Upgrade to Pro — share decks privately, control downloads, hide ads and more …

BFTW: The Backend

José Padilla
August 13, 2014
Technology
4
190

BFTW: The Backend

Day 2 of Building for the Web. Discussing backend development for modern web apps.

José Padilla

August 13, 2014
Tweet

More Decks by José Padilla

See All by José Padilla
Python, Government, and Contracts
jpadilla
0
44
Python, Government, and Contracts
jpadilla
0
4.9k
Python Type Hints
jpadilla
0
470
Developer Ergonomics
jpadilla
0
2.1k
DjangoCon - JSON Web Tokens
jpadilla
15
11k
eventos
jpadilla
0
150
JWT
jpadilla
2
420
Ember.js + Django
jpadilla
3
2.1k
UPRB Basic Workshop
jpadilla
2
200

Other Decks in Technology

See All in Technology
What's new in Go 1.24?
ciarana
1
110
Snowflake ML モデルを dbt データパイプラインに組み込む​
estie
0
110
クラウド関連のインシデントケースを収集して見えてきたもの
lhazy
9
1.8k
IAMポリシーのAllow/Denyについて、改めて理解する
smt7174
2
210
エンジニア主導の企画立案を可能にする組織とは?
recruitengineers
PRO
1
280
JAWS FESTA 2024「バスロケ」GPS×サーバーレスの開発と運用の舞台裏/jawsfesta2024-bus-gps-serverless
ma2shita
3
290
EMConf JP 2025 懇親会LT / EMConf JP 2025 social gathering
sugamasao
2
210
いまからでも遅くない!コンテナでWebアプリを動かしてみよう!コンテナハンズオン編
nomu
0
170
フォーイット_エンジニア向け会社紹介資料_Forit_Company_Profile.pdf
forit_tech
1
1.7k
リクルートのエンジニア組織を下支えする 新卒の育成の仕組み
recruitengineers
PRO
1
140
Amazon Q Developerの無料利用枠を使い倒してHello worldを表示させよう!
nrinetcom
PRO
2
120
データベースの負荷を紐解く/untangle-the-database-load
emiki
2
540

Featured

See All Featured
A designer walks into a library…
pauljervisheath
205
24k
Building a Scalable Design System with Sketch
lauravandoore
461
33k
GraphQLとの向き合い方2022年版
quramy
44
14k
How to Think Like a Performance Engineer
csswizardry
22
1.4k
Build your cross-platform service in a week with App Engine
jlugia
229
18k
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
tammyeverts
49
2.3k
Building a Modern Day 
E-commerce SEO Strategy
aleyda
38
7.1k
Product Roadmaps are Hard
iamctodd
PRO
51
11k
ReactJS: Keep Simple. Everything can be a component!
pedronauck
666
120k
Typedesign – Prime Four
hannesfritz
41
2.5k
The Art of Delivering Value - GDevCon NA Keynote
reverentgeek
11
1.3k
A Philosophy of Restraint
colly
203
16k

Transcript

  1. BUILDING FOR THE WEB

  2. DAY 2

  3. http://bit.ly/bftw-day2-qna

  4. JOSÉ PADILLA

  5. None

  6. PERL

  7. <script language="VBScript"> <!-- Set oWMP = CreateObject("WMPlayer.OCX.7") Set colCDROMs =

    oWMP.cdromCollection if colCDROMs.Count >= 1 then For i = 0 to colCDROMs.Count - 1 colCDROMs.Item(i).Eject Next ' cdrom End If --> </script>

  8. WSH & VBSCRIPT

  9. PHP & MYSQL HTML & JAVASCRIPT

  10. HACKER

  11. ENTREPRENEUR

  12. CO-FOUNDER AT BLIMP

  13. None
  14. None

  15. jpadilla.com

  16. THE BACKEND

  17. MAKING DEVELOPERS HAPPIER, MORE PRODUCTIVE AND MORE EFFICIENT

  18. “We allow teams to function as independently as possible. Developers

    are like artists; they produce their best work if they have the freedom to do so, but they need good tools.” Werner Vogels, CTO at Amazon

  19. TOPICS PATTERNS • HTTP • HTTPS AJAX • WEBSOCKETS •

    DATABASES CACHING • ANALYTICS • SECURITY ARCH • APIS • LIVE CODE

  20. WAYS TO WRITE WEB APPS

  21. MONOLITHIC PATTERN

  22. BUILDING A SINGLE COUPLED PROJECT

  23. None

  24. SERVICE PATTERN

  25. BUILDING VARIOUS SMALL INDEPENDENT WEB SERVICES

  26. None
  27. None
  28. None
  29. None

  30. TOPICS PATTERNS • HTTP • HTTPS AJAX • WEBSOCKETS •

    DATABASES CACHING • ANALYTICS • SECURITY ARCH • APIS • LIVE CODE

  31. HYPERTEXT TRANSFER PROTOCOL

  32. None

  33. HTTP is simple

  34. None

  35. 1) The client sends a request

  36. GET /v1/cars HTTP/1.1 Host: api.example.com Accept: application/json User-Agent: Mozilla/5.0 (Macintosh)

  37. HTTP METHODS

  38. GET /v1/cars HTTP/1.1

  39. GET

  40. Retrieve the resource from the server

  41. POST

  42. Create a resource on the server

  43. PUT

  44. Update the resource on the server

  45. DELETE

  46. Delete the resource from the server

  47. URI

  48. GET /v1/cars HTTP/1.1

  49. Identifies the resource the client wants

  50. REQUEST HEADERS

  51. Host: api.example.com Accept: application/json User-Agent: Mozilla/5.0 (Macintosh)

  52. 2) The server returns a response

  53. HTTP/1.1 200 OK Date: Tue, 12 Aug 2014 09:00:00 GMT

    Server: ngnix Content-Type: application/json { "message": "Hello World" }

  54. HTTP/1.1 200 OK

  55. STATUS CODES

  56. HTTP/1.1 200 OK

  57. INFORMATIONAL - 1XX 100 Continue 101 Switching Protocols

  58. SUCCESSFUL - 2XX 200 OK 201 Created 202 Accepted 204

    No Content

  59. REDIRECTION - 3XX 301 Moved Permanently 302 Found 304 Not

    Modified

  60. CLIENT ERROR - 4XX 400 Bad Request 401 Unauthorized 403

    Forbidden 404 Not Found 405 Method Not Allowed

  61. SERVER ERROR - 5XX 500 Internal Server Error 502 Bad

    Gateway 503 Service Unavailable

  62. RESPONSE HEADERS

  63. Date: Tue, 12 Aug 2014 09:00:00 GMT Server: ngnix Content-Type:

    application/json

  64. RESPONSE BODY

  65. { "message": "Hello World" }

  66. REQUEST + RESPONSES = HTTP

  67. TOPICS PATTERNS • HTTP • HTTPS AJAX • WEBSOCKETS •

    DATABASES CACHING • ANALYTICS • SECURITY ARCH • APIS • LIVE CODE

  68. Hypertext Transfer Protocol Secure

  69. None

  70. Used for secure communication

  71. HTTP + SSL/TLS

  72. Privacy

  73. Data integrity

  74. When to use HTTPS?

  75. Credit card details? Use HTTPS

  76. Users/Passwords? Use HTTPS

  77. USE HTTPS. ALWAYS.

  78. WARNING

  79. HTTPS is not a security silver bullet

  80. Price: $10+ RapidSSL, StartSSL, Thawte...

  81. TIPS

  82. ssllabs.com

  83. None

  84. Redirect HTTP to HTTPS

  85. TOPICS PATTERNS • HTTP • HTTPS AJAX • WEBSOCKETS •

    DATABASES CACHING • ANALYTICS • SECURITY ARCH • APIS • CODE EXAMPLE
  86. None
  87. None
  88. None

  89. JavaScript

  90. XMLHttpRequest

  91. Asynchronous JavaScript and XML

  92. None
  93. None

  94. SERVER

  95. GET /v1/cars HTTP/1.1 Host: api.example.com Accept: application/json User-Agent: Mozilla/5.0 (Macintosh)

    X-Requested-With: XMLHttpRequest

  96. X-Requested-With: XMLHttpRequest

  97. TOPICS PATTERNS • HTTP • HTTPS AJAX • WEBSOCKETS •

    DATABASES CACHING • ANALYTICS • SECURITY ARCH • APIS • LIVE CODE
  98. None

  99. GET ws://websocket.example.com/ HTTP/1.1 Origin: http://example.com Connection: Upgrade Host: websocket.example.com Upgrade:

    websocket

  100. HTTP/1.1 101 WebSocket Protocol Handshake Date: Wed, 16 Oct 2013

    10:07:34 GMT Connection: Upgrade Upgrade: WebSocket

  101. USE CASES

  102. Real-time data/feeds

  103. None

  104. Instant messaging and chat

  105. None

  106. Collaborative editing

  107. None

  108. Multiplayer games

  109. None
  110. None
  111. None

  112. TOPICS PATTERNS • HTTP • HTTPS AJAX • WEBSOCKETS •

    DATABASES CACHING • ANALYTICS • SECURITY ARCH • APIS • LIVE CODE

  113. SQL DATABASES

  114. NOSQL DATABASES

  115. HOW TO CHOOSE?

  116. HOW I CHOSE?

  117. BREAK!

  118. TOPICS PATTERNS • HTTP • HTTPS AJAX • WEBSOCKETS •

    DATABASES CACHING • ANALYTICS • SECURITY ARCH • APIS • LIVE CODE

  119. try finding the Monthly Report in the cache if the

    data is in the cache: return the cached Monthly Report else: execute complex and time-consuming queries save the generated Monthly Report return the cached Monthly Report

  120. WHEN TO IMPLEMENT CACHING?

  121. MEMCACHED

  122. REDIS

  123. TOPICS PATTERNS • HTTP • HTTPS AJAX • WEBSOCKETS •

    DATABASES CACHING • ANALYTICS • SECURITY ARCH • APIS • LIVE CODE
  124. None

  125. STATSD

  126. None

  127. NEW RELIC

  128. None

  129. LOGGLY

  130. None

  131. TOPICS PATTERNS • HTTP • HTTPS AJAX • WEBSOCKETS •

    DATABASES CACHING • ANALYTICS • SECURITY ARCH • APIS • LIVE CODE

  132. DON'T REINVENT THE WHEEL

  133. None

  134. UNFILTERED INPUT, UNESCAPED OUTPUT

  135. CROSS-SITE SCRIPTING (XSS)

  136. SQL INJECTION

  137. None

  138. CROSS-SITE REQUEST FORGERY (CSRF)

  139. DON'T STORE PASSWORDS IN PLAIN TEXT

  140. DON'T EMAIL A USER'S PASSWORD

  141. HASH PASSWORDS WITH PBKDF2

  142. OWASP

  143. TOPICS PATTERNS • HTTP • HTTPS AJAX • WEBSOCKETS •

    DATABASES CACHING • ANALYTICS • SECURITY ARCH • APIS • LIVE CODE

  144. THE TWELVE- FACTOR APP

  145. DECLARATIVE

  146. MAXIMUM PORTABILITY

  147. DEPLOY TO CLOUD

  148. DEV/PROD PARITY

  149. SCALABLE

  150. TOPICS PATTERNS • HTTP • HTTPS AJAX • WEBSOCKETS •

    DATABASES CACHING • ANALYTICS • SECURITY ARCH • APIS • LIVE CODE
  151. None

  152. <?xml version="1.0"?> <soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope"> <soap:Header> </soap:Header> <soap:Body> <m:GetStockPrice xmlns:m="http://www.example.org/stock"> <m:StockName>IBM</m:StockName>

    </m:GetStockPrice> </soap:Body> </soap:Envelope>
  153. None

  154. REPRESENTATIONAL STATE TRANSFER

  155. RESOURCE-BASED

  156. Verbs (Don't) POST /GetSongs HTTP/1.1

  157. Nouns (Do) GET /songs HTTP/1.1

  158. REPRESENTATIONS

  159. { "id": 1, "name": "Pretty When You Cry", "album": 1,

    "favorite": false }

  160. <song> <id>1</id> <name>Pretty When You Cry</name> <album>1</album> <favorite>false</favorite> </song>

  161. STATELESS

  162. UNIFORM INTERFACE

  163. TIPS

  164. API = DEV'S UI

  165. USE RESTFUL URLS AND ACTIONS

  166. GET /songs HTTP/1.1 Accept: application/json HTTP/1.1 200 OK Content-Type: application/json

    [{ "id": 1, "name": "Pretty When You Cry" }, { "id": 1, "name": "Money Power Glory" }]

  167. GET /songs/1 HTTP/1.1 Accept: application/json HTTP/1.1 200 OK Content-Type: application/json

    { "id": 1, "name": "Pretty When You Cry" }

  168. POST /songs HTTP/1.1 Accept: application/json { "name": "West Coast" }

    HTTP/1.1 201 CREATED Content-Type: application/json { "id": 3, "name": "West Coast" }

  169. PUT /songs/3 HTTP/1.1 Accept: application/json { "name": "West Coast (Updated)"

    } HTTP/1.1 200 OK Content-Type: application/json { "id": 3, "name": "West Coast (Updated)" }

  170. DELETE /songs/3 HTTP/1.1 Accept: application/json HTTP/1.1 204 NO CONTENT Content-Type:

    application/json

  171. USE SSL. ALWAYS.

  172. VERSIONING

  173. GET /v1/songs

  174. FILTERING, SORTING & SEARCHING

  175. GET /songs?sort=-name GET /songs?favorite=true GET /songs?q=ritmo

  176. ALLOW LIMITING FIELDS

  177. GET /songs?fields=id,name

  178. USE JSON

  179. PAGINATION

  180. UPDATES/CREATE SHOULD RETURN REPRESENTATION

  181. CONSUMABLE ERROR PAYLOAD

  182. { "errors": { "email": "Email is required.", "password": "Password is

    required." } }

  183. AUTHENTICATION

  184. COOKIE-BASED

  185. TOKEN-BASED

  186. EFFECTIVELY USE HTTTP STATUS CODES

  187. CHECK OUT JSONAPI.ORG

  188. LANGUAGES & FRAMEWORKS

  189. NODE.JS EXPRESS SAILS.JS METEOR

  190. RUBY SINATRA RUBY ON RAILS

  191. GO REVEL MARTINI

  192. PYTHON DJANGO FLASK

  193. Q&A