drogon icon indicating copy to clipboard operation
drogon copied to clipboard

Published 20 hours ago verified publisher icon drogonframework

Drogon 2.0

Open rbugajewski opened this issue 4 years ago • 26 comments

This is the place for general discussion regarding the development of Drogon 2.0. The upcoming version will introduce breaking changes, but there’s also the opportunity to improve on existing APIs.

Until development of version 2.0 reaches a more mature state, all feature requests and discussions should be part of this issue.

rbugajewski avatar Jan 11 '21 15:01 rbugajewski

Just want to share some frustrations I have.

  • Please switch to a faster JSON library (nlohmann/json, rapidJSON, etc..) JsonCpp in kinda slow. I often wrap around Drogon's methods for performance.
    • nlohmann/json is 4x faster and rapidJSON is 40x
    • Both tries to be type safe. But raiidjson doesn't do graceful handling
  • Use string or string_view for content type. And allow user defined ones. Submitting a PR just to add a new file is unnecessary.
  • Exceptions can escape the event loop (#600) then crash the entire app. And we might have to deal with exceptions when introducing coroutines anyway.

And my wish-list:

  • C++ modules support
  • Switch to Botan to make cryptography easier
  • Switch to a response object instead of using callbacks. This should make HTTP/2 easier to implement. And more intuitive

I'm looking into getting HTTP/2 and coroutines support. But not sure if I can make it happen (coro shouldn't be an issue). I'll try to contribute as much as I can.

Thanks.

marty1885 avatar Jan 12 '21 01:01 marty1885

nlohmann/json definately. Query- cannot brotli complelely replace zlib?

sardar01 avatar Jan 13 '21 07:01 sardar01

@sardar01 Brotli doesn't work under all conditions. Ex: most browsers won't accept brotli over plan HTTP. And gz is good fallback for old browsers.

marty1885 avatar Jan 13 '21 10:01 marty1885

On a side note according to 'caniuse' : brotli has as this writing 94.34% of Global coverage. tls1.2 has as this writing 98.24% of Global coverage. tls1.3 has as this writing 90.98% of Global coverage.

ideally you'd want to serve modern client with static brotli with a tls1.3 0RTT resumable session, and as fallback for older clients use static/dynamic gzip with at minimum tls1.2

but this depends mostly on your desired level of security / performace and if for you that small % of old clients is your main target audience or your so big that even a small percentage means loads of clients...

seiichi-yoshimune avatar Jan 13 '21 18:01 seiichi-yoshimune

A good testing framework and suite would be great. If you want to catch the big fish, you might as well advertise it as safe and reliable too. About @marty1885's answer

Switch to Botan to make cryptography easier

Why not use Crypto++? It's a much more popular choice when it comes to C++ crypto

ivanka2012 avatar Jan 21 '21 16:01 ivanka2012

I don't know exactly what drogon needs in a JSON library, but if switching default JSON libraries and performance is a primary concern, simdjson[1] is probably the best.

Another interesting thing to explore performance wise is using io_uring rather than epoll on Linux[2-4].

As far as crypto libraries go, I don't really see much reason to switch from OpenSSL. It is likely one of the most tested and proven crypto libraries in the world, and I'm not sure the drogon user needs to be concerned with the crypto API anyways (it looks to be used only in trantor/trantor/net/inner/TcpConnectionImpl.cc as an implementation detail). So you might as well pick the fastest and most secure/tested crypto library.

[1] https://github.com/simdjson/simdjson [2] https://unixism.net/2020/04/io-uring-by-example-part-3-a-web-server-with-io-uring/ [3] https://ndportmann.com/io_uring-preview-release/ [4] https://github.com/frevib/io_uring-echo-server/blob/io-uring-feat-fast-poll/benchmarks/benchmarks.md

mkrupcale avatar Jan 31 '21 20:01 mkrupcale

Another interesting thing to explore performance wise is using io_uring rather than epoll on Linux[2-4].

Would a change to uring be made in Trantor rather than Drogon?

danwt avatar Feb 01 '21 17:02 danwt

Would a change to uring be made in Trantor rather than Drogon?

Yes, I believe so, although I don't know all the technical details of the relationship between them to say it's exclusively a change in trantor.

mkrupcale avatar Feb 01 '21 17:02 mkrupcale

We should also discuss about API changes before the first public release of the next major version, because we will be able to introduce API-breaking changes. I created a placeholder ticket for now.

rbugajewski avatar Apr 15 '21 13:04 rbugajewski

Add real security, I have plans to use dragon for it's speed for a start up company but it doesn't have good security.

Would be nice if "Baton" can be added since it is the best Cipher Suite library in C++ and Dragon will benefit from this. This will be perfect for the Dragon project and almost any enterprise can use it if they are determined enough.

Thanks.

rajhlinux avatar Apr 21 '21 15:04 rajhlinux

We won’t add our own security implementation as we don’t have the possibility of audits, but better integration of a third-party dependency is a good idea, thanks.

rbugajewski avatar Apr 21 '21 17:04 rbugajewski

We won’t add our own security implementation as we don’t have the possibility of audits, but better integration of a third-party dependency is a good idea, thanks.

That is what I really intended to say, you are right that it doesn't make sense to actually implement security from scratch.

Dragon is really interesting, I see it's future as an enterprise ready web server. It's benchmarks is always on the top.

rajhlinux avatar Apr 23 '21 03:04 rajhlinux

请问是否可以在app().run();时就创建controller对象而不是在收到第一个请求时,这样方便将初始化代码直接放在控制器类的构造函数中

justghostof avatar Jun 07 '21 10:06 justghostof

请问是否可以在app().run();时就创建controller对象而不是在收到第一个请求时,这样方便将初始化代码直接放在控制器类的构造函数中

@mwx2006 , the PR #888 is for this requirement, please check it. thanks. @marty1885 should we add a option to enable this feature? or just create all controllers in beginning?

an-tao avatar Jun 08 '21 06:06 an-tao

For others, translation: Could we have very controller spawn upon app.run()instead upon first request.

Are there down sides of eagerly creating controllers instead of lazily? If you can, add a test to make sure controllers won't get added automatically if auto registering is disabled.

marty1885 avatar Jun 08 '21 06:06 marty1885

I’m for creating all controllers in the beginning, and adding a lazy controllers option to get back the previous behavior if desired.

rbugajewski avatar Jun 08 '21 08:06 rbugajewski

Are there down sides of eagerly creating controllers instead of lazily?

  1. Startup times are longer
  2. Memory footprint is slightly larger

I can’t think of any other downsides, and I think these are perfectly fine compromises for server-side applications.

rbugajewski avatar Jun 08 '21 08:06 rbugajewski

Should hiredis be replaced with redis-plus-plus?

omar-mohamed-khallaf avatar Apr 27 '22 13:04 omar-mohamed-khallaf

@an-tao , Drogon v2 will add asio's support only the boost libraries version or also support the standalone version?

kassane avatar Jun 06 '23 12:06 kassane

@an-tao , Drogon v2 will add asio's support only the boost libraries version or also support the standalone version?

It uses the standalone version as the networking library.

an-tao avatar Jun 06 '23 14:06 an-tao

I think it should escape HTML from parameters (#1793).

papel avatar Feb 22 '24 04:02 papel

2.0 名字也建议换成 2024 官方的 Loong drogon 之前的翻译有问题 类似于会飞的蜥蜴

AmdRyZen avatar Mar 22 '24 13:03 AmdRyZen

2.0 名字也建议换成 2024 官方的 Loong drogon 之前的翻译有问题 类似于会飞的蜥蜴

谢谢你的建议,不过Drogon是角色名字不是物种名字(dragon),请参考readme的说明。

an-tao avatar Mar 23 '24 06:03 an-tao