BFTW: The Backend

Transcript

1. BUILDING FOR THE WEB

2. DAY 2

3. http://bit.ly/bftw-day2-qna

4. JOSÉ PADILLA

5. None

6. PERL

7. <script language="VBScript"> <!-- Set oWMP = CreateObject("WMPlayer.OCX.7") Set colCDROMs =

   oWMP.cdromCollection if colCDROMs.Count >= 1 then For i = 0 to colCDROMs.Count - 1 colCDROMs.Item(i).Eject Next ' cdrom End If --> </script>

8. WSH & VBSCRIPT

9. PHP & MYSQL HTML & JAVASCRIPT

10. HACKER

11. ENTREPRENEUR

12. CO-FOUNDER AT BLIMP

13. None
14. None

15. jpadilla.com

16. THE BACKEND

17. MAKING DEVELOPERS HAPPIER, MORE PRODUCTIVE AND MORE EFFICIENT

18. “We allow teams to function as independently as possible. Developers

    are like artists; they produce their best work if they have the freedom to do so, but they need good tools.” Werner Vogels, CTO at Amazon

19. TOPICS PATTERNS • HTTP • HTTPS AJAX • WEBSOCKETS •

    DATABASES CACHING • ANALYTICS • SECURITY ARCH • APIS • LIVE CODE

20. WAYS TO WRITE WEB APPS

21. MONOLITHIC PATTERN

22. BUILDING A SINGLE COUPLED PROJECT

23. None

24. SERVICE PATTERN

25. BUILDING VARIOUS SMALL INDEPENDENT WEB SERVICES

26. None
27. None
28. None
29. None

30. TOPICS PATTERNS • HTTP • HTTPS AJAX • WEBSOCKETS •

    DATABASES CACHING • ANALYTICS • SECURITY ARCH • APIS • LIVE CODE

31. HYPERTEXT TRANSFER PROTOCOL

32. None

33. HTTP is simple

34. None

35. 1) The client sends a request

36. GET /v1/cars HTTP/1.1 Host: api.example.com Accept: application/json User-Agent: Mozilla/5.0 (Macintosh)

37. HTTP METHODS

38. GET /v1/cars HTTP/1.1

39. GET

40. Retrieve the resource from the server

41. POST

42. Create a resource on the server

43. PUT

44. Update the resource on the server

45. DELETE

46. Delete the resource from the server

47. URI

48. GET /v1/cars HTTP/1.1

49. Identifies the resource the client wants

50. REQUEST HEADERS

51. Host: api.example.com Accept: application/json User-Agent: Mozilla/5.0 (Macintosh)

52. 2) The server returns a response

53. HTTP/1.1 200 OK Date: Tue, 12 Aug 2014 09:00:00 GMT

    Server: ngnix Content-Type: application/json { "message": "Hello World" }

54. HTTP/1.1 200 OK

55. STATUS CODES

56. HTTP/1.1 200 OK

57. INFORMATIONAL - 1XX 100 Continue 101 Switching Protocols

58. SUCCESSFUL - 2XX 200 OK 201 Created 202 Accepted 204

    No Content

59. REDIRECTION - 3XX 301 Moved Permanently 302 Found 304 Not

    Modified

60. CLIENT ERROR - 4XX 400 Bad Request 401 Unauthorized 403

    Forbidden 404 Not Found 405 Method Not Allowed

61. SERVER ERROR - 5XX 500 Internal Server Error 502 Bad

    Gateway 503 Service Unavailable

62. RESPONSE HEADERS

63. Date: Tue, 12 Aug 2014 09:00:00 GMT Server: ngnix Content-Type:

    application/json

64. RESPONSE BODY

65. { "message": "Hello World" }

66. REQUEST + RESPONSES = HTTP

67. TOPICS PATTERNS • HTTP • HTTPS AJAX • WEBSOCKETS •

    DATABASES CACHING • ANALYTICS • SECURITY ARCH • APIS • LIVE CODE

68. Hypertext Transfer Protocol Secure

69. None

70. Used for secure communication

71. HTTP + SSL/TLS

72. Privacy

73. Data integrity

74. When to use HTTPS?

75. Credit card details? Use HTTPS

76. Users/Passwords? Use HTTPS

77. USE HTTPS. ALWAYS.

78. WARNING

79. HTTPS is not a security silver bullet

80. Price: $10+ RapidSSL, StartSSL, Thawte...

81. TIPS

82. ssllabs.com

83. None

84. Redirect HTTP to HTTPS

85. TOPICS PATTERNS • HTTP • HTTPS AJAX • WEBSOCKETS •

    DATABASES CACHING • ANALYTICS • SECURITY ARCH • APIS • CODE EXAMPLE
86. None
87. None
88. None

89. JavaScript

90. XMLHttpRequest

91. Asynchronous JavaScript and XML

92. None
93. None

94. SERVER

95. GET /v1/cars HTTP/1.1 Host: api.example.com Accept: application/json User-Agent: Mozilla/5.0 (Macintosh)

    X-Requested-With: XMLHttpRequest

96. X-Requested-With: XMLHttpRequest

97. TOPICS PATTERNS • HTTP • HTTPS AJAX • WEBSOCKETS •

    DATABASES CACHING • ANALYTICS • SECURITY ARCH • APIS • LIVE CODE
98. None

99. GET ws://websocket.example.com/ HTTP/1.1 Origin: http://example.com Connection: Upgrade Host: websocket.example.com Upgrade:

    websocket

100. HTTP/1.1 101 WebSocket Protocol Handshake Date: Wed, 16 Oct 2013

     10:07:34 GMT Connection: Upgrade Upgrade: WebSocket

101. USE CASES

102. Real-time data/feeds

103. None

104. Instant messaging and chat

105. None

106. Collaborative editing

107. None

108. Multiplayer games

109. None
110. None
111. None

112. TOPICS PATTERNS • HTTP • HTTPS AJAX • WEBSOCKETS •

     DATABASES CACHING • ANALYTICS • SECURITY ARCH • APIS • LIVE CODE

113. SQL DATABASES

114. NOSQL DATABASES

115. HOW TO CHOOSE?

116. HOW I CHOSE?

117. BREAK!

118. TOPICS PATTERNS • HTTP • HTTPS AJAX • WEBSOCKETS •

     DATABASES CACHING • ANALYTICS • SECURITY ARCH • APIS • LIVE CODE

119. try finding the Monthly Report in the cache if the

     data is in the cache: return the cached Monthly Report else: execute complex and time-consuming queries save the generated Monthly Report return the cached Monthly Report

120. WHEN TO IMPLEMENT CACHING?

121. MEMCACHED

122. REDIS

123. TOPICS PATTERNS • HTTP • HTTPS AJAX • WEBSOCKETS •

     DATABASES CACHING • ANALYTICS • SECURITY ARCH • APIS • LIVE CODE
124. None

125. STATSD

126. None

127. NEW RELIC

128. None

129. LOGGLY

130. None

131. TOPICS PATTERNS • HTTP • HTTPS AJAX • WEBSOCKETS •

     DATABASES CACHING • ANALYTICS • SECURITY ARCH • APIS • LIVE CODE

132. DON'T REINVENT THE WHEEL

133. None

134. UNFILTERED INPUT, UNESCAPED OUTPUT

135. CROSS-SITE SCRIPTING (XSS)

136. SQL INJECTION

137. None

138. CROSS-SITE REQUEST FORGERY (CSRF)

139. DON'T STORE PASSWORDS IN PLAIN TEXT

140. DON'T EMAIL A USER'S PASSWORD

141. HASH PASSWORDS WITH PBKDF2

142. OWASP

143. TOPICS PATTERNS • HTTP • HTTPS AJAX • WEBSOCKETS •

     DATABASES CACHING • ANALYTICS • SECURITY ARCH • APIS • LIVE CODE

144. THE TWELVE- FACTOR APP

145. DECLARATIVE

146. MAXIMUM PORTABILITY

147. DEPLOY TO CLOUD

148. DEV/PROD PARITY

149. SCALABLE

150. TOPICS PATTERNS • HTTP • HTTPS AJAX • WEBSOCKETS •

     DATABASES CACHING • ANALYTICS • SECURITY ARCH • APIS • LIVE CODE
151. None

152. <?xml version="1.0"?> <soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope"> <soap:Header> </soap:Header> <soap:Body> <m:GetStockPrice xmlns:m="http://www.example.org/stock"> <m:StockName>IBM</m:StockName>

     </m:GetStockPrice> </soap:Body> </soap:Envelope>
153. None

154. REPRESENTATIONAL STATE TRANSFER

155. RESOURCE-BASED

156. Verbs (Don't) POST /GetSongs HTTP/1.1

157. Nouns (Do) GET /songs HTTP/1.1

158. REPRESENTATIONS

159. { "id": 1, "name": "Pretty When You Cry", "album": 1,

     "favorite": false }

160. <song> <id>1</id> <name>Pretty When You Cry</name> <album>1</album> <favorite>false</favorite> </song>

161. STATELESS

162. UNIFORM INTERFACE

163. TIPS

164. API = DEV'S UI

165. USE RESTFUL URLS AND ACTIONS

166. GET /songs HTTP/1.1 Accept: application/json HTTP/1.1 200 OK Content-Type: application/json

     [{ "id": 1, "name": "Pretty When You Cry" }, { "id": 1, "name": "Money Power Glory" }]

167. GET /songs/1 HTTP/1.1 Accept: application/json HTTP/1.1 200 OK Content-Type: application/json

     { "id": 1, "name": "Pretty When You Cry" }

168. POST /songs HTTP/1.1 Accept: application/json { "name": "West Coast" }

     HTTP/1.1 201 CREATED Content-Type: application/json { "id": 3, "name": "West Coast" }

169. PUT /songs/3 HTTP/1.1 Accept: application/json { "name": "West Coast (Updated)"

     } HTTP/1.1 200 OK Content-Type: application/json { "id": 3, "name": "West Coast (Updated)" }

170. DELETE /songs/3 HTTP/1.1 Accept: application/json HTTP/1.1 204 NO CONTENT Content-Type:

     application/json

171. USE SSL. ALWAYS.

172. VERSIONING

173. GET /v1/songs

174. FILTERING, SORTING & SEARCHING

175. GET /songs?sort=-name GET /songs?favorite=true GET /songs?q=ritmo

176. ALLOW LIMITING FIELDS

177. GET /songs?fields=id,name

178. USE JSON

179. PAGINATION

180. UPDATES/CREATE SHOULD RETURN REPRESENTATION

181. CONSUMABLE ERROR PAYLOAD

182. { "errors": { "email": "Email is required.", "password": "Password is

     required." } }

183. AUTHENTICATION

184. COOKIE-BASED

185. TOKEN-BASED

186. EFFECTIVELY USE HTTTP STATUS CODES

187. CHECK OUT JSONAPI.ORG

188. LANGUAGES & FRAMEWORKS

189. NODE.JS EXPRESS SAILS.JS METEOR

190. RUBY SINATRA RUBY ON RAILS

191. GO REVEL MARTINI

192. PYTHON DJANGO FLASK

193. Q&A