Setup a website with Nim
This small tutorial will help you create a website with Nim. We'll use libraries from the standard library and some externals from Nim-users.
The tutorial will not explain how procs, templates, etc. works - there are many other good Nim resources for that. See https://nim-lang.org/learn.html for that.
We'll create a small website with user management, which has a public page and page only visible for users logged in.
Difficulty
The tutorial is meant for programmers with little experience in Nim.
The first chapters are easy, but thereafter the difficulty will increase.
Goal
A website created in Nim. The result will be a simplified replica of NimWC. You can find NimWC at the NimWC Github repo, if you want to add more details and functions to your code.
Requirements
Nim with a version higher or equal to 19.2 (Nim is currently in stable: 1.x.x - use that!)
The final code
The final code is hosted here: Tutorial code
Setup you battlestation
External libraries
nimble install jester
nimble install bcrypt
Not used libraries
There's a lot of helpful libraries, which we are not going to use. But you can enhance your code afterward with them.
Checkout Nimble Directory for libraries.
- sqlbuilder (format your queries)
- recaptcha (Google's reCAPTCHA verification)
Code editor
Visual Studio Code has a good integration of Nim. Download VSC and install the Nim extension.
Folder structure
Create the following folder structure. We will put files into the folders as we go through the tutorial.
nimweb/
nimweb/config <-- Used to store our configuration
nimweb/data <-- For our SQLite database
nimweb/code <-- The code
nimweb/public <-- Containing CSS and JS files
nimweb/tmpl <-- The HTML-Nim files
Config files
The config files contains our secret information, such as database password.
Create the config file nimweb/config/config.cfg
Insert the following data:
[Database]
folder = "data"
host = "data/website.db"
name = "website"
user = "user"
pass = ""
[Server]
website = "https://myurl.org"
title = "Nim Website"
url = "127.0.0.1"
port = "7000"
The main file
This file is our main file. It is within this we'll import and include our files. Create a file nimweb/main.nim
Import required libraries
Insert the following at the top of your new file.
import db_sqlite # SQLite
import jester # Our webserver
import logging # Logging utils
import os # Used to get arguments
import parsecfg # Parse our config file
import strutils # Basic functions
import times # Time and date
import uri # We need to encode urls: encodeUrl()
import code/database_utils # Utils used in the database
import code/password_utils # Our file with password utils
Parse config.cfg
We'll start by reading and parsing the config.cfg to get the database information.
# First we'll load config files
let dict = loadConfig("config/config.cfg")
# Now we get the values and assign them.
# We do not need to change them later, therefore
# we'll use `let`
let db_user = dict.getSectionValue("Database", "user")
let db_pass = dict.getSectionValue("Database", "pass")
let db_name = dict.getSectionValue("Database", "name")
let db_host = dict.getSectionValue("Database", "host")
let mainURL = dict.getSectionValue("Server", "url")
let mainPort = parseInt dict.getSectionValue("Server", "port")
let mainWebsite = dict.getSectionValue("Server", "website")
Database variable
We are assigning db to our database connection. Each time we need to access the database, we can just use db. The assigning happens later on..
# Database var
var db: DbConn
Setup our webserver
We'll assign jester (our webserver) with the port and address. These values originate from our config.cfg file.
# Jester setting server settings
settings:
port = Port(mainPort)
bindAddr = mainURL
User management
In this tutorial we'll only add 1 user - the Admin
User details
When the admin user login, we'll assign values to user. These values "follows" the user around; that allows us to access them everywhere, e.g. the users email.
The user details are assigned to a c. This is passed around as c: var TData
Setup a type containing the user data
# Setup user data
type
TData* = ref object of RootObj
loggedIn*: bool
userid, username*, userpass*, email*: string
req*: Request
The init() proc reset the user values to ensure, that the user is logged in, and that the values always correspond to the latest values stored in the database.
proc init(c: var TData) =
## Empty out user session data
c.userpass = ""
c.username = ""
c.userid = ""
c.loggedIn = false
Check if the user is logged in
Each time the user is requesting a new page, we have to check if the user is logged in. We do that by checking, if the user has a username assigned (we'll assign the username later).
func loggedIn(c: TData): bool =
## Check if user is logged in by verifying that c.username exists
c.username.len > 0
Full check: is the user logged in
We create a proc to check our database table session to see, if their cookie and IP matches.
proc checkLoggedIn(c: var TData) =
## Check if user is logged in
# Get the users cookie named `sid`. If it does not exist, return
if not c.req.cookies.hasKey("sid"): return
# Assign cookie to `let sid`
let sid = c.req.cookies["sid"]
# Update the value lastModified for the user in the
# table session where the sid and IP match. If there's
# any results (above 0) assign values
if execAffectedRows(db, sql("UPDATE session SET lastModified = " & $toInt(epochTime()) & " " & "WHERE ip = ? AND key = ?"), c.req.ip, sid) > 0:
# Get user data based on userID from session table
# Assign values to user details - `c`
c.userid = getValue(db, sql"SELECT userid FROM session WHERE ip = ? AND key = ?", c.req.ip, sid)
# Get user data based on userID from person table
let row = getRow(db, sql"SELECT name, email, status FROM person WHERE id = ?", c.userid)
# Assign user data
c.username = row[0]
c.email = toLowerAscii(row[1])
# Update our session table with info about activity
discard tryExec(db, sql"UPDATE person SET lastOnline = ? WHERE id = ?", toInt(epochTime()), c.userid)
else:
# If the user is not found in the session table
c.loggedIn = false
Login proc
Next we create a proc used for login. This proc is only used when the user logs in.
proc login(c: var TData, email, pass: string): tuple[b: bool, s: string] =
## User login
# We have predefined query
const query = sql"SELECT id, name, password, email, salt, status FROM person WHERE email = ?"
# If the email or pass passed in the proc's parameters is empty, fail
if email.len == 0 or pass.len == 0:
return (false, "Missing password or username")
# We'll use fastRows for a quick query.
# Notice that the email is set to lower ascii
# to avoid problems if the user has any
# capitalized letters.
for row in fastRows(db, query, toLowerAscii(email)):
# Now our password library is going to work. It'll
# check the password against the hashed password
# and salt.
if row[2] == makePassword(pass, row[4], row[2]):
# Assign the values
c.userid = row[0]
c.username = row[1]
c.userpass = row[2]
c.email = toLowerAscii(row[3])
# Generate session key and save it
let key = makeSessionKey()
exec(db, sql"INSERT INTO session (ip, key, userid) VALUES (?, ?, ?)", c.req.ip, key, row[0])
info("Login successful")
return (true, key)
info("Login failed")
return (false, "Login failed")
A logout proc
The logout proc deletes the users instance in the session table. This results in, that the proc checkLoggedIn() cannot find any matching values to users sid and IP.
proc logout(c: var TData) =
## Logout
c.username = ""
c.userpass = ""
const query = sql"DELETE FROM session WHERE ip = ? AND key = ?"
exec(db, query, c.req.ip, c.req.cookies["sid"])
Do the check inside our routes
Template used in our routes. The template is "injected" into all of our URL routes, where it uses the proc's above to check if the user is logged in.
You'll see this template used in the routes-files.
template createTFD() =
## Check if logged in and assign data to user
# Assign the c to TDATA
var c {.inject.}: TData
# New instance of c
new(c)
# Set standard values
init(c)
# Get users request
c.req = request
# Check for cookies (we need the cookie named sid)
if cookies(request).len > 0:
# Check if user is logged in
checkLoggedIn(c)
# Use the func()
c.loggedIn = loggedIn(c)
isMainModule
when isMainModule: is running when the file is the main module, which this is!
Insert the following:
when isMainModule:
echo "Nim Web is now running: " & $now()
# Generate DB if newdb is in the arguments
# or if the database does not exists
if "newdb" in commandLineParams() or not fileExists(db_host):
generateDB()
quit()
# Connect to DB
try:
# We are using the values which we assigned earlier
db = open(connection=db_host, user=db_user, password=db_pass, database=db_name)
info("Connection to DB is established.")
except:
fatal("Connection to DB could not be established.")
sleep(5_000)
quit()
# Add an admin user if newuser is in the args
if "newuser" in commandLineParams():
createAdminUser(db, commandLineParams())
quit()
Include template files
The only thing we now are missing is our URL routes and HTML templates. We are going to include the HTML-Nim files which means, that they are inserted 1-1 into our code instead of being imported.
include "tmpl/main.tmpl"
include "tmpl/user.tmpl"
Setup routes (URL's)
Routes is the name for our URL's.
routes:
get "/":
createTFD()
resp genMain(c)
get "/secret":
createTFD()
if c.loggedIn:
resp genSecret(c)
get "/login":
createTFD()
resp genLogin(c, @"msg")
post "/dologin":
createTFD()
let (loginB, loginS) = login(c, replace(toLowerAscii(@"email"), " ", ""), replace(@"password", " ", ""))
if loginB:
when defined(dev):
jester.setCookie("sid", loginS, daysForward(7))
else:
jester.setCookie("sid", loginS, daysForward(7), samesite = Lax, secure = true, httpOnly = true)
redirect("/secret")
else:
redirect("/login?msg=" & encodeUrl(loginS))
get "/logout":
createTFD()
logout(c)
redirect("/")
Password utils
Create the password file here nimweb/code/password_utils.nim and insert:
import md5, bcrypt, math, random, os
randomize()
var urandom: File
let useUrandom = urandom.open("/dev/urandom")
proc makeSalt*(): string =
## Generate random salt. Uses cryptographically secure /dev/urandom
## on platforms where it is available, and Nim's random module in other cases.
result = ""
if useUrandom:
var randomBytes: array[0..127, char]
discard urandom.readBuffer(addr(randomBytes), 128)
for ch in randomBytes:
if ord(ch) in {32..126}:
result.add(ch)
else:
for i in 0..127:
result.add(chr(rand(94) + 32)) # Generate numbers from 32 to 94 + 32 = 126
proc makeSessionKey*(): string =
## Creates a random key to be used to authorize a session.
let random = makeSalt()
return bcrypt.hash(random, genSalt(8))
proc makePassword*(password, salt: string, comparingTo = ""): string =
## Creates an MD5 hash by combining password and salt
let bcryptSalt = if comparingTo != "": comparingTo else: genSalt(8)
result = hash(getMD5(salt & getMD5(password)), bcryptSalt)
Database utils
Create the file nimweb/code/database_utils
This file will contain 2 procs: 1 for generating the database and 1 for creating the admin user. Insert both of the proc's into the file.
Generating database
import db_sqlite, os, parsecfg, strutils, logging
import ../code/password_utils
proc generateDB*() =
echo "Generating database"
# Load the connection details
let
dict = loadConfig("config/config.cfg")
db_user = dict.getSectionValue("Database","user")
db_pass = dict.getSectionValue("Database","pass")
db_name = dict.getSectionValue("Database","name")
db_host = dict.getSectionValue("Database","host")
db_folder = dict.getSectionValue("Database","folder")
dbexists = if fileExists(db_host): true else: false
if dbexists:
echo " - Database already exists. Inserting tables if they do not exist."
# Creating database folder if it doesn't exist
discard existsOrCreateDir(db_folder)
# Open DB
echo " - Opening database"
var db = open(connection=db_host, user=db_user, password=db_pass, database=db_name)
# Person table contains information about the
# registrered users
if not db.tryExec(sql("""
create table if not exists person(
id integer primary key,
name varchar(60) not null,
password varchar(300) not null,
email varchar(254) not null,
creation timestamp not null default (STRFTIME('%s', 'now')),
modified timestamp not null default (STRFTIME('%s', 'now')),
salt varbin(128) not null,
status varchar(30) not null,
timezone VARCHAR(100),
secretUrl VARCHAR(250),
lastOnline timestamp not null default (STRFTIME('%s', 'now'))
);""")):
echo " - Database: person table already exists"
# Session table contains information about the users
# cookie ID, IP and last visit
if not db.tryExec(sql("""
create table if not exists session(
id integer primary key,
ip inet not null,
key varchar(300) not null,
userid integer not null,
lastModified timestamp not null default (STRFTIME('%s', 'now')),
foreign key (userid) references person(id)
);""")):
echo " - Database: session table already exists"
Generating admin user
This proc generates the admin user using arguments passed when running the program. To generate the user, you have to provide the following arguments:
./main newuser u:UserName p:Password e:email@email.com
proc createAdminUser*(db: DbConn, args: seq[string]) =
## Create new admin user
var iName = ""
var iEmail = ""
var iPwd = ""
# Loop through all the arguments and get the args
# containing the user information
for arg in args:
if arg.substr(0, 1) == "u:":
iName = arg.substr(2, arg.len())
elif arg.substr(0, 1) == "p:":
iPwd = arg.substr(2, arg.len())
elif arg.substr(0, 1) == "e:":
iEmail = arg.substr(2, arg.len())
# If the name, password or emails does not exists
# return error
if iName == "" or iPwd == "" or iEmail == "":
error("Missing either name, password or email to create the Admin user.")
# Generate the password using a salt and hashing.
# Read more about hashing and salting here:
# - https://crackstation.net/hashing-security.htm
# - https://en.wikipedia.org/wiki/Salt_(cryptography)
let salt = makeSalt()
let password = makePassword(iPwd, salt)
# Insert user into database
if insertID(db, sql"INSERT INTO person (name, email, password, salt, status) VALUES (?, ?, ?, ?, ?)", $iName, $iEmail, password, salt, "Admin") > 0:
echo "Admin user added"
else:
error("Something went wrong")
info("Admin added.")
Template files
The templates is a mix of HTML and Nim. The Nim code is identified with a hashtag in the files: #
main.tmpl
Create the file nimweb/tmpl/main.tmpl
#? stdtmpl | standard
#
#proc genMain(c: var TData): string =
# result = ""
<link rel="stylesheet" href="/style.css">
<h1>Hello World</h1>
#end proc
#
#proc genSecret(c: var TData): string =
# result = ""
<h1>Welcome to the secret World</h1>
#end proc
user.tmpl
Create the file nimweb/tmpl/user.tmpl
#? stdtmpl | standard
#
#proc genLogin(c: var TData, errorMsg = ""): string =
# result = ""
# if not c.loggedIn:
<div id="login">
<form name="login" action="/dologin" method="POST" class="box">
<h3 style="line-height: 1.9rem;">Login</h3>
# if errorMsg.len() != 0:
<div class="notification is-danger" style="text-align: center;font-size: 1.2rem; line-height: 1.8rem;"><b>${errorMsg}</b></div>
# end if
<div class="field form-group">
<label class="label">Email</label>
<div class="control has-icons-left has-icons-right">
<input type="email" class="form-control input is-rounded" name="email" placeholder="Email" minlength="5" dir="auto" required autofocus>
</div>
</div>
<div class="field form-group">
<label class="label">Password</label>
<div class="control has-icons-left has-icons-right">
<input type="password" class="form-control input is-rounded" name="password" autocomplete="current-password" minlength="4" placeholder="Password" dir="auto" required>
</div>
</div>
<input href="#" type="submit" class="btn btn-custom btn-blue-secondary button is-primary is-fullwidth is-rounded" value="Login" />
</form>
</div>
#else:
<div class="notification is-danger" style="text-align: center">
<h1>You are already logged in!</h1>
</div>
# end if
#end proc
CSS and JS files
Stylesheets (CSS) and Javascript files can be loaded from the public folder. Let's create CSS file.
Create the file nimweb/public/style.css
h1 { color: red; }
Run it!
We are now ready to startup our little website. First we'll compile it, then we generate the database and then we add the admin user.
# Compile
nim c main.nim
# Generate database
./main newdb
# Add admin user
./main newuser u:Admin p:Pass e:email@email.com
# Run
./main
# Now access your website on 127.0.0.1:7000
# Login on 127.0.0.1:7000/login
Next step
Webserver
If you want to use your new program in production so other people can access it, you should setup a webserver in front of it, e.g. Nginx.
SSL
To activate SSL due to a SSL certificate or if you are loading HTTPS resources, you need to compile with -d:ssl