Elixir
Created by renews

Free tutorial: Learn Phoenix LiveView and OTP

https://liveviewcrashcourse.com/

DockYard-Academy/curriculum

https://github.com/DockYard-Academy/curriculum

Elixir Streams

https://www.elixirstreams.com/

Elixir WebRTC

https://elixir-webrtc.org/

ElixirDrops

https://elixirdrops.net/

Building a World of Warcraft server in Elixir | pikdum's blog

Building a World of Warcraft server in Elixir

July 14, 2024

Updates:

2024-11-28: Should’ve linked earlier, but there’s now a homepage and Discord channel.

Thistle Tea is my new World of Warcraft private server project. You can log in, create a character, run around, and cast spells to kill mobs, with everything synchronized between players as expected for an MMO. It was floating around in my head to build this for a while, since I have an incurable nostalgia for early WoW. I first mentioned this on May 13th and didn’t expect to get any further than login, character creation, and spawning into the map. Here’s a recount of the first month of development.

Prep Work

Before coding, I did some research and came up a plan.

Code this in Elixir, using the actor model.
MaNGOS has done the hard work on collecting all the data, so use it.
Use Thousand Island as the socket server.
Treat this project as an excuse to learn more Elixir.
Reference existing projects and documentation rather than working from scratch.
Speed along the happy path rather than try and handle every error.

Day 1 - June 2nd

There are two main parts to a World of Warcraft server: the authentication server and the game server. Up first was authentication, since you can’t do anything without logging in.

To learn more about the requests and responses, I built a quick MITM proxy between the client and a MaNGOS server to log all packets. It wasn’t as useful as expected, since not much was consistent, but it did help me internalize how the requests and responses worked.

The first byte of an authentication packet is the opcode, which indicates which message it is, and the rest is a payload with the relevant data. I was able to extract the fields from the payload by pattern matching on the binary data.

The auth flow can be simplified as:

Client sends a CMD_AUTH_LOGON_CHALLENGE packet
Server sends back some data for the client to use in crypto calculations
Client sends a CMD_AUTH_LOGON_PROOF packet with the client proof
If the client proof matches what’s expected, server sends over the server_proof
Client is now authenticated

It uses SRP6, which I hadn’t heard of before this. Seems like the idea is to avoid transmitting an unencrypted password and instead both the client and server independently calculate a proof that only matches if they both know the correct password. If the proof matches, then authentication is successful.

So basically, what I needed to do was:

Listen for data over the socket
Once data received, parse what message it is out of the header section
Handle each one differently
Send back the appropriate packet

This whole part is well documented, but I still ran into some issues with the cryptography. Luckily, I found a blog post and an accompanying Elixir implementation, so I was able to substitute my broken cryptography with working cryptography. Without that, I would’ve been stuck at this part for a very long time (maybe forever). Wasn’t able to get login working on day 1, but I was close.

Links:

Day 2 - June 3rd

I spent some time cleaning up the code and found a logic error where I reversed some crypto bytes that weren’t supposed to be. Fixing that made auth work, finally getting a success with hardcoded credentials.

Next up was getting the realm list to work, by handling CMD_REALM_LIST and returning which game server to connect to.

This got me out of the tedious auth bits and I could get to building the game server.

Links:

Day 3 - June 4th

The goal for today was to get spawned into the world. But first more tedious auth bits.

The game server auth flow can be simplified as:

When client first connects, server sends SMSG_AUTH_CHALLENGE, with a random seed
Client sends back CMSG_AUTH_SESSION, with another client proof
If client proof matches server proof, server sends a successful SMSG_AUTH_RESPONSE

This negotaties how to encrypt/decrypt future packet headers. Luckily Shadowburn also had crypto code for this, so I was able to use it here. The server proof requires a value previously calculated by the authentication server, so I used an Agent to store that session value. It worked, but I later refactored it to use ETS for a simpler interface.

After that, it’s something like:

Client sends message to server
Server decrypts header, which contains message size (2 bytes) and opcode (4 bytes)
Server handles message and sends back 0 or more messages to client

First was handling CMSG_CHAR_CREATE and CMSG_CHAR_ENUM, so I could create and list characters. I originally used an Agent for storage here as well, which made things quick to prototype.

Then I got side-tracked for a bit trying to get equipment to show up, since I had all the equipment display ids hardcoded to 0. I looked through the MaNGOS database and hardcoded a few proper display ids before moving on.

After that was handling CMSG_PLAYER_LOGIN. I found an example minimal SMSG_UPDATE_OBJECT spawn packet, which was supposed to spawn me in Northshire Abbey.

That’s probably the most important packet, since it does everything from:

Spawning things into the world, like players, mobs, objects, etc.
Updating their values, like health, position, level, etc.

It has a lot of different forms, can batch multiple object updates into a single packet, and has a compressed variant.

Whoops, had the coordinates a bit off.

After fixing that, I was in the human starting area as expected. No player model yet, though.

I thought movement was broken, but it turns out all keybinds were being unset on every login, so the movement keys just weren’t bound. Manually navigating to the keybinding configuration and resetting them to default allowed me to move around.

Next up was adding more to that spawn packet to use the player race and proper starting area. The starting areas were grabbed from a MaNGOS database that I converted over to SQLite and wired up with Ecto.

Last for the night was to get logout working.

The implementation was something like:

After receiving a CMSG_LOGOUT_REQUEST, use Process.send_after/3 to queue a :login_complete message that would send SMSG_LOGOUT_COMPLETE to the client in 20 seconds
Store a reference to that timer in state
If received a CMSG_LOGOUT_CANCEL, cancel the timer and remove it from state

This was the first piece that really took advantage of Elixir’s message passing.

The white chat box was weird, but it was nice being able to log in.

Links:

Day 4 - June 5th

First up was reorganizing the code, since my game.ex GenServer was getting too large.

My strategy for that was:

Split out related messages into separate files
- auth.ex, character.ex, ping.ex, etc.
- wrapped in the __using__ macro
Include those back into game.ex with use

It worked, but it messed with line numbers in error messages and made things harder to debug.

After that, I wanted to generate that spawn packet properly rather than hardcoding. The largest piece of this was figuring out the update mask for the update fields.

There are a ton of fields for the different types of objects SMSG_UPDATE_OBJECT handles. Before the raw object fields in the payload, there’s a bit mask with bits set at offsets that correspond to the fields being sent. Without that, the client wouldn’t know what to do with the values.

So, I needed to write a function that would generate this bit mask from the fields I pass in. Luckily it’s all well documented, but it still took a while to get to a working implementation.

Links:

Day 5 - June 6th

Referencing MaNGOS, I added some more messages that the server sends to the client after a CMSG_PLAYER_LOGIN. One of these, SMSG_ACCOUNT_DATA_TIMES, fixed the white chat box and keybinds being reset.

I also added SMSG_COMPRESSED_UPDATE_OBJECT, which compresses the SMSG_UPDATE_OBJECT packet with :zlib.compress/1. This was more straightforward than expected, and I made things use the compressed variant if it’s actually smaller. I’m expecting this to have even more benefits when I get to batching object updates, but right now I’m only updating objects one by one.

Movement would come up soon, so I started adding the handlers for those packets.

Day 6 - June 7th

In the update packet, I still had the object guid hardcoded. This is because it wants a packed guid and I needed to write some functions to handle that. Rather than the entire guid, a packed guid is a byte mask followed by all non-zero bytes. The byte mask has bits set that correspond to where the following bytes go in the unpacked guid. This is for optimizing packet size, since a guid is always 8 bytes but a packed guid can be as small as 2 bytes.

This took a while, because the client was crashing when I changed the packed guid from <<1, 4>> to anything else. After trying different things and wasting a lot of time, I realized that the guid was in two places in the packet and they needed to match. A quick fix later and things were working as expected.

Links:

https://gtker.com/wow_messages/types/packed-guid.html

Day 7 - June 8th

It was about time to start implementing the actual MMO features, starting with seeing other players. To test, I hardcoded another update packet after the player’s with a different guid, to try and spawn something other than the player.

Then I used a Registry to keep track of logged in players and their spawn packets. After entering the world, I would use Registry.dispatch/3 to:

spawn all logged in players for that player
spawn that player for all other players
both using SMSG_UPDATE_OBJECT

After that, I added a similar dispatch when handling movement packets to broadcast movement to all other players. This is where the choice of Elixir really started to shine, and I quickly had players able to see each other move around the screen.

I tested this approach with multiple windows open and it was very cool to see everything synchronized.

I added a handler for CMSG_NAME_QUERY to get names to stop showing up as Unknown and also despawned players with SMSG_DESTROY_OBJECT when logging out.

This is where I started noticing a bug: occasionally I wouldn’t be able to decrypt a packet successfully, which would lead to all future attempts for that connection failing too, since there’s a counter as part of the decryption function. I couldn’t figure out how to resolve it yet, though, or reliably reproduce.

Links:

Day 8 - June 9th

To get chat working, I handled CMSG_MESSAGECHAT and broadcasted SMSG_MESSAGECHAT to players, using Registry.dispatch/3 here too. I only focused on /say here and it’s all players rather than nearby. Something to fix later.

Related to that weird decryption bug, I handled the case where the server received more than one packet at once. This might’ve helped a bit, but didn’t completely resolve the issue.

Links:

Day 9 - June 10th

I still had authentication with a hardcoded username, password, and salt, so it was about time to fix that. Rather than go with PostgreSQL or SQLite for the database, I decided to go with Mnesia, since one of my goals was to learn more about Elixir and its ecosystem. I briefly tried plain :mnesia, but decided to use Memento for a cleaner interface.

So, I added models for Account and Character and refactored everything to use them. The character object is kept in process state and only persisted to the database on logout or disconnect. Saving on a CMSG_PING or just periodically could be a good idea too, eventually. Right now data isn’t persisted to disk, since I’m still iterating on the data model, but that should be straightforward to toggle later.

Links:

Day 10 - June 11th

Today was standardizing the logging, handling a bit more of chat, and handling an unencrypted CMSG_PING. I was thinking that could be part of the intermittent decryption issues too, but looking back I don’t think I’ve ever had my client send that unencrypted anyways.

Day 11 - June 12th

I wanted equipment working so players weren’t naked all the time, so I started on that. Using the MaNGOS item_template table, I wired things up to set random equipment on character creation. Then I added that to the response to CMSG_CHAR_ENUM so they would show up in the login screen.

Up next was getting it showing in game.

Day 12 - June 13th

It took a bit to figure out the proper offsets for each piece of equipment in the update mask, but I eventually got it working.

Since equipment is part of the update object packet, it just worked for other players, which was nice.

Day 13 - June 14th

I had player movement synchronizing between players properly so I wanted to get sitting working too.

Whoops. Weird things happen when field offsets or sizes are incorrect when building that update mask.

After that, I wanted to play around a bit by randomizing equipment on every jump. Here I learned that you need to send all fields in the update object packet, like health, or they get reset. I was trying to just send the equipment changes but I’d die on every jump.

After making sure to send all fields, it was working as expected.

Day 14 - June 15th

Took a break.

Day 15 - June 16th

Today was refactoring and improvements. I reworked things into proper modules, since it was getting hard to debug when all the line numbers were wrong. Now game.ex called the appropriate module’s handle_packet/3 function, rather than combining everything with use.

I also reworked things so players were spawned with their current position instead of the initial position saved in the registry. This included some changes to make building an update packet more straightforward.

Day 16 - June 17th

Today was just playing around and no code changes.

Not sure why the model is messed up here, but it seems like it’s something with my computer rather than anything server related.

Day 17 - June 18th

The world was feeling a bit empty, so I wanted to spawn in mobs. First was hardcoding an update packet that should spawn a mob and having it trigger on /say.

After that, I used the creature table of the MaNGOS database to get proper mobs spawning. I used a GenServer for this so every mob would be a process and keep track of their own state. Communication between mobs and players would happen through message passing. First I hardcoded a few select ids in the starting area to load, and after that worked I loaded them all.

Rather than spawn all ~57k mobs for the player, I wired things up to only spawn mobs within a certain range. This looked like:

Store mob pids in a Registry, along with their x, y, z position
Create a within_range/2 function that takes in two x, y, z tuples
On player login, dispatch on that MobRegistry, using within_range/2 to only build spawn packets for mobs within range
On player movement, do the same

It worked really well and I could run around and see the mobs.

Next up was optimization and despawning mobs that were now out of range.

Day 18 - June 19th

For optimization, I didn’t want to send duplicate spawn packets for mobs that were already spawned. I also wanted to despawn mobs that were out of range. To do this, I used ETS to track which guids were spawned for a player.

In the dispatch, the logic was:

if in_range and not spawned, spawn
if not in_range and spawned, despawn
otherwise, ignore

Despawning was done through the same SMSG_DESTROY_OBJECT packet used for despawning a player after logging out.

After getting that working, I ran around the world and explored for a bit.

I noticed something wrong when exploring Westfall. Bugs were spawning in the air and then falling down to the ground. Turns out I wasn’t separating mobs by map, so Westfall had mobs from Silithus mixed in. To fix, I reworked both the mob and player registries to use the map as the key.

Having mobs standing in place was a bit boring and I wanted them to move around. Turns out this is pretty complicated and I’ll actually have to use the map files to generate paths that don’t float or clip through the ground. There are a few projects for this, all a bit difficult to include in an Elixir project. I’m thinking RPC could work, but not sure if it’ll be performant enough yet.

The standard update object packet can be used for mob movement here, since it has a movement block, but there might be some more specialized packets to look into later too.

Without using the map data, I couldn’t get the server movement to line up with what happened in the client. So, I settled with getting mobs to spin at random speeds.

That was a bit silly and used a lot of CPU, so I tweaked it to just randomly change orientation instead.

Links:

Day 19 - June 20th

Here I got mob names working by implementing CMSG_CREATURE_QUERY. This crashed the client when querying mobs that didn’t have a model, so I removed them from being loaded. I also started loading in mob movement data and optimized the query a bit to speed up startup.

I finally got some people to help me test the networking later that day. It didn’t start very well.

Turns out I hadn’t tested this locally since adding mobs and the player/mob spawn/despawns were conflicting with each other due to guid collisions. Players were being constantly spawned in and out.

I did some emergency patching to make it so players are never despawned, even out of range. I also turned off /say spawning boars since that was getting annoying. That worked for now.

There were still some major issues. My helper had 450 ms latency and would crash when running to areas with a lot of mobs. I couldn’t reproduce, though, with my 60 ms latency.

Links:

Day 20 - June 21

To reproduce the issue from the previous night, I connected to my local server from my laptop on the same network. On my laptop, I used tc to simulate a ton of latency and wired things up so equipment would change on any movement instead of just jump. This sent a lot of packets when spinning and I was finally able to reproduce.

Turns out the crashing issues were from not receiving a complete packet, but still trying to decrypt and handle it. I was handling if the server got more than one packet, but not if the server got a partial packet.

Referencing Shadowburn’s implementation, the fix for this was to let the packet data accumulate until there’s enough to handle. This finally resolved the weird decryption issue I ran into on day 7.

For the guid collision issue, I added a large offset to creature guids so they won’t conflict with player guids.

Day 21 - June 22

Took a break.

Day 22 - June 23

Worked on CMSG_ITEM_NAME_QUERY a bit, but there’s still something wrong here. It could be that it’s trying to calculate damage using some values I’m not passing to the client yet.

Decided spells would be next, so I started on that. First was sending spells over with SMSG_INITIAL_SPELLS on login, using the initial spells in MaNGOS, so I’d have something in the spellbook. Everything was instant cast though, for some reason.

Turns out I needed to set unit_mod_cast_speed in the player update packet for cast times to show up properly in the client.

I started by handling CMSG_CAST_SPELL, which would send a successful SMSG_CAST_RESULT after the spell cast time, so other spells could be cast. I also handled CMSG_CANCEL_CAST, to cancel that timer. This implementation looked a bit like the logout logic.

The starting animation for casting a spell would play, but no cast bar or anything further.

Links:

Days 23 to 26 - June 24 to 27

Took a longer break.

Day 27 - June 28

I was able to get a cast bar showing up by sending SMSG_SPELL_START after receiving the cast spell packet.

The projectile effect took a bit longer to figure out. I needed to send a SMSG_SPELL_GO after the cast was complete, with the proper target guids.

Links:

Day 28 - June 29

I got self-cast spells working by setting the target guid to the player’s guid.

Day 29 - June 30

Another break.

Day 30 - July 1

Since I had spells somewhat working, next I had to clean up the implementation. I dispatched the SMSG_SPELL_START and SMSG_SPELL_GO packets to nearby players and fixed spell cancelling.

Day 31 - July 2

I added levels to mobs, random from their minimum to maximum level, previously hardcoded 1. Then I made spells do some hardcoded damage, so mobs could die. Mobs would still randomly change orientation when dead, so added a check to only move if alive.

That seemed like a good stopping point and was one month since I started writing code for the project.

Future Plans

I’ll slowly work on this, adding more functionality as I go. My goal isn’t a 1:1 Vanilla server, but more something that fits well with Elixir’s capabilities, so I don’t plan on accepting limitations for the sake of accuracy or similar. I’d like to see how many players this approach can handle and how it compares in performance to other implementations eventually too.

Some things on the list:

proper mob + player stats
proper damage calculations
pvp
quests
mob movement + combat ai
loot + inventory management
more spells + effects
tons of refactoring
benchmarking
gameplay loop, in general

So still plenty more work to do. :)

Thanks to all the projects I’ve referenced for this, most of which I’ve tried to link here.

I wouldn’t have gotten very far without them and their awesome documentation.

Comments

Elixir programming language - Erlang Solutions

https://www.erlang-solutions.com/blog/category/elixir-programming-language/

Comprehensive Guide to Phoenix Performance Optimization - LoadForge Guides - LoadForge

https://loadforge.com/guides/introduction-to-phoenix-performance-optimization

Web Crawling with Hop, Mighty, and Instructor

https://dockyard.com/blog/2024/07/30/web-crawling-with-hop-mighty-instructor

AI Web Search

https://gist.github.com/cpursley/b4af2ff3b56c912f659bd5300e422790

VS Code or Cursor Broken for Elixir

VS Code or Cursor Broken for Elixir and possible fixes

You tried using VS Code for Elixir development. You tried out the ElixirLS extension for code insight and code completion. However, the ElixirLS extension kept crashing and never worked for you.

VS Code error display when ElixirLS crashes

This post can help you diagnose the issue and fix it. Let’s get you back on the productive path with your Elixir development.

What’s wrong?

VS Code has an “Output” panel that gives additional insight to what different extensions are doing.

From the VS Code menu, View > Output.

On the Output panel is a dropdown, select “ElixirLS”.

This displays what’s going on with ElixirLS. Any problems will be displayed here. When you open this panel, the output will be scrolled to the bottom. To see issues with ElixirLS starting up, scroll to the top.

The next sections are some of the common problems people may encounter.

It spikes my CPU and my fans go crazy

The explanation is that ElixirLS runs dialyzer in the background on first run. Dialyzer is a library that creates a PLT (Persistent Lookup Table). The PLT is used to give code completion for the version of Elixir you have installed and for your project. Additionally, it displays the dialyzer warnings in the IDE on the line with the problem.

So yes, on first run it uses Dialyzer to build the PLT. Depending on your machine and project, this can take ~15 minutes. If you let it complete, it won’t keep doing it.

Additionally, be aware that when you change your version or Elixir or Erlang it will need to rebuild the full PLT. So you will encounter this process again.

Elixir command not found

Does your output look something like this?

/Users/dood/.vscode/extensions/jakebecker.elixir-ls-0.2.25/elixir-ls-release/language_server.sh: line 18: elixir: command not found
[Info  - 1:13:04 PM] Connection to server got closed. Server will restart.
/Users/dood/.vscode/extensions/jakebecker.elixir-ls-0.2.25/elixir-ls-release/language_server.sh: line 18: elixir: command not found
[Info  - 1:13:04 PM] Connection to server got closed. Server will restart.
/Users/dood/.vscode/extensions/jakebecker.elixir-ls-0.2.25/elixir-ls-release/language_server.sh: line 18: elixir: command not found
[Info  - 1:13:04 PM] Connection to server got closed. Server will restart.
/Users/dood/.vscode/extensions/jakebecker.elixir-ls-0.2.25/elixir-ls-release/language_server.sh: line 18: elixir: command not found
[Info  - 1:13:04 PM] Connection to server got closed. Server will restart.
/Users/dood/.vscode/extensions/jakebecker.elixir-ls-0.2.25/elixir-ls-release/language_server.sh: line 18: elixir: command not found
[Error - 1:13:04 PM] Connection to server got closed. Server will not be restarted.

The key here is elixir: command not found. Asdf (or however you have have Elixir installed) isn’t setup correctly. ElixirLS can’t find the elixir command. For MacOS and Linux users, make sure you follow the asdf installation process.

If using asdf, you may need to “reshim” the elixir command.

asdf reshim elixir <your-version>

Use the asdf command by itself for a list of other commands available.

Erlang not installed

Did you use asdf to install Elixir? Did you know you also need to install Erlang? VS Code’s ElixirLS output shows this problem when you have Elixir installed with no Erlang.

asdf: No version set for command erl you might want to add one of the following in your .tool-versions file:

erlang 21.0.7 erlang 21.1.3 erlang 22.0.7 erlang 19.3.6.9 erlang 22.1.7 [Info - 6:08:00 AM] Connection to server got closed. Server will restart.

The solution is to install Erlang using asdf too. Make sure you install a compatible version!

Follow the asdf installation process to fix this.

Version Mismatch

At the top of the ElixirLS output, it displays the versions detected.

Started ElixirLS
Elixir version: "1.7.4 (compiled with Erlang/OTP 19)"
Erlang version: "22"
Compiling with Mix env test
[Info  - 7:41:33 AM] Compile took 224 milliseconds
...

Notice that the Elixir 1.7.4 “(compiled with Erlang/OTP 19)” does not match the Erlang version “22”. The OTP number refers to the Erlang number.

Follow the asdf installation process to fix this.

Open a single Elixir project at the root

When you look at VS Code’s Explorer pane for what is open, is it at the root of a single Elixir project? If not, this will be a problem. ElixirLS expects the project’s mix.exs file to be found at the root of the directory you opened.

VS Code, as a text editor, can open anywhere on your file system. It can open your user Documents directory, your Pictures directory, or anywhere else. It is able to edit any text files it finds there. While this is valid for VS Code and editing files as text, it is not valid for ElixirLS and understanding an Elixir project.

ElixirLS can only edit a single Elixir project at a time. It can only deal with one mix.exs file at a time. This means opening a directory that doesn’t have a mix.exs file but has child directories with Elixir projects does not work.

Elixir umbrella projects

What about Umbrella projects? An Elixir umbrella project works fine! For the best experience, open the umbrella’s root directory. That is where the primary mix.exs file is found for the whole umbrella project.

How did you launch VS Code?

How did you launch the VS Code editor? If asdf is correctly configured in a terminal and you are only opening the Elixir project directory but it still doesn’t work in VS Code, there may be a problem with your user environment. This issue identified the problem.

If asdf is only configured in your .bashrc file then it is available when a terminal window is opened but not used when an application launcher is starting an application. Ensure it is configured in your .profile file as that is used when logging into your account.

Test launching VS Code from a terminal in the directory of your Elixir project using this command:

code .

This opens the current directory in VS Code. This helps isolate environment issues. If it works when launching VS Code from the terminal, consider always doing it that way or look into fixing your environment setup.

ElixirLS stopped working

Everything was working great until one day it stopped working. Code completion is broken and when you look at the ElixirLS output, it complains about something that doesn’t make much sense.

What happened?

A number of things may have happened. A likely one is you added a new dependency or upgraded an existing one.

Have you ever upgraded a project dependency? At some point you will. After updating, sometimes your app gives strange compilation errors. The fix is to run mix clean. This clears out the compilation artifacts in your project’s _build directory. This forces a clean recompile for the project and everything works smoothly again! … Except VS Code and ElixirLS is broken. Running mix clean doesn’t clean out the behind-the-scenes ElixirLS build artifacts it uses to give code completion and insight.

How do I fix it?

Inside the .elixirls/ directory is a build directory. This is just like your project’s_build directory. Delete .elixirls/build/ and restart VS Code and it should be working again! If you watch the ElixirLS output, you’ll see it recompile your project. So wait for that to finish before deciding if ElixirLS works again.

Note: You can delete the entire .elixirls/ directory. Doing this also deletes the built dialyzer PLT files. When those are deleted ElixirLS rebuilds them… and that can take ~20 minutes and your fans kick in. As a short-cut to productivity, try only deleting the .elixirls/build/ directory.

Cleaning up after a change

Assuming you changed something with your installed versions, then it is best to clean your project’s build artifacts. Otherwise you’re likely to get strange compilation errors. This is a good idea to do whenever you change your active Elixir or Erlang versions. This can also happen when a project dependency changes.

Use the following command.

mix do clean, compile

Also note that the ElixirLS extension creates build artifacts inside the .elixirls/ directory in your project. This contains compiled code for your project that ElixirLS uses to give code insight. To avoid potential issues, also delete that directory to get a clean start.

Closing

Hopefully this helped you resolve roadblocks on your way to a productive Elixir development experience. Let me know if you encountered other issues that can be documented here as well.

bug

vscode

elixirls

lsp server

lexical

nextls

Optimum BH - Optimum Elixir CI with GitHub Actions

https://optimum.ba/blog/optimum-elixir-ci-with-github-actions

batteries-included/heyya: Heyya the snapshot testing utility for Phoenix framework components

https://github.com/batteries-included/heyya

fuelen/ecto_dev_logger: An alternative logger for Ecto queries

https://github.com/fuelen/ecto_dev_logger

lalabuy948/PhoenixAnalytics: 📊 Plug and play analytics for Phoenix applications.

https://github.com/lalabuy948/PhoenixAnalytics

sodapopcan/vim-mixer: Elixir text objects + Mix ecosystem tools

https://github.com/sodapopcan/vim-mixer

Goose97/why-recompile

https://github.com/Goose97/why-recompile

Heyya Snapshot testing for Phoenix Components

https://elixirforum.com/t/heyya-snapshot-testing-for-phoenix-components/52363

testing

elixir

phoenix framework

mattludwigs/deception-router: Elixir Plug router that will trap scanners, spambots, and crawlers in an infinite number of pointless requests

https://github.com/mattludwigs/deception-router

georgeguimaraes/soothsayer: Elixir library for time series forecasting, inspired by Facebook's Prophet and NeuralProphet

https://github.com/georgeguimaraes/soothsayer

leandrocp/mdex: A CommonMark-compliant fast and extensible Markdown parser and formatter for Elixir.

https://github.com/leandrocp/mdex

whatyouhide/corsica: Elixir library for dealing with CORS requests. 🏖

https://github.com/whatyouhide/corsica

elixir

library

CORS

api

cabol/nebulex: In-memory and distributed caching toolkit for Elixir.

https://github.com/cabol/nebulex

elixir

library

cache

mattludwigs/deception-router: Elixir Plug router that will trap scanners, spambots, and crawlers in an infinite number of pointless requests

https://github.com/mattludwigs/deception-router

security

library

elixir

The Pragmatic Bookshelf Giveaway!

https://pragprog.elixirforum.com/

giveaways

books

programming

Elixir OTP

Click to Play

otp

elixir

playlist

Mark Ericksen - Mental model for understanding Elixir GenServers

genserver

elixir

Rethinking Serverless with FLAME · The Fly BlogFlyBlogFly

https://fly.io/blog/rethinking-serverless-with-flame/

flame

serverless

elixir

articles

FLAME — flame v0.4.2

https://hexdocs.pm/flame/FLAME.html

serverless

elixir

flame

Podcast Transcription LiveBook · GitHub

https://gist.github.com/ChristianAlexander/bea72b83cfe62926580619979708add8

audio transcription

livebook

elixir

artificial intelligence

AI powered app (with open-source LLMs like Llama) with Elixir, Phoenix, LiveView, and TogetherAI

https://dev.to/azyzz/ai-powered-app-with-llms-with-elixir-phoenix-liveview-and-togetherai-4ei1

liveview

artificial intelligence

elixir

articles

Integrating Sonnet 3.5 with Phoenix Liveview - Virinchi's Blog

https://www.virinchi.me/portfolios/llm-with-phoenix/

artificial intelligence

elixir

Claude Ai

articles

Numerical Elixir (Nx) · GitHub

https://github.com/elixir-nx

artificial intelligence

elixir

library

Delaying LiveView.JS commands (avoid quick flash of Trying to reconnect) - Elixir Programming Language Forum

https://elixirforum.com/t/delaying-liveview-js-commands-avoid-quick-flash-of-trying-to-reconnect/64035/5?u=sevensidedmarble%3C%2Fdiv%3E

liveview

ui and ux

javascript

css

SaladUI - Build your LiveView component library

https://salad-storybook.fly.dev/welcome

liveview

components

ui and ux

library

🐛 An Elixir-based built-in error reporting and tracking solution

https://github.com/elixir-error-tracker/error-tracker

elixir

monitoring

errors

library

Multitenancy in Elixir: A Strategic Guide

https://curiosum.com/blog/multitenancy-in-elixir

multitenancy

distribution

elixir

UI Stuff

https://github.com/srcrip/live_toast A beautiful drop-in replacement for the Phoenix Flash system.
https://github.com/sezaru/flashy Flashy is a small library that extends LiveView's flash support to function and live components.

ui and ux

liveview

components

TheFirstAvenger/ets: :ets, the Elixir way

https://github.com/TheFirstAvenger/ets

library

elixir

erlang

ets

Elixir security roadmap

Elixir-security-roadmap.pdf 418.44 KB

elixir

security

pdf

ebook

Erlang in Anger

erlang-in-anger.pdf 2.84 MB

erlang

book

Phoenix Framework - Liveview

WYSIWYG Editors

https://milkdown.dev/ - (awesome plugins)

https://surface-ui.org/ - git - A server-side rendering component library for Phoenix Framework
- TipTap + SurfaceUI - Gist for integrating TipTap with SurfaceUI and make a WYSIWYG editor

libraries

liveview

phoenix framework

Running tests in an umbrella app

To run all tests

mix cmd --app child_app_name mix test --color

Specific file/line

mix cmd --app child_app_name mix test test/child_app_name_nice_test.exs:69 --color

We can also define a Mix task to make our life easier!

def aliases do
  [
    child_test: "cmd --app child_app_name mix test --color"
  ]
end

Then you call

mix child_test

mix child_test test/child_app_name_nice_test.exs:69

mix task

tdd

elixir

umbrella apps

qgadrian/elixir_git_hooks: 🪝 Add git hooks to Elixir projects

https://github.com/qgadrian/elixir_git_hooks

git

deployment

elixir

library

ElixirToolbox | Curated list of Elixir libraries

https://elixirtoolbox.dev/

link list

library

elixir

libraries

dropbox/samly: Elixir Plug library to enable SAML 2.0 SP SSO in Phoenix/Plug applications.

https://github.com/dropbox/samly

authentication

elixir

library

adoptoposs/mjml_nif: Elixir NIF bindings for the MJML Rust implementation (mrml)

https://github.com/adoptoposs/mjml_nif

artificial intelligence

elixir

library

elixir-nx/bumblebee: Pre-trained Neural Network models in Axon (+ 🤗 Models integration)

https://github.com/elixir-nx/bumblebee

elixir

artificial intelligence

library

Password breach lookup and other password validation rules

by Maarten van Vliet, Dan Schultzer on 14 September 2019

ORIGINAL ARTICLE HERE

By default Pow has a lax requirement of minimum 8 characters based on NIST SP800-63b, but there are many more types of validations you can use to ensure users don’t rely on weak passwords.

An important aspect to password requirements is that it should be user friendly. Requirements to mix alphanumeric with symbols and upper- and lowercase characters haven’t proven effective. In the following we’ll go through some effective methods to ensure users uses strong passwords.

They are based on the NIST SP800-63b recommendations:

Passwords obtained from previous breaches
Context-specific words, such as the name of the service, the username, and derivatives thereof
Repetitive or sequential characters
Dictionary words

Passwords obtained from previous breaches

We’ll use haveibeenpwned.com to check for breached passwords.

For the sake of brevity, we’ll use ExPwned in the following example, but you can use any client or your own custom module to communicate with the API.

First, we’ll add ExPwned to the mix.exs file:

def deps do
  [
    ...
    {:ex_pwned, "~> 0.1.0"}
  ]
end

Run mix deps.get to install it.

Now let’s add the password validation rule to our user schema module:

defmodule MyApp.Users.User do
  use Ecto.Schema
  use Pow.Ecto.Schema
# ...
def changeset(user_or_changeset, attrs) do
user_or_changeset
|> pow_changeset(attrs)
|> validate_password_breach()
end
defp validate_password_breach(changeset) do
Ecto.Changeset.validate_change(changeset, :password, fn :password, password ->
case password_breached?(password) do
true  -> [password: "has appeared in a previous breach"]
false -> []
end
end)
end
defp password_breached?(password) do
case Mix.env() do
:test -> false
_any  -> ExPwned.password_breached?(password)
end
end
end

We’ll only do a lookup if the password has been changed, and we don’t do any lookups in test environment.

Context-specific words, such as the name of the service, the username, and derivatives thereof

We want to prevent context specific words to be used as passwords.

The context might be public user details. If the users email is john.doe@example.com then the password can’t be john.doe@example.com or johndoeexamplecom. The same rule applies for any user id we may use, such as username. If the username is john.doe then john.doe00 or johndoe001 can’t be used.

Our app may also be part of a website/service/platform and have an identity. As an example, if the service is called My Demo App then we don’t want to permit passwords like my demo app, my_demo_app or mydemoapp.

We’ll add the password validation rule to our user schema module:

defmodule MyApp.Users.User do
use Ecto.Schema
use Pow.Ecto.Schema
# ...
def changeset(user_or_changeset, attrs) do
user_or_changeset
|> pow_changeset(attrs)
|> validate_password_no_context()
end
@app_name "My Demo App"
defp validate_password_no_context(changeset) do
Ecto.Changeset.validate_change(changeset, :password, fn :password, password ->
[
@app_name,
String.downcase(@app_name),
Ecto.Changeset.get_field(changeset, :email),
Ecto.Changeset.get_field(changeset, :username)
]
|> Enum.reject(&is_nil/1)
|> similar_to_context?(password)
|> case do
true  -> [password: "is too similar to username, email or #{@app_name}"]
false -> []
end
end)
end
def similar_to_context?(contexts, password) do
Enum.any?(contexts, &String.jaro_distance(&1, password) > 0.85)
end
end

We’re using the String.jaro_distance/2 to make sure that the password has a Jaro–Winkler similarity to the context of at most 0.85.

Repetitive or sequential characters

We want to prevent repetitive or sequential characters in passwords such as aaa, 1234 or abcd.

The rule we’ll use is that there may be no more than two repeating or three sequential characters in the password. We’ll add the validation rule to our user schema module:

defmodule MyApp.Users.User do
use Ecto.Schema
use Pow.Ecto.Schema
# ...
def changeset(user_or_changeset, attrs) do
user_or_changeset
|> pow_changeset(attrs)
|> validate_password()
end
defp validate_password(changeset) do
changeset
|> validate_no_repetitive_characters()
|> validate_no_sequential_characters()
end
defp validate_no_repetitive_characters(changeset) do
Ecto.Changeset.validate_change(changeset, :password, fn :password, password ->
case repetitive_characters?(password) do
true  -> [password: "has repetitive characters"]
false -> []
end
end)
end
defp repetitive_characters?(password) when is_binary(password) do
password
|> String.to_charlist()
|> repetitive_characters?()
end
defp repetitive_characters?([c, c, c | _rest]), do: true
defp repetitive_characters?([_c | rest]), do: repetitive_characters?(rest)
defp repetitive_characters?([]), do: false
defp validate_no_sequential_characters(changeset) do
Ecto.Changeset.validate_change(changeset, :password, fn :password, password ->
case sequential_characters?(password) do
true  -> [password: "has sequential characters"]
false -> []
end
end)
end
@sequences ["01234567890", "abcdefghijklmnopqrstuvwxyz"]
@max_sequential_chars 3
defp sequential_characters?(password) do
Enum.any?(@sequences, &sequential_characters?(password, &1))
end
defp sequential_characters?(password, sequence) do
max = String.length(sequence) - 1 - @max_sequential_chars
Enum<strong>.</strong>any?(0<strong>..</strong>max, <strong>fn</strong> x <strong>-&gt;</strong>
  pattern <strong>=</strong> String<strong>.</strong>slice(sequence, x, @max_sequential_chars <strong>+</strong> 1)

  String<strong>.</strong>contains?(password, pattern)
<strong>end</strong>)

end
end

As you can see, you’ll be able to modify @sequences and add what is appropriate for your app. It may be that you want to support another alphabet or keyboard layout sequences like qwerty.

Dictionary words

A dictionary lookup is very easy to create. This is just a very simple example that you can add to your user schema module:

defmodule MyApp.Users.User do
use Ecto.Schema
use Pow.Ecto.Schema
# ...
def changeset(user_or_changeset, attrs) do
user_or_changeset
|> pow_changeset(attrs)
|> validate_password_dictionary()
end
defp validate_password_dictionary(changeset) do
Ecto.Changeset.validate_change(changeset, :password, fn :password, password ->
password
|> String.downcase()
|> password_in_dictionary?()
|> case do
true  -> [password: "is too common"]
false -> []
end
end)
end
:my_app
|> :code.priv_dir()
|> Path.join("dictionary.txt")
|> File.stream!()
|> Stream.map(&String.trim/1)
|> Stream.each(fn password ->
defp password_in_dictionary?(unquote(password)), do: true
end)
|> Stream.run()
defp password_in_dictionary?(_password), do: false
end

In the above priv/dictionary.txt will be processed on compile time. The plain text file contains words separated by newline.

Require users to change weak password upon sign in

You may want to ensure that users update their password if they have been breached or are too weak. You can do this be requiring users to reset their password upon sign in.

This can be dealt with in a plug, or custom controller. A plug method could look like this:

def check_password(conn, _opts) do
changeset = MyApp.Users.User.changeset(%MyApp.Users.User{}, conn.params["user"])
case changeset.errors[:password] do
nil ->
conn
error <strong>-&gt;</strong>
  msg <strong>=</strong> MyAppWeb<strong>.</strong>ErrorHelpers<strong>.</strong>translate_error(error)

  conn
  <strong>|&gt;</strong> put_flash(:error, "You have to reset your password because it #{msg}")
  <strong>|&gt;</strong> redirect(to: Routes<strong>.</strong>pow_reset_password_reset_password_path(conn, :new))
  <strong>|&gt;</strong> Plug<strong>.</strong>Conn<strong>.</strong>halt()

end
end

The user will be redirected to the reset password page, and the connection halted so authentication won’t happen. A caveat to this is that the user may not have entered valid credentials, since this runs before any authentication.

Conclusion

As you can see it is easy to customize and extend the password validation rules of Pow.

The landscape of web security is constantly changing, so it’s important that password requirements are neither so restricting that it affects user experience or too lax that it affects security. The above will work for most cases in the current landscape, but you should also consider supporting 2FA authentication, or alternative authentication schemes such as WebAuthn or OAuth.

It depends on your requirements and risk tolerance. It’s recommended to take your time to assess what is appropriate for your app.

Unit tests

Here is a unit test module that contains tests for two of of the above rulesets:

defmodule MyApp.Users.UserTest do
use MyApp.DataCase
alias MyApp.Users.User
test "changeset/2 validates context-specific words" do
for invalid <- ["my demo app", "mydemo_app", "mydemoapp1"] do
changeset = User.changeset(%User{}, %{"username" => "john.doe", "password" => invalid})
assert changeset.errors[:password] == {"is too similar to username, email or My Demo App", []}
end
<em># The below is for email user id</em>
changeset <strong>=</strong> User<strong>.</strong>changeset(%User{}, %{"email" <strong>=&gt;</strong> "john.doe@example.com", "password" <strong>=&gt;</strong> "password12"})
refute changeset<strong>.</strong>errors[:password]

for invalid <strong>&lt;-</strong> ["john.doe@example.com", "johndoeexamplecom"] <strong>do</strong>
  changeset <strong>=</strong> User<strong>.</strong>changeset(%User{}, %{"email" <strong>=&gt;</strong> "john.doe@example.com", "password" <strong>=&gt;</strong> invalid})
  assert changeset<strong>.</strong>errors[:password] <strong>==</strong> {"is too similar to username, email or My Demo App", []}
<strong>end</strong>

<em># The below is for username user id</em>
changeset <strong>=</strong> User<strong>.</strong>changeset(%User{}, %{"username" <strong>=&gt;</strong> "john.doe", "password" <strong>=&gt;</strong> "password12"})
refute changeset<strong>.</strong>errors[:password]

for invalid <strong>&lt;-</strong> ["john.doe00", "johndoe", "johndoe1"] <strong>do</strong>
  changeset <strong>=</strong> User<strong>.</strong>changeset(%User{}, %{"username" <strong>=&gt;</strong> "john.doe", "password" <strong>=&gt;</strong> invalid})
  assert changeset<strong>.</strong>errors[:password] <strong>==</strong> {"is too similar to username, email or My Demo App", []}
<strong>end</strong>

end
test "changeset/2 validates repetitive and sequential password" do
changeset = User.changeset(%User{}, %{"password" => "secret1222"})
assert changeset.errors[:password] == {"has repetitive characters", []}
changeset <strong>=</strong> User<strong>.</strong>changeset(%User{}, %{"password" <strong>=&gt;</strong> "secret1223"})
refute changeset<strong>.</strong>errors[:password]

changeset <strong>=</strong> User<strong>.</strong>changeset(%User{}, %{"password" <strong>=&gt;</strong> "secret1234"})
assert changeset<strong>.</strong>errors[:password] <strong>==</strong> {"has sequential characters", []}

changeset <strong>=</strong> User<strong>.</strong>changeset(%User{}, %{"password" <strong>=&gt;</strong> "secret1235"})
refute changeset<strong>.</strong>errors[:password]

changeset <strong>=</strong> User<strong>.</strong>changeset(%User{}, %{"password" <strong>=&gt;</strong> "secretefgh"})
assert changeset<strong>.</strong>errors[:password] <strong>==</strong> {"has sequential characters", []}

changeset <strong>=</strong> User<strong>.</strong>changeset(%User{}, %{"password" <strong>=&gt;</strong> "secretafgh"})
refute changeset<strong>.</strong>errors[:password]

end
end

articles

security

password

OpenTelemetry instrumentation for Erlang & Elixir

https://github.com/open-telemetry/opentelemetry-erlang-contrib

What is OpenTelemetry?

OpenTelemetry is an open-source observability framework that provides a vendor-agnostic way to instrument applications for monitoring and tracing purposes. The framework offers a range of components and libraries that can be used to collect and report metrics, logs, and traces from applications. By leveraging OpenTelemetry, developers can gain a deeper understanding of their application's behavior, identify performance bottlenecks, and make data-driven decisions to optimize their systems.

OpenTelemetry in Erlang and Elixir

The OpenTelemetry project provides a range of libraries and tools for Erlang and Elixir developers to instrument their applications. The open-telemetry-erlang-contrib repository, available on GitHub, offers a set of pre-built instrumentation libraries for Erlang and Elixir. These libraries provide a simple and easy-to-use interface for collecting and reporting metrics, logs, and traces from Erlang and Elixir applications.

Benefits of Using OpenTelemetry in Erlang and Elixir

There are several benefits to using OpenTelemetry in Erlang and Elixir applications. Some of the key advantages include:

Improved Monitoring and Troubleshooting: By leveraging OpenTelemetry, developers can gain a deeper understanding of their application's behavior and identify performance bottlenecks more easily.
Increased Visibility: OpenTelemetry provides a vendor-agnostic way to collect and report metrics, logs, and traces from applications, giving developers a more complete picture of system performance.
Better Data-Driven Decision Making: By leveraging OpenTelemetry, developers can make data-driven decisions to optimize their systems and improve overall performance.

Getting Started with OpenTelemetry in Erlang and Elixir

To get started with OpenTelemetry in Erlang and Elixir, developers can follow these steps:

Install the OpenTelemetry library: Install the OpenTelemetry library for Erlang and Elixir using the instructions provided in the open-telemetry-erlang-contrib repository.
Instrument Your Application: Use the OpenTelemetry library to instrument your Erlang and Elixir applications and collect metrics, logs, and traces.
Configure OpenTelemetry: Configure OpenTelemetry to report metrics, logs, and traces to a compatible backend, such as a monitoring system or logging platform.

monitoring

open telemetry

elixir

erlang

library