Upgrade to Pro — share decks privately, control downloads, hide ads and more …

BFTW: The Backend

Avatar for José Padilla José Padilla
August 13, 2014
Technology
4
200

BFTW: The Backend

Day 2 of Building for the Web. Discussing backend development for modern web apps.

Avatar for José Padilla

José Padilla

August 13, 2014
Tweet

More Decks by José Padilla

See All by José Padilla
Python, Government, and Contracts
Avatar for José Padilla jpadilla
0
53
Python, Government, and Contracts
Avatar for José Padilla jpadilla
0
5k
Python Type Hints
Avatar for José Padilla jpadilla
0
540
Developer Ergonomics
Avatar for José Padilla jpadilla
0
2.1k
DjangoCon - JSON Web Tokens
Avatar for José Padilla jpadilla
15
11k
eventos
Avatar for José Padilla jpadilla
0
180
JWT
Avatar for José Padilla jpadilla
2
440
Ember.js + Django
Avatar for José Padilla jpadilla
3
2.1k
UPRB Basic Workshop
Avatar for José Padilla jpadilla
2
210

Other Decks in Technology

See All in Technology
クラウドとリアルの融合により、製造業はどう変わるのか?〜クラスメソッドの製造業への取組と共に〜
Avatar for 濱田孝治 hamadakoji
0
410
Biz職でもDifyでできる! 「触らないAIワークフロー」を実現する方法
Avatar for kanacan igarashikana
7
3.3k
「最速」で Gemini CLI を使いこなそう! 〜Cloud Shell/Cloud Run の活用〜 / The Fastest Way to Master the Gemini CLI — with Cloud Shell and Cloud Run
Avatar for Kento Kimura aoto
PRO
1
170
Implementing and Evaluating a High-Level Language with WasmGC and the Wasm Component Model: Scala’s Case
Avatar for Rikito Taniguchi tanishiking
0
180
物体検出モデルでシイタケの収穫時期を自動判定してみた。 #devio2025
Avatar for Lamaglama39 lamaglama39
0
280
Behind Postgres 18: The People, the Code, & the Invisible Work | Claire Giordano | PGConfEU 2025
Avatar for Claire Giordano clairegiordano
0
120
AIエージェント入門 〜基礎からMCP・A2Aまで〜
Avatar for Shu Kobuchi shukob
1
170
ストレージエンジニアの仕事と、近年の計算機について / 第58回 情報科学若手の会
Avatar for Preferred Networks pfn
PRO
3
760
混合雲環境整合異質工作流程工具運行關鍵業務 Job 的經驗分享
Avatar for Yao-Siang Su (蘇曜祥) yaosiang
0
170
マルチエージェントのチームビルディング_2025-10-25
Avatar for shino shinoyamada
0
140
AI駆動で進める依存ライブラリ更新 ─ Vue プロジェクトの品質向上と開発スピード改善の実践録
Avatar for sayn0 sayn0
1
290
オブザーバビリティが育むシステム理解と好奇心
Avatar for maru maruloop
1
980

Featured

See All Featured
Helping Users Find Their Own Way: Creating Modern Search Experiences
Avatar for Dan Newman danielanewman
30
2.9k
A designer walks into a library…
Avatar for Paul Jervis Heath pauljervisheath
209
24k
Learning to Love Humans: Emotional Interface Design
Avatar for Aarron Walter aarron
274
41k
Documentation Writing (for coders)
Avatar for Carmen Chung carmenintech
75
5.1k
Fight the Zombie Pattern Library - RWD Summit 2016
Avatar for Marcelo Somers marcelosomers
234
17k
Site-Speed That Sticks
Avatar for Harry Roberts csswizardry
13
920
Measuring & Analyzing Core Web Vitals
Avatar for Philip Tellis bluesmoon
9
640
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
Avatar for Kevin Liebholz kevinliebholz
36
6.1k
Easily Structure & Communicate Ideas using Wireframe
Avatar for Afnizar Nur Ghifari afnizarnur
194
16k
Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything
Avatar for Michelle Schulp Hunt marktimemedia
31
2.6k
The Language of Interfaces
Avatar for Des Traynor destraynor
162
25k
Evolution of real-time – Irina Nazarova, EuRuKo, 2024
Avatar for Irina Nazarova irinanazarova
9
990

Transcript

  1. BUILDING FOR THE WEB

  2. DAY 2

  3. http://bit.ly/bftw-day2-qna

  4. JOSÉ PADILLA

  5. None

  6. PERL

  7. <script language="VBScript"> <!-- Set oWMP = CreateObject("WMPlayer.OCX.7") Set colCDROMs =

    oWMP.cdromCollection if colCDROMs.Count >= 1 then For i = 0 to colCDROMs.Count - 1 colCDROMs.Item(i).Eject Next ' cdrom End If --> </script>

  8. WSH & VBSCRIPT

  9. PHP & MYSQL HTML & JAVASCRIPT

  10. HACKER

  11. ENTREPRENEUR

  12. CO-FOUNDER AT BLIMP

  13. None
  14. None

  15. jpadilla.com

  16. THE BACKEND

  17. MAKING DEVELOPERS HAPPIER, MORE PRODUCTIVE AND MORE EFFICIENT

  18. “We allow teams to function as independently as possible. Developers

    are like artists; they produce their best work if they have the freedom to do so, but they need good tools.” Werner Vogels, CTO at Amazon

  19. TOPICS PATTERNS • HTTP • HTTPS AJAX • WEBSOCKETS •

    DATABASES CACHING • ANALYTICS • SECURITY ARCH • APIS • LIVE CODE

  20. WAYS TO WRITE WEB APPS

  21. MONOLITHIC PATTERN

  22. BUILDING A SINGLE COUPLED PROJECT

  23. None

  24. SERVICE PATTERN

  25. BUILDING VARIOUS SMALL INDEPENDENT WEB SERVICES

  26. None
  27. None
  28. None
  29. None

  30. TOPICS PATTERNS • HTTP • HTTPS AJAX • WEBSOCKETS •

    DATABASES CACHING • ANALYTICS • SECURITY ARCH • APIS • LIVE CODE

  31. HYPERTEXT TRANSFER PROTOCOL

  32. None

  33. HTTP is simple

  34. None

  35. 1) The client sends a request

  36. GET /v1/cars HTTP/1.1 Host: api.example.com Accept: application/json User-Agent: Mozilla/5.0 (Macintosh)

  37. HTTP METHODS

  38. GET /v1/cars HTTP/1.1

  39. GET

  40. Retrieve the resource from the server

  41. POST

  42. Create a resource on the server

  43. PUT

  44. Update the resource on the server

  45. DELETE

  46. Delete the resource from the server

  47. URI

  48. GET /v1/cars HTTP/1.1

  49. Identifies the resource the client wants

  50. REQUEST HEADERS

  51. Host: api.example.com Accept: application/json User-Agent: Mozilla/5.0 (Macintosh)

  52. 2) The server returns a response

  53. HTTP/1.1 200 OK Date: Tue, 12 Aug 2014 09:00:00 GMT

    Server: ngnix Content-Type: application/json { "message": "Hello World" }

  54. HTTP/1.1 200 OK

  55. STATUS CODES

  56. HTTP/1.1 200 OK

  57. INFORMATIONAL - 1XX 100 Continue 101 Switching Protocols

  58. SUCCESSFUL - 2XX 200 OK 201 Created 202 Accepted 204

    No Content

  59. REDIRECTION - 3XX 301 Moved Permanently 302 Found 304 Not

    Modified

  60. CLIENT ERROR - 4XX 400 Bad Request 401 Unauthorized 403

    Forbidden 404 Not Found 405 Method Not Allowed

  61. SERVER ERROR - 5XX 500 Internal Server Error 502 Bad

    Gateway 503 Service Unavailable

  62. RESPONSE HEADERS

  63. Date: Tue, 12 Aug 2014 09:00:00 GMT Server: ngnix Content-Type:

    application/json

  64. RESPONSE BODY

  65. { "message": "Hello World" }

  66. REQUEST + RESPONSES = HTTP

  67. TOPICS PATTERNS • HTTP • HTTPS AJAX • WEBSOCKETS •

    DATABASES CACHING • ANALYTICS • SECURITY ARCH • APIS • LIVE CODE

  68. Hypertext Transfer Protocol Secure

  69. None

  70. Used for secure communication

  71. HTTP + SSL/TLS

  72. Privacy

  73. Data integrity

  74. When to use HTTPS?

  75. Credit card details? Use HTTPS

  76. Users/Passwords? Use HTTPS

  77. USE HTTPS. ALWAYS.

  78. WARNING

  79. HTTPS is not a security silver bullet

  80. Price: $10+ RapidSSL, StartSSL, Thawte...

  81. TIPS

  82. ssllabs.com

  83. None

  84. Redirect HTTP to HTTPS

  85. TOPICS PATTERNS • HTTP • HTTPS AJAX • WEBSOCKETS •

    DATABASES CACHING • ANALYTICS • SECURITY ARCH • APIS • CODE EXAMPLE
  86. None
  87. None
  88. None

  89. JavaScript

  90. XMLHttpRequest

  91. Asynchronous JavaScript and XML

  92. None
  93. None

  94. SERVER

  95. GET /v1/cars HTTP/1.1 Host: api.example.com Accept: application/json User-Agent: Mozilla/5.0 (Macintosh)

    X-Requested-With: XMLHttpRequest

  96. X-Requested-With: XMLHttpRequest

  97. TOPICS PATTERNS • HTTP • HTTPS AJAX • WEBSOCKETS •

    DATABASES CACHING • ANALYTICS • SECURITY ARCH • APIS • LIVE CODE
  98. None

  99. GET ws://websocket.example.com/ HTTP/1.1 Origin: http://example.com Connection: Upgrade Host: websocket.example.com Upgrade:

    websocket

  100. HTTP/1.1 101 WebSocket Protocol Handshake Date: Wed, 16 Oct 2013

    10:07:34 GMT Connection: Upgrade Upgrade: WebSocket

  101. USE CASES

  102. Real-time data/feeds

  103. None

  104. Instant messaging and chat

  105. None

  106. Collaborative editing

  107. None

  108. Multiplayer games

  109. None
  110. None
  111. None

  112. TOPICS PATTERNS • HTTP • HTTPS AJAX • WEBSOCKETS •

    DATABASES CACHING • ANALYTICS • SECURITY ARCH • APIS • LIVE CODE

  113. SQL DATABASES

  114. NOSQL DATABASES

  115. HOW TO CHOOSE?

  116. HOW I CHOSE?

  117. BREAK!

  118. TOPICS PATTERNS • HTTP • HTTPS AJAX • WEBSOCKETS •

    DATABASES CACHING • ANALYTICS • SECURITY ARCH • APIS • LIVE CODE

  119. try finding the Monthly Report in the cache if the

    data is in the cache: return the cached Monthly Report else: execute complex and time-consuming queries save the generated Monthly Report return the cached Monthly Report

  120. WHEN TO IMPLEMENT CACHING?

  121. MEMCACHED

  122. REDIS

  123. TOPICS PATTERNS • HTTP • HTTPS AJAX • WEBSOCKETS •

    DATABASES CACHING • ANALYTICS • SECURITY ARCH • APIS • LIVE CODE
  124. None

  125. STATSD

  126. None

  127. NEW RELIC

  128. None

  129. LOGGLY

  130. None

  131. TOPICS PATTERNS • HTTP • HTTPS AJAX • WEBSOCKETS •

    DATABASES CACHING • ANALYTICS • SECURITY ARCH • APIS • LIVE CODE

  132. DON'T REINVENT THE WHEEL

  133. None

  134. UNFILTERED INPUT, UNESCAPED OUTPUT

  135. CROSS-SITE SCRIPTING (XSS)

  136. SQL INJECTION

  137. None

  138. CROSS-SITE REQUEST FORGERY (CSRF)

  139. DON'T STORE PASSWORDS IN PLAIN TEXT

  140. DON'T EMAIL A USER'S PASSWORD

  141. HASH PASSWORDS WITH PBKDF2

  142. OWASP

  143. TOPICS PATTERNS • HTTP • HTTPS AJAX • WEBSOCKETS •

    DATABASES CACHING • ANALYTICS • SECURITY ARCH • APIS • LIVE CODE

  144. THE TWELVE- FACTOR APP

  145. DECLARATIVE

  146. MAXIMUM PORTABILITY

  147. DEPLOY TO CLOUD

  148. DEV/PROD PARITY

  149. SCALABLE

  150. TOPICS PATTERNS • HTTP • HTTPS AJAX • WEBSOCKETS •

    DATABASES CACHING • ANALYTICS • SECURITY ARCH • APIS • LIVE CODE
  151. None

  152. <?xml version="1.0"?> <soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope"> <soap:Header> </soap:Header> <soap:Body> <m:GetStockPrice xmlns:m="http://www.example.org/stock"> <m:StockName>IBM</m:StockName>

    </m:GetStockPrice> </soap:Body> </soap:Envelope>
  153. None

  154. REPRESENTATIONAL STATE TRANSFER

  155. RESOURCE-BASED

  156. Verbs (Don't) POST /GetSongs HTTP/1.1

  157. Nouns (Do) GET /songs HTTP/1.1

  158. REPRESENTATIONS

  159. { "id": 1, "name": "Pretty When You Cry", "album": 1,

    "favorite": false }

  160. <song> <id>1</id> <name>Pretty When You Cry</name> <album>1</album> <favorite>false</favorite> </song>

  161. STATELESS

  162. UNIFORM INTERFACE

  163. TIPS

  164. API = DEV'S UI

  165. USE RESTFUL URLS AND ACTIONS

  166. GET /songs HTTP/1.1 Accept: application/json HTTP/1.1 200 OK Content-Type: application/json

    [{ "id": 1, "name": "Pretty When You Cry" }, { "id": 1, "name": "Money Power Glory" }]

  167. GET /songs/1 HTTP/1.1 Accept: application/json HTTP/1.1 200 OK Content-Type: application/json

    { "id": 1, "name": "Pretty When You Cry" }

  168. POST /songs HTTP/1.1 Accept: application/json { "name": "West Coast" }

    HTTP/1.1 201 CREATED Content-Type: application/json { "id": 3, "name": "West Coast" }

  169. PUT /songs/3 HTTP/1.1 Accept: application/json { "name": "West Coast (Updated)"

    } HTTP/1.1 200 OK Content-Type: application/json { "id": 3, "name": "West Coast (Updated)" }

  170. DELETE /songs/3 HTTP/1.1 Accept: application/json HTTP/1.1 204 NO CONTENT Content-Type:

    application/json

  171. USE SSL. ALWAYS.

  172. VERSIONING

  173. GET /v1/songs

  174. FILTERING, SORTING & SEARCHING

  175. GET /songs?sort=-name GET /songs?favorite=true GET /songs?q=ritmo

  176. ALLOW LIMITING FIELDS

  177. GET /songs?fields=id,name

  178. USE JSON

  179. PAGINATION

  180. UPDATES/CREATE SHOULD RETURN REPRESENTATION

  181. CONSUMABLE ERROR PAYLOAD

  182. { "errors": { "email": "Email is required.", "password": "Password is

    required." } }

  183. AUTHENTICATION

  184. COOKIE-BASED

  185. TOKEN-BASED

  186. EFFECTIVELY USE HTTTP STATUS CODES

  187. CHECK OUT JSONAPI.ORG

  188. LANGUAGES & FRAMEWORKS

  189. NODE.JS EXPRESS SAILS.JS METEOR

  190. RUBY SINATRA RUBY ON RAILS

  191. GO REVEL MARTINI

  192. PYTHON DJANGO FLASK

  193. Q&A