Upgrade to Pro — share decks privately, control downloads, hide ads and more …

HTTP: The Webmachine

HTTP: The Webmachine

Eduardo Gurgel

April 28, 2015
Tweet

More Decks by Eduardo Gurgel

Other Decks in Technology

Transcript

  1. Methods • GET • HEAD • POST • PUT •

    PATCH • OPTIONS • DELETE • TRACE • CONNECT
  2. Headers • Accept • Accept-Charset • Accept-Features • Accept-Encoding •

    Accept-Language • Accept-Ranges • Access-Control-Allow-Credentials • Access-Control-Allow-Origin • Access-Control-Allow-Methods • Access-Control-Allow-Headers • Access-Control-Max-Age • Access-Control-Expose-Headers • Access-Control-Request-Method • Access-Control-Request-Headers • Age • Allow • Alternates • Authorization • Cache-Control • Connection • Content-Encoding • Content-Language • Content-Length • Content-Location • Content-MD5 • Content-Range • Content-Security-Policy • Content-Type • Cookie • DNT • Date • ETag • Expect • Expires • From • Host • If-Match • If-Modified-Since • If-None-Match • If-Range • If-Unmodified-Since • Last-Event-ID
  3. Headers • Last-Modified • Link • Location • Max-Forwards •

    Negotiate • Origin • Pragma • Proxy-Authenticate • Proxy-Authorization • Range • Referer • Retry-After • Sec-Websocket-Extensions • Sec-Websocket-Key • Sec-Websocket-Origin • Sec-Websocket-Protocol • Sec-Websocket-Version • Server • Set-Cookie • Set-Cookie2 • Strict-Transport-Security • TCN • TE • Trailer • Transfer-Encoding • Upgrade • User-Agent • Variant-Vary • Vary • Via • Warning • WWW-Authenticate • X-Content-Duration • X-Content-Security-Policy • X-DNSPrefetch-Control • X-Frame-Options • X-Requested-With
  4. Status Codes • 100 Continue • 101 Switching Protocol •

    200 OK • 201 Created • 202 Accepted • 203 Non-Authoritative Information • 204 No Content • 205 Reset Content • 206 Partial Content • 300 Multiple Choice • 301 Moved Permanently • 302 Found • 303 See Other • 304 Not Modified • 305 Use Proxy • 307 Temporary Redirect • 308 Permanent Redirect • 400 Bad Request • 401 Unauthorized • 402 Payment Required • 403 Forbidden • 404 Not Found • 405 Method Not Allowed • 406 Not Acceptable • 407 Proxy Authentication Required • 408 Request Timeout • 409 Conflict • 410 Gone • 411 Length Required • 412 Precondition Failed • 413 Request Entity Too Large • 414 Request-URI Too Long • 415 Unsupported Media Type • 416 Requested Range Not Satisfiable • 417 Expectation Failed • 500 Internal Server Error • 501 Not Implemented • 502 Bad Gateway • 503 Service Unavailable • 504 Gateway Timeout • 505 HTTP Version Not Supported
  5. Rack class SomeMiddleware def initialize(app) @app = app end def

    call(env) # ... [status, headers, body] end end
  6. Middleware-based class ApplicationController < ActionController::Base # ... before_filter :set_current_user_for_logs before_filter

    :set_locale before_filter :set_mobile_view before_filter :inject_preview_style before_filter :disable_customization before_filter :block_if_readonly_mode before_filter :authorize_mini_profiler before_filter :preload_json before_filter :check_xhr before_filter :redirect_to_login_if_required # ... end
  7. Middleware-based • Order matters • Blind up, blind down •

    Hard to reuse • Env is a pile of data • Black box is a lie
  8. Describe your resource • resource_exists? • service_available? • is_authorized? •

    forbidden? • malformed_request? • content_types_provided • content_types_accepted • moved_temporarily? • moved_permanently? • create_path • known_methods • last_modified • expires • allowed_methods • generate_etag • languages_provided • charsets_provided • encodings_provided
  9. Example class OrderResource < Webmachine::Resource def allowed_methods ["GET"] end def

    content_types_provided [["application/json", :to_json]] end def to_json order.to_json end private def order @order ||= Order.find(id) end def id request.path_info[:id] end end /order/:id
  10. Example class OrderResource < Webmachine::Resource def allowed_methods ["GET"] end def

    content_types_provided [["application/json", :to_json]] end def to_json order.to_json end private def order @order ||= Order.find(id) end def id request.path_info[:id] end end 405 Method Not Allowed 406 Not Acceptable 200 OK /order/:id
  11. Example class OrderResource < Webmachine::Resource def allowed_methods ["GET"] end def

    content_types_provided [["application/json", :to_json]] end def resource_exists? order end def to_json order.to_json end private def order @order ||= Order.find(id) end def id request.path_info[:id] end end 404 Not Found
  12. class OrderResource < Webmachine::Resource include Webmachine::Resource::Authentication def allowed_methods ["GET"] end

    def content_types_provided [["application/json", :to_json]] end def resource_exists? order end def is_authorized?(authorization_header) basic_auth(authorization_header, "My Application") do |username, password| @user = User.auth!(username, password) [email protected]? end end def forbidden? order.allow?(@user) end def to_json order.to_json end private def order @order ||= Order.find(id) end def id request.path_info[:id] end end 401 Unauthorized 403 Forbidden
  13. Implementations • Erlang (primary) - basho/webmachine! • Ruby - seancribbs/webmachine-ruby

    • Clojure - clojure-liberator/liberator • Haskell - larrytheliquid/Lemmachine • Javascript - tautologistics/nodemachine! • PHP - reflowstudio/phpmachine