October 10, 2013
I’m a minimalist in many ways. I want a web framework that does exactly what I need and no more. Ruby on Rails is my go-to framework these days, but it feels bloated and a bit too magical. These are things that would be in my ideal web framework:
- URL mapping by regular expressions. The regular expressions should be pre-compiled at load time so that routing is instantaneous.
- A templating language that lets me break views up into modular pieces. I should be able to nest views arbitrarily, even recursively. Even better if the templating language validates the well-formedness of my HTML, like Dropbox’s Pyxl.
- Cookie-based sessions. The cookies should be cryptographically signed—and better yet—encrypted.
- Internationalization and localization support.
- Security stuff: CSRF protection, a typing scheme that prevents injection attacks (e.g., “blessed strings”), etc.
- HTTP stuff: The ability to specify the response headers, support for chunked transfer encoding, configurable implementations of the HEAD and OPTIONS verbs, etc. I should be able to stream video data to the client. HTTPS support is a must.
- Caching. I should be able to specify that some requests are to be cached and their responses will be reused. Or, more generally, I want to be able to store anything in the cache (not just views)—something like a local Memcached instance.
Things I do NOT want in a web framework:
- An ORM. At most, I want a small DSL for building safe SQL queries. I should be able to control what database I use, what indexes a table has, how data are sharded, how the system scales, etc. I do not want to find that my app doesn’t scale because my web framework writes inefficient SQL. Also, not every web application uses SQL—nowadays, NoSQL databases and other non-relational datastores are common. How persistent data is stored, if there is persistent data at all, is very application-dependent.
- Login / user authentication functionality. The web framework shouldn’t have a notion of “user” or “password”—all of that should be up to the application. Similarly, roles/privileges should not be a built-in concept.
Uh oh—I’m getting tempted to build my own. Not this again.