Category Archives: Dancer web framework

Posts relating to the Perl Dancer web framework I contribute to.

Dancer talk at YAPC::NA 2012

Mark Allen will give a talk at YAPC::NA 2012 on the Dancer Perl web framework he describes as:

This talk presents the Dancer web framework beginning with “Hello World” and progressing through a couple of easy to digest introductory applications. All of the primary Dancer features are presented including URL routing, writing handlers, and output templating. A selection of useful and common Dancer plugins will also be covered. This talk is best suited for beginning and intermediate Perl programmers.

(via JT Smith, in turn via the YAPC::NA blog.)

I hope it’s recorded, as I’d like to see it, but won’t be able to afford to attend YAPC::NA.

Perl Advent Calendars for 2011

Well, December is upon us – time for advent calendars, and as usual, the Perl community doesn’t disappoint – here’s a list of the Perl-related advent calendars I’m aware of:

There are also several Japanese-language advent calendars:

If you know of any others, please feel free to let me know and I’ll add them to the list :)

Happy birthday Dancer!

Today marks two years to the day since the first version of Dancer hit CPAN!

According to the BackPAN, Dancer-0.9003.tar.gz hit CPAN on 07-Aug-2009.

I think you’ll agree we’ve come a long way since then, thanks to the awesome community and user base built up around the project since then.

In these two years, we’ve had countless valuable contributions from a large list of contributing users (see the list on the about page), gathered over 300 watchers on GitHub, had 84 people fork the repository on GitHub, had 620 pull requests submitted… amazing stuff.

Continue reading Happy birthday Dancer!

Easy profiling for Dancer apps

Today I released Dancer::Plugin::NYTProf, which provides easy profiling for Dancer apps, powered by the venerable Devel::NYTProf.

Using it is simple – load the plugin in your app:

use Dancer::Plugin::NYTProf;

Then, use your app as normal, then, to view the profile data, point your browser to /nytprof (e.g. http://localhost:3000/nytprof, and you’ll get a list of profile runs (each request is profiled individually):

Select the profile run you wish to view, and nytprofhtml will be invoked behind the scenes to generate the HTML reports, which will then be served up, and you’ll be looking at the helpful Devel::NYTProf reports, to see where time was spent processing your request:

Early days yet, and a lot of room for improvement, but in my testing, it works.

Things I’d like to add when time permits:

  • The ability to exclude Dancer internals from the profiling (if I can find a clean way to do so)
  • The ability to enable profiling only for certain requests – for instance, providing a pattern to match the request URLs you want to profile
  • The ability to customise the URL at which profiling reports are served up
  • Check for sane behaviour if prefixes are in use

Feedback welcome!

Secure password handling in Dancer apps with Bcrypt

James Aitken has released Dancer::Plugin::Bcrypt, a new plugin for Dancer apps to make secure password hashing using Bcrypt easy.

For a background on why you ought to use Bcrypt rather than simpler hashing, see http://codahale.com/how-to-safely-store-a-password/ – basically, using MD5/SHA etc is too inexpensive, meaning that, even with a good salt, cracking the hash isn’t too hard to do these days, especially with the advent of use of the GPU. Bcrypt is intentionally expensive and slow (you can decide just how much).

Dancer::Plugin::Bcrypt makes validating a password hash as easy as:


if (bcrypt_validate_password($entered_password, $stored_hash)) {
    ...
}

Generating a hash to store is also very simple:


my $hash = bcrypt($plaintext);

Generation of random salt is taken care of for you.

*UPDATE* – the above is a nice simple way to quickly get secure password hashing with minimal effort – it is likely not the best way, though. If you’re already using DBIx::Class, then see DBIx::Class::PassphraseColumn for a better way to do this automatically at your database model level.

Thanks to mst for prompting me to mention the above :)

The Dancer release that will get you hooked!

Sawyer X wrote up a good post on version 1.3050 of the Dancer Perl web framework being released – "The Dancer release that will get you hooked!".

The addition of extra hooks, along with support for plugins to create hooks, heralds additional flexibility and power for your Dancer apps.

Dancer itself now provides various new hooks you can use to customise its behaviour, including before_deserializer, before_file_render, before_error_render, before_template_render, before_layout_render, before_serialization
– see the Dancer::hook() documentation for the full list. Plugins can register their own hooks, which your code can then make use of.

Props go to Franck Cuny for the implementation, and JT Smith of Plain Black for pushing for this feature and working with the Dancer team in designing the implementation.

Dancer 1.3050 also includes various bug fixes and improvements – see the CHANGES file for a full list.

Dancer::Plugin::TimeRequests

Today I knocked up a quick plugin for the Dancer Perl web framework to log the time taken by requests to help look for bottlenecks – enter Dancer::Plugin::TimeRequests.

At the moment it’s very simple, and simply logs the time taken to execute every request; in the future, I may extend it to support capturing statistics and adding a route handler to display stats (e.g. average request time, which routes take the longest to execute, etc.)

Suggestions / patches welcome – the code is on GitHub as usual.

Welcoming ambs to the Dancer core dev team

Alberto Simões (ambs) has been a helpful contributor to the Perl Dancer web framework for some time now, submitting a lot of helpful pull requests and being a valued member of the community providing ideas and support to new users.

I’m very happy to note that ambs is now a member of the Dancer core developers team – great to see all that hard work recognised (well, Dancer 1.3030 was released with codename “Silence of the ambs” as recognition too :) )

Welcome aboard, ambs!