My initial thoughts on AngularJS

Let me try to break this down into a few sections.

Why, specifically, I don’t like JavaScript
I’ve made a conscious effort to stay away from the insanity surrounding JavaScript. Ever since the HTML5/CSS3 boom, people have been doing wildly inappropriate things with JavaScript, and I wanted to try to stay clear.

“Inappropriate?” you ask.

Well, I just mean that JavaScript is a just a bad language. We, as an industry – know better. We have since learned how to make and mature good languages (like C#, F#, etc). JavaScript is weakly-typed, non-OO, and just generally-speaking: a factory for establishing new technical-debt! Put another way, I as a software professional, want to do as little in it as possible because:

  1. It’s weakly-typed – I don’t get any errors in case I did anything wrong. I do stuff wrong all the time. This wastes my time, the compiler should be helping me.
  2. It’s dynamically-typed – I don’t get any errors in case I did mis-typed a binding expression, leaving minutes/hours to debug something that a compiler would be able to figure out.
  3. It’s not Object-Oriented (OO) – I can’t easily leverage reusable code, interfaces, etc – which means how I manage dependencies, is… messy, to say the least.
  4. Unit testing is way, way harder – yes, I know I can write JavaScript unit tests, but setting that up and just troubleshooting the JavaScript unit testing framework is no small feat. This is a significant dis-incentive to unit testing, which developers already don’t like doing.
  5. No useful intellisense – as a .NET developer in the modern era, Intellisense saves me dozens of minutes per day: looking-up, confirming syntax. The editor WANTS to help me write code. Without proper, informed intellisense in the editor I’m stuck with looking up syntax, or double-checking because I may have typoed it – and the run-time won’t tell me I did something wrong. This wastes my time.

Why should I willingly, in the year 2014, start embracing a language which is this much of a step backwards in productivity? Well, the reason is because the industry is forcing us all. Or worse, there is no reasonable alternative. There is no other language which runs on all browsers like JavaScript.

So for me, that means I want to write as LITTLE in JavaScript as possible. I want my main application code to be written in a real, unit-testable language with object-oriented and easy unit testing support. This should be a very reasonable requirement!

What is AngularJS
There has been a movement for people to try to write all sorts of things in JavaScript. In the case of node.js, I picture a couple of drunk college friends saying: “Dude, I bet I could write a web server in JavaScript.” and “Dude! You should do that, you should TOTALLY do that!” and voila, we have node.js. In the case of AngularJS – this is really the JavaScript version of an MVC framework, with the ability to “bind” the Model to the View also. I assume this product may have been created out of a dare, perhaps? Just to see if you could write an MVC framework purely in JavaScript – maybe?

AngularJS lets you land on /Index.html – and with some very some impressive JavaScript maneuverings, has a route engine which let’s you navigate to other “pages”, but it’s actually all client-side routing. Perhaps you’ve see URL’s with the format of:

http://example.com/#/user

or more typically: /#/[controller]/[action]/[id]

That is how AngularJS does routing. Everything to the right of a “#” in the URL, is handled by the client-side, so AngularJS takes advantage of that to route requests accordingly.

When I say that you can data binding, I mean that in a view, you could have something like:

<div> First Name: {{ firstName }} </div>

That would, in the View, show the value of whatever is in the firstName variable, in the Model, supplied by the Controller. So, AngularJS is a JavaScript framework which is an client-side MVC framework, with the ability to also do dynamic “binding” to model data.

From where do you get application data?
You are limited by your security constraints and by what JavaScript can do. Mostly though, an AngularJS site is most-likely to get its’ data from RESTful API’s hosted on the local server or from an external service.

If you want data from a database, you’d have to expose it via a REST service (using some other server-side technology) and figure out some way to secure it.

Where can I learn more?
www.pluralsight.com, of course, has several very high quality courses. Start with the K. Scott Allen one.

www.angularjs.org, of course, has lots of resources. Also see: builtwith.angularjs.org to see sites built with Angular, and most-impressive – http://plnkr.co/ which is an in-browser HTML/CSS/JavaScript editor written in AngularJS.

When should you use AngularJS
After going through a few Pluralsight courses, doing some Hello, World projects and getting familiar with this – it really made me think. This is a pretty powerful framework. For JavaScript, it’s very well done – but it is still JavaScript – which means: no intellisense, it’s hard to debug, it’s hard to do unit testing, etc – as mentioned above. The biggest issue though, to me, is security. There is no security of your code (your intellectual property), of your underlying services (which sometimes, doesn’t matter), and how do you handle authentication in a way that can’t be hijacked? When you give EVERYTHING to the browser, that means the malicious user has quite a bit to work with, to try to break through your defenses. Again, for some apps – this is not an issue, but still I think it’s worth bringing.

After some thinking, my conclusion (while still being new to this), is the following. Here’s what I came up with:

Use It:

  • You don’t care about exposing the details of getting your data. If you are getting data from a public API for example.
  • You don’t have a need to do anything securely, by user. Since this is 100% client-side, that means even doing OAuth would be very tricky because your token and secret need to be accessible to the browser and there can be no obfuscation of, or secure storage of anything user-specific. You can’t stop a malicious user from attacking, because they literally have all of the source code of your site.
  • You want to run on a platform that doesn’t have a good or native MVC framework. For example, this might be good for running a web server on an Arduino or Raspberry Pi device. Sure, they need to use (typically) REST services to get their data, but the rest of the MVC routing and data binding is at least taken care of.

Don’t Use It:

  • If you need to protect the data store, metadata, field names, connection information, etc.
  • You need to do anything with security. Although you can be protected, mostly, from outside attackers – there is very little you can do to protect the app from a malicious insider user. They have access to ALL of the source code!
  • If you have a reasonable MVC framework and if you can more-easily unit test, use OO, etc on the server-side using some other technology. Don’t use JavaScript unless you really, really have to.

Bottom line for me, I would definitely consider this for Arduino and Pi, or for a dashboard app on a regular web server where I’m using unsecured REST API’s. It’s an impressive framework. However, If I need to do authentication and authorization, and need to hit private data stores, I probably would avoid AngularJS and it’s probably not the best tool.

What do you think?

Posted in Computers and Internet, Development Tools, General, Mobile, NETMF, New Technology, Professional Development, Raspberry Pi, Security, Uncategorized, Visual Studio, Web Services

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Archives
Categories

Enter your email address to follow this blog and receive notifications of new posts by email.

Join 5 other followers

%d bloggers like this: