But silver-bullet or the second-coming of the web? I’m not so sure Node.js can quite claim that status. Here, we’ll investigate the counter-point to Node.js, especially as it relates to practical usage in the middle-end. Raining on the parade may not be fun, but if we’re gonna gulp down the delicious Node.js grape kool-aid, we’re also gonna have to stomach a healthy amount of that ick-tasting Node.js cough syrup (that’s right, I just mixed 3 metaphors in one sentence!). We owe this topic some intellectual honesty and debate.

Brad Pitt in “Interview with a devil”

I want to (re)introduce you to a good friend of mine. He’s exceedingly well known, and I’m sure you’ve met him many times before. He’s not a popular guy by any means — probably more infamous than famous — but he can be very assistive in times when the hype of something new clouds our judgement of the things we already knew well.

Me: Devil’s Advocate (“DA”), welcome to the show. I’m glad you could join us for this discussion today.

DA: Thank you for inviting me over for some tea and a lively discussion. You know how much I enjoy calmly reminding people of reality, and in the process spoiling a lot of their fun.

Me: DA, are you saying you like being the least popular guy at the party? A lot of people think you are a Contrarian… that you just like to disagree for the sake of disagreement, and that you don’t really help the discourse very much. What do you think of that characterization?

DA: Well, that’s true that most people probably think of me that way. But that’s ok, I am secure in my manhood and it doesn’t bother me that much. I’m used to intellectual rejection. I mean, look at how hard I’ve been working to try and wake people up to Apple’s antics with the iPhone 4 antenna, and yet the masses still cling to Jobs’ every word like he’s a prophet or…

Me: Ok, DA. Let’s not get off on that tangent here. That is a fun topic, but we’ve got more important things to deal with today.

DA: Sorry, sometimes I just get carried away. But I do think my methods are helpful in encouraging people to question certain assumptions and make sure that all sides of a topic have been examined thoroughly.

Hello World

Me: That’s good. Let’s jump right in. I know you read my previous post where I gushed over how awesome Node.js is and where I explored how it might fit with the middle-end concepts I’m advocating for.

DA: Of course. I wrote that little editorial sidebar as a preview of our discussion today.

Me: Right. So, tell the readers, what do you think of Node.js?

DA: It’s awesome. Really it is. But it’s awesome for a specific set of tasks and for a specific kind of scenario. We have to be careful to remember that even though it’s very exciting for developers to jump on board and start experimenting with a new implementation like Node.js, that doesn’t mean in any way that it’s going to work for everyone.

Me: Obviously not, no one technology is ever right for everyone. I don’t think anyone is suggesting that. Seems like you’re just chewing on the soggy cheerios.

DA: No, it’s more than that. I’m actually trying to help people realize exactly what Node.js is and is not, so that we can have productive discussions not only about Node.js and its uses, but also about other alternatives for the rest of the crowd.

Me: Don’t you think it’s just too early to be judging what Node.js can and cannot do? I mean, isn’t it possible that it’ll grow to be useful in more parts of the stack as time goes on?

DA: It’s entirely possible and likely that Node.js will continue to grow in popularity, and more and more waves of developers will find innovative uses for it. But I don’t necessarily think that means it will ever win over the minds of conservative, established and slow-to-change development teams — and especially their bosses and IT support staff.

Me: Why not?

DA: It’s purely pragmatism, I feel. I’m considering the majority of the web application universe to be of the sort that is not naturally bleeding-edge (even if the bleeding edge is awesome) and often follows well behind the curve, and sometimes never follows at all. I’m thinking of the millions of PHP shops, and the Java shops, and lord knows the .NET shops… all of them out there, chugging along in their own little world. That world is not likely to be “rocked” (as you called it) by Node.js or even server-side JavaScript.

The payoff for them re-writing most or all of their current code base (whatever language it is) into server-side JavaScript would have to be epic and enormous, almost beyond adequate description in words, to convince them it’s worth all the time, money, and risk such a venture would entail.

Change you can believe in?

Me: OK, fair enough, a lot of them might be resistant to change. But aren’t all new technologies up against that same battle at first? The ones that eventually prevail do so despite the nay-sayers (like you) from the early days.

DA: On the surface, you’re correct. But again, I’m talking about something much deeper and more fundamental than just: will the masses ever accept server-side JavaScript?

In fact, I think that’s really your biggest question to answer as you try and convince people to embrace the middle-end with server-side JavaScript as the driving technology. Yes, the middle-end as a concept doesn’t require JavaScript, but the biggest payoffs in the middle-end come if people will accept server-side JavaScript into the stack. You’ve got a big uphill battle even trying to convince people that a little tiny piece of the stack can be done adequately with server-side JavaScript.

Me: Thank you for reminding me just how challenging this is.

DA: My bigger point is, Node.js at its fullest is much broader than I think most people realize. I think it represents a paradigm shift, not just the introduction of an existing technology into a new environment.

I think I’d liken this concept to trying to convince a company that makes desktop video-editing software that the new age will be their software web/cloud-based and mobile. Noone would argue that the mobile and cloud movements are huge and clearly represent the future. But the desktop application company is probably still likely to adhere to their core competency and continue to serve and rely on the paradigm of desktop application and hardware.

And they may rightly argue that the payoff for being able to take even part of their awesome video-editing functionality and stick it on a tiny screen device with 1/100th the CPU power probably doesn’t justify the efforts to try and get on the bandwagon with “everyone else”.

Me: A paradigm shift? Can you elaborate?

DA: Here’s what I mean: Node.js is not just an execution environment for server-side JavaScript. In theory, you could just run JavaScript on the server in an on-demand way, as needed. And I bet Node.js would be pretty decent at that task.

But by even thinking about Node.js in that light, you’ve drastically missed the point of what it’s trying to do. Node.js is trying to leverage the asynchronous power of JavaScript at a deeper level than on-demand application logic. Node.js is trying to become the network server itself, so that the server-side JavaScript you write for your application can be interpreted in a much more natural and almost native way.

Let’s look at this in light of some more established existing functionality. Consider a PHP web application. Now consider there’s some additional “module” for some task, like for instance doing OpenSSL encryption/decryption. There’s multiple ways your PHP code could accomplish this task. We know there’s command-line utilities (written in C and compiled to binaries) for managing OpenSSL. So, from our PHP, we can call out to those binaries by executing them as sub-processes.

But this isn’t necessarily the most efficient way to do things. It certainly can make code look less graceful and more complicated to maintain (more moving parts). Instead, we’d like it if someone could write a PHP “extension” that brings the capabilities of the OpenSSL engine natively into our PHP code. Coding against a PHP API for OpenSSL feels more natural than executing a binary sub-process, and it’s also likely to be a lot more performant.

Me: That sounds about right.

I can’t speak for the designers of Node.js, but I’d venture that among their various motivations, they wanted to do something similar (but in a much broader sense) for server-side JavaScript in the web stack. They wanted to make coding your entire application in JavaScript on the server as natural and native and built-in feeling as doing any other task in the web server, including listening for requests on port 80, doing file I/O, etc.

You see, the different paradigm that Node.js is bringing to the table is the idea that the web server and the application become almost synonymous. I think more than anything, that is the truly compelling story for Node.js. I’m not saying that Node.js is the first to do this, but I do think that Node.js is the most radical approach in this area that we’ve seen thus far.

Vive la Révolution!

Me: Ok, so that does sound pretty revolutionary. But I missed the part about how this doesn’t fit well with the middle-end.

DA: Well, you certainly are the primary advocate for the middle-end, so I won’t try to speak for you. But, I think you and I have some parallel thoughts in mind at this point, even if you don’t realize it. You have a vested interest (by virtue of your efforts to call attention to the middle-end) in convincing the “world” to adopt middle-end architecture as an intentional and carefully planned layer. The more applications/teams that do so, the more you will “prove” that middle-end architecture needs to be its own discipline and not just an after-thought of existing platforms/frameworks.

I’m trying to suggest that Node.js represents a fundamental shift in how people will think about web servers and applications, not as separate functional units but as conjoined parts of the same whole. A web application no longer has to be thought of as a set of business logic code and pretty HTML that relies on a web server to send it to users. A web application is fully self-contained and capable of doing everything it needs from within itself. And it uses a consistent language (JavaScript) to do everything throughout.

This idea is so radical that I think most web applications and platforms and companies will have a hard time swallowing it, at least any time in the relevant future. Thus, I submit that a “middle-end” that relies on Node.js will be less palatable to the masses than a “middle-end” that is more agnostic and flexible.

Me: Right, I’ve tried to make the point that the middle-end as an architectural pattern doesn’t have to have JavaScript on the server involved. Really, the primary reason for why server-side JavaScript offers an interesting answer to the middle-end is the idea that we can write code once and re-use it in both server and browser. No other language/technology can ubiquitously offer that.

DA: Exactly. You see, Node.js represents a particular narrowed down implementation of the broader middle-end concept into one specific form. That form happens to be increasingly exciting to the bleeding edge of the web development community, but I foresee problems in truly convincing the establishment that both Node.js and the middle-end together will be right for them.

Take the Chrome browser for example. It’s got a huge percentage of market-share among open web developers. Along with Firefox, Chrome is quite obviously becoming a web developer’s browser of choice. But when taken in the overall context of the web, Chrome’s percentage is still pretty low. There’s an established momentum around browsers like IE and Safari, and Chrome is not likely to completely overtake them any time in the foreseeable future.

Node.js is an amazing piece of technology. But it’s almost too amazing for the middle-end. It certainly will be more radical to convince existing applications to embrace the fullness of what Node.js is than it would be to suggest, as you have many times, that a more simple, stripped down approach to server-side JavaScript is possible, and in fact warranted.

Army of none

Me: Why isn’t using Node.js in a more limited fashion (like on-demand or per-request as you suggest) a valid usage of Node.js?

DA: I wouldn’t call it invalid. I’d just say that it’s a lot like driving a tank down to the corner store to buy some drinks. Can it get you there? Sure. Will it get the task done? Yes. Is that an effective mode of transportation? Perhaps not.

Some people like to argue that because Node.js has all this amazing capability built into it, it’d be foolish to not use it for your server-side JavaScript tasks because of all the extra stuff you’d miss out on if you ever decided later you needed it. This is kind of like arguing for taking the tank for the trip down to the corner store because you want to be prepared in case an invading army of aliens attacks. “Look, I’m better prepared to fight off the bad guys in my tank than I am on my little scooter.”

Me: Don’t you think that’s just a little bit of an exaggeration?

DA: Well, maybe a little hyperbole there. But my point remains, Node.js is way overkill for the simple middle-end tasks at hand. If someone is trying to shoehorn using Node.js into doing simple per-request on-demand JavaScript execution (the likes of which you’ve argued for in the middle-end), they are really missing the point of Node.js.

To put it another way: they’re using a sledge hammer to drive in a thumbtack.

Me: Isn’t there something to be said for using a project like Node.js for our tasks, because at least it’s pretty well known and has a lot of active developers and a vibrant support community?

DA: No question, it seems like using Node.js would be the obvious choice for this task. And perhaps a developer might be better able to convince their boss to try Node.js at first than some much less known project like your BikechainJS option.

But in the long run, I think that using the right tools for the job always wins out in terms of efficiency and maintainability over using the more popular or hyped solutions and later on finding it’s not a good fit.

Me: If one of those “established” companies was going to broaden their horizons, isn’t it riskier for them to venture off into the wilderness and choose an unknown project/option as compared to sticking closer to home with something more people know better?

DA: It may appear riskier. And definitely perception is hugely important in this game. But in reality, Node.js is actually asking an existing team/platform to put more of their eggs in the server-side JavaScript basket than what you’ve argued for in the stripped-down middle-end approach.

Like I said earlier, Node.js is a fundamental paradigm shift. This means that companies are going to have to retool a big portion of their web stack. They’re going to have to train IT support staff on a whole new set of technologies in the web stack. They throw out their 5, 10, 15 years of experience supporting and performance tuning traditional synchronous web servers like Apache, and now they have to learn it all again with a radically different asynchronous server-side JavaScript web server. I shouldn’t have to point out what a “shock” that would probably be to most organizations.

And the risk doesn’t stop there. Node.js itself is ever-changing. It’s stabilizing more recently, but it’s been incredibly volatile. I’d say right now it’s like walking over a bed of molten volcano lava that only a few hours ago started cooling and hardening into volcanic rock. How much do you trust that an inch of cooled volcanic rock is enough to protect you (and your 800 lb elephant) from the river of lava just below the surface?

Me: Doesn’t CommonJS offer us hope of stability and compatibility?

DA: Absolutely, it promises that. But it may be literally years before there’s consensus in the server-side JavaScript world on how all these API’s should really look and function. In fact, if the browser API’s have taught us anything, we may never fully have agreement.

Now, certainly the browser irregularities didn’t sideline 10’s of millions of companies from leaping into web applications, but most of them didn’t dare venture into the game until there was at least some sort of reasonable “gap fill” like any of the various JavaScript frameworks, which normalize differences across browsers and provide a stable foundation for companies to build upon.

So it may be awhile before CommonJS and/or some set of server-side JavaScript “frameworks” are able to secure a stable footing. If you look at Node.js right now, it represents a significant super-set of the small amount that CommonJS participants have “agreed” on. So, marrying yourself to Node.js right now is risky because it’s like marrying your web application to only FF and hoping that its rampant popularity will be enough to drive everyone else to commonality.

Fatalism: a cruel mistress

Me: So can we really do anything with server-side JavaScript at this point, given the immaturity and instability across the board?

DA: Of course! I’m not at all suggesting Node.js is bad to use because its unstable. I’m suggesting it has its places where it’s a natural fit (like in prototypes, developer experiments, and other flexibile-to-change dev environments), and then it also has places it’s not a good fit (like established teams with slow-to-change environments).

The same would be true of any server-side JavaScript option at this point, in my opinion. Of course there’s the obligatory “use-at-your-own-risk” label on all such things. But the smaller, more independent, and more custom your server-side JavaScript implementations are, the more likely you are to be able to adjust as the “industry” matures and changes.

At this point, if you were to go out and re-write your entire application in Node.js’s flavor of server-side JavaScript, you could be painting yourself in a corner if what evolves over the next few years is not in line with how Node.js is currently doing things.

My point is that the smaller the footprint of your server-side JavaScript at this point, the more insulated you are from these risks. Whereas Node.js represents a pretty big footprint conceptually, using stripped-down, per-request, on-demand JavaScript solutions represents a much smaller footprint both technologically and conceptually. Companies are more easily able to integrate such things little-by-little, and also strip them out if problems arise. A re-architecture to Node.js and server-side JavaScript would both be more comprehensive and also more difficult to undo.

Parting shots

Me: We’re almost out of time… do you have any final thoughts to share or clarify with the audience regarding Node.js and the middle-end?

DA: I think your idea of using Node.js as a go-between “proxy” for middle-end tasks is an interesting one. I think it represents probably the best possible scenario in which Node.js fits in with your “middle-end”.

But I’ll close by saying this: you must realize that Node.js may in fact be ushering in, at least for those (few) who are inclined and capable of taking up the banner, a new era of web applications. This era will be one defined by a blurring of the lines between front-end, middle-end, and back-end code. It will be a new class of web applications that is built end-to-end in JavaScript. In such a world, the middle-end tasks become the all-end tasks. So, more than anything, I think Node.js may mean there’s no need for a middle-end any more.

However, I think the reality is there will only ever be a select enlightened few who ever get to fully explore that new paradigm. For the overwhelming majority “rest of us”, the “middle-end” will still be a valid and important reality for our web applications, and as such, we should embrace this discussion.

Me: Well said. I have nothing more to add, except a thank you to DA for joining us today. I know you’re a busy guy, so I’ll let you get on to other pressing debates.

I regularly follow the chatter on the interwebs, and I’m amazed and thrilled at just how much gravity Node.js has accumulated in terms of developer excitement and actual project input. In fact, in some ways, the Node.js ecosystem of companion projects is even more awesome than Node.js itself! It’s a fantastic example of how the community was desperate for something (we didn’t even know exactly what) and how well we quickly rallied around it when we finally found it. It’s plainly obvious that server-side JavaScript is an idea whose time has come, and Node.js, in many ways, will take us there.

This post is an attempt to put my little niche spin on what Node.js could mean for someone wanting to tackle re-architecting the middle-end of their web application.

What is Node.js?

In the broadest terms, Node.js is an application server platform. It’s actually a server-side JavaScript execution environment (roughly similar to something like Narwhal) wrapped around the V8 JavaScript engine. But it’s a very special type of environment compared to other options in this space. Node.js is completely asynchronous. This means that everything you do in Node.js, you do in terms of asynchronous-friendly API’s, like network calls, file i/o, etc.

But even more important is that Node.js is specially designed to operate as an independent and fully-functional network server. What do I mean by this? Node.js’ flagship capability, and indeed how most people use it, is its ability to “listen” for incoming requests on a particular network port (like port 80 for web traffic) and service those requests like a web server like Apache or IIS might do. In other words, Node.js at its most optimal is a drop-in replacement for your current web server. And it wraps in a fully capable application server (using JavaScript) automatically. Cool, huh?!

Because Node.js is asynchronous, it doesn’t operate under the covers at all like other web servers do. Instead, it operates in an “evented processing loop” where it is simultaneously and asynchronously listening for incoming connections, firing off processing to handle each connection, and then “listening” for those processing contexts to finish to hand the results back to the requesting connection stream. The result is that in many use-cases, Node.js is able to achieve mind-blowing amounts of parallel processing and throughput compared to more standard web servers like Apache.

Bottom line: Node.js’ core competency is to take a server-side JavaScript application server environment and wrap it cleanly around a super-efficient asynchronous network server. In most respects, this is simply the most efficient server-side JavaScript environment you’re likely to ever find, and it allows JavaScript to compete head-to-head with even optimized, compiled binary alternatives.

Is it for me?

Up until now, every thing I’ve spoken about and written regarding middle-end architecture and server-side JavaScript has been conspicuously silent on the topic of Node.js. There is good reason for that, but I only want to touch briefly on it here, by means of comparison. The next post will dive into this much more thoroughly.

The utter awesomeness that is Node.js comes with a price. For most developers who are hacking and tinkering with new ideas all the time, this price is mere “pocket change” and that’s probably the biggest reason why the Node.js community has grown so quickly and so broad. But there is a “silent majority” lurking out there for whom the Node.js price may not be quite so trivial. What is this price? Infrastructure.

Thus far, my focused efforts have been on finding the lowest possible barrier-of-entry into the server-side JavaScript world. By barrier-of-entry, I mean the least amount of footprint/impact on existing infrastructure/architecture and to existing maintenance and support/IT staff. The current fruits of that labor has been the humble BikechainJS server-side JavaScript project.

I shyed away from presenting my middle-end ideas in the context of Node.js because there are many who cannot necessarily proceed under the guise of replacing their top-level web server (along with all its associated dependencies, modules, configurations, etc) with an entirely new (and fundamentally paradigm-shifting) solution like Node.js. No doubt we’d mostly all agree that it would be exciting and probably even more efficient, but the slow-to-change momentum of existing applications, teams, infrastructure, maintenance, reliability, and IT support staff have a noticeably chilling effect on the hyper-excited server-side JavaScript movement.

It was my goal that something like BikechainJS, with its synchronous, per-request paradigm, could squeeze much more nimbly into existing application infrastructure, even at the cost of the wins from Node.js’ performance.

But Node.js is just so damn awesome!

That’s absolutely true. And I’ve come to believe that the awesomeness of Node.js does not have to be mutually exclusive of the middle-end architectural ideas I’m advocating for, nor does it have sit out of reach from so many existing web applications, dev teams, and web shops.

Node.js can (and perhaps should!) be the magic key to unlocking the full potential of your application’s middle-end.

What if we can have our cake and eat it, too? What if we can find a clean way to plug Node.js into the existing infrastructure of our web applications, and at the same time give it the power to revolutionize our middle-end tasks? We’d get exponentially better performance and revolutionary better code architecture. That idea is just so full of win it’s hard to type without going nuts!

Augment, not replace

My biggest mental sticking point all along with Node.js has been the (im)practicality of asking an existing application to just simply swap out its entire web server tier for Node.js. I explored even the idea of running Node.js in a more limited, synchronous, per-request (CGI-like) context, but quickly found that was like trying to teach a bird to swim.

Then it hit me. The best way Node.js revolutionizes the middle-end of your existing/legacy web application is if you build your middle-end Node.js-based and insert it wholly into the stack in between the browser and your existing server.

In this respect, your middle-end Node.js layer becomes a “proxy” (or “web balancer”) server of sorts, sitting in front of your existing web server. All you have to do is bring up a Node.js VM/server instance (even cloud-based!) and direct all your primary traffic to that instance first. Then, you build out your middle-end architecture, doing templating, URL routing, data validation, and all the other tasks, as necessary, in your Node.js server-side JavaScript, and finally, you hook Node.js up to ferrying requests back over to your existing application server.

In this blind-proxy model, you start off with a dumb pass-thru of all your application’s requests, and then one-by-one you can inject some intermediate middle-end logic using the server-side JavaScript. For instance, as I talked about before, you can start doing data-validation of inbound data fields using your Node.js-driven JavaScript. And then you can move on to evolving your templating into a true middle-end task in your JavaScript. And so on.

Win, win, win

The benefits of this approach are hard to explain by mere words. First and foremost, you will see an insane jump in the request/response performance simply by letting Node.js manage your application’s front line web server handling. But equally important, you gain invaluable flexibility to start converting your thick back-end into a well-crafted middle-end/back-end approach. And you don’t have to change very much of your existing infrastructure at all.

This is what I like to call a “middle-win” scenario! Node.js really rocks the middle-end.

As with everything else I’ve presented so far, I have no cleanly packaged “install” you can grab to solve your woes. On the contrary, I believe that pre-packaged frameworks and modules usually lead us to the mess we’re already in — that is, they tend to hide from the developer the very details we so critically need to get our brains wrapped around and our hands in control of.

Re-architecting the middle-end of your site/application will never be as easy or as sexy as just dropping in a new module/framework, because the point is to tailor your middle-end specifically to your own needs, which is opposite of the goal of most turn-key frameworks that “do it for you”.

Whenever I talk about code or about possible ways to address these concerns, that talk is nothing more than presenting reference implementations as starting points for what your system will need. The middle-end is a pattern, not a package.

Steep mountain

I consider myself pretty well-versed in PHP and application coding, from the UI down to the database. But when I started thinking about these ideas for the middle-end, I admit the most daunting task I could come up with is how to apply them to a CMS like WordPress.

What I know from the few times I’ve tried to customize WordPress is this: it’s great and easy if there’s already a plugin available, but otherwise, you’re in for some long head-scratching nights. It’s not that WordPress isn’t flexible — there’s lots of hooks in there and you can do a lot of stuff if you know how — it’s that the knowing how is quite a challenge because of how sophisticated the system is and how many different flexibilities it needs to accommodate for.

So, how might we take our first steps to climb this challenging mountain of a task?

Preparation

First, let’s make sure we are clear on what it is we want to do with WordPress CMS to adapt it to be “CVC-friendly” (that is, properly architected for a well-formed middle-end).

As I’ve mentioned before, a proper middle-end will give you complete and custom control over things like templating, URL routing, data validation, data formatting, etc. Moreover, I’ve posited that the middle-end is this interesting beast in that it straddles the fence between browser and server — many middle-end tasks need to be performed in both places.

And because there are many of these shared tasks between both environments, having to code solutions twice (once in JavaScript for the browser, a second time in your back-end language of choice… PHP in this case) is both time consuming and brittle. For many middle-end tasks, it would sure be nice if we could DRY (don’t repeat yourself) code the tasks once and use them in both places. That’s a big motivation for all my middle-end rattling.

But, does a WordPress blog really need to do all that? In some respects, no it doesn’t. A typical WordPress blog is not necessarily what I’d characterize as a full-blown web application. By far, the most important thing for a WordPress blog is usually the content, not necessarily the intricate user-interactions with that content.

But that doesn’t mean a good middle-end is unimportant to your WordPress blog. In this case, the ability to control certain middle-end tasks for web performance optimization efforts is likely going to be our primary motivating factor.

For instance, let’s say we just want to gain more custom control over how resources (JS, CSS, etc) are packaged together and delivered to the browser. The reason this is so common a frustration in CMS’s like WordPress is the tendency of many individual separate plugins to all add their own script/css dependencies to the document in various strewn-about ways. There is a central system in WordPress that should make this easier, but many plugins don’t use it well. And even the central system itself is not quite good enough for what we really need.

So, rather than focusing so much on creating a server-side JavaScript driven middle-end whose code can run in server and browser alike, we’re going to take a step back and think about how we could architect our WordPress blog so that these tasks we want to do are easy enough to be practical and efficient without knowing all the intricate details of a very complex “hooks” and plugins system. Server-side JavaScript is one option we could choose for that task, but by no means required. Much more importantly will be that we focus on the easiest path to achieve a well-formed and flexible middle-end.

Option 1

Our first option is to get really familiar with how the internals of WordPress work. I know from personal experience that such a task can be both a blessing and a curse, both fruitful and frustrating. As I said before, my strong preference would be to find an existing plugin that does exactly what I want it to do. But with the overwhelming popularity of something like WordPress, that can truly be like finding the needle in the haystack.

Usually, when I decide I want to do something new on my WordPress blog, I go spend several hours searching and researching various plugins. Then I’ll pick one or two to download and try out. I install them, start messing with configuration, and usually find that it’s almost what I want but not quite. Could I settle? Sure. But I’m a coder, that’s not likely to happen!

So then, I may try a couple of other options, only to be similarly frustrated. I may then start trying to google and dig through WordPress documentation, comparing what I see in the code for the plugin to what I read about on the web. And, being a decently confident PHP coder (by no means an expert!), I may start trying to tinker with the code to tweak it to what I want.

And sometimes this will work out. But now I have a problem (that I won’t realize until a month later). I’ve customized a plugin’s code for my own needs, and I’ve now forever damned myself to having to remember those customization patches and re-apply them every single time that plugin notifies me of a new release. A number of my plugins update themselves quite regularly, so this becomes a real pain.

For instance, right now, I have 2 plugins that have notified me of an update, but I’ve resisted doing the update because I don’t want to spend the 10 minutes to go back in and refresh myself on what customizations I did. I know in this case the customizations I did referred specifically to our task of customizing how JS and CSS resources are packaged and loaded. But it’s still time and hassle that I don’t want to spend. And so I miss out on the benefits of the update until I pay that price.

I am not going to sugar coat it: this process sucks. Even if I do figure out how to customize a plugin for my own needs, which in and of itself takes a lot of effort, then I have to keep spending that effort over and over again every time an update comes out.

Bottom line: option 1 is possible, and it’s quite likely that for most middle-end tasks, you could figure out a way to hack around existing plugins to bend WordPress to your will. But unless you’re a WordPress guru (I clearly am not) and have the time and inclination to regularly hack on it, the benefits of doing so are probably not worth it.

Option 2

Out next option would be to go to the other end of the spectrum entirely, and not do anything inside of WordPress. We could, for instance, set up a “proxy” server (of sorts) which all browser-initiated web requests get sent to first, and that “proxy” would then make a sub-request to WordPress to get the desired page/content.

What this approach would allow us to do is basically “post-filter” all the content before it actually goes out to the browser. For example, we could take the HTML of the page response, and parse through it looking for our <script> and <link> tags. When we find them, we could remove them from the HTML stream (just text at this point!), and then append to the HTML document a more optimized set of resource loading commands.

Basically, we could find all script tag references, open the .js files they refer to, concat them all together into a single .js file which we cache ourselves in our proxy’s control, and then add a single <script> tag back to the HTML document referencing that new concatenated file. A similar process could be done for all our CSS resources.

You may even want to get more elaborate (as I would advocate) and instead of compiling like resources into a single file, compile them into 2 or 3 files, and use dynamic loading techniques in the browser to load them in parallel, even further speeding up the page-load optimization. One such dynamic loader you could use would be LABjs, the performance script loader that I built.

But let’s not kid ourselves: this is a drastic approach. Setting up an entirely separate web server (or web server instance/VM) just so we can post-process some HTML markup!? I’m not saying this wouldn’t work for some people, but I am thinking that it’s probably something that has its own set of daunting challenges and extra “costs” (especially maintenance) involved.

Not only is it drastic, it’s also more brittle. No matter how good your coding skills are, parsing through arbitrarily generated and complex HTML markup and modifying it on the fly is going to be difficult to do, at best. And it’s quite easy for it to break if your HTML generation routines (your blog) change how they do things in a way your “proxy” was not expecting.

Bottom line: option 2 is also possible, but probably not exactly what we want or need.

Option 3

For our last option, let’s dial things back just a little bit and be a little more realistic. Let’s not try to fight against WordPress, but to work with it. What I mean is this: WordPress is very capable at doing what it does, and if someone has already built a plugin that suits your needs, by all means use it. But the other thing that WordPress does (and I think decently well) is let us completely control the ultimate output of our blog engine using the Themes (templating) system.

So maybe we could try this: let WordPress do what it does best, as a good solid CMS. But run it as essentially a “headless” black box application and practically ignore any presentational stuff that it wants to do. We can ask WordPress for content/data, but we can let the middle-end layer do what it is best suited for, which is handling these various middle-end tasks.

What I’m about to suggest may seem radical… but read the sentence a few times and let it sink in. Make a theme for your WordPress blog which does nothing of generating HTML markup, and only formats necessary data/content into JSON.

That’s right! Reduce the templating/themeing system of WordPress to nothing more than a JSON serializer for the relevant content and data to construct your page. What data? How about an array of all the scripts and css files. How about meta data like the page title, etc. How about the raw content for the blog post the page displays.

What would we do with that data and content in JSON form? We could have a separate middle-end layer that took the JSON and did something useful with it. That middle-end layer could be server-side JavaScript. But it also could just as easily be more PHP (outside of and strictly separate from your WordPress blog engine). Or it could be some other language you are more comfortable with.

But whatever language your middle-end is written in, you would do some very basic things:

1. Take the list of .js and .css resources in the JSON array properties, and perform the above suggested logic like concatenation, caching, etc.
2. Take any meta-data and properly “format” it for HTML use, such as converting special characters to HTML entities, etc. Or, perform “internationalization” formatting on your data/content.
3. Perform any other middle-end suitable tasks on the data and content as necessary.
4. Lastly, pass that data/content into your templating engine of choice, and then send the output directly to the browser.

You see, we don’t have to change much about how WordPress does its magic to start having more proper control over the middle-end. And we don’t even have to venture into server-side JavaScript to do it. All we have to do is trick WordPress into giving us data and content in a friendly way that allows us to do what we want with it.

And the Theme/template system makes that really easy. Nothing about the state or complexity logic that WordPress is doing can’t be somehow down-formatted into data/content in JSON form, and so we’d practically lose nothing of the functionality of WordPress, but gain lots of control in the areas we need it most.

Conclusion

CMS’s are a fact of life on the web. They sit somewhere between a full web application and a basic content web site. As such, there are reasons why we can benefit from a more well-formed and properly architected middle-end. But it doesn’t have to take wholesale hackery on our blog engine to do so. There are ways to work with it to massage the content/data in such a way that we can layer in a middle-end without too much of a radical change to the architecture.

But upon further discussion and reflection, I realize that it’s tempting to read the ideas I have presented and assume that I’m suggesting a more comprehensive and wide-spread re-architecture effort than I really am. The last thing I would want to do is leave you with the impression that this is an intimidating and complex task to undertake. The tasks I’m advocating for are quite the opposite: they are small, independent, modular, and intended to be rolled into your application in manageable, evolutionary chunks.

So this is just a short follow-up to that post to explain how I feel most web applications could begin the task of redefining their “middle-end” in a more well-formed way, with minimal impact to existing architecture.

The task of re-architecting your middle-end begins with a couple of very simple, incremental steps, not a wide-spread rewrite as it may seem.

Color by numbers

Let’s take data validation for example. First let me define what I mean by data validation: the set of stateless rules which are applied to one or more pieces of data to ensure that the input into the application is safe, reliable, and appropriate.

The most common scenario this is seen in would be form validation. Consider a contact form that requests a visitor’s first and last name, email address, favorite color, and any additional comments. The first and last name fields are text input, and are required. They must both be between 5 and 25 characters. The email field is also text input, must be 8 to 100 characters, and must additionally “look” like a valid email (passing some arbitrarily complex regular expression matcher). The color field is a drop-down, which by virtue of the UI paradigm is constrained to a pre-defined set of options. The additional comments are optional, but if present must not contain any HTML.

Stateless Data Validation

Data validation in this context would entail all of these aforementioned rules. It could also entail data integrity checks, like for instance asking something (totally contrived for this discussion) like “if the first name is John, the last name cannot be Brown”.

However, something like enforcing that the email address was “unique” in our database (meaning we’ve never heard from this person before), or that the email was not already on a blocked “black list” as a spammer — those tasks would not be stateless data validation checks, but would instead require stateful back-end business logic. That would not be something we’d want to do wholly in the UI layer (maybe via a round-trip Ajax request, etc).

The point is that stateless data validation/integrity checks are agnostic of the environment or the state of the application. The check is blindly applied to a piece of data, and the result is binary true or false — either it passed or it didn’t. This means that such code can be written to act upon a data structure (like JSON) and be completely ignorant of where the data came from. This is very important.

Because we know that data validation is important to User Experience, we often write those rules in JavaScript, and run them in the browser while the user is interacting with the UI/form. But because as good Computer Scientists we know that no UI can be trusted, we also know that the same rules need to run on the server on any inbound data.

This is where trouble usually starts happening. We re-write all our validation rules a second time, this time in another language like PHP or Java. We’ve made a second copy of that code/logic, and we’ve forever cursed ourselves with more complicated code maintenance.

Another way?

What if, however, we could write the stateless data validation rules in JavaScript, to operate on a JSON data structure with one or all fields present/populated, and we could run the exact same code in both the browser and on the server? That would achieve an unprecedented level of DRY (don’t repeat yourself) coding in this context!

Is there any reason why our application, regardless of what language/platform it is, couldn’t entrust the tasks of stateless data validation to a server-side JavaScript module? I’d say, plainly, no!.

If the data validation logic ran on the server, in a trusted environment, what difference would it make if it was JavaScript or PHP doing the checking? The difference (for the better) is that this code logic would be write-once-and-reuse, and that’s a huge improvement in maintenance.

In the browser, you would have controller logic that would take one or more data fields from the <form> and stuff them into a data structure (JavaScript object and properties). Then, you would pass that data into a set of JavaScript code logic that ran the rules against the appropriate properties, and spit out true/false answers.

On the server, you would take inbound data, either already formatted as JSON (preferably) or in key-value pairs that you could easily serialize to JSON, and then pass that inbound data directly into the same code.

This still seems complex

All you really need to accomplish this is to be able to execute some very basic JavaScript on your existing application server. There are a number of options available, ranging in complexity and scope from Node.js to Narwhal, etc. Another, much more stripped down option is my environment, BikechainJS. BikechainJS is a single executable file environment wrapped around the V8 JavaScript engine. It’s designed to be run in “CGI mode” — in other words, per-request, on-demand — in existing web application frameworks.

So, using something very simple like BikechainJS, you could easily set up your existing web application to run a BikechainJS execution to do the data validation tasks I just mentioned. You’d simply take a single data input endpoint in your existing application (like the action that responds to your contact form submit), and instead of running your own PHP or Java rules on the incoming data, simply package and hand the data off to your server-side JavaScript validation routine.

If you get a “true” back, the data validation passed, and your application can continue as necessary. If “false” (or some other specific error messaging, if you prefer), then immediately respond back to the request with the error and don’t let the application continue.

I’d recommend to start off with you pick one application server touch-point, and even just one field in that inbound data, and ferry only that off to your server-side JavaScript validation. Do you see how much simpler and easier that stripped down approach is compared to a wide-spread complete re-architecture?

As you get comfortable with this approach, and you feel ready, you can extend your data validation to encompass more and more of your inbound data, in more and more of the application’s server touch-points, until you have all your data validation tasks written in DRY and maintainable JavaScript.

The rabbit hole

Data validation is only one of the dozen or so tasks that the “middle-end” entails. Your next step might be to start tackling DRY approaches to templating. Again, you should go little-by-little into that world.

Regardless of how you proceed, I hope it’s clear now that I advocate a pattern rather than particular implementation details, and that I advocate little baby steps along the path, rather than complex and comprehensive re-writes. That I believe is the right path to beginning your middle-end.

But for the rest of you, I felt it was time that I distill the topic down into a very short and simple explanation, defining the topic as I see it. This post then will be the foundation for several more to come where I describe practical implementation details for the “middle-end” in web applications.

Appetizer

Let’s jump right in. What sits between the front-end of a web application and the back-end of an application? The “middle-end”, naturally! What’s responsible for packaging up all pieces of the UI and delivering them efficiently to the client, and then facilitating two-way communication between server and client? The “middle-end” UI Architecture. Sure, “middle-end” is sort of a contrived term to describe a concept that’s been around a lot longer than the term itself. But “middleware” is a bit more common, and describes attempts to address “middle-end” needs, so that shouldn’t be too foreign to you.

“I don’t think I have a middle-end in my web application.” Oh yes, you do. Trust me, you do. Every single web-application on the planet has a middle-end, whether it is well-defined and visible, or muddled and hidden. The question is not “Do I have a middle-end?” — the question is “where is my middle-end, and do I control it?”

To better answer that question, let’s get very specific about what parts of the application and stack are part of the middle-end. First, how do I qualify some task as either part of, or not part of, the “middle-end”?

1. if the task can (and is commonly) done, or at least is useful in, both the front-end and the back-end of an application
   • Templating (static and dynamic)
   • Data Validation (form field rules, etc)
   • Data Formatting (internationalization, encoding/entities, escaping, etc)
2. if the task is directly related to supporting or facilitating the front-end, or adapting the front-end and back-end
   • URL Routing (deciding which controllers handle which actions, etc)
   • Header management (request & response)
   • Cookies, Sessions
   • Ajax data transport (receiving, transmitting)
   • Caching (server-side)
   • Packaging (file concatenation, minification, etc)

I could go into every one of these in detail, but that would take far too long for one post. However, if a task is a candidate (and often duplicated in) both the front-end and the back-end, it should be an obvious fit to label that task a middle-end task. In fact, it’s even better if the exact same middle-end code for a certain task can be reused in both front-end and back-end contexts (more on that in a later post).

Similarly, if a task is specifically dedicated to helping transition between front-end and back-end (and vice versa) or to service the nitty-gritty details of supporting the front-end, it also makes sense to call this “middle-end”.

Just Fluff

It’s tempting to think that since all web applications have most or all of these tasks built into the guts of the framework in one form or another, calling them out and giving them a specific name and definition is kind of unnecessary and just “trying to hard.”

To that, I respond: only by calling these tasks out and defining them and talking about how they are implemented can we ever truly hope to control them enough to optimize or scale or improve. Just because they’ve always been done in the underbelly of our application stack without us ever thinking about them doesn’t make that the right or most successful approach. Maybe it’s time to re-think them a little bit?

If you’re simply content with letting your one platform-of-choice make all these decisions for you, and handle all these tasks without you knowing or caring, then fine. Enjoy your blissful existence. Move along, nothing more to see here.

More Meat

The dirty secret of web performance optimization is this: while almost all of web performance optimization focuses on making the front-end more efficient and user-experience-friendly, most of the tasks you need to perform to optimize the front-end actually require some (or a lot!) of control over the “middle-end”.

For example, if you want to optimize the page-load performance of a page by addressing resource loading, you may right away think: “well, I just need something to combine my files together to reduce HTTP requests.” And if you happen to work in an environment where build-processes are already the norm, adding in such a task is probably not overly tedious.

But what if you’re in some custom-built CMS on top of PHP? What if resource references (images, scripts, CSS) are strewn about your front-end templates/code haphazardly? What then will you do? Probably your only choice at this point is manual labor to go through and change everything. And what you’ll probably be doing is inserting some sort of solution for this task into your application.

YES! That’s textbook middle-end work. To the extent that you, the front-end guy, have control over such code, this won’t be that bad. But to the extent you have to coordinate your efforts with a team of back-end developers who “own” the PHP and who don’t care as much about front-end optimization, you’re in for a less-than-fun ride.

Spaghetti for dinner?

Performance optimization isn’t the only motivating factor for going toward a more well-defined middle-end. Another dirty little secret, this time about popular architecture patterns like MVC, is this: by far the most common implementations of such ideas are (at best) flawed in that they leak coding implementation details between the M, the V, and the C.

For example, this V-view code:

<ol class="action_menu">
   <?php if ($User->IsLoggedIn() && $User->CanPublish()
                 && $User->Articles->count() < $App->max_articles) { ?>
      <li><a href="/publish">Publish New Article</a></li>
   <?php } ?>
   ...
</ol>

Even though we have what appears to be a decently well architected object-oriented M-model at our disposal, it’s scarily common, easy, and tempting to use the M-model inside our V-view in such a way that constitutes “business logic” (the stuff that’s supposed to only exist in our C-controller).

I won’t harp on this topic too much, as I’m sure there are a million different opinions out there as to whether this is good, bad, or irrelevant. There’s also probably a million other variations in other platforms where people think they’ve more or less addressed these issues. Let me just say this: If you have function/method calls, and combinatorial/boolean logic, in your V-view… you’re probably doing it wrong.

Where’s Dessert?

But how would a more well-defined “middle-end” help with this? The answer is quite complex and I don’t have space or the inclination to address it completely in this post. But the short answer is that I propose an alternate architectural pattern to MVC that I call CVC (Client-View-Controller) which is more UI-centric (whereas MVC was clearly conceived by a back-end architect!).

CVC has lots of important details to it, but the main one I want to call attention to here is this: proper implementation insists that there be a strict and unwavering separation between application code (controllers or models) and presentation (view templates). This separation is achieved primarily by stripping down the M-model to something more like bare D-data before it is sent into the V-view.

With CVC, you can still maintain whatever kind of platform or environment you currently have, for your back-end application. The only required change is that you take out all code that is related to presentation in any form, and leave that to the strictly separate and well-defined “middle-end”. All your application back-end needs to do is serialize data to hand off to the middle-end. So, it becomes a headless, API-driven, “black box”.

And your middle-end code is now free to take data and format it for presentation in V-view templating completely agnostic of how the data was constructed by the business logic of the back-end.

The biggest gain, in terms of developer processes, from this middle-end rethinking will be more maintainable and robust code. Front-end developers will not have to worry about changing all their templates when the back-end developers make a change to the signature of the M-model. Back-end developers will not have to make exceptions in their code for when front-end developers want to, for various reasons, transfer data to/from the client as an array instead of a keyed hash.

Take-out food

If you don’t get anything else from this post, get this: the front-end and the back-end naturally and automatically shape up more orderly when you insert a well-defined “middle-end” in between. Will it take some re-thinking and a little bit of refactoring? Yes. Do you have to ditch everything you know about your application infrastructure and start over from scratch? Absolutely not.

Bottom line: your application already has a “middle-end”. You probably just don’t know it’s there or never think about it. Isn’t it about time you do?