HTTP: The Webmachine

Transcript

1. HTTP: The Webmachine github /edgurgel twitter /edgurjas gurgel.me

2. HTTP • URI • Method • Header • Body •

   Status Codes Easy, right?

3. HTTP • Authorisation • Authentication • Conditional redirection • Caching

   • Content representation • …

4. Methods • GET • HEAD • POST • PUT •

   PATCH • OPTIONS • DELETE • TRACE • CONNECT

5. Headers • Accept • Accept-Charset • Accept-Features • Accept-Encoding •

   Accept-Language • Accept-Ranges • Access-Control-Allow-Credentials • Access-Control-Allow-Origin • Access-Control-Allow-Methods • Access-Control-Allow-Headers • Access-Control-Max-Age • Access-Control-Expose-Headers • Access-Control-Request-Method • Access-Control-Request-Headers • Age • Allow • Alternates • Authorization • Cache-Control • Connection • Content-Encoding • Content-Language • Content-Length • Content-Location • Content-MD5 • Content-Range • Content-Security-Policy • Content-Type • Cookie • DNT • Date • ETag • Expect • Expires • From • Host • If-Match • If-Modified-Since • If-None-Match • If-Range • If-Unmodified-Since • Last-Event-ID

6. Headers • Last-Modified • Link • Location • Max-Forwards •

   Negotiate • Origin • Pragma • Proxy-Authenticate • Proxy-Authorization • Range • Referer • Retry-After • Sec-Websocket-Extensions • Sec-Websocket-Key • Sec-Websocket-Origin • Sec-Websocket-Protocol • Sec-Websocket-Version • Server • Set-Cookie • Set-Cookie2 • Strict-Transport-Security • TCN • TE • Trailer • Transfer-Encoding • Upgrade • User-Agent • Variant-Vary • Vary • Via • Warning • WWW-Authenticate • X-Content-Duration • X-Content-Security-Policy • X-DNSPrefetch-Control • X-Frame-Options • X-Requested-With

7. Status Codes • 100 Continue • 101 Switching Protocol •

   200 OK • 201 Created • 202 Accepted • 203 Non-Authoritative Information • 204 No Content • 205 Reset Content • 206 Partial Content • 300 Multiple Choice • 301 Moved Permanently • 302 Found • 303 See Other • 304 Not Modified • 305 Use Proxy • 307 Temporary Redirect • 308 Permanent Redirect • 400 Bad Request • 401 Unauthorized • 402 Payment Required • 403 Forbidden • 404 Not Found • 405 Method Not Allowed • 406 Not Acceptable • 407 Proxy Authentication Required • 408 Request Timeout • 409 Conflict • 410 Gone • 411 Length Required • 412 Precondition Failed • 413 Request Entity Too Large • 414 Request-URI Too Long • 415 Unsupported Media Type • 416 Requested Range Not Satisfiable • 417 Expectation Failed • 500 Internal Server Error • 501 Not Implemented • 502 Bad Gateway • 503 Service Unavailable • 504 Gateway Timeout • 505 HTTP Version Not Supported

8. Processing Request Response

9. Rack class SomeMiddleware def initialize(app) @app = app end def

   call(env) # ... [status, headers, body] end end

10. Middleware-based class ApplicationController < ActionController::Base # ... before_filter :set_current_user_for_logs before_filter

    :set_locale before_filter :set_mobile_view before_filter :inject_preview_style before_filter :disable_customization before_filter :block_if_readonly_mode before_filter :authorize_mini_profiler before_filter :preload_json before_filter :check_xhr before_filter :redirect_to_login_if_required # ... end

11. Middleware-based • Order matters • Blind up, blind down •

    Hard to reuse • Env is a pile of data • Black box is a lie

12. Protocol HTTP 1.1 RFCs 7230, 7231, 7232, 7233, 7234,7235 (305

    pages) Finite State Machine

13. Webmachine

14. Webmachine

15. Webmachine

16. Describe your resource • resource_exists? • service_available? • is_authorized? •

    forbidden? • malformed_request? • content_types_provided • content_types_accepted • moved_temporarily? • moved_permanently? • create_path • known_methods • last_modified • expires • allowed_methods • generate_etag • languages_provided • charsets_provided • encodings_provided

17. Example class OrderResource < Webmachine::Resource def allowed_methods ["GET"] end def

    content_types_provided [["application/json", :to_json]] end def to_json order.to_json end private def order @order ||= Order.find(id) end def id request.path_info[:id] end end /order/:id

18. Example

19. Example class OrderResource < Webmachine::Resource def allowed_methods ["GET"] end def

    content_types_provided [["application/json", :to_json]] end def to_json order.to_json end private def order @order ||= Order.find(id) end def id request.path_info[:id] end end 405 Method Not Allowed 406 Not Acceptable 200 OK /order/:id

20. Example class OrderResource < Webmachine::Resource def allowed_methods ["GET"] end def

    content_types_provided [["application/json", :to_json]] end def resource_exists? order end def to_json order.to_json end private def order @order ||= Order.find(id) end def id request.path_info[:id] end end 404 Not Found

21. class OrderResource < Webmachine::Resource include Webmachine::Resource::Authentication def allowed_methods ["GET"] end

    def content_types_provided [["application/json", :to_json]] end def resource_exists? order end def is_authorized?(authorization_header) basic_auth(authorization_header, "My Application") do |username, password| @user = User.auth!(username, password) [email protected]? end end def forbidden? order.allow?(@user) end def to_json order.to_json end private def order @order ||= Order.find(id) end def id request.path_info[:id] end end 401 Unauthorized 403 Forbidden

22. So? • Descriptive • Consistent behaviour • Scalable • Unit

    testable • Customisable

23. Implementations • Erlang (primary) - basho/webmachine! • Ruby - seancribbs/webmachine-ruby

    • Clojure - clojure-liberator/liberator • Haskell - larrytheliquid/Lemmachine • Javascript - tautologistics/nodemachine! • PHP - reflowstudio/phpmachine

24. More

25. More

26. Questions ?