui.com) and responds to submit button. Form component is also responsible for loading and saving form data from url passed through url attribute.

I was really surprised that such a functionality is impossible to achieve in react (at least in current version). Of course that might be my fault and I would be thankful if someone shared a similar component that is working. So what is the problem? The problem is parent – children communication. Let’s take a look at a Form component (simplified version):

var Form = React.createClass({
	getInitialState: function() {
		...
	},
	buildValidationRules: function(child) {
		...
	},
	componentDidMount: function() {
		var validationRules = Utils.processChildren(this.buildValidationRules);

		var node = this.refs.formular.getDOMNode();
		var formNode = $('.form', node);
		var _this = this;

		$(this.refs.formular.getDOMNode()).form(
			validationRules, {
				onSuccess: function() {
					var fields = $(':input', formNode).serializeJSON();
					var fieldsJson = JSON.stringify(fields);
					$(':input', formNode).attr("disabled", true);
	
					$.ajax({
						url: _this.props.url || _this.props.submitUrl,
						dataType: 'json',
						contentType: "application/json",
						type: 'POST',
						data: fieldsJson,
						complete: function() {
							$(':input', formNode).attr("disabled", false);
						},
						error: function(e) {
							var errorMsg = null;
							if(_this.props.onError)
								errorMsg = _this.onError(e);
							_this.setState({errorMsg: errorMsg ? errorMsg : e.statusText});
						},
						success: function(data) {
							var successMsg = null;
							if(_this.onSuccess)
								successMsg = _this.onSuccess(data);
							_this.setState({successMsg: successMsg});
						}
					});
				}
			}
		);
	},
	render: function() {
		return (
			<div>
				<div className="ui small attached message error login" style={{display: this.props.errorMsg ? 'block' : 'none'}}>
					<div className="header">{this.props.errorMsg}</div>
				</div>
				<div className="ui small form attached fluid segment" ref="formular">
					{this.props.children}
				</div>
				<div className="ui small bottom attached info message" style={{display: this.props.successMsg ? 'block' : 'none'}}>
					{this.props.successMsg}
				</div>
			</div>

		);
	}
});

var Form = React.createClass({

getInitialState: function() {

...

buildValidationRules: function(child) {

...

componentDidMount: function() {

var validationRules = Utils.processChildren(this.buildValidationRules);

var node = this.refs.formular.getDOMNode();

var formNode = $('.form', node);

var _this = this;

$(this.refs.formular.getDOMNode()).form(

validationRules, {

onSuccess: function() {

var fields = $(':input', formNode).serializeJSON();

var fieldsJson = JSON.stringify(fields);

$(':input', formNode).attr("disabled", true);

$.ajax({

url: _this.props.url || _this.props.submitUrl,

dataType: 'json',

contentType: "application/json",

type: 'POST',

data: fieldsJson,

complete: function() {

$(':input', formNode).attr("disabled", false);

error: function(e) {

var errorMsg = null;

if(_this.props.onError)

errorMsg = _this.onError(e);

_this.setState({errorMsg: errorMsg ? errorMsg : e.statusText});

success: function(data) {

var successMsg = null;

if(_this.onSuccess)

successMsg = _this.onSuccess(data);

_this.setState({successMsg: successMsg});

}

});

}

);

render: function() {

return (

<div>

<div className="header">{this.props.errorMsg}</div>

</div>

{this.props.children}

</div>

{this.props.successMsg}

</div>

);

}

});

The most interesting part is {this.props.children}. In this property all the tags between <Form></Form> declared in PersonalDataForm are passed. One can iterate over them using React built in functions. Here’s my iteration helper (react’s foreach looks for children only one level deep in dom hierarchy):

Utils = {
	processChildren0: function(self, children, callback, data) {
		var _this = this;
		React.Children.forEach(children, function(child) {
			var tagName = child.type ? child.type.displayName : null;
			var refName = child.props && child.props.ref ? child.props.ref : null;
			callback(self, child, tagName, refName, data);
			if(_.isArray(child.props.children))
				_this.processChildren0(self, child.props.children, callback, data);
		});
	},
	processChildren: function(self, children, callback, data) {
		this.processChildren0(self, children, callback, data);
	}
};

Utils = {

processChildren0: function(self, children, callback, data) {

var _this = this;

React.Children.forEach(children, function(child) {

var tagName = child.type ? child.type.displayName : null;

var refName = child.props && child.props.ref ? child.props.ref : null;

callback(self, child, tagName, refName, data);

if(_.isArray(child.props.children))

_this.processChildren0(self, child.props.children, callback, data);

});

processChildren: function(self, children, callback, data) {

this.processChildren0(self, children, callback, data);

}

};

Unfortunately (in this case) Form component is not the owner of those children. The PeronalDataForm is. That has consequences. I can’t in Form update the children properties or transfer properties passed to Form (it’s a problem because this is the preferred way of communicating with children in react). Also if I would like to modify state of children I’m forced to use undocumented internals of react (that can change in feature versions) like __realComponentInstance (if that only worked 🙂 , the render method of child component still used previous state). What worked in the code above was validation as reading data from this.props.children was perfectly fine. What didn’t work was modifying props or state of children. I wasn’t able to load data from server and distribute it among children from within Form component.

I hope in future version communicating between children and parent will be addressed in some way or another. In the meantime I used mixins. Now PersonalDataForm looks like this:

var PersonalDataForm = React.createClass({
	mixins: [FormMixin],
	render: function() {
		return(
			<Form errorMsg={this.state.errorMsg} successMsg={this.state.successMsg} ref="form">
				<div className="two fields">
					<TextField label="First name" ref="firstName" data={this.state.data} notEmpty/>
					<TextField label="Last name" ref="lastName" data={this.state.data} notEmpty/>
				</div>
				<EmailField label="Email" ref="email" data={this.state.data} notEmpty/>
				<TextField label="Username" ref="userName" data={this.state.data} notEmpty/>
				<div className="two fields">
					<PasswordField label="Password" ref="password" data={this.state.data} notEmpty minLength="6"/>
					<PasswordField label="Repeat password" ref="repeat" data={this.state.data} notEmpty match={['password', 'Repeated password does not match']}/>
				</div>
				<Submit ref="submit"/>
			</Form>
		);
	}
});

var PersonalDataForm = React.createClass({

mixins: [FormMixin],

render: function() {

return(

</div>

</div>

</Form>

);

}

});

I simply inlined all the methods that previously were placed in the Form component into the PersonalDataForm. Now PersonalDataForm is the owner of all inputs and is able to manipulate them. I also gave up on iterating over children through this.props.children. Now I iterate over this.refs. That simplifies the code but requires providing ref attribute at every input wrapper. Another disadvantage is forcing user to mix in FormMixin in every form component and unnecessary code duplication because of that. User also has to pass this.state.data (which contains ajax data) everywhere, but the final effect is very similar to what I really wanted. I will post sources of my components soon.

Hello Blog :)

April 21, 2014 by Daniel Kos·2 Comments

Hi! I’m Daniel Kos. I’m 34 years old software developer from Poland that finally decided to share his opinions with others. This blog is not going to be be only about software development but also about things like politics, hobbies and life. I hope you’ll find it interesting 🙂