Announcing Luminus 2.0
February 28, 2015
I'm excited to announce the release of Luminus 2.0. This release is a major update and introduces a number of changes to the framework. These changes reflect the evolution of the Clojure web stack and best practices over the past year.
The biggest change is that Luminus is no longer using lib-noir, nor will I be actively developing the library going forward. I intend to continue maintaining it and to provide bug fixes, but I will not be working on additional features. If anybody is interested in taking it over then please leave a comment on GitHub in that regard.
I believe that lib-noir has served an important role providing many useful features such as input validation, access rules, session handling and so on. However, today there are great standalone libraries available for accomplishing each of these tasks. I believe that using simple and focused libraries leads to better overall user experience. The libraries that Luminus currently defaults to are as follows:
- access rules - Buddy
- cache - core.cache
- crypto - crypto-password
- database - Yesql
- sessions/cookies - Ring
- validation - Bouncer
Session management is the biggest change from the user perspective. While lib-noir uses a request bound session that can be manipulated anywhere within the scope of the request, Ring requires sessions to be associated with the response explicitly by the handler.
While lib-noir approach is unquestionably convenient it introduces a subtle problem. Since the session is bound to a thread-local variable it's possible to run into race conditions with the in-memory session store. I feel that the Ring approach results in simpler design that’s more explicit about what it’s doing.
The new middleware stack is now based on ring-defaults instead of the
app-handler from lib-noir as Noir specific middleware is no longer required.
The move from Korma to Yesql is another major change. While Korma provides a nice DLS for working with SQL, I feel that the sheer simplicity of Yesql is preferable in the long run.
Meanwhile, Buddy is an exciting set of libraries for handling authorization, authentication, and access rules. It has an intuitive API and excellent documentation.
Bouncer is an excellent validation library that works with both Clojure and ClojureScript allowing for shared validation logic between the server and the client.
Some other changes include the
+cljs profile updates for Figwheel support and the deprecation of the
+site profile. It's been replaced with the
+auth profile that sets up Buddy middleware for session based authentication instead.
As always, the framework primarily strives to remove the boilerplate from typical web projects and provide reasonable defaults. If you don’t agree with any of the library choices that it makes it’s trivial to swap them out with your own. The base profile is intentionally kept minimal to provide an unopinionated default.
The template project for Luminus has been completely rewritten as well. The new template cleanly separates different profiles making it much easier to maintain and add new features.
Finally, all the documentation has been updated to reflect the changes with the original made available on GitHub.