Hi everyone,

The crowdmatch mechanism code is still a work in progress, and I want
to talk about what I've done so far to get some feedback. This email
has become rather long! Feel free to skim it to find parts that sound
interesting. This was written for my benefit as much as yours, and in
the hope that I get some feedback. Anything at all, like "Well hurry up
and do it already", is very welcome.

It is also written for posterity and for your amusement. :)

The new code is on a branch called split-mechanism. A giant comparison
can be viewed, but it's longer than this email(!)[1] and I'm going to
call out specific items instead. This will be a technical discussion,
but not too nutty. I will talk about how I structured the crowdmatch
mechanism code, how I've designed it to be used, how I've designed it
to be testable, and how some quirks popped up during my headlong crash
through coding it. Please reply with feedback ABOUT ANY PART OF THIS! :D

### Table of Contents:

    1.   A separate module for the crowdmatch mechanism
    2.   API for the library
    2.a.   Client code requirements
    2.b.   Usage example
    2.c.   Exported actions
    3.   Database management
    3.a.   Migrations
    3.b.   The test database
    3.c.   run-persist library
    4.   Implementation to allow property testing
    5.   Implementation to allow more-than-one Stripe
    6.   Difference between MechAction and StripeI
    7.   What's left to do

    Appendix A: Questions

### 1. A separate module for the crowdmatch mechanism

Although there is only one foreseeable client to this code, namely the
Snowdrift website, I went ahead and structured it as a standalone
library. It is in a directory called 'crowdmatch'. I did this so it can
be tested independently. It will be a lot more stable than the website
eventually, too, which is a good decider for whether something should
be independent or not.

### 2. API for the library

The crowdmatch library puts certain constraints on client code because
it requires a database. Then, it does what any API does: provides
actions and data types.

### 2.a. Client code requirements

A client of this library must be using Postgres via Persistent.
The only way to be agnostic about databases would be to completely
reimplement a database. That's nuts. The library will just use Postgres,
and thus requires client code to use it as well.

The library also needs to do IO to talk to Stripe. Rather than rely
on monad transformers or mtl-style classes to manage these different
layers, I use plain old functions. Each API method needs to be passed
a handler for running database actions. Will this be a pain in the
ass? Probably not. It's also the easiest style to change FROM, should
that become necessary.

The library maintains its own notion of what a "Patron" is. To
interface with the website, I created ToMechPatron and FromMechPatron
type classes. These are easy to define for the User type. Thus, it's
easy to create a relationship between "website Users" and "crowdmatch

### 2.b. Usage example

Here's a usage example that covers these parts so far.


        :: (ToMechPatron usr, MonadIO io, MonadIO env)
        => SqlRunner io env
        -> usr
        -> env Patron

You can run:

    someHandler = do
        Entity uid user <- requireAuth
        patron <- Crowdmatch.fetchPatron runDB uid

See how 'runDB' is passed in as the database runner.

### 2.c. Exported actions

There are about ten operations that will be exported, as well as a
handful of data types. I am starting with fetching, storing, and
deleting two items: payment-method tokens and pledges. The payment
tokens are what Stripe gives us in lieu of credit card info. Pledges are
what you think they are: the record of a donor pledged to a project.

Next in the API are two super important methods (prototyped but not
implemented yet): 'runCrowdmatch' and 'processPayments'.

The first looks at all pledged patrons and calculates an outstanding
donation balance. After a crowdmatch event, each pledged patron will
then "owe" a certain amount to the project. That all happens in the
database in a single transaction.

Later, at our leisure, we can run 'processPayments'. That method
inspects outstanding balances and sends payment commands via
Stripe. This is where fee limits take effect.

The website won't trigger the crowdmatch event or payment processing.
Instead I'll have two simple utilities that do that stuff. I'll just
run them manually at first.

This section was longer than I intended, but that's probably good.
It's one of the more important. Feedback on the API is highly welcome.

API to date:

### 3. Database management

Since this library requires a database, it requires database
management. Like I said, it uses Persistent, and has its own 'Model'
module that works like the website's Model, where the database schema
is defined.

### 3.a. Migrations

The library exports a Persistent-generated migration action that clients
need to ensure gets run. This handles "safe" migrations. I will also be
adding manual migrations for the cases that Persistent can't handle. I
am leaning towards using the 'drift' library, but this is actually an
open question.

Does anyone have experience with manual migration libraries?

So far I've looked at drift, postgresql-simple-migrations, and
dbmigrations. I haven't decided which to use yet.

### 3.b. The test database

I had to set up a test database, since there's no point in running tests
without one. I wrote code that creates a tablespace in memory, so the
tests are relatively quick.  (400 iterations of 0-100 actions in sixteen
seconds. Yes, "relatively quick" is definitely *relative*.)

### 3.c. run-persist library

Along the way, I wrote a whole 'nother library called run-persist. I
got tired of playing Monad Jenga just to run a SqlPersistT action in
IO. Right now this library is included in the project, but I plan on
splitting it out once it is good enough.

The run-persist library is pretty short:

### 4. Implementation to allow property testing

If you look at the API for the crowdmatch library linked above, you'll
see a thin wrapper over 'runMech' applied to values of type 'MechAction
ret'. Why this design? I wanted to be able to create a long, random list
of actions to blast at the library, so I could inspect invariants. This
should catch any weird combination of actions that could lead to edge
case behavior. I have two tests that use it: 'prop_pledgeHist' and


Something I struggled with here is the type variable in 'MechAction
ret'. The 'ret' represents the return value of the action. MechAction
is a GADT, and each constructor can specify its unique return type
concretely. It took a while to figure out how to run a bunch of actions
with these heterogeneous return types. That's why right now all the
constructors all have type 'MechAction ()'. :) I know how to change that
now, which I will have to do to handle Stripe errors. But fixing this
in a satisfying way is an open question. I'll be "fixing" it using a
hack that is possible because the properties being tested are already

In summary, the GADT is nice but creates some complications. This is
my first time using this design, so feedback is welcome.

### 5. Implementation to allow more-than-one Stripe

Going one level deeper, I parameterized over the method of calling out
to Stripe. This is primarily for testability. I don't want to actually
hit Stripe hundreds of times when running the property tests discussed
above. Once again I am using plain old functions, side stepping any
long-winded discussion about "dependency injection".

The Haskell library for Stripe actually already does this! But I wrapped
over it anyway, to ignore the dozens of Stripe commands that I don't
use, and to allow some flexibility in munging return types.

The wrapper is another GADT named StripeI. The name will be explained in
the next section.

There is a dummy Stripe runner for tests:

Its implementation will be explained in the next section, as well.

### 6. Differences between MechAction and StripeI

Both of these GADTs are used to define an API independent of how they
are implemented. They only look different because I started out with
different goals, and didn't realize I was solving the same problem.

For a good intro to GADTs, read here:

I wrote MechAction because I knew I would be creating an Arbitrary list
of actions for tests. I used a GADT just so I could have different, but
concrete, return types. Amusingly, that didn't work so well, since I
still needed to monomorphize them some how when running tests. I think I
will stick with it for another benefit, though: The GADT is like an OO
interface, describing what the module can do without actually doing it.

I wrote StripeI because I knew I wanted more than one way of running the
actions. I used the 'operational' package, which is designed for exactly
that. StripeI corresponds to the way instruction-types are built (and
named!) in operational's documentation. This also explains dummyStripe's
implementation, which follows the operational pattern.

After I wrote both of these, however, I realized they were two versions
of the same thing. Both describe the available commands without
actually running them. My abstraction over the API's internals, and my
abstraction over Stripe, could take on the exact same shape. At the very
least, they should be named similarly (FoobarAction versus FoobarI?!).

This is my second time using GADTs in anger. Super convenient, except
when they are not.

### 7. What's left to do

I am going to continue working on the mechanism until there is enough
in place to let people make an actual pledge. Roughly, that entails
the following:

- Write more tests
- Add Stripe return codes to MechAction results
- Write a StripeI runner that actually calls out to Stripe
- Choose a migrations library, and use it to add a constraint that
  pledges can only be made if a user has their payment info on file
  (Persistent can't handle this)
- Update the website to use the library instead of the prototypal code
- Pass -Wall -Werror everywhere

Then I will switch to coordinating the work required for launching at
SeaGL. There is work to do on the website and in operations. On the
production website, we need the banner with instructions for verifying
email addresses. Jason (JazzyEagle) has begun working on that, and could
use more help.

In operations, I need to put everything in place to use our Stripe
keys, and I need to prepare for the user database migration.

At the same time, the mechanism needs to implement the crowdmatch and
payment-processing functions! I will get to that after the project is
ready for launch, unless someone beats me to it. HINT HINT. :)

### Appendix A: Questions

This is just a list of questions extracted/inferred from the body of the
email, repeated (with a bit of context) for your convenience.

1. Any experience with manual migration libraries? drift,
postgresql-simple-migrations, dbmigrations, ...

2. Thoughts on requiring client code to pass in database- and
Stripe-runners to each API methods? I think it has a rewarding
simplicity. Currying the API methods should make them really

3. Any good ideas on creating an Arbitrary list of heterogeneous
MechActions to blast at the library for testing? I'm going to be using a
low-sophistication method, so SOME solution exists, but I hope something
better exists. Something something HList? But HList makes my spidey
sense tingle in a bad way, and there are a lot of ways to mimic such
a thing. I was directed to consider extensible-effects or possibly
"reappropriating vinyl machinery".

4. Anybody want to help write mechanism methods? Both runCrowdmatch
and processPayments are interesting and available.

WHEW! If you're still here, wow. Thanks. It has been good to write
this description and rationalization for the library's design.
Hopefully it has been enlightening and inspiring. Good night.

aka chreekat


[1]: For reference, the entire list of changes (including diffs) is at:

Attachment: signature.asc
Description: Digital signature

Dev mailing list

Reply via email to