Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
BFTW: The Backend
Search
José Padilla
August 13, 2014
Technology
4
180
BFTW: The Backend
Day 2 of Building for the Web. Discussing backend development for modern web apps.
José Padilla
August 13, 2014
Tweet
Share
More Decks by José Padilla
See All by José Padilla
Python, Government, and Contracts
jpadilla
0
39
Python, Government, and Contracts
jpadilla
0
4.8k
Python Type Hints
jpadilla
0
440
Developer Ergonomics
jpadilla
0
2k
DjangoCon - JSON Web Tokens
jpadilla
15
11k
eventos
jpadilla
0
150
JWT
jpadilla
2
420
Ember.js + Django
jpadilla
3
2.1k
UPRB Basic Workshop
jpadilla
2
190
Other Decks in Technology
See All in Technology
podman_update_2024-12
orimanabu
1
280
MLOps の現場から
asei
7
650
どちらを使う?GitHub or Azure DevOps Ver. 24H2
kkamegawa
0
860
WACATE2024冬セッション資料(ユーザビリティ)
scarletplover
0
210
Amazon Kendra GenAI Index 登場でどう変わる? 評価から学ぶ最適なRAG構成
naoki_0531
0
120
サービスでLLMを採用したばっかりに振り回され続けたこの一年のあれやこれや
segavvy
2
490
開発生産性向上! 育成を「改善」と捉えるエンジニア育成戦略
shoota
2
400
PHPerのための計算量入門/Complexity101 for PHPer
hanhan1978
5
200
Amazon VPC Lattice 最新アップデート紹介 - PrivateLink も似たようなアップデートあったけど違いとは
bigmuramura
0
200
Wantedly での Datadog 活用事例
bgpat
1
520
Oracle Cloud Infrastructure:2024年12月度サービス・アップデート
oracle4engineer
PRO
0
210
事業貢献を考えるための技術改善の目標設計と改善実績 / Targeted design of technical improvements to consider business contribution and improvement performance
oomatomo
0
100
Featured
See All Featured
For a Future-Friendly Web
brad_frost
175
9.4k
JavaScript: Past, Present, and Future - NDC Porto 2020
reverentgeek
47
5.1k
Fontdeck: Realign not Redesign
paulrobertlloyd
82
5.3k
XXLCSS - How to scale CSS and keep your sanity
sugarenia
247
1.3M
Measuring & Analyzing Core Web Vitals
bluesmoon
4
170
Why You Should Never Use an ORM
jnunemaker
PRO
54
9.1k
Designing Experiences People Love
moore
138
23k
Adopting Sorbet at Scale
ufuk
73
9.1k
Docker and Python
trallard
42
3.1k
Navigating Team Friction
lara
183
15k
10 Git Anti Patterns You Should be Aware of
lemiorhan
PRO
656
59k
Music & Morning Musume
bryan
46
6.2k
Transcript
BUILDING FOR THE WEB
DAY 2
http://bit.ly/bftw-day2-qna
JOSÉ PADILLA
None
PERL
<script language="VBScript"> <!-- Set oWMP = CreateObject("WMPlayer.OCX.7") Set colCDROMs =
oWMP.cdromCollection if colCDROMs.Count >= 1 then For i = 0 to colCDROMs.Count - 1 colCDROMs.Item(i).Eject Next ' cdrom End If --> </script>
WSH & VBSCRIPT
PHP & MYSQL HTML & JAVASCRIPT
HACKER
ENTREPRENEUR
CO-FOUNDER AT BLIMP
None
None
jpadilla.com
THE BACKEND
MAKING DEVELOPERS HAPPIER, MORE PRODUCTIVE AND MORE EFFICIENT
“We allow teams to function as independently as possible. Developers
are like artists; they produce their best work if they have the freedom to do so, but they need good tools.” Werner Vogels, CTO at Amazon
TOPICS PATTERNS • HTTP • HTTPS AJAX • WEBSOCKETS •
DATABASES CACHING • ANALYTICS • SECURITY ARCH • APIS • LIVE CODE
WAYS TO WRITE WEB APPS
MONOLITHIC PATTERN
BUILDING A SINGLE COUPLED PROJECT
None
SERVICE PATTERN
BUILDING VARIOUS SMALL INDEPENDENT WEB SERVICES
None
None
None
None
TOPICS PATTERNS • HTTP • HTTPS AJAX • WEBSOCKETS •
DATABASES CACHING • ANALYTICS • SECURITY ARCH • APIS • LIVE CODE
HYPERTEXT TRANSFER PROTOCOL
None
HTTP is simple
None
1) The client sends a request
GET /v1/cars HTTP/1.1 Host: api.example.com Accept: application/json User-Agent: Mozilla/5.0 (Macintosh)
HTTP METHODS
GET /v1/cars HTTP/1.1
GET
Retrieve the resource from the server
POST
Create a resource on the server
PUT
Update the resource on the server
DELETE
Delete the resource from the server
URI
GET /v1/cars HTTP/1.1
Identifies the resource the client wants
REQUEST HEADERS
Host: api.example.com Accept: application/json User-Agent: Mozilla/5.0 (Macintosh)
2) The server returns a response
HTTP/1.1 200 OK Date: Tue, 12 Aug 2014 09:00:00 GMT
Server: ngnix Content-Type: application/json { "message": "Hello World" }
HTTP/1.1 200 OK
STATUS CODES
HTTP/1.1 200 OK
INFORMATIONAL - 1XX 100 Continue 101 Switching Protocols
SUCCESSFUL - 2XX 200 OK 201 Created 202 Accepted 204
No Content
REDIRECTION - 3XX 301 Moved Permanently 302 Found 304 Not
Modified
CLIENT ERROR - 4XX 400 Bad Request 401 Unauthorized 403
Forbidden 404 Not Found 405 Method Not Allowed
SERVER ERROR - 5XX 500 Internal Server Error 502 Bad
Gateway 503 Service Unavailable
RESPONSE HEADERS
Date: Tue, 12 Aug 2014 09:00:00 GMT Server: ngnix Content-Type:
application/json
RESPONSE BODY
{ "message": "Hello World" }
REQUEST + RESPONSES = HTTP
TOPICS PATTERNS • HTTP • HTTPS AJAX • WEBSOCKETS •
DATABASES CACHING • ANALYTICS • SECURITY ARCH • APIS • LIVE CODE
Hypertext Transfer Protocol Secure
None
Used for secure communication
HTTP + SSL/TLS
Privacy
Data integrity
When to use HTTPS?
Credit card details? Use HTTPS
Users/Passwords? Use HTTPS
USE HTTPS. ALWAYS.
WARNING
HTTPS is not a security silver bullet
Price: $10+ RapidSSL, StartSSL, Thawte...
TIPS
ssllabs.com
None
Redirect HTTP to HTTPS
TOPICS PATTERNS • HTTP • HTTPS AJAX • WEBSOCKETS •
DATABASES CACHING • ANALYTICS • SECURITY ARCH • APIS • CODE EXAMPLE
None
None
None
JavaScript
XMLHttpRequest
Asynchronous JavaScript and XML
None
None
SERVER
GET /v1/cars HTTP/1.1 Host: api.example.com Accept: application/json User-Agent: Mozilla/5.0 (Macintosh)
X-Requested-With: XMLHttpRequest
X-Requested-With: XMLHttpRequest
TOPICS PATTERNS • HTTP • HTTPS AJAX • WEBSOCKETS •
DATABASES CACHING • ANALYTICS • SECURITY ARCH • APIS • LIVE CODE
None
GET ws://websocket.example.com/ HTTP/1.1 Origin: http://example.com Connection: Upgrade Host: websocket.example.com Upgrade:
websocket
HTTP/1.1 101 WebSocket Protocol Handshake Date: Wed, 16 Oct 2013
10:07:34 GMT Connection: Upgrade Upgrade: WebSocket
USE CASES
Real-time data/feeds
None
Instant messaging and chat
None
Collaborative editing
None
Multiplayer games
None
None
None
TOPICS PATTERNS • HTTP • HTTPS AJAX • WEBSOCKETS •
DATABASES CACHING • ANALYTICS • SECURITY ARCH • APIS • LIVE CODE
SQL DATABASES
NOSQL DATABASES
HOW TO CHOOSE?
HOW I CHOSE?
BREAK!
TOPICS PATTERNS • HTTP • HTTPS AJAX • WEBSOCKETS •
DATABASES CACHING • ANALYTICS • SECURITY ARCH • APIS • LIVE CODE
try finding the Monthly Report in the cache if the
data is in the cache: return the cached Monthly Report else: execute complex and time-consuming queries save the generated Monthly Report return the cached Monthly Report
WHEN TO IMPLEMENT CACHING?
MEMCACHED
REDIS
TOPICS PATTERNS • HTTP • HTTPS AJAX • WEBSOCKETS •
DATABASES CACHING • ANALYTICS • SECURITY ARCH • APIS • LIVE CODE
None
STATSD
None
NEW RELIC
None
LOGGLY
None
TOPICS PATTERNS • HTTP • HTTPS AJAX • WEBSOCKETS •
DATABASES CACHING • ANALYTICS • SECURITY ARCH • APIS • LIVE CODE
DON'T REINVENT THE WHEEL
None
UNFILTERED INPUT, UNESCAPED OUTPUT
CROSS-SITE SCRIPTING (XSS)
SQL INJECTION
None
CROSS-SITE REQUEST FORGERY (CSRF)
DON'T STORE PASSWORDS IN PLAIN TEXT
DON'T EMAIL A USER'S PASSWORD
HASH PASSWORDS WITH PBKDF2
OWASP
TOPICS PATTERNS • HTTP • HTTPS AJAX • WEBSOCKETS •
DATABASES CACHING • ANALYTICS • SECURITY ARCH • APIS • LIVE CODE
THE TWELVE- FACTOR APP
DECLARATIVE
MAXIMUM PORTABILITY
DEPLOY TO CLOUD
DEV/PROD PARITY
SCALABLE
TOPICS PATTERNS • HTTP • HTTPS AJAX • WEBSOCKETS •
DATABASES CACHING • ANALYTICS • SECURITY ARCH • APIS • LIVE CODE
None
<?xml version="1.0"?> <soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope"> <soap:Header> </soap:Header> <soap:Body> <m:GetStockPrice xmlns:m="http://www.example.org/stock"> <m:StockName>IBM</m:StockName>
</m:GetStockPrice> </soap:Body> </soap:Envelope>
None
REPRESENTATIONAL STATE TRANSFER
RESOURCE-BASED
Verbs (Don't) POST /GetSongs HTTP/1.1
Nouns (Do) GET /songs HTTP/1.1
REPRESENTATIONS
{ "id": 1, "name": "Pretty When You Cry", "album": 1,
"favorite": false }
<song> <id>1</id> <name>Pretty When You Cry</name> <album>1</album> <favorite>false</favorite> </song>
STATELESS
UNIFORM INTERFACE
TIPS
API = DEV'S UI
USE RESTFUL URLS AND ACTIONS
GET /songs HTTP/1.1 Accept: application/json HTTP/1.1 200 OK Content-Type: application/json
[{ "id": 1, "name": "Pretty When You Cry" }, { "id": 1, "name": "Money Power Glory" }]
GET /songs/1 HTTP/1.1 Accept: application/json HTTP/1.1 200 OK Content-Type: application/json
{ "id": 1, "name": "Pretty When You Cry" }
POST /songs HTTP/1.1 Accept: application/json { "name": "West Coast" }
HTTP/1.1 201 CREATED Content-Type: application/json { "id": 3, "name": "West Coast" }
PUT /songs/3 HTTP/1.1 Accept: application/json { "name": "West Coast (Updated)"
} HTTP/1.1 200 OK Content-Type: application/json { "id": 3, "name": "West Coast (Updated)" }
DELETE /songs/3 HTTP/1.1 Accept: application/json HTTP/1.1 204 NO CONTENT Content-Type:
application/json
USE SSL. ALWAYS.
VERSIONING
GET /v1/songs
FILTERING, SORTING & SEARCHING
GET /songs?sort=-name GET /songs?favorite=true GET /songs?q=ritmo
ALLOW LIMITING FIELDS
GET /songs?fields=id,name
USE JSON
PAGINATION
UPDATES/CREATE SHOULD RETURN REPRESENTATION
CONSUMABLE ERROR PAYLOAD
{ "errors": { "email": "Email is required.", "password": "Password is
required." } }
AUTHENTICATION
COOKIE-BASED
TOKEN-BASED
EFFECTIVELY USE HTTTP STATUS CODES
CHECK OUT JSONAPI.ORG
LANGUAGES & FRAMEWORKS
NODE.JS EXPRESS SAILS.JS METEOR
RUBY SINATRA RUBY ON RAILS
GO REVEL MARTINI
PYTHON DJANGO FLASK
Q&A