Upgrade to Pro — share decks privately, control downloads, hide ads and more …

BFTW: The Backend

José Padilla
August 13, 2014
Technology
4
180

BFTW: The Backend

Day 2 of Building for the Web. Discussing backend development for modern web apps.

José Padilla

August 13, 2014
Tweet

More Decks by José Padilla

See All by José Padilla
Python, Government, and Contracts
jpadilla
0
40
Python, Government, and Contracts
jpadilla
0
4.8k
Python Type Hints
jpadilla
0
450
Developer Ergonomics
jpadilla
0
2k
DjangoCon - JSON Web Tokens
jpadilla
15
11k
eventos
jpadilla
0
150
JWT
jpadilla
2
420
Ember.js + Django
jpadilla
3
2.1k
UPRB Basic Workshop
jpadilla
2
200

Other Decks in Technology

See All in Technology
PaaSの歴史と、 アプリケーションプラットフォームのこれから
jacopen
7
1.5k
AWS re:Invent 2024 re:Cap Taipei (for Developer): New Launches that facilitate Developer Workflow and Continuous Innovation
dwchiang
0
160
Alignment and Autonomy in Cybozu - 300人の開発組織でアラインメントと自律性を両立させるアジャイルな組織運営 / RSGT2025
ama_ch
1
2.4k
Bring Your Own Container: When Containers Turn the Key to EDR Bypass/byoc-avtokyo2024
tkmru
0
850
デジタルアイデンティティ技術 認可・ID連携・認証 応用 / 20250114-OIDF-J-EduWG-TechSWG
oidfj
2
680
機械学習を「社会実装」するということ 2025年版 / Social Implementation of Machine Learning 2025 Version
moepy_stats
5
1k
Cloudflareで実現する AIエージェント ワークフロー基盤
kmd09
0
290
Amazon Q Developerで.NET Frameworkプロジェクトをモダナイズしてみた
kenichirokimura
1
200
DMMブックスへのTipKit導入
ttyi2
1
110
月間60万ユーザーを抱える 個人開発サービス「Walica」の 技術スタック変遷
miyachin
1
140
デジタルアイデンティティ人材育成推進ワーキンググループ 翻訳サブワーキンググループ 活動報告 / 20250114-OIDF-J-EduWG-TranslationSWG
oidfj
0
530
2025年に挑戦したいこと
molmolken
0
160

Featured

See All Featured
Put a Button on it: Removing Barriers to Going Fast.
kastner
60
3.6k
Facilitating Awesome Meetings
lara
51
6.2k
A Philosophy of Restraint
colly
203
16k
How to Think Like a Performance Engineer
csswizardry
22
1.3k
Chrome DevTools: State of the Union 2024 - Debugging React & Beyond
addyosmani
3
240
Agile that works and the tools we love
rasmusluckow
328
21k
Into the Great Unknown - MozCon
thekraken
34
1.6k
Learning to Love Humans: Emotional Interface Design
aarron
274
40k
Done Done
chrislema
182
16k
We Have a Design System, Now What?
morganepeng
51
7.3k
Building Adaptive Systems
keathley
38
2.4k
Optimizing for Happiness
mojombo
376
70k

Transcript

  1. BUILDING FOR THE WEB

  2. DAY 2

  3. http://bit.ly/bftw-day2-qna

  4. JOSÉ PADILLA

  5. None

  6. PERL

  7. <script language="VBScript"> <!-- Set oWMP = CreateObject("WMPlayer.OCX.7") Set colCDROMs =

    oWMP.cdromCollection if colCDROMs.Count >= 1 then For i = 0 to colCDROMs.Count - 1 colCDROMs.Item(i).Eject Next ' cdrom End If --> </script>

  8. WSH & VBSCRIPT

  9. PHP & MYSQL HTML & JAVASCRIPT

  10. HACKER

  11. ENTREPRENEUR

  12. CO-FOUNDER AT BLIMP

  13. None
  14. None

  15. jpadilla.com

  16. THE BACKEND

  17. MAKING DEVELOPERS HAPPIER, MORE PRODUCTIVE AND MORE EFFICIENT

  18. “We allow teams to function as independently as possible. Developers

    are like artists; they produce their best work if they have the freedom to do so, but they need good tools.” Werner Vogels, CTO at Amazon

  19. TOPICS PATTERNS • HTTP • HTTPS AJAX • WEBSOCKETS •

    DATABASES CACHING • ANALYTICS • SECURITY ARCH • APIS • LIVE CODE

  20. WAYS TO WRITE WEB APPS

  21. MONOLITHIC PATTERN

  22. BUILDING A SINGLE COUPLED PROJECT

  23. None

  24. SERVICE PATTERN

  25. BUILDING VARIOUS SMALL INDEPENDENT WEB SERVICES

  26. None
  27. None
  28. None
  29. None

  30. TOPICS PATTERNS • HTTP • HTTPS AJAX • WEBSOCKETS •

    DATABASES CACHING • ANALYTICS • SECURITY ARCH • APIS • LIVE CODE

  31. HYPERTEXT TRANSFER PROTOCOL

  32. None

  33. HTTP is simple

  34. None

  35. 1) The client sends a request

  36. GET /v1/cars HTTP/1.1 Host: api.example.com Accept: application/json User-Agent: Mozilla/5.0 (Macintosh)

  37. HTTP METHODS

  38. GET /v1/cars HTTP/1.1

  39. GET

  40. Retrieve the resource from the server

  41. POST

  42. Create a resource on the server

  43. PUT

  44. Update the resource on the server

  45. DELETE

  46. Delete the resource from the server

  47. URI

  48. GET /v1/cars HTTP/1.1

  49. Identifies the resource the client wants

  50. REQUEST HEADERS

  51. Host: api.example.com Accept: application/json User-Agent: Mozilla/5.0 (Macintosh)

  52. 2) The server returns a response

  53. HTTP/1.1 200 OK Date: Tue, 12 Aug 2014 09:00:00 GMT

    Server: ngnix Content-Type: application/json { "message": "Hello World" }

  54. HTTP/1.1 200 OK

  55. STATUS CODES

  56. HTTP/1.1 200 OK

  57. INFORMATIONAL - 1XX 100 Continue 101 Switching Protocols

  58. SUCCESSFUL - 2XX 200 OK 201 Created 202 Accepted 204

    No Content

  59. REDIRECTION - 3XX 301 Moved Permanently 302 Found 304 Not

    Modified

  60. CLIENT ERROR - 4XX 400 Bad Request 401 Unauthorized 403

    Forbidden 404 Not Found 405 Method Not Allowed

  61. SERVER ERROR - 5XX 500 Internal Server Error 502 Bad

    Gateway 503 Service Unavailable

  62. RESPONSE HEADERS

  63. Date: Tue, 12 Aug 2014 09:00:00 GMT Server: ngnix Content-Type:

    application/json

  64. RESPONSE BODY

  65. { "message": "Hello World" }

  66. REQUEST + RESPONSES = HTTP

  67. TOPICS PATTERNS • HTTP • HTTPS AJAX • WEBSOCKETS •

    DATABASES CACHING • ANALYTICS • SECURITY ARCH • APIS • LIVE CODE

  68. Hypertext Transfer Protocol Secure

  69. None

  70. Used for secure communication

  71. HTTP + SSL/TLS

  72. Privacy

  73. Data integrity

  74. When to use HTTPS?

  75. Credit card details? Use HTTPS

  76. Users/Passwords? Use HTTPS

  77. USE HTTPS. ALWAYS.

  78. WARNING

  79. HTTPS is not a security silver bullet

  80. Price: $10+ RapidSSL, StartSSL, Thawte...

  81. TIPS

  82. ssllabs.com

  83. None

  84. Redirect HTTP to HTTPS

  85. TOPICS PATTERNS • HTTP • HTTPS AJAX • WEBSOCKETS •

    DATABASES CACHING • ANALYTICS • SECURITY ARCH • APIS • CODE EXAMPLE
  86. None
  87. None
  88. None

  89. JavaScript

  90. XMLHttpRequest

  91. Asynchronous JavaScript and XML

  92. None
  93. None

  94. SERVER

  95. GET /v1/cars HTTP/1.1 Host: api.example.com Accept: application/json User-Agent: Mozilla/5.0 (Macintosh)

    X-Requested-With: XMLHttpRequest

  96. X-Requested-With: XMLHttpRequest

  97. TOPICS PATTERNS • HTTP • HTTPS AJAX • WEBSOCKETS •

    DATABASES CACHING • ANALYTICS • SECURITY ARCH • APIS • LIVE CODE
  98. None

  99. GET ws://websocket.example.com/ HTTP/1.1 Origin: http://example.com Connection: Upgrade Host: websocket.example.com Upgrade:

    websocket

  100. HTTP/1.1 101 WebSocket Protocol Handshake Date: Wed, 16 Oct 2013

    10:07:34 GMT Connection: Upgrade Upgrade: WebSocket

  101. USE CASES

  102. Real-time data/feeds

  103. None

  104. Instant messaging and chat

  105. None

  106. Collaborative editing

  107. None

  108. Multiplayer games

  109. None
  110. None
  111. None

  112. TOPICS PATTERNS • HTTP • HTTPS AJAX • WEBSOCKETS •

    DATABASES CACHING • ANALYTICS • SECURITY ARCH • APIS • LIVE CODE

  113. SQL DATABASES

  114. NOSQL DATABASES

  115. HOW TO CHOOSE?

  116. HOW I CHOSE?

  117. BREAK!

  118. TOPICS PATTERNS • HTTP • HTTPS AJAX • WEBSOCKETS •

    DATABASES CACHING • ANALYTICS • SECURITY ARCH • APIS • LIVE CODE

  119. try finding the Monthly Report in the cache if the

    data is in the cache: return the cached Monthly Report else: execute complex and time-consuming queries save the generated Monthly Report return the cached Monthly Report

  120. WHEN TO IMPLEMENT CACHING?

  121. MEMCACHED

  122. REDIS

  123. TOPICS PATTERNS • HTTP • HTTPS AJAX • WEBSOCKETS •

    DATABASES CACHING • ANALYTICS • SECURITY ARCH • APIS • LIVE CODE
  124. None

  125. STATSD

  126. None

  127. NEW RELIC

  128. None

  129. LOGGLY

  130. None

  131. TOPICS PATTERNS • HTTP • HTTPS AJAX • WEBSOCKETS •

    DATABASES CACHING • ANALYTICS • SECURITY ARCH • APIS • LIVE CODE

  132. DON'T REINVENT THE WHEEL

  133. None

  134. UNFILTERED INPUT, UNESCAPED OUTPUT

  135. CROSS-SITE SCRIPTING (XSS)

  136. SQL INJECTION

  137. None

  138. CROSS-SITE REQUEST FORGERY (CSRF)

  139. DON'T STORE PASSWORDS IN PLAIN TEXT

  140. DON'T EMAIL A USER'S PASSWORD

  141. HASH PASSWORDS WITH PBKDF2

  142. OWASP

  143. TOPICS PATTERNS • HTTP • HTTPS AJAX • WEBSOCKETS •

    DATABASES CACHING • ANALYTICS • SECURITY ARCH • APIS • LIVE CODE

  144. THE TWELVE- FACTOR APP

  145. DECLARATIVE

  146. MAXIMUM PORTABILITY

  147. DEPLOY TO CLOUD

  148. DEV/PROD PARITY

  149. SCALABLE

  150. TOPICS PATTERNS • HTTP • HTTPS AJAX • WEBSOCKETS •

    DATABASES CACHING • ANALYTICS • SECURITY ARCH • APIS • LIVE CODE
  151. None

  152. <?xml version="1.0"?> <soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope"> <soap:Header> </soap:Header> <soap:Body> <m:GetStockPrice xmlns:m="http://www.example.org/stock"> <m:StockName>IBM</m:StockName>

    </m:GetStockPrice> </soap:Body> </soap:Envelope>
  153. None

  154. REPRESENTATIONAL STATE TRANSFER

  155. RESOURCE-BASED

  156. Verbs (Don't) POST /GetSongs HTTP/1.1

  157. Nouns (Do) GET /songs HTTP/1.1

  158. REPRESENTATIONS

  159. { "id": 1, "name": "Pretty When You Cry", "album": 1,

    "favorite": false }

  160. <song> <id>1</id> <name>Pretty When You Cry</name> <album>1</album> <favorite>false</favorite> </song>

  161. STATELESS

  162. UNIFORM INTERFACE

  163. TIPS

  164. API = DEV'S UI

  165. USE RESTFUL URLS AND ACTIONS

  166. GET /songs HTTP/1.1 Accept: application/json HTTP/1.1 200 OK Content-Type: application/json

    [{ "id": 1, "name": "Pretty When You Cry" }, { "id": 1, "name": "Money Power Glory" }]

  167. GET /songs/1 HTTP/1.1 Accept: application/json HTTP/1.1 200 OK Content-Type: application/json

    { "id": 1, "name": "Pretty When You Cry" }

  168. POST /songs HTTP/1.1 Accept: application/json { "name": "West Coast" }

    HTTP/1.1 201 CREATED Content-Type: application/json { "id": 3, "name": "West Coast" }

  169. PUT /songs/3 HTTP/1.1 Accept: application/json { "name": "West Coast (Updated)"

    } HTTP/1.1 200 OK Content-Type: application/json { "id": 3, "name": "West Coast (Updated)" }

  170. DELETE /songs/3 HTTP/1.1 Accept: application/json HTTP/1.1 204 NO CONTENT Content-Type:

    application/json

  171. USE SSL. ALWAYS.

  172. VERSIONING

  173. GET /v1/songs

  174. FILTERING, SORTING & SEARCHING

  175. GET /songs?sort=-name GET /songs?favorite=true GET /songs?q=ritmo

  176. ALLOW LIMITING FIELDS

  177. GET /songs?fields=id,name

  178. USE JSON

  179. PAGINATION

  180. UPDATES/CREATE SHOULD RETURN REPRESENTATION

  181. CONSUMABLE ERROR PAYLOAD

  182. { "errors": { "email": "Email is required.", "password": "Password is

    required." } }

  183. AUTHENTICATION

  184. COOKIE-BASED

  185. TOKEN-BASED

  186. EFFECTIVELY USE HTTTP STATUS CODES

  187. CHECK OUT JSONAPI.ORG

  188. LANGUAGES & FRAMEWORKS

  189. NODE.JS EXPRESS SAILS.JS METEOR

  190. RUBY SINATRA RUBY ON RAILS

  191. GO REVEL MARTINI

  192. PYTHON DJANGO FLASK

  193. Q&A