Overall, the reaction in discussions over beer, feedback/ratings, and tweets has been pretty positive. Even for those who seem to strongly disagree with my thoughts on this topic, I’m pleased that people are talking about it, which means they’re thinking about it, which means I accomplished my real goal: get people to start asking the right questions.

One of the most fascinating things to me was that immediately after I gave my talk, Doug Crockford’s talk on server-side JavaScript in some respects presented a very different view on things than my approach. So, back-to-back, two talks focused heavily on server-side JavaScript, and yet had a very different take on a key issue: synchronous vs. asynchronous.

After a few twitter conversations on the distinct differences between those two messages, I felt like it would be a good idea for me to write up a quick post to clearly state what I think about the sync/async debate, as I’m not sure it’s been well understood thus far.

Crockford is right

That’s correct, you did just read that. I think Doug is absolutely correct in his assertion that non-blocking I/O and asynchronous evented architecture are by far superior to synchronous, blocking I/O. There’s no question that JavaScript shines as an asynchronous language (despite the pains of us figuring out the right way to approach patterns like Promises), and so it’s a completely natural and right direction for Node.js to be taking server-side JavaScript into the asynchronous paradigm.

If I wasn’t clear enough, let me say it this way: async is better than sync.

Synchronous Middle-End?

So wait, if I agree that the async Node.js approach is the best way, why do all my talks deal with synchronous JavaScript on the server via BikechainJS?

What you really need to understand is that just because you run code synchronously doesn’t mean that such code will only run in a synchronous environment. If you write the code correctly, which I’m trying to do, then synchronous vs. asynchronous execution concerns become rather moot. More on that later below.

Again, let me be clear: BikechainJS is not intended to replace or compete with Node.js.

BikechainJS and my synchronous per-request POC code/demos for the middle-end are merely side shows to the main attraction: the importance of middle-end architecture in the web stack.

Hear me on this: you should be architecting the middle-end into your web applications regardless of whether you use JavaScript on the server or not, and regardless of if you want/need to do things synchronously or asynchronously.

The back story

So now, let me explain why I still am showing middle-end code demos using synchronous approaches.

Considering the variety of web application stacks I’ve worked in over the last several years, these architectures have ranged from Java to Grails to .NET to Python to PHP. The code bases have spanned from decent to horrible. Web performance optimization is always a tuning after-thought rather than a key business-driver feature. And the applications have all been built from the back-end up rather than the front-end down.

In all cases (and indeed for most of my 10 year web dev career thus far), some things have been true across the board:

1. I’m a front-end/JavaScript person, and I prefer not to have to dig deep into the bowels of back-end platforms to accomplish my front-end tasks.
2. Universally, when I attempt to re-factor the front-end for web performance optimization, I run into the hassles of not having adequate control over the middle-end pieces (buried deep in the platform/framework guts), and moreover, I often have to deal unnecessarily directly with how the back-end works just to make changes to the front-end.
3. And most importantly, they have all been 100% in the synchronous, per-request paradigm of the web stack. They all used synchronous, single-threaded (process-oriented) web servers like Apache or IIS.

That reality may not be your reality where you work. And if not, great. But having had a dozen jobs so far and seeing the same patterns repeated consistently, I’m willing to believe it’s more the norm than the exception that synchronous per-request is the overwhelmingly common paradigm, and that no matter how hard platforms/frameworks try to keep front-end and back-end separate, they all fail to do so well, when the rubber meets the road.

So, mentally walk in my shoes for a moment, in the types of jobs and environments I’ve been in for the majority of my career. The web application code bases are well established, and for the most part working ok. The boss(es), and 3-8 other devs on the team, are all pretty familiar with that paradigm. The IT support staff are all very familiar with the quirks and behaviors of that stack, and are in some cases quite experience/certified in how to manage it and ensure production up-time.

More than anything, stability and status-quo rule the pack.

The plot thickens

For my last several jobs over the last 2+ years (aka, long before Node.js came around), I’ve been trying to find a pragmatic way to introduce server-side JavaScript into the architectures of the web application stacks at my jobs. My goal has been to find a realistic way to address the middle-end failings of all these different web application stacks, especially in a repeatable and patterned way, and I feel that server-side JavaScript provides a very compelling answer to many of those questions.

Reality check: It is not particularly easy to introduce asynchronous code into a synchronous environment. It requires some very careful planning and often times some complicated and risky changes to existing architecture. In short: it messes with stability and the status quo.

I’ve tried to pitch how server-side JavaScript can be of benefit, but whenever my boss or team starts to evaluate how to make that happen, major sticking points like that are always the death of the idea. For my jobs, their pragmatic (and defendable) position is that they would not be willing to devote the time to such radical rearchitecture (like replacing Apache with Node.js) and/or re-writes of significant portions (or all) of the code base, just to get JavaScript in the server part of the stack.

The biggest argument for server-side JavaScript at this point is massively scalable performance. But most of the jobs I work at never see enough performance bottlenecks where we could ever eventually prove the speedups in any measureable way.

All in all, I’ve had to face this reality in my jobs: if I want to do server-side JavaScript, I’m going to have to find a way to do it that fits more nicely into existing architecture and doesn’t cause quite so many waves. Otherwise, server-side JavaScript will only ever be something I get to toy around with on fun experiments like chat servers (web sockets) and games, and never see any real production usage.

Swim with the current

Instead of trying to simultaneously fight the battle of changing to asynchronous architecture and to switch to middle-end architecture using server-side JavaScript, I’ve chosen to separate those two battles and focus just on one of them for now.

What do I mean? There’s still an uphill battle to get server-side JavaScript into the stack in my real-world job place, but if it’s ever going to happen, it’s almost certainly going to need to play easily and nicely with the existing synchronous per-request paradigm.

Is it possible to use Node.js in this way? Theoretically, yes. You can run Node.js as a separate server instance, and from your synchronous code (PHP, Java, etc), make a blocking I/O call over to Node.js to ask it do something, and block the process waiting for the response. You can run Node.js like a proxy server in tandem with Apache, etc.

But notice what we’ve done: we’ve taken something whose almost entire value-proposition is performance from asynchronous eventing, and handcuffed it in an awkward and inefficient way to make it fit into our synchronous world.

In that respect, running synchronously against Node.js over an HTTP connection is not really conceptually much different than just running the JavaScript directly in a sub-process. It is however probably going to lose any possible performance benefits when considering the on-server overhead of making such HTTP requests as opposed to direct process execution/communication. Moreover, Node.js is phenomenally powerful and complicated, but restricting it in this way makes it be very much overkill for the simple things we want it to do.

Switch into an easier gear

After pushing about and thinking on these complications for quite awhile, that’s where BikechainJS was born. It’s an incredibly simple, stripped-down, highly-focused, synchronous, single-thread/single-process approach to running server-side JavaScript. It has only the bare minimum necessary to accomplish middle-end tasks, like file I/O, process execution, etc. It has NONE of the bells and whistles that make Node.js so sexy, but it also isn’t hampered by any of them getting in the way of its very specific task: run the middle-end.

BikechainJS is not what you want if you’re planning to write a significant amount (or all) of your server code in JavaScript. BikechainJS cannot do many of the most awesome things that Node.js can do.

But BikechainJS can easily be fired up to execute some simple JavaScript logic for middle-end tasks without creating too much overhead in your existing web stack and code. It has absolutely no dependencies except V8, and it’s just a single executable binary file. It’s footprint is extremely small, and it touches almost nothing that you don’t tell it to, which greatly reduces the risks involved in introducing it into your existing code.

BikechainJS is not designed to replace Node.js, it’s designed to run in all the other places where Node.js is too awkward, risky, or difficult to implement.

Sync vs. Async

It’s very important to note that just because I’m currently executing JavaScript in a synchronous way doesn’t meant the code itself is purely/only synchronous.

Most of the code I’m writing, I’m using Promises as a way to cleanly express logical steps which are reliant on each other, even if one of the steps is not immediate/synchronous. Using Promises, code can easily be written that will either work synchronously or asynchronously with little or no code changes at all.

You see, I obviously don’t want to needlessly tie my code to having to run in a synchronous way. I just want to execute my code synchronously, for now, so that it’s easier to integrate with the rest of the synchronous stack. That’s not so evil, is it?

You can very easily take a lot of this code and drop it into an asynchronous JavaScript environment like Node.js, and without much effort to adjust, it should run just fine. This is important in terms of future-proofing the code to be more useful as paradigms shift. I have the flexibility to run synchronous or asynchronous as the situation dictates. This is a very powerful realization.

Putting it into practice

How I am currently using this approach (and middle-end concepts) for my real-world job is to start to take little tiny pieces of the existing code, such as routing, headers, etc, and little by little, re-write them in JavaScript. In my existing web stack, when I want to hand off the execution context to my JavaScript code, I simply execute the BikechainJS environment and hand it some data and wait for the response.

Since the tasks it’s doing are very small and focused, it takes practically no time/overhead at all to do so (certainly way less than constructing and transmitting an HTTP request, even on-server, to a socket server instance).

Eventually, I hope that all of the middle-end logic in our app will be in BikechainJS driven middle-end JavaScript code. But I have the freedom to make the switch in very small chunks without major refactoring or rearchitecture. I’ve found a more plausible approach that my boss doesn’t get as worried about when I propose.

Bottom-line: I’ve found a way to introduce server-side JavaScript to an environment that otherwise flatly rejected the notion of a major sync-to-async rearchitecture. I believe that some server-side JavaScript is better than none at all.

I secretly hope that this move will be just a “gateway drug”, and that eventually, we can move to a much more powerful and asynchronous approach to our middle-end and back-end, probably using Node.js. Because I’ve written most of my code to be agnostic of such concerns, such a switch down the road shouldn’t be as painful as it otherwise might have been. We’ll already be more than halfway there with server-side JavaScript in the stack, and introducing asynchronous architecture patterns (while challenging) won’t necessarily be impossible to sell to the decision makers.

I regularly follow the chatter on the interwebs, and I’m amazed and thrilled at just how much gravity Node.js has accumulated in terms of developer excitement and actual project input. In fact, in some ways, the Node.js ecosystem of companion projects is even more awesome than Node.js itself! It’s a fantastic example of how the community was desperate for something (we didn’t even know exactly what) and how well we quickly rallied around it when we finally found it. It’s plainly obvious that server-side JavaScript is an idea whose time has come, and Node.js, in many ways, will take us there.

This post is an attempt to put my little niche spin on what Node.js could mean for someone wanting to tackle re-architecting the middle-end of their web application.

What is Node.js?

In the broadest terms, Node.js is an application server platform. It’s actually a server-side JavaScript execution environment (roughly similar to something like Narwhal) wrapped around the V8 JavaScript engine. But it’s a very special type of environment compared to other options in this space. Node.js is completely asynchronous. This means that everything you do in Node.js, you do in terms of asynchronous-friendly API’s, like network calls, file i/o, etc.

But even more important is that Node.js is specially designed to operate as an independent and fully-functional network server. What do I mean by this? Node.js’ flagship capability, and indeed how most people use it, is its ability to “listen” for incoming requests on a particular network port (like port 80 for web traffic) and service those requests like a web server like Apache or IIS might do. In other words, Node.js at its most optimal is a drop-in replacement for your current web server. And it wraps in a fully capable application server (using JavaScript) automatically. Cool, huh?!

Because Node.js is asynchronous, it doesn’t operate under the covers at all like other web servers do. Instead, it operates in an “evented processing loop” where it is simultaneously and asynchronously listening for incoming connections, firing off processing to handle each connection, and then “listening” for those processing contexts to finish to hand the results back to the requesting connection stream. The result is that in many use-cases, Node.js is able to achieve mind-blowing amounts of parallel processing and throughput compared to more standard web servers like Apache.

Bottom line: Node.js’ core competency is to take a server-side JavaScript application server environment and wrap it cleanly around a super-efficient asynchronous network server. In most respects, this is simply the most efficient server-side JavaScript environment you’re likely to ever find, and it allows JavaScript to compete head-to-head with even optimized, compiled binary alternatives.

Is it for me?

Up until now, every thing I’ve spoken about and written regarding middle-end architecture and server-side JavaScript has been conspicuously silent on the topic of Node.js. There is good reason for that, but I only want to touch briefly on it here, by means of comparison. The next post will dive into this much more thoroughly.

The utter awesomeness that is Node.js comes with a price. For most developers who are hacking and tinkering with new ideas all the time, this price is mere “pocket change” and that’s probably the biggest reason why the Node.js community has grown so quickly and so broad. But there is a “silent majority” lurking out there for whom the Node.js price may not be quite so trivial. What is this price? Infrastructure.

Thus far, my focused efforts have been on finding the lowest possible barrier-of-entry into the server-side JavaScript world. By barrier-of-entry, I mean the least amount of footprint/impact on existing infrastructure/architecture and to existing maintenance and support/IT staff. The current fruits of that labor has been the humble BikechainJS server-side JavaScript project.

I shyed away from presenting my middle-end ideas in the context of Node.js because there are many who cannot necessarily proceed under the guise of replacing their top-level web server (along with all its associated dependencies, modules, configurations, etc) with an entirely new (and fundamentally paradigm-shifting) solution like Node.js. No doubt we’d mostly all agree that it would be exciting and probably even more efficient, but the slow-to-change momentum of existing applications, teams, infrastructure, maintenance, reliability, and IT support staff have a noticeably chilling effect on the hyper-excited server-side JavaScript movement.

It was my goal that something like BikechainJS, with its synchronous, per-request paradigm, could squeeze much more nimbly into existing application infrastructure, even at the cost of the wins from Node.js’ performance.

But Node.js is just so damn awesome!

That’s absolutely true. And I’ve come to believe that the awesomeness of Node.js does not have to be mutually exclusive of the middle-end architectural ideas I’m advocating for, nor does it have sit out of reach from so many existing web applications, dev teams, and web shops.

Node.js can (and perhaps should!) be the magic key to unlocking the full potential of your application’s middle-end.

What if we can have our cake and eat it, too? What if we can find a clean way to plug Node.js into the existing infrastructure of our web applications, and at the same time give it the power to revolutionize our middle-end tasks? We’d get exponentially better performance and revolutionary better code architecture. That idea is just so full of win it’s hard to type without going nuts!

Augment, not replace

My biggest mental sticking point all along with Node.js has been the (im)practicality of asking an existing application to just simply swap out its entire web server tier for Node.js. I explored even the idea of running Node.js in a more limited, synchronous, per-request (CGI-like) context, but quickly found that was like trying to teach a bird to swim.

Then it hit me. The best way Node.js revolutionizes the middle-end of your existing/legacy web application is if you build your middle-end Node.js-based and insert it wholly into the stack in between the browser and your existing server.

In this respect, your middle-end Node.js layer becomes a “proxy” (or “web balancer”) server of sorts, sitting in front of your existing web server. All you have to do is bring up a Node.js VM/server instance (even cloud-based!) and direct all your primary traffic to that instance first. Then, you build out your middle-end architecture, doing templating, URL routing, data validation, and all the other tasks, as necessary, in your Node.js server-side JavaScript, and finally, you hook Node.js up to ferrying requests back over to your existing application server.

In this blind-proxy model, you start off with a dumb pass-thru of all your application’s requests, and then one-by-one you can inject some intermediate middle-end logic using the server-side JavaScript. For instance, as I talked about before, you can start doing data-validation of inbound data fields using your Node.js-driven JavaScript. And then you can move on to evolving your templating into a true middle-end task in your JavaScript. And so on.

Win, win, win

The benefits of this approach are hard to explain by mere words. First and foremost, you will see an insane jump in the request/response performance simply by letting Node.js manage your application’s front line web server handling. But equally important, you gain invaluable flexibility to start converting your thick back-end into a well-crafted middle-end/back-end approach. And you don’t have to change very much of your existing infrastructure at all.

This is what I like to call a “middle-win” scenario! Node.js really rocks the middle-end.

As with everything else I’ve presented so far, I have no cleanly packaged “install” you can grab to solve your woes. On the contrary, I believe that pre-packaged frameworks and modules usually lead us to the mess we’re already in — that is, they tend to hide from the developer the very details we so critically need to get our brains wrapped around and our hands in control of.

Re-architecting the middle-end of your site/application will never be as easy or as sexy as just dropping in a new module/framework, because the point is to tailor your middle-end specifically to your own needs, which is opposite of the goal of most turn-key frameworks that “do it for you”.

Whenever I talk about code or about possible ways to address these concerns, that talk is nothing more than presenting reference implementations as starting points for what your system will need. The middle-end is a pattern, not a package.

Steep mountain

I consider myself pretty well-versed in PHP and application coding, from the UI down to the database. But when I started thinking about these ideas for the middle-end, I admit the most daunting task I could come up with is how to apply them to a CMS like WordPress.

What I know from the few times I’ve tried to customize WordPress is this: it’s great and easy if there’s already a plugin available, but otherwise, you’re in for some long head-scratching nights. It’s not that WordPress isn’t flexible — there’s lots of hooks in there and you can do a lot of stuff if you know how — it’s that the knowing how is quite a challenge because of how sophisticated the system is and how many different flexibilities it needs to accommodate for.

So, how might we take our first steps to climb this challenging mountain of a task?

Preparation

First, let’s make sure we are clear on what it is we want to do with WordPress CMS to adapt it to be “CVC-friendly” (that is, properly architected for a well-formed middle-end).

As I’ve mentioned before, a proper middle-end will give you complete and custom control over things like templating, URL routing, data validation, data formatting, etc. Moreover, I’ve posited that the middle-end is this interesting beast in that it straddles the fence between browser and server — many middle-end tasks need to be performed in both places.

And because there are many of these shared tasks between both environments, having to code solutions twice (once in JavaScript for the browser, a second time in your back-end language of choice… PHP in this case) is both time consuming and brittle. For many middle-end tasks, it would sure be nice if we could DRY (don’t repeat yourself) code the tasks once and use them in both places. That’s a big motivation for all my middle-end rattling.

But, does a WordPress blog really need to do all that? In some respects, no it doesn’t. A typical WordPress blog is not necessarily what I’d characterize as a full-blown web application. By far, the most important thing for a WordPress blog is usually the content, not necessarily the intricate user-interactions with that content.

But that doesn’t mean a good middle-end is unimportant to your WordPress blog. In this case, the ability to control certain middle-end tasks for web performance optimization efforts is likely going to be our primary motivating factor.

For instance, let’s say we just want to gain more custom control over how resources (JS, CSS, etc) are packaged together and delivered to the browser. The reason this is so common a frustration in CMS’s like WordPress is the tendency of many individual separate plugins to all add their own script/css dependencies to the document in various strewn-about ways. There is a central system in WordPress that should make this easier, but many plugins don’t use it well. And even the central system itself is not quite good enough for what we really need.

So, rather than focusing so much on creating a server-side JavaScript driven middle-end whose code can run in server and browser alike, we’re going to take a step back and think about how we could architect our WordPress blog so that these tasks we want to do are easy enough to be practical and efficient without knowing all the intricate details of a very complex “hooks” and plugins system. Server-side JavaScript is one option we could choose for that task, but by no means required. Much more importantly will be that we focus on the easiest path to achieve a well-formed and flexible middle-end.

Option 1

Our first option is to get really familiar with how the internals of WordPress work. I know from personal experience that such a task can be both a blessing and a curse, both fruitful and frustrating. As I said before, my strong preference would be to find an existing plugin that does exactly what I want it to do. But with the overwhelming popularity of something like WordPress, that can truly be like finding the needle in the haystack.

Usually, when I decide I want to do something new on my WordPress blog, I go spend several hours searching and researching various plugins. Then I’ll pick one or two to download and try out. I install them, start messing with configuration, and usually find that it’s almost what I want but not quite. Could I settle? Sure. But I’m a coder, that’s not likely to happen!

So then, I may try a couple of other options, only to be similarly frustrated. I may then start trying to google and dig through WordPress documentation, comparing what I see in the code for the plugin to what I read about on the web. And, being a decently confident PHP coder (by no means an expert!), I may start trying to tinker with the code to tweak it to what I want.

And sometimes this will work out. But now I have a problem (that I won’t realize until a month later). I’ve customized a plugin’s code for my own needs, and I’ve now forever damned myself to having to remember those customization patches and re-apply them every single time that plugin notifies me of a new release. A number of my plugins update themselves quite regularly, so this becomes a real pain.

For instance, right now, I have 2 plugins that have notified me of an update, but I’ve resisted doing the update because I don’t want to spend the 10 minutes to go back in and refresh myself on what customizations I did. I know in this case the customizations I did referred specifically to our task of customizing how JS and CSS resources are packaged and loaded. But it’s still time and hassle that I don’t want to spend. And so I miss out on the benefits of the update until I pay that price.

I am not going to sugar coat it: this process sucks. Even if I do figure out how to customize a plugin for my own needs, which in and of itself takes a lot of effort, then I have to keep spending that effort over and over again every time an update comes out.

Bottom line: option 1 is possible, and it’s quite likely that for most middle-end tasks, you could figure out a way to hack around existing plugins to bend WordPress to your will. But unless you’re a WordPress guru (I clearly am not) and have the time and inclination to regularly hack on it, the benefits of doing so are probably not worth it.

Option 2

Out next option would be to go to the other end of the spectrum entirely, and not do anything inside of WordPress. We could, for instance, set up a “proxy” server (of sorts) which all browser-initiated web requests get sent to first, and that “proxy” would then make a sub-request to WordPress to get the desired page/content.

What this approach would allow us to do is basically “post-filter” all the content before it actually goes out to the browser. For example, we could take the HTML of the page response, and parse through it looking for our <script> and <link> tags. When we find them, we could remove them from the HTML stream (just text at this point!), and then append to the HTML document a more optimized set of resource loading commands.

Basically, we could find all script tag references, open the .js files they refer to, concat them all together into a single .js file which we cache ourselves in our proxy’s control, and then add a single <script> tag back to the HTML document referencing that new concatenated file. A similar process could be done for all our CSS resources.

You may even want to get more elaborate (as I would advocate) and instead of compiling like resources into a single file, compile them into 2 or 3 files, and use dynamic loading techniques in the browser to load them in parallel, even further speeding up the page-load optimization. One such dynamic loader you could use would be LABjs, the performance script loader that I built.

But let’s not kid ourselves: this is a drastic approach. Setting up an entirely separate web server (or web server instance/VM) just so we can post-process some HTML markup!? I’m not saying this wouldn’t work for some people, but I am thinking that it’s probably something that has its own set of daunting challenges and extra “costs” (especially maintenance) involved.

Not only is it drastic, it’s also more brittle. No matter how good your coding skills are, parsing through arbitrarily generated and complex HTML markup and modifying it on the fly is going to be difficult to do, at best. And it’s quite easy for it to break if your HTML generation routines (your blog) change how they do things in a way your “proxy” was not expecting.

Bottom line: option 2 is also possible, but probably not exactly what we want or need.

Option 3

For our last option, let’s dial things back just a little bit and be a little more realistic. Let’s not try to fight against WordPress, but to work with it. What I mean is this: WordPress is very capable at doing what it does, and if someone has already built a plugin that suits your needs, by all means use it. But the other thing that WordPress does (and I think decently well) is let us completely control the ultimate output of our blog engine using the Themes (templating) system.

So maybe we could try this: let WordPress do what it does best, as a good solid CMS. But run it as essentially a “headless” black box application and practically ignore any presentational stuff that it wants to do. We can ask WordPress for content/data, but we can let the middle-end layer do what it is best suited for, which is handling these various middle-end tasks.

What I’m about to suggest may seem radical… but read the sentence a few times and let it sink in. Make a theme for your WordPress blog which does nothing of generating HTML markup, and only formats necessary data/content into JSON.

That’s right! Reduce the templating/themeing system of WordPress to nothing more than a JSON serializer for the relevant content and data to construct your page. What data? How about an array of all the scripts and css files. How about meta data like the page title, etc. How about the raw content for the blog post the page displays.

What would we do with that data and content in JSON form? We could have a separate middle-end layer that took the JSON and did something useful with it. That middle-end layer could be server-side JavaScript. But it also could just as easily be more PHP (outside of and strictly separate from your WordPress blog engine). Or it could be some other language you are more comfortable with.

But whatever language your middle-end is written in, you would do some very basic things:

1. Take the list of .js and .css resources in the JSON array properties, and perform the above suggested logic like concatenation, caching, etc.
2. Take any meta-data and properly “format” it for HTML use, such as converting special characters to HTML entities, etc. Or, perform “internationalization” formatting on your data/content.
3. Perform any other middle-end suitable tasks on the data and content as necessary.
4. Lastly, pass that data/content into your templating engine of choice, and then send the output directly to the browser.

You see, we don’t have to change much about how WordPress does its magic to start having more proper control over the middle-end. And we don’t even have to venture into server-side JavaScript to do it. All we have to do is trick WordPress into giving us data and content in a friendly way that allows us to do what we want with it.

And the Theme/template system makes that really easy. Nothing about the state or complexity logic that WordPress is doing can’t be somehow down-formatted into data/content in JSON form, and so we’d practically lose nothing of the functionality of WordPress, but gain lots of control in the areas we need it most.

Conclusion

CMS’s are a fact of life on the web. They sit somewhere between a full web application and a basic content web site. As such, there are reasons why we can benefit from a more well-formed and properly architected middle-end. But it doesn’t have to take wholesale hackery on our blog engine to do so. There are ways to work with it to massage the content/data in such a way that we can layer in a middle-end without too much of a radical change to the architecture.

But upon further discussion and reflection, I realize that it’s tempting to read the ideas I have presented and assume that I’m suggesting a more comprehensive and wide-spread re-architecture effort than I really am. The last thing I would want to do is leave you with the impression that this is an intimidating and complex task to undertake. The tasks I’m advocating for are quite the opposite: they are small, independent, modular, and intended to be rolled into your application in manageable, evolutionary chunks.

So this is just a short follow-up to that post to explain how I feel most web applications could begin the task of redefining their “middle-end” in a more well-formed way, with minimal impact to existing architecture.

The task of re-architecting your middle-end begins with a couple of very simple, incremental steps, not a wide-spread rewrite as it may seem.

Color by numbers

Let’s take data validation for example. First let me define what I mean by data validation: the set of stateless rules which are applied to one or more pieces of data to ensure that the input into the application is safe, reliable, and appropriate.

The most common scenario this is seen in would be form validation. Consider a contact form that requests a visitor’s first and last name, email address, favorite color, and any additional comments. The first and last name fields are text input, and are required. They must both be between 5 and 25 characters. The email field is also text input, must be 8 to 100 characters, and must additionally “look” like a valid email (passing some arbitrarily complex regular expression matcher). The color field is a drop-down, which by virtue of the UI paradigm is constrained to a pre-defined set of options. The additional comments are optional, but if present must not contain any HTML.

Stateless Data Validation

Data validation in this context would entail all of these aforementioned rules. It could also entail data integrity checks, like for instance asking something (totally contrived for this discussion) like “if the first name is John, the last name cannot be Brown”.

However, something like enforcing that the email address was “unique” in our database (meaning we’ve never heard from this person before), or that the email was not already on a blocked “black list” as a spammer — those tasks would not be stateless data validation checks, but would instead require stateful back-end business logic. That would not be something we’d want to do wholly in the UI layer (maybe via a round-trip Ajax request, etc).

The point is that stateless data validation/integrity checks are agnostic of the environment or the state of the application. The check is blindly applied to a piece of data, and the result is binary true or false — either it passed or it didn’t. This means that such code can be written to act upon a data structure (like JSON) and be completely ignorant of where the data came from. This is very important.

Because we know that data validation is important to User Experience, we often write those rules in JavaScript, and run them in the browser while the user is interacting with the UI/form. But because as good Computer Scientists we know that no UI can be trusted, we also know that the same rules need to run on the server on any inbound data.

This is where trouble usually starts happening. We re-write all our validation rules a second time, this time in another language like PHP or Java. We’ve made a second copy of that code/logic, and we’ve forever cursed ourselves with more complicated code maintenance.

Another way?

What if, however, we could write the stateless data validation rules in JavaScript, to operate on a JSON data structure with one or all fields present/populated, and we could run the exact same code in both the browser and on the server? That would achieve an unprecedented level of DRY (don’t repeat yourself) coding in this context!

Is there any reason why our application, regardless of what language/platform it is, couldn’t entrust the tasks of stateless data validation to a server-side JavaScript module? I’d say, plainly, no!.

If the data validation logic ran on the server, in a trusted environment, what difference would it make if it was JavaScript or PHP doing the checking? The difference (for the better) is that this code logic would be write-once-and-reuse, and that’s a huge improvement in maintenance.

In the browser, you would have controller logic that would take one or more data fields from the <form> and stuff them into a data structure (JavaScript object and properties). Then, you would pass that data into a set of JavaScript code logic that ran the rules against the appropriate properties, and spit out true/false answers.

On the server, you would take inbound data, either already formatted as JSON (preferably) or in key-value pairs that you could easily serialize to JSON, and then pass that inbound data directly into the same code.

This still seems complex

All you really need to accomplish this is to be able to execute some very basic JavaScript on your existing application server. There are a number of options available, ranging in complexity and scope from Node.js to Narwhal, etc. Another, much more stripped down option is my environment, BikechainJS. BikechainJS is a single executable file environment wrapped around the V8 JavaScript engine. It’s designed to be run in “CGI mode” — in other words, per-request, on-demand — in existing web application frameworks.

So, using something very simple like BikechainJS, you could easily set up your existing web application to run a BikechainJS execution to do the data validation tasks I just mentioned. You’d simply take a single data input endpoint in your existing application (like the action that responds to your contact form submit), and instead of running your own PHP or Java rules on the incoming data, simply package and hand the data off to your server-side JavaScript validation routine.

If you get a “true” back, the data validation passed, and your application can continue as necessary. If “false” (or some other specific error messaging, if you prefer), then immediately respond back to the request with the error and don’t let the application continue.

I’d recommend to start off with you pick one application server touch-point, and even just one field in that inbound data, and ferry only that off to your server-side JavaScript validation. Do you see how much simpler and easier that stripped down approach is compared to a wide-spread complete re-architecture?

As you get comfortable with this approach, and you feel ready, you can extend your data validation to encompass more and more of your inbound data, in more and more of the application’s server touch-points, until you have all your data validation tasks written in DRY and maintainable JavaScript.

The rabbit hole

Data validation is only one of the dozen or so tasks that the “middle-end” entails. Your next step might be to start tackling DRY approaches to templating. Again, you should go little-by-little into that world.

Regardless of how you proceed, I hope it’s clear now that I advocate a pattern rather than particular implementation details, and that I advocate little baby steps along the path, rather than complex and comprehensive re-writes. That I believe is the right path to beginning your middle-end.

But for the rest of you, I felt it was time that I distill the topic down into a very short and simple explanation, defining the topic as I see it. This post then will be the foundation for several more to come where I describe practical implementation details for the “middle-end” in web applications.

Appetizer

Let’s jump right in. What sits between the front-end of a web application and the back-end of an application? The “middle-end”, naturally! What’s responsible for packaging up all pieces of the UI and delivering them efficiently to the client, and then facilitating two-way communication between server and client? The “middle-end” UI Architecture. Sure, “middle-end” is sort of a contrived term to describe a concept that’s been around a lot longer than the term itself. But “middleware” is a bit more common, and describes attempts to address “middle-end” needs, so that shouldn’t be too foreign to you.

“I don’t think I have a middle-end in my web application.” Oh yes, you do. Trust me, you do. Every single web-application on the planet has a middle-end, whether it is well-defined and visible, or muddled and hidden. The question is not “Do I have a middle-end?” — the question is “where is my middle-end, and do I control it?”

To better answer that question, let’s get very specific about what parts of the application and stack are part of the middle-end. First, how do I qualify some task as either part of, or not part of, the “middle-end”?

1. if the task can (and is commonly) done, or at least is useful in, both the front-end and the back-end of an application
   • Templating (static and dynamic)
   • Data Validation (form field rules, etc)
   • Data Formatting (internationalization, encoding/entities, escaping, etc)
2. if the task is directly related to supporting or facilitating the front-end, or adapting the front-end and back-end
   • URL Routing (deciding which controllers handle which actions, etc)
   • Header management (request & response)
   • Cookies, Sessions
   • Ajax data transport (receiving, transmitting)
   • Caching (server-side)
   • Packaging (file concatenation, minification, etc)

I could go into every one of these in detail, but that would take far too long for one post. However, if a task is a candidate (and often duplicated in) both the front-end and the back-end, it should be an obvious fit to label that task a middle-end task. In fact, it’s even better if the exact same middle-end code for a certain task can be reused in both front-end and back-end contexts (more on that in a later post).

Similarly, if a task is specifically dedicated to helping transition between front-end and back-end (and vice versa) or to service the nitty-gritty details of supporting the front-end, it also makes sense to call this “middle-end”.

Just Fluff

It’s tempting to think that since all web applications have most or all of these tasks built into the guts of the framework in one form or another, calling them out and giving them a specific name and definition is kind of unnecessary and just “trying to hard.”

To that, I respond: only by calling these tasks out and defining them and talking about how they are implemented can we ever truly hope to control them enough to optimize or scale or improve. Just because they’ve always been done in the underbelly of our application stack without us ever thinking about them doesn’t make that the right or most successful approach. Maybe it’s time to re-think them a little bit?

If you’re simply content with letting your one platform-of-choice make all these decisions for you, and handle all these tasks without you knowing or caring, then fine. Enjoy your blissful existence. Move along, nothing more to see here.

More Meat

The dirty secret of web performance optimization is this: while almost all of web performance optimization focuses on making the front-end more efficient and user-experience-friendly, most of the tasks you need to perform to optimize the front-end actually require some (or a lot!) of control over the “middle-end”.

For example, if you want to optimize the page-load performance of a page by addressing resource loading, you may right away think: “well, I just need something to combine my files together to reduce HTTP requests.” And if you happen to work in an environment where build-processes are already the norm, adding in such a task is probably not overly tedious.

But what if you’re in some custom-built CMS on top of PHP? What if resource references (images, scripts, CSS) are strewn about your front-end templates/code haphazardly? What then will you do? Probably your only choice at this point is manual labor to go through and change everything. And what you’ll probably be doing is inserting some sort of solution for this task into your application.

YES! That’s textbook middle-end work. To the extent that you, the front-end guy, have control over such code, this won’t be that bad. But to the extent you have to coordinate your efforts with a team of back-end developers who “own” the PHP and who don’t care as much about front-end optimization, you’re in for a less-than-fun ride.

Spaghetti for dinner?

Performance optimization isn’t the only motivating factor for going toward a more well-defined middle-end. Another dirty little secret, this time about popular architecture patterns like MVC, is this: by far the most common implementations of such ideas are (at best) flawed in that they leak coding implementation details between the M, the V, and the C.

For example, this V-view code:

<ol class="action_menu">
   <?php if ($User->IsLoggedIn() && $User->CanPublish()
                 && $User->Articles->count() < $App->max_articles) { ?>
      <li><a href="/publish">Publish New Article</a></li>
   <?php } ?>
   ...
</ol>

Even though we have what appears to be a decently well architected object-oriented M-model at our disposal, it’s scarily common, easy, and tempting to use the M-model inside our V-view in such a way that constitutes “business logic” (the stuff that’s supposed to only exist in our C-controller).

I won’t harp on this topic too much, as I’m sure there are a million different opinions out there as to whether this is good, bad, or irrelevant. There’s also probably a million other variations in other platforms where people think they’ve more or less addressed these issues. Let me just say this: If you have function/method calls, and combinatorial/boolean logic, in your V-view… you’re probably doing it wrong.

Where’s Dessert?

But how would a more well-defined “middle-end” help with this? The answer is quite complex and I don’t have space or the inclination to address it completely in this post. But the short answer is that I propose an alternate architectural pattern to MVC that I call CVC (Client-View-Controller) which is more UI-centric (whereas MVC was clearly conceived by a back-end architect!).

CVC has lots of important details to it, but the main one I want to call attention to here is this: proper implementation insists that there be a strict and unwavering separation between application code (controllers or models) and presentation (view templates). This separation is achieved primarily by stripping down the M-model to something more like bare D-data before it is sent into the V-view.

With CVC, you can still maintain whatever kind of platform or environment you currently have, for your back-end application. The only required change is that you take out all code that is related to presentation in any form, and leave that to the strictly separate and well-defined “middle-end”. All your application back-end needs to do is serialize data to hand off to the middle-end. So, it becomes a headless, API-driven, “black box”.

And your middle-end code is now free to take data and format it for presentation in V-view templating completely agnostic of how the data was constructed by the business logic of the back-end.

The biggest gain, in terms of developer processes, from this middle-end rethinking will be more maintainable and robust code. Front-end developers will not have to worry about changing all their templates when the back-end developers make a change to the signature of the M-model. Back-end developers will not have to make exceptions in their code for when front-end developers want to, for various reasons, transfer data to/from the client as an array instead of a keyed hash.

Take-out food

If you don’t get anything else from this post, get this: the front-end and the back-end naturally and automatically shape up more orderly when you insert a well-defined “middle-end” in between. Will it take some re-thinking and a little bit of refactoring? Yes. Do you have to ditch everything you know about your application infrastructure and start over from scratch? Absolutely not.

Bottom line: your application already has a “middle-end”. You probably just don’t know it’s there or never think about it. Isn’t it about time you do?