I need to add an example using either browserify or serve-browserify. Maybe both.

People like frameworks because they support many templating languages

We should have a examples-template folder with at least 5 different templating languages for the same web server showing that plug & play just works.

the mvc example should have a test folder.

The test folder should demonstrate how to write proper production quality tests for your web apps.

I just want to keep track of some of the offline discussions surrounding multipart forms.

The example currently naively writes all files to disk which can be achieved more simply by adding a listener to the "file" event, and configuring the upload directory.

Personally I think writing to disk has its use cases, but you do need to be aware of the attack vectors associated with this. File uploads should be removed after the request is handled, or moved to a permanent store. Temporary file directories should not allow code to be executed in them or have files publicly accessible to any web server. It is also a good idea to write a service to periodically clean old files in case anything is left behind.

An example based on streaming files to a 3rd party file store also has its benefits since this is a popular solution as well. It removes the developer from the complexity of managing the server infrastructure.

I think we ought to cover both use cases.

Case 1: User wants to store files on the server itself in some resource directory. This should use a simple file storage approach, highlighting the security precautions required to make this safe.

Case 2: We want the data to pass through to a third party service in a streaming fashion. This should preferably be an amazon s3 example that doesn't touch the disk.

Granted I want to use simple middleware to parse arguments submitted to the server.
Shall I use multipart example, or there is no appropriate example yet?

confusion about how to set up "sign in with google" would be handy. this common (but a bit more complex) task can be one that scares users off from the small modules approach.

@thlorenz says

so I think the main point to show is that you can make it do EVERYTHING by using other modules

Basically for this to have value over frameworks we need to demonstrate how it can handle all the things.

Might be interesting to see any example of serving up template files using a popular templating engine (hogan, jade, ejs, etc...) and not just .js template files.

If we take a look at the csrf example you will see it uses a lot of dependencies.

When compared to isaacs/csrf-lite or connect csrf example you can see that those examples are very light in terms of dependencies and the csrf example in the examples folder has a lot of dependencies

• connect, 2 dependencies
• csrf-lite, 3 dependencies
• http-framework/csrf, 9 dependencies

cc @substack @thlorenz . Is it just me or should examples use less modules?

Content-Length is supposed to be the length in bytes, not characters.

You should either use buffers directly, or: Buffer.byteLength(string, [encoding])

I did a large mvc example

I want it to demonstrate a way of structuring applications that's not stupid but also not too opinionated / bullshit.

It would be good to get some eyes on it.

@Matt-Esch you had some opinions about structuring applications as standalone feature folders. I tried to structure it like that, would love to hear about the good & bad.

@thlorenz you had some opinions about structuring larger apps as modules. I tried to structure it like that, would to love to hear about the good & bad

The immediate example that comes to mind (as a previous python/django dev) is the django docs tutorial: https://docs.djangoproject.com/en/dev/intro/tutorial01/

In the case of http-framework, this comes down to creating a couple simple sites. Ideas that come to mind are:

• A site that has a login and some user specific settings
• An API server, especially one with auth tokens or the like

Some things that are bike shed-y and I'd like to get a top down answer.

• Any tech that should be banned from us in tutorials (specific DBs, libs, etc).
• Whether the plan would be to render the markdown into html for something like GH pages or just have a directory full of markdown.
  • If it is rendered, what tool do you want used (to so any authors can make sure it works)
  • Would there be anyone who wants to do design work and make it actually look nice

https://github.com/primus/access-control

In the examples we use hyperscript for a default templating language.

This choice was made because it's the simplest thing that works I could think of. one dependency. template re-use with functions & template inheritance with require.

Maybe there is a simpler string / text file alternative ?

cc @dominictarr

The examples should include a demonstration of a websocket server.

@timoxley asked for this.

Leave a comment on this issue with suggested modules to add to the wiki in case you dont know what category they are in or how to describe them

• doorknob
• persona-id
• auth-socket
• hyperglue
• connections
• basic

@mikolalysenko asked for this.

I'll do a demo with multiparty and busboy

@isaacs has an error-page module.

I should probably write an alternative error-pages example demonstrating usage of it.

@isaacs do you have any suggestions for an idiomatic example ? Maybe it's easier if you add an example to the error-page module and I just put some links to it.

Each one of the modules that I list in the package.json really should be security audited.

I recently fixed an outstanding buffer overflow attack vector in body

Right now a few examples use https://github.com/Raynos/routes-router which has a freaky depreciation warning. Would it be worth someones time to go through an update the examples to use http-hash-router or routes instead?