Dancer2 is a "micro" web framework which is modeled after a Ruby framework called Sinatra that constructs web applications by building a list of HTTP verbs, URLs (called routes) and methods to handle that type of traffic to that specific URL.
use Dancer2;
get '/' => sub {
return 'Hello World!';
};
start;This example shows a single HTTP verb "GET" followed by the root URL "/" and an anonymous subroutine which returns the string "Hello World!" If you were to run this example, it would display "Hello World!" when you point your browser at http://localhost:3000.
That's the reason I wrote this tutorial. While I was investigating some Python web frameworks like Flask or Bottle I enjoyed the way they explained step by step how to build an example application which was a little more involved than a trivial example.
Using the Flaskr sample application as my inspiration (OK, shamelessly plagiarised) I translated that application to the Dancer2 framework so I could better understand how Dancer2 worked. (I'm learning it too!)
So "Dancr" was born.
Dancr is a simple "micro" blog which uses the SQLite database engine for simplicity's sake. (You'll need to install sqlite if you don't have it installed already.)
Obviously you need Dancer2. You also need the Template Toolkit, File::Slurp, and DBD::SQLite. These all can be installed using your CPAN client, as in:
cpan Dancer2 Template File::Slurp DBD::SQLiteWe're not going to spend a lot of time on the database, as it's not really the point of this particular tutorial. Open your favorite text editor and create a schema definition called 'schema.sql' with the following content:
create table if not exists entries (
id integer primary key autoincrement,
title string not null,
text string not null
);Here we have a single table with three columns: id, title, and text. The 'id' field is the primary key and will automatically get an ID assigned by the database engine when a row is inserted.
We want our application to initialize the database automatically for us when we start it, so next, create a file called 'dancr.pl'. (The entire file is listed below, so don't worry about copying each of these fragments into 'dancr.pl' as you read through this document.) We're going to put the following subroutines in that file:
sub connect_db {
my $dbh = DBI->connect("dbi:SQLite:dbname=".setting('database')) or
die $DBI::errstr;
return $dbh;
}
sub init_db {
my $db = connect_db();
my $schema = read_file('./schema.sql');
$db->do($schema) or die $db->errstr;
}Nothing too fancy in here, I hope. Standard DBI except for the setting('database') thing - more on that in a bit. For now, just assume that the expression evaluates to the location of the database file.
(Note that you may want to look at the Dancer2::Plugin::Database module for an easy way to configure and manage database connections for your Dancer2 apps, but the above will suffice for this tutorial.)
Let's tackle our first route handler now, the one for the root URL '/'. This is what it looks like:
get '/' => sub {
my $db = connect_db();
my $sql = 'select id, title, text from entries order by id desc';
my $sth = $db->prepare($sql) or die $db->errstr;
$sth->execute or die $sth->errstr;
template 'show_entries.tt', {
'msg' => get_flash(),
'add_entry_url' => uri_for('/add'),
'entries' => $sth->fetchall_hashref('id'),
};
};As you can see, the handler is created by specifying the HTTP verb 'get', the '/' URL to match, and finally, a subroutine to do something once those conditions have been satisfied. Something you might not notice right away is the semicolon at the end of the route handler. Since the subroutine is actually a coderef, it requires a semicolon.
Let's take a closer look at the subroutine. The first few lines are standard DBI. The only new concept as part of Dancer2 is that template directive at the end of the handler. That tells Dancer2 to process the output through one of its templating engines. In this case, we're using Template Toolkit which offers a lot more flexibility than the simple default Dancer2 template engine.
Templates all go into the views/ directory. Optionally, you can create a "layout" template which provides a consistent look and feel for all of your views. We'll construct our own layout template cleverly named main.tt a little later in this tutorial.
What's going on with the hashref as the second argument to the template directive? Those are all of the parameters we want to pass into our template. We have a msg field which displays a message to the user when an event happens like a new entry is posted, or the user logs in or out. It's called a "flash" message because we only want to display it one time, not every time the / URL is rendered.
The uri_for directive tells Dancer2 to provide a URI for that specific route, in this case, it is the route to post a new entry into the database. You might ask why we don't simply hardcode the /add URI in our application or templates. The best reason not to do that is because it removes a layer of flexibility as to where to "mount" the web application. Although the application is coded to use the root URL / it might be better in the future to locate it under its own URL route (maybe /dancr?) - at that point we'd have to go through our application and the templates and update the URLs and hope we didn't miss any of them. By using the uri_for Dancer2 method, we can easily load the application wherever we like and not have to modify the application at all.
Finally, the entries field contains a hashref with the results from our database query. Those results will be rendered in the template itself, so we just pass them in.
So what does the show_entries.tt template look like? This:
[% IF session.logged_in %]
<form action="[% add_entry_url %]" method=post class=add-entry>
<dl>
<dt>Title:
<dd><input type=text size=30 name=title>
<dt>Text:
<dd><textarea name=text rows=5 cols=40></textarea>
<dd><input type=submit value=Share>
</dl>
</form>
[% END %]
<ul class=entries>
[% IF entries.size %]
[% FOREACH id IN entries.keys.nsort %]
<li><h2>[% entries.$id.title %]</h2>[% entries.$id.text %]
[% END %]
[% ELSE %]
<li><em>Unbelievable. No entries here so far</em>
[% END %]
</ul>Again, since this isn't a tutorial specifically about Template Toolkit, I'm going to gloss over the syntax here and just point out the section which starts with <ul class=entries> - this is the section where the database query results are displayed. You can also see at the very top some discussion about a session - more on that soon.
There are 8 defined HTTP verbs defined in RFC 2616: OPTIONS, GET, HEAD, POST, PUT, DELETE, TRACE, CONNECT. Of these, the majority of web applications focus on the verbs which closely map to the CRUD (Create, Retrieve, Update, Delete) operations most database-driven applications need to implement.
In addition, the PATCH verb was defined in RFC5789, and is intended as a "partial PUT" - sending just the changes required to the entity in question. How this would be handled is down to your app, it will vary depending on the type of entity in question and the serialization in use.
Dancer2 currently supports GET, PUT/PATCH, POST, DELETE, OPTIONS which map to Retrieve, Update, Create, Delete respectively. Let's take a look now at the /add route handler which handles a POST operation.
post '/add' => sub {
if ( not session('logged_in') ) {
send_error("Not logged in", 401);
}
my $db = connect_db();
my $sql = 'insert into entries (title, text) values (?, ?)';
my $sth = $db->prepare($sql) or die $db->errstr;
$sth->execute(params->{'title'}, params->{'text'}) or die $sth->errstr;
set_flash('New entry posted!');
redirect '/';
};As before, the HTTP verb begins the handler, followed by the route, and a subroutine to do something - in this case, it will insert a new entry into the database.
The first check in the subroutine is to make sure the user sending the data is logged in. If not, the application returns an error and stops processing. Otherwise, we have standard DBI stuff. Let me insert (heh, heh) a blatant plug here for always, always using parameterized INSERTs in your application SQL statements. It's the only way to be sure your application won't be vulnerable to SQL injection. (See http://www.bobby-tables.com for correct INSERT examples in multiple languages.) Here we're using the params convenience method to pull in the parameters in the current HTTP request. (You can see the 'title' and 'text' form parameters in the show_entries.tt template above.) Those values are inserted into the database, then we set a flash message for the user and redirect her back to the root URL.
It's worth mentioning that the "flash message" is not part of Dancer2, but a part of this specific application.
Dancer2 comes with a simple in-memory session manager out of the box. It supports a bunch of other session engines including YAML, memcached, browser cookies and others. For this application we're going to stick with the in-memory model which works great for development and tutorials, but won't persist across server restarts or scale very well in "real world" production scenarios.
To use sessions in our application, we have to tell Dancer2 to activate the session handler and initialize a session manager. To do that, we add some configuration directives toward the top of our 'dancr.pl' file. But there are more options than just the session engine we want to set.
set 'database' => File::Spec->catfile(File::Spec->tmpdir(), 'dancr.db');
set 'session' => 'Simple';
set 'template' => 'template_toolkit';
set 'logger' => 'console';
set 'log' => 'debug';
set 'show_errors' => 1;
set 'startup_info' => 1;
set 'warnings' => 1;Hopefully these are fairly self-explanatory. We want the Simple session engine, the Template Toolkit template engine, logging enabled (at the 'debug' level with output to the console instead of a file), we want to show errors to the web browser, log access attempts and log Dancer2 warnings (instead of silently ignoring them).
In a more sophisticated application you would want to put these configuration options into a configuration file, but for this tutorial, we're going to keep it simple. Dancer2 also supports the notion of application environments, meaning you can create a configuration file for your development instance, and another config file for the production environment (with things like debugging and showing errors disabled perhaps). Dancer2 also doesn't impose any limits on what parameters you can set using the set syntax. For this application we're going to embed our single username and password into the application itself:
set 'username' => 'admin';
set 'password' => 'password';Hopefully no one will ever guess our clever password! Obviously, you will want a more sophisticated user authentication scheme in any sort of non-tutorial application but this is good enough for our purposes.
Now that Dancr is configured to handle sessions, let's take a look at the URL handler for the /login route.
any ['get', 'post'] => '/login' => sub {
my $err;
if ( request->method() eq "POST" ) {
# process form input
if ( params->{'username'} ne setting('username') ) {
$err = "Invalid username";
}
elsif ( params->{'password'} ne setting('password') ) {
$err = "Invalid password";
}
else {
session 'logged_in' => true;
set_flash('You are logged in.');
return redirect '/';
}
}
# display login form
template 'login.tt', {
'err' => $err,
};
};This is the first handler which accepts two different verb types, a GET for a human browsing to the URL and a POST for the browser to submit the user's input to the web application. Since we're handling two different verbs, we check to see what verb is in the request. If it's not a POST, we drop down to the template directive and display the login.tt template:
<h2>Login</h2>
[% IF err %]<p class=error><strong>Error:</strong> [% err %][% END %]
<form action="[% login_url %]" method=post>
<dl>
<dt>Username:
<dd><input type=text name=username>
<dt>Password:
<dd><input type=password name=password>
<dd><input type=submit value=Login>
</dl>
</form>This is even simpler than our show_entries.tt template - but wait - there's a login_url template parameter and we're only passing in the err parameter. Where's the missing parameter? It's being generated and sent to the template in a before_template directive - we'll come back to that in a moment or two.
So the user fills out the login.tt template and submits it back to the /login route handler. We now check the user input against our application settings and if the input is incorrect, we alert the user, otherwise the application starts a session and sets the logged_in session parameter to the true() value. Dancer2 exports both a true() and false() convenience method which we use here. After that, it's another flash message and back to the root URL handler.
And finally, we need a way to clear our user's session with the customary logout procedure.
get '/logout' => sub {
app->destroy_session;
set_flash('You are logged out.');
redirect '/';
};app->destroy_session; is Dancer2's way to remove a stored session. We notify the user she is logged out and route her back to the root URL once again.
We still have a missing puzzle piece or two. First, how can we use Dancer2 to serve our CSS stylesheet? Second, where are flash messages displayed? Third, what about the before_template directive?
In Dancer2, static files should go into the public/ directory, but in the application itself be sure to omit the public/ element from the path. For example, the stylesheet for Dancr lives in dancr/public/css/style.css but is served from http://localhost:3000/css/style.css.
If you wanted to build a mostly static web site you could simply write route handlers like this one:
get '/' => sub {
send_file 'index.html';
};where index.html would live in your public/ directory.
send_file does exactly what it says: it loads a static file, then sends the contents of that file to the user.
I mentioned near the beginning of this tutorial that it is possible to create a layout template. In Dancr, that layout is called main and it's set up by putting in a directive like this:
set layout => 'main';near the top of your web application. This tells Dancer2's template engine that it should look for a file called main.tt in dancr/views/layouts/ and insert the calls from the template directive into a template parameter called content.
For this web application, the layout template looks like this:
<!doctype html>
<html>
<head>
<title>Dancr</title>
<link rel=stylesheet type=text/css href="[% css_url %]">
</head>
<body>
<div class=page>
<h1>Dancr</h1>
<div class=metanav>
[% IF not session.logged_in %]
<a href="[% login_url %]">log in</a>
[% ELSE %]
<a href="[% logout_url %]">log out</a>
[% END %]
</div>
[% IF msg %]
<div class=flash> [% msg %] </div>
[% END %]
[% content %]
</div>
</body>
</html>Aha! You now see where the flash message msg parameter gets rendered. You can also see where the content from the specific route handlers is inserted (the fourth line from the bottom in the content template parameter).
But what about all those other *_url template parameters?
Dancer2 has a way to manipulate the template parameters before they're passed to the engine for processing. It's before_template. Using this directive, you can generate and set the URIs for the /login and /logout route handlers and the URI for the stylesheet. This is handy for situations like this where there are values which are re-used consistently across all (or most) templates. This cuts down on code-duplication and makes your app easier to maintain over time since you only need to update the values in this one place instead of everywhere you render a template.
hook before_template => sub {
my $tokens = shift;
$tokens->{'css_url'} = request->base . 'css/style.css';
$tokens->{'login_url'} = uri_for('/login');
$tokens->{'logout_url'} = uri_for('/logout');
};Here again I'm using uri_for instead of hardcoding the routes. This code block is executed before any of the templates are processed so that the template parameters have the appropriate values before being rendered.
By now we have finished a basic application which allows a user to login, add entries and see them from its main page. Quite a big achievement for such a small effort no? Given below is the final dancr.pl script for reference.
use Dancer2;
use DBI;
use File::Spec;
use File::Slurp;
use Template;
set 'database' => File::Spec->catfile(File::Spec->tmpdir(), 'dancr.db');
set 'session' => 'Simple';
set 'template' => 'template_toolkit';
set 'logger' => 'console';
set 'log' => 'debug';
set 'show_errors' => 1;
set 'startup_info' => 1;
set 'warnings' => 1;
set 'username' => 'admin';
set 'password' => 'password';
set 'layout' => 'main';
my $flash;
sub set_flash {
my $message = shift;
$flash = $message;
}
sub get_flash {
my $msg = $flash;
$flash = "";
return $msg;
}
sub connect_db {
my $dbh = DBI->connect("dbi:SQLite:dbname=".setting('database')) or
die $DBI::errstr;
return $dbh;
}
sub init_db {
my $db = connect_db();
my $schema = read_file('./schema.sql');
$db->do($schema) or die $db->errstr;
}
hook before_template => sub {
my $tokens = shift;
$tokens->{'css_url'} = request->base . 'css/style.css';
$tokens->{'login_url'} = uri_for('/login');
$tokens->{'logout_url'} = uri_for('/logout');
};
get '/' => sub {
my $db = connect_db();
my $sql = 'select id, title, text from entries order by id desc';
my $sth = $db->prepare($sql) or die $db->errstr;
$sth->execute or die $sth->errstr;
template 'show_entries.tt', {
'msg' => get_flash(),
'add_entry_url' => uri_for('/add'),
'entries' => $sth->fetchall_hashref('id'),
};
};
post '/add' => sub {
if ( not session('logged_in') ) {
send_error("Not logged in", 401);
}
my $db = connect_db();
my $sql = 'insert into entries (title, text) values (?, ?)';
my $sth = $db->prepare($sql) or die $db->errstr;
$sth->execute(params->{'title'}, params->{'text'}) or die $sth->errstr;
set_flash('New entry posted!');
redirect '/';
};
any ['get', 'post'] => '/login' => sub {
my $err;
if ( request->method() eq "POST" ) {
# process form input
if ( params->{'username'} ne setting('username') ) {
$err = "Invalid username";
}
elsif ( params->{'password'} ne setting('password') ) {
$err = "Invalid password";
}
else {
session 'logged_in' => true;
set_flash('You are logged in.');
return redirect '/';
}
}
# display login form
template 'login.tt', {
'err' => $err,
};
};
get '/logout' => sub {
app->destroy_session;
set_flash('You are logged out.');
redirect '/';
};
init_db();
start;Now that we have the basic structure ready, it is time to equip our micro blog with some other common and essential functionalities. To begin with, we add the edit and delete buttons,that understandably, let the user edit or delete their post.
This means that we will have edit and delete buttons under every post. To do this we make some changes in show_entries.tt.
[% IF entries.size %]
<ul class=entries>
[% FOREACH id IN entries.keys.nsort %]
<li><h2>[% entries.$id.title %]</h2>[% entries.$id.text %]
<form action="[% edit_entry_url %]" method=get>
<input type=hidden value="[% entries.$id.id %]" name=rowid>
<input type=submit value=edit>
</form>
<form action="[% delete_entry_url %]" method=post>
<input type=hidden value="[% entries.$id.id %]" name=rowid>
<input type=submit value=delete>
</form>
[% END %]
</ul>
[% END %]The above code basically adds two forms below each entry being displayed, one to edit it and another to delete it. The user will only see corresponding buttons and clicking them will invoke the associated methods. Now, we need to define the edit_entry_url and delete_entry_url routes.
First, open Dancr.pm and add the following method.
any ['get' ,'post'] => '/edit' => sub {
my $db = connect_db();
my $sql = "SELECT title, text, username FROM entries WHERE id=?";
my @row = $db->selectrow_array($sql,undef,params->{'rowid'});
template 'edit.tt', {
'title_value' => $row[0],
'text_value' => $row[1],
'rowid' => params->{'rowid'},
'update_entry_url' => uri_for('/update'),
};
};This function just fetches the entry for the database and passes it to edit.tt for editing. This is what <edit.tt> will look like :
[% IF session.logged_in %]
<form action="[% update_entry_url %]" method=post >
<dl>
<dt>Title:
<dd><input type=text size=30 name=title value="[% title_value %]">
<dt>Text:
<dd><textarea name=text rows=5 cols=40> [% text_value %] </textarea>
<dd><input type=submit value=share>
<input type=hidden value="[% rowid %]" name=rowid>
</dl>
</form>
[% END %]So far, we have managed to enable the user to edit a post by directing to an edit page that lets the user change the title and text fields. But once these edits are, we also need to commit them, or push them into the database. For this, we define another route called /update :
post '/update' => sub{
my $db = connect_db();
my $sql = 'update entries set title=?, text=? where id=?';
my $sth = $db->prepare($sql) or die $db->errstr;
$sth->execute(params->{'title'}, params->{'text'}, params->{'rowid'}) or die $sth->errstr;
set_flash('Entry updated!');
redirect '/';
};Similarly, we define the /delete route :
post '/delete' => sub{
my $db = connect_db();
my $sql = 'delete from entries where id=?';
my $sth = $db->prepare($sql) or die $db->errstr;
$sth->execute(params->{'rowid'}) or die $sth->errstr;
set_flash('Entry deleted!');
redirect '/';
};Now, the user will be able to edit/delete any of his posts.
Till now, we have only had one user but any respectable forum needs to allow other users to register. So let's start working on that functionality now.
First, we will need to create another table that will be populated by users as they register and create an account with the microblog. So we create the table users in schema.sql
create table if not exists users (
userid integer primary key autoincrement,
name string not null,
username string not null,
password string not null,
email string not null
);
create table if not exists entries (
id integer primary key autoincrement,
title string not null,
text string not null,
username string not null
);Notice how a new column username has been added to the entries table to link it to the users table (in real life, you might want to use a foreign key to link these two tables but as stated earlier, we are only develping a sample application).
To register, a user will have to fill out a form the details of which will go into the database. We display this through the register.tt template :
<form action="[% register_url %]" method=post class=register
<dl>
<dt>Name:
<dd><input type=text size=30 name=name>
<dt>Username:
<dd><input type=text size=30 name=user>
<dt>Password:
<dd><input type=password size=20 name=pwd>
<dt>Email id:
<dd><input type=text size=30 name=email>
<dd><input type=submit value=register>
</dl>
</form>Now, we define the /register route which will push the information entered by the user into the database.
any ['get', 'post'] => '/register' => sub {
if ( request->method() eq "POST" ) {
my $db = connect_db();
my $sql = 'insert into users (name, username, password, email) values (?, ?, ?, ?)';
my $sth = $db->prepare($sql) or die $db->errstr;
$sth->execute(params->{'name'}, params->{'user'}, params->{'pwd'}, params->{'email'}) or die $sth->errstr;
set_flash('New user registered');
redirect '/login';
}
template 'register.tt';
};The function is largely self-explanatory but if you have any doubts feel free to ask on the mailinglist or IRC. Also, in the hook before_template, we need to add
$tokens->{'register_url'} = uri_for('/register');But how will the user be directed to this page? We will have to make a small addition in the main.tt layout
[% IF not session.logged_in %]
<a href="[% login_url %]">log in</a>
<a href="[% register_url %]">Register Now</a>
[% ELSE %]
<a href="[% logout_url %]">log out</a>
[% END %]Next thing we need to do is check for validity of username and password while logging in. Earlier in the tutorial, for the sake of simplicity, we had hardcoded the username and password. Now, we will have to run through the database to check for validity.
any ['get', 'post'] => '/login' => sub {
my $err;
if ( request->method() eq "POST" ) {
my $db = connect_db();
my $sql = 'select username,password from users where username=?';
my @ans = $db->selectrow_array($sql, undef, params->{'username'});
my ($user,$pwd) = @ans;
if (params->{'username'} ne $user){
$err = 'Invalid username';
}
elsif(params->{'password'} ne $pwd) {
$err = 'Invalid password';
}
else {
session 'logged_in' => true;
session 'username' => params->{'username'};
set_flash('You are logged in.');
return redirect '/';
}
}
template 'login.tt', {
'err' => $err,
};
};We also need to make edit and delete possible only when the user is logged in. For this, we display the edit and delete buttons only for the entries that the user has posted.
[% IF entries.$id.username == uname %]
<form action="[% edit_entry_url %]" method=get>
<input type=hidden value="[% entries.$id.id %]" name=rowid>
<input type=submit value=edit>
</form>
<form action="[% delete_entry_url %]" method=post>
<input type=hidden value="[% entries.$id.id %]" name=rowid>
<input type=submit value=delete>
</form>
[% END %]The uname used above will be sent to the template from the / route handler.
template 'show_entries.tt', {
'msg' => get_flash(),
'add_entry_url' => uri_for('/add'),
'edit_entry_url' => uri_for('/edit'),
'delete_entry_url' => uri_for('/delete'),
'entries' => $sth->fetchall_hashref('id'),
'filenames' => $filenames->fetchall_hashref('id'),
'uname' => session('user')
};We also need to check user credentials on the edit and delete requests. for this, we use Dancer2::Plugin::Auth::Tiny. We have to define what routes needs a login using Auth::Tiny's needs keyword.
use Dancer2::Plugin::Auth::Tiny;
get '/' => needs login => sub {
}
post '/add' => needs login => sub {
}
any ['get' ,'post'] => '/edit' => needs login => sub {
}
post '/update' => needs login => sub{
}
post '/delete' => needs login => sub{
}
get '/logout' => needs login => sub {
}Also, there needs to be an additional check on authorization in the edit and delete functions. In the /edit route, we add :
my $db = connect_db();
my $sql = "SELECT title, text, username FROM entries WHERE id=?";
my @row = $db->selectrow_array($sql,undef,params->{'rowid'});
if ( $row[2] ne session('user')) {
set_flash('Unauthorized access');
redirect '/';
}In the /delete route :
my $db = connect_db();
my $sql = "SELECT username FROM entries WHERE id=?";
my @row = $db->selectrow_array($sql,undef,params->{'rowid'});
if ( $row[0] ne session('user')) {
set_flash('Unauthorized access');
redirect '/';
}To make our app more reliable and trustworthy, it is important to incorporate password hashing. This is done using Dancer2::Plugin::Passphrase. In the /register route :
if ( request->method() eq "POST" ) {
my $db = connect_db();
my $password = passphrase( params->{'pwd'} )->generate;
my $sql = 'insert into users (name, username, password, email) values (?, ?, ?, ?)';
my $sth = $db->prepare($sql) or die $db->errstr;
$sth->execute(params->{'name'}, params->{'user'}, $password->rfc2307, params->{'email'}) or die $sth->errstr;
set_flash('New user registered');
redirect '/login';
}In the /login route :
if (params->{'username'} ne $user){
$err = 'Invalid username';
}
elsif(not passphrase(params->{'password'})->matches($pwd)) {
$err = 'Invalid password';
}
else {
session 'user' => params->{'username'};
session 'logged_in' => true;
set_flash('You are logged in.');
return redirect params->{return_url} || '/';
}So far, a new entry only contains the title and text fields. A third option is to upload a picture. Our form, in show_entries.tt has to now have a file upload field as well.
<form action="[% add_entry_url %]" method=post class=add-entry enctype=multipart/form-data>
<dl>
<dt>Title:
<dd><input type=text size=30 name=title>
<dt>Text:
<dd><textarea name=text rows=5 cols=40></textarea>
<dd><input type=file name=file>
<dd><input type=submit value=Share>
</dl>
</form>We now have to create a third table that will store the names of the uploaded files, and the entry id corresponding to which they were posted.
create table if not exists filenames (
id integer primary key,
filename string not null
);All static files in Dancer2 go into the public/ directory. Thus, we create a uploadsFolder inside it, which will store all the files uploaded by users. We will have to make the following configuration settings :
set 'public_dir' => dirname(__FILE__)."/../public";
set 'upload_dir' => '/uploadsFolder/';dirname is a perl function which gives you the absolute path of the currently executing perl script (app.pl in our case). This let's us create avoid hardcoded paths and keep our app portabl across different systems.
In the /add route, we make changes to copy the file uploaded to the uploadsFolder and to add the filename to the database:
my $db = connect_db();
my $upload = request->upload('file');
my $fname;
my $sql = 'insert into entries (title, text, username) values (?, ?, ?)';
my $sth = $db->prepare($sql) or die $db->errstr;
$sth->execute(params->{'title'}, params->{'text'}, session('user')) or die $sth->errstr;
if($upload){
$fname = setting('upload_dir').$upload->filename;
$upload->copy_to(setting('public_dir').$fname);
$sql = "select id from entries where username=? and title =? and text=?";
my @row = $db->selectrow_array($sql,undef,session('user'),params->{'title'},params->{'text'});
$sql = 'insert into filenames (id, filename) values (?, ?)';
$sth = $db->prepare($sql) or die $db->errstr;
$sth->execute($row[0], $fname) or die $sth->errstr;
}
set_flash('New entry posted!');
redirect '/';While deleting an entry, the corresponding filename will also have to be deleted and the file deleted from the uploadsFolder. Hence in the /delete route :
$sql = "select filename from filenames where id=?";
@row = $db->selectrow_array($sql,undef,params->{'rowid'});
my $fname = setting('public_dir').$row[0];
unlink $fname;
$sql = 'delete from entries where id=?';
my $sth = $db->prepare($sql) or die $db->errstr;
$sth->execute(params->{'rowid'}) or die $sth->errstr;
$sql = 'delete from filenames where id=?';
$sth = $db->prepare($sql) or die $db->errstr;
$sth->execute(params->{'rowid'}) or die $sth->errstr;
set_flash('Entry deleted!');
redirect '/';The uploaded image will also have to be displayed. Thus, in the / route:
$sql = 'select id,filename from filenames order by id desc';
my $filenames = $db->prepare($sql) or die $db->errstr;
$filenames->execute or die $sth->errstr;
template 'show_entries.tt', {
'msg' => get_flash(),
'add_entry_url' => uri_for('/add'),
'edit_entry_url' => uri_for('/edit'),
'delete_entry_url' => uri_for('/delete'),
'entries' => $sth->fetchall_hashref('id'),
'filenames' => $filenames->fetchall_hashref('id'),
'uname' => session('user')
};And in the view show_entries.tt
[% FOREACH id IN entries.keys.nsort %]
<li><h2>[% entries.$id.title %]</h2>
[% IF filenames.exists(entries.$id.id) %]
[% entry_id = entries.$id.id %]
<img src=[% filenames.item(entry_id).filename %] />
[% END %]
[% entries.$id.text %]Note how we are displaying the picture irrespective of whether the entry has an associated picture or not. Can you resolve this bug?
Another useful feature for our micro blog would be the blog feed, that would show the five latest entries from the database. This is easily done using Dancer2::Plugin::Feed.
use Dancer2::Plugin::FeedTo be able to retrieve the latest entries from the database, we need to be able to compare the date and time at which they were posted. Hence, we update schema.sql to include the timestamp:
create table if not exists entries (
id integer primary key autoincrement,
title string not null,
text string not null,
author string not null,
timestamp DATETIME DEFAULT CURRENT_TIMESTAMP
);Now, we need to push the timestamp while adding a post, into the database as well. In the /add route:
my $sql = 'insert into entries (title, text, author, timestamp) values (?, ?, ?, ?)';
my $sth = $db->prepare($sql) or die $db->errstr;
my $date = strftime('%Y-%m-%d %T',localtime);
$sth->execute(params->{'title'}, params->{'text'}, session('user'), $date) or die $sth->errstr;The strftime function of the POSIX module converts date and time information to a string. To be able to use this, we have to add
use POSIX qw/strftime/;We also need to write a subroutine that will return the 5 latest posts, in an arrayref:
sub _articles {
my $db = connect_db();
my $sql = 'SELECT * FROM entries ORDER BY timestamp DESC LIMIT 5';
my $sth = $db->prepare($sql) or die $db->errstr;
$sth->execute() or die $DBI::errstr;
my @ans = ();
while(my $article= $sth->fetchrow_hashref()){
my $feed = {};
$feed->{title} = $article->{title};
$feed->{author} = $article->{username};
push @ans, $feed;
}
retur \@ans;
}Notice how we define another variable feed which basically stores the article details in a format expected by create_atom_feed. the _articles method just returns an array of these feeds. Finally, we write the /feed route :
get '/feed' => sub {
my $feed;
my $articles = _articles();
$feed = create_atom_feed(
title => 'Dancer Blog Feed',
entries => $articles,
);
return $feed;
};The above route generates atom feed. If you want to generate rss feed, you simply have to use create_rss_feed() instead.
We still haven't added a link to go to the feed. This just requires a small change in the layout main.tt
[% IF not session.logged_in %]
<a href="[% login_url %]">log in</a>
<a href="[% register_url %]">Register Now</a>
[% ELSE %]
<a href="[% logout_url %]">log out</a>
[% END %]
<a href="[% feed_url %]" style="float:center" >Atom Feed</a>We also need to add the route to the hook before_template
$tokens->{'feed_url'} = uri_for('/feed');Now you can click on the ATOM FEED link and get the latest feeds from your forum!
There's a lot more to route matching than shown here. For example, you can match routes with regular expressions, or you can match pieces of a route like /hello/:name where the :name piece magically turns into a named parameter in your handler for manipulation.
I hope this effort has been helpful and interesting enough to get you exploring Dancer2 on your own. The framework is still under heavy development but it's definitely mature enough to use in a production project. Additionally, there are now a lot of great Dancer2 plugins which extend and enhance the capabilities of the platform.
Happy dancing!
Copyright (C) 2010 by Mark R. Allen.
This is free software; you can redistribute it and/or modify it under the terms of either the Artistic License 2.0 or the GNU Public License version 2.
The CSS stylesheet is copied verbatim from the Flaskr example application and is subject to their license:
Copyright (c) 2010 by Armin Ronacher and contributors.
Some rights reserved.
Redistribution and use in source and binary forms of the software as well as documentation, with or without modification, are permitted provided that the following conditions are met:
Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
The names of the contributors may not be used to endorse or promote products derived from this software without specific prior written permission.
Dancer Core Developers
This software is copyright (c) 2013 by Alexis Sukrieh.
This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself.