Upgrade to Pro — share decks privately, control downloads, hide ads and more …

BFTW: The Backend

Avatar for José Padilla José Padilla
August 13, 2014
Technology
4
190

BFTW: The Backend

Day 2 of Building for the Web. Discussing backend development for modern web apps.
Avatar for José Padilla

José Padilla

August 13, 2014
Tweet

More Decks by José Padilla

See All by José Padilla
Python, Government, and Contracts
Avatar for José Padilla jpadilla
0
46
Python, Government, and Contracts
Avatar for José Padilla jpadilla
0
4.9k
Python Type Hints
Avatar for José Padilla jpadilla
0
490
Developer Ergonomics
Avatar for José Padilla jpadilla
0
2.1k
DjangoCon - JSON Web Tokens
Avatar for José Padilla jpadilla
15
11k
eventos
Avatar for José Padilla jpadilla
0
160
JWT
Avatar for José Padilla jpadilla
2
430
Ember.js + Django
Avatar for José Padilla jpadilla
3
2.1k
UPRB Basic Workshop
Avatar for José Padilla jpadilla
2
200

Other Decks in Technology

See All in Technology
AIコーディングの最前線 〜活用のコツと課題〜
Avatar for PharmaX(旧YOJO Technologies)開発チーム pharma_x_tech
4
2.9k
ここはMCPの夜明けまえ
Avatar for nwiizo nwiizo
32
13k
ペアーズにおける評価ドリブンな AI Agent 開発のご紹介
Avatar for fukubaka0825 fukubaka0825
7
2k
Microsoft の SSE の現在地
Avatar for skmkzyk skmkzyk
0
280
AWSの新機能検証をやる時こそ、Amazon Qでプロンプトエンジニアリングを駆使しよう
Avatar for k-kun duelist2020jp
1
330
LINE 購物幕後推手
Avatar for LINE Developers Taiwan line_developers_tw
PRO
0
330
フルカイテン株式会社 エンジニア向け採用資料
Avatar for FULL KAITEN fullkaiten
0
5.4k
Oracle Base Database Service 技術詳細
Avatar for oracle4engineer oracle4engineer
PRO
7
63k
Conquering PDFs: document understanding beyond plain text
Avatar for Ines Montani inesmontani
PRO
2
450
【Oracle Cloud ウェビナー】ご希望のクラウドでOracle Databaseを実行〜マルチクラウド・ソリューション徹底解説〜
Avatar for oracle4engineer oracle4engineer
PRO
1
140
Perl歴約10年のエンジニアがフルスタックTypeScriptに出会ってみた
Avatar for papix papix
1
260
テストって楽しい!開発を加速させるテストの魅力 / Testing is Fun! The Fascinating of Testing to Accelerate Development
Avatar for END aiandrox
0
160

Featured

See All Featured
How to Ace a Technical Interview
Avatar for Jacob Kaplan-Moss jacobian
276
23k
Bootstrapping a Software Product
Avatar for Garrett Dimon garrettdimon
PRO
307
110k
Understanding Cognitive Biases in Performance Measurement
Avatar for Philip Tellis bluesmoon
29
1.7k
JavaScript: Past, Present, and Future - NDC Porto 2020
Avatar for David Neal reverentgeek
47
5.4k
Java REST API Framework Comparison - PWX 2021
Avatar for Matt Raible mraible
31
8.5k
Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything
Avatar for Michelle Schulp Hunt marktimemedia
30
2.3k
Thoughts on Productivity
Avatar for Jon Yablonski jonyablonski
69
4.6k
Music & Morning Musume
Avatar for Bryan Veloso bryan
47
6.5k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
Avatar for panda_program panda_program
105
19k
Bash Introduction
Avatar for André Augusto Costa Santos 62gerente
612
210k
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
Avatar for Aki / @LoveIdahoBurger aki_iinuma
119
51k
Scaling GitHub
Avatar for Zach Holman holman
459
140k

Transcript

  1. BUILDING FOR THE WEB

  2. DAY 2

  3. http://bit.ly/bftw-day2-qna

  4. JOSÉ PADILLA

  5. None

  6. PERL

  7. <script language="VBScript"> <!-- Set oWMP = CreateObject("WMPlayer.OCX.7") Set colCDROMs =

    oWMP.cdromCollection if colCDROMs.Count >= 1 then For i = 0 to colCDROMs.Count - 1 colCDROMs.Item(i).Eject Next ' cdrom End If --> </script>

  8. WSH & VBSCRIPT

  9. PHP & MYSQL HTML & JAVASCRIPT

  10. HACKER

  11. ENTREPRENEUR

  12. CO-FOUNDER AT BLIMP

  13. None
  14. None

  15. jpadilla.com

  16. THE BACKEND

  17. MAKING DEVELOPERS HAPPIER, MORE PRODUCTIVE AND MORE EFFICIENT

  18. “We allow teams to function as independently as possible. Developers

    are like artists; they produce their best work if they have the freedom to do so, but they need good tools.” Werner Vogels, CTO at Amazon

  19. TOPICS PATTERNS • HTTP • HTTPS AJAX • WEBSOCKETS •

    DATABASES CACHING • ANALYTICS • SECURITY ARCH • APIS • LIVE CODE

  20. WAYS TO WRITE WEB APPS

  21. MONOLITHIC PATTERN

  22. BUILDING A SINGLE COUPLED PROJECT

  23. None

  24. SERVICE PATTERN

  25. BUILDING VARIOUS SMALL INDEPENDENT WEB SERVICES

  26. None
  27. None
  28. None
  29. None

  30. TOPICS PATTERNS • HTTP • HTTPS AJAX • WEBSOCKETS •

    DATABASES CACHING • ANALYTICS • SECURITY ARCH • APIS • LIVE CODE

  31. HYPERTEXT TRANSFER PROTOCOL

  32. None

  33. HTTP is simple

  34. None

  35. 1) The client sends a request

  36. GET /v1/cars HTTP/1.1 Host: api.example.com Accept: application/json User-Agent: Mozilla/5.0 (Macintosh)

  37. HTTP METHODS

  38. GET /v1/cars HTTP/1.1

  39. GET

  40. Retrieve the resource from the server

  41. POST

  42. Create a resource on the server

  43. PUT

  44. Update the resource on the server

  45. DELETE

  46. Delete the resource from the server

  47. URI

  48. GET /v1/cars HTTP/1.1

  49. Identifies the resource the client wants

  50. REQUEST HEADERS

  51. Host: api.example.com Accept: application/json User-Agent: Mozilla/5.0 (Macintosh)

  52. 2) The server returns a response

  53. HTTP/1.1 200 OK Date: Tue, 12 Aug 2014 09:00:00 GMT

    Server: ngnix Content-Type: application/json { "message": "Hello World" }

  54. HTTP/1.1 200 OK

  55. STATUS CODES

  56. HTTP/1.1 200 OK

  57. INFORMATIONAL - 1XX 100 Continue 101 Switching Protocols

  58. SUCCESSFUL - 2XX 200 OK 201 Created 202 Accepted 204

    No Content

  59. REDIRECTION - 3XX 301 Moved Permanently 302 Found 304 Not

    Modified

  60. CLIENT ERROR - 4XX 400 Bad Request 401 Unauthorized 403

    Forbidden 404 Not Found 405 Method Not Allowed

  61. SERVER ERROR - 5XX 500 Internal Server Error 502 Bad

    Gateway 503 Service Unavailable

  62. RESPONSE HEADERS

  63. Date: Tue, 12 Aug 2014 09:00:00 GMT Server: ngnix Content-Type:

    application/json

  64. RESPONSE BODY

  65. { "message": "Hello World" }

  66. REQUEST + RESPONSES = HTTP

  67. TOPICS PATTERNS • HTTP • HTTPS AJAX • WEBSOCKETS •

    DATABASES CACHING • ANALYTICS • SECURITY ARCH • APIS • LIVE CODE

  68. Hypertext Transfer Protocol Secure

  69. None

  70. Used for secure communication

  71. HTTP + SSL/TLS

  72. Privacy

  73. Data integrity

  74. When to use HTTPS?

  75. Credit card details? Use HTTPS

  76. Users/Passwords? Use HTTPS

  77. USE HTTPS. ALWAYS.

  78. WARNING

  79. HTTPS is not a security silver bullet

  80. Price: $10+ RapidSSL, StartSSL, Thawte...

  81. TIPS

  82. ssllabs.com

  83. None

  84. Redirect HTTP to HTTPS

  85. TOPICS PATTERNS • HTTP • HTTPS AJAX • WEBSOCKETS •

    DATABASES CACHING • ANALYTICS • SECURITY ARCH • APIS • CODE EXAMPLE
  86. None
  87. None
  88. None

  89. JavaScript

  90. XMLHttpRequest

  91. Asynchronous JavaScript and XML

  92. None
  93. None

  94. SERVER

  95. GET /v1/cars HTTP/1.1 Host: api.example.com Accept: application/json User-Agent: Mozilla/5.0 (Macintosh)

    X-Requested-With: XMLHttpRequest

  96. X-Requested-With: XMLHttpRequest

  97. TOPICS PATTERNS • HTTP • HTTPS AJAX • WEBSOCKETS •

    DATABASES CACHING • ANALYTICS • SECURITY ARCH • APIS • LIVE CODE
  98. None

  99. GET ws://websocket.example.com/ HTTP/1.1 Origin: http://example.com Connection: Upgrade Host: websocket.example.com Upgrade:

    websocket

  100. HTTP/1.1 101 WebSocket Protocol Handshake Date: Wed, 16 Oct 2013

    10:07:34 GMT Connection: Upgrade Upgrade: WebSocket

  101. USE CASES

  102. Real-time data/feeds

  103. None

  104. Instant messaging and chat

  105. None

  106. Collaborative editing

  107. None

  108. Multiplayer games

  109. None
  110. None
  111. None

  112. TOPICS PATTERNS • HTTP • HTTPS AJAX • WEBSOCKETS •

    DATABASES CACHING • ANALYTICS • SECURITY ARCH • APIS • LIVE CODE

  113. SQL DATABASES

  114. NOSQL DATABASES

  115. HOW TO CHOOSE?

  116. HOW I CHOSE?

  117. BREAK!

  118. TOPICS PATTERNS • HTTP • HTTPS AJAX • WEBSOCKETS •

    DATABASES CACHING • ANALYTICS • SECURITY ARCH • APIS • LIVE CODE

  119. try finding the Monthly Report in the cache if the

    data is in the cache: return the cached Monthly Report else: execute complex and time-consuming queries save the generated Monthly Report return the cached Monthly Report

  120. WHEN TO IMPLEMENT CACHING?

  121. MEMCACHED

  122. REDIS

  123. TOPICS PATTERNS • HTTP • HTTPS AJAX • WEBSOCKETS •

    DATABASES CACHING • ANALYTICS • SECURITY ARCH • APIS • LIVE CODE
  124. None

  125. STATSD

  126. None

  127. NEW RELIC

  128. None

  129. LOGGLY

  130. None

  131. TOPICS PATTERNS • HTTP • HTTPS AJAX • WEBSOCKETS •

    DATABASES CACHING • ANALYTICS • SECURITY ARCH • APIS • LIVE CODE

  132. DON'T REINVENT THE WHEEL

  133. None

  134. UNFILTERED INPUT, UNESCAPED OUTPUT

  135. CROSS-SITE SCRIPTING (XSS)

  136. SQL INJECTION

  137. None

  138. CROSS-SITE REQUEST FORGERY (CSRF)

  139. DON'T STORE PASSWORDS IN PLAIN TEXT

  140. DON'T EMAIL A USER'S PASSWORD

  141. HASH PASSWORDS WITH PBKDF2

  142. OWASP

  143. TOPICS PATTERNS • HTTP • HTTPS AJAX • WEBSOCKETS •

    DATABASES CACHING • ANALYTICS • SECURITY ARCH • APIS • LIVE CODE

  144. THE TWELVE- FACTOR APP

  145. DECLARATIVE

  146. MAXIMUM PORTABILITY

  147. DEPLOY TO CLOUD

  148. DEV/PROD PARITY

  149. SCALABLE

  150. TOPICS PATTERNS • HTTP • HTTPS AJAX • WEBSOCKETS •

    DATABASES CACHING • ANALYTICS • SECURITY ARCH • APIS • LIVE CODE
  151. None

  152. <?xml version="1.0"?> <soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope"> <soap:Header> </soap:Header> <soap:Body> <m:GetStockPrice xmlns:m="http://www.example.org/stock"> <m:StockName>IBM</m:StockName>

    </m:GetStockPrice> </soap:Body> </soap:Envelope>
  153. None

  154. REPRESENTATIONAL STATE TRANSFER

  155. RESOURCE-BASED

  156. Verbs (Don't) POST /GetSongs HTTP/1.1

  157. Nouns (Do) GET /songs HTTP/1.1

  158. REPRESENTATIONS

  159. { "id": 1, "name": "Pretty When You Cry", "album": 1,

    "favorite": false }

  160. <song> <id>1</id> <name>Pretty When You Cry</name> <album>1</album> <favorite>false</favorite> </song>

  161. STATELESS

  162. UNIFORM INTERFACE

  163. TIPS

  164. API = DEV'S UI

  165. USE RESTFUL URLS AND ACTIONS

  166. GET /songs HTTP/1.1 Accept: application/json HTTP/1.1 200 OK Content-Type: application/json

    [{ "id": 1, "name": "Pretty When You Cry" }, { "id": 1, "name": "Money Power Glory" }]

  167. GET /songs/1 HTTP/1.1 Accept: application/json HTTP/1.1 200 OK Content-Type: application/json

    { "id": 1, "name": "Pretty When You Cry" }

  168. POST /songs HTTP/1.1 Accept: application/json { "name": "West Coast" }

    HTTP/1.1 201 CREATED Content-Type: application/json { "id": 3, "name": "West Coast" }

  169. PUT /songs/3 HTTP/1.1 Accept: application/json { "name": "West Coast (Updated)"

    } HTTP/1.1 200 OK Content-Type: application/json { "id": 3, "name": "West Coast (Updated)" }

  170. DELETE /songs/3 HTTP/1.1 Accept: application/json HTTP/1.1 204 NO CONTENT Content-Type:

    application/json

  171. USE SSL. ALWAYS.

  172. VERSIONING

  173. GET /v1/songs

  174. FILTERING, SORTING & SEARCHING

  175. GET /songs?sort=-name GET /songs?favorite=true GET /songs?q=ritmo

  176. ALLOW LIMITING FIELDS

  177. GET /songs?fields=id,name

  178. USE JSON

  179. PAGINATION

  180. UPDATES/CREATE SHOULD RETURN REPRESENTATION

  181. CONSUMABLE ERROR PAYLOAD

  182. { "errors": { "email": "Email is required.", "password": "Password is

    required." } }

  183. AUTHENTICATION

  184. COOKIE-BASED

  185. TOKEN-BASED

  186. EFFECTIVELY USE HTTTP STATUS CODES

  187. CHECK OUT JSONAPI.ORG

  188. LANGUAGES & FRAMEWORKS

  189. NODE.JS EXPRESS SAILS.JS METEOR

  190. RUBY SINATRA RUBY ON RAILS

  191. GO REVEL MARTINI

  192. PYTHON DJANGO FLASK

  193. Q&A