Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
BFTW: The Backend
Search
José Padilla
August 13, 2014
Technology
4
170
BFTW: The Backend
Day 2 of Building for the Web. Discussing backend development for modern web apps.
José Padilla
August 13, 2014
Tweet
Share
More Decks by José Padilla
See All by José Padilla
Python, Government, and Contracts
jpadilla
0
37
Python, Government, and Contracts
jpadilla
0
4.7k
Python Type Hints
jpadilla
0
390
Developer Ergonomics
jpadilla
0
2k
DjangoCon - JSON Web Tokens
jpadilla
15
11k
eventos
jpadilla
0
140
JWT
jpadilla
2
410
Ember.js + Django
jpadilla
3
2.1k
UPRB Basic Workshop
jpadilla
2
190
Other Decks in Technology
See All in Technology
開発生産性をむしろ向上させる セキュリティパートナーの作り方 / Dev Productivity Con 2024
flatt_security
0
390
データ分析を支える技術 生成AI再入門
ishikawa_satoru
0
380
エンジニア向け会社紹介資料
caddi_eng
14
230k
データベース研修 DB基礎【MIXI 24新卒技術研修】
mixi_engineers
PRO
0
220
What if...? 처음부터 다시 LLM 어플리케이션을 개발한다면
huffon
0
1k
AWSサービスメニュー開発をしていてAWSを好きだ!と感じた瞬間
toru_kubota
0
130
Classmethod Odyssey 登壇資料
yamahiro
0
390
データベース研修 分析向けSQL入門【MIXI 24新卒技術研修】
mixi_engineers
PRO
0
110
AWSで”最小権限の原則”を実現するための考え方 /20240722-ssmjp-aws-least-privilege
opelab
10
4.4k
Android研修【MIXI 24新卒技術研修】
mixi_engineers
PRO
0
100
OSSコミットしてZennの課題を解決した話
dyoshikawa1993
0
150
頼られるのが大好きな 皆さんへ - 支援相手との期待の合わせ方、突き放し方 -/For_people_who_like_to_be_relied_on
naitosatoshi
1
290
Featured
See All Featured
How To Stay Up To Date on Web Technology
chriscoyier
784
250k
Designing with Data
zakiwarfel
96
5k
Making the Leap to Tech Lead
cromwellryan
127
8.7k
Statistics for Hackers
jakevdp
792
220k
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
tammyeverts
34
1.9k
"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)
danielanewman
224
21k
Rails Girls Zürich Keynote
gr2m
93
13k
Optimizing for Happiness
mojombo
373
69k
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
stephaniewalter
277
13k
CSS Pre-Processors: Stylus, Less & Sass
bermonpainter
353
29k
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
aki_iinuma
90
47k
Building Adaptive Systems
keathley
34
2k
Transcript
BUILDING FOR THE WEB
DAY 2
http://bit.ly/bftw-day2-qna
JOSÉ PADILLA
None
PERL
<script language="VBScript"> <!-- Set oWMP = CreateObject("WMPlayer.OCX.7") Set colCDROMs =
oWMP.cdromCollection if colCDROMs.Count >= 1 then For i = 0 to colCDROMs.Count - 1 colCDROMs.Item(i).Eject Next ' cdrom End If --> </script>
WSH & VBSCRIPT
PHP & MYSQL HTML & JAVASCRIPT
HACKER
ENTREPRENEUR
CO-FOUNDER AT BLIMP
None
None
jpadilla.com
THE BACKEND
MAKING DEVELOPERS HAPPIER, MORE PRODUCTIVE AND MORE EFFICIENT
“We allow teams to function as independently as possible. Developers
are like artists; they produce their best work if they have the freedom to do so, but they need good tools.” Werner Vogels, CTO at Amazon
TOPICS PATTERNS • HTTP • HTTPS AJAX • WEBSOCKETS •
DATABASES CACHING • ANALYTICS • SECURITY ARCH • APIS • LIVE CODE
WAYS TO WRITE WEB APPS
MONOLITHIC PATTERN
BUILDING A SINGLE COUPLED PROJECT
None
SERVICE PATTERN
BUILDING VARIOUS SMALL INDEPENDENT WEB SERVICES
None
None
None
None
TOPICS PATTERNS • HTTP • HTTPS AJAX • WEBSOCKETS •
DATABASES CACHING • ANALYTICS • SECURITY ARCH • APIS • LIVE CODE
HYPERTEXT TRANSFER PROTOCOL
None
HTTP is simple
None
1) The client sends a request
GET /v1/cars HTTP/1.1 Host: api.example.com Accept: application/json User-Agent: Mozilla/5.0 (Macintosh)
HTTP METHODS
GET /v1/cars HTTP/1.1
GET
Retrieve the resource from the server
POST
Create a resource on the server
PUT
Update the resource on the server
DELETE
Delete the resource from the server
URI
GET /v1/cars HTTP/1.1
Identifies the resource the client wants
REQUEST HEADERS
Host: api.example.com Accept: application/json User-Agent: Mozilla/5.0 (Macintosh)
2) The server returns a response
HTTP/1.1 200 OK Date: Tue, 12 Aug 2014 09:00:00 GMT
Server: ngnix Content-Type: application/json { "message": "Hello World" }
HTTP/1.1 200 OK
STATUS CODES
HTTP/1.1 200 OK
INFORMATIONAL - 1XX 100 Continue 101 Switching Protocols
SUCCESSFUL - 2XX 200 OK 201 Created 202 Accepted 204
No Content
REDIRECTION - 3XX 301 Moved Permanently 302 Found 304 Not
Modified
CLIENT ERROR - 4XX 400 Bad Request 401 Unauthorized 403
Forbidden 404 Not Found 405 Method Not Allowed
SERVER ERROR - 5XX 500 Internal Server Error 502 Bad
Gateway 503 Service Unavailable
RESPONSE HEADERS
Date: Tue, 12 Aug 2014 09:00:00 GMT Server: ngnix Content-Type:
application/json
RESPONSE BODY
{ "message": "Hello World" }
REQUEST + RESPONSES = HTTP
TOPICS PATTERNS • HTTP • HTTPS AJAX • WEBSOCKETS •
DATABASES CACHING • ANALYTICS • SECURITY ARCH • APIS • LIVE CODE
Hypertext Transfer Protocol Secure
None
Used for secure communication
HTTP + SSL/TLS
Privacy
Data integrity
When to use HTTPS?
Credit card details? Use HTTPS
Users/Passwords? Use HTTPS
USE HTTPS. ALWAYS.
WARNING
HTTPS is not a security silver bullet
Price: $10+ RapidSSL, StartSSL, Thawte...
TIPS
ssllabs.com
None
Redirect HTTP to HTTPS
TOPICS PATTERNS • HTTP • HTTPS AJAX • WEBSOCKETS •
DATABASES CACHING • ANALYTICS • SECURITY ARCH • APIS • CODE EXAMPLE
None
None
None
JavaScript
XMLHttpRequest
Asynchronous JavaScript and XML
None
None
SERVER
GET /v1/cars HTTP/1.1 Host: api.example.com Accept: application/json User-Agent: Mozilla/5.0 (Macintosh)
X-Requested-With: XMLHttpRequest
X-Requested-With: XMLHttpRequest
TOPICS PATTERNS • HTTP • HTTPS AJAX • WEBSOCKETS •
DATABASES CACHING • ANALYTICS • SECURITY ARCH • APIS • LIVE CODE
None
GET ws://websocket.example.com/ HTTP/1.1 Origin: http://example.com Connection: Upgrade Host: websocket.example.com Upgrade:
websocket
HTTP/1.1 101 WebSocket Protocol Handshake Date: Wed, 16 Oct 2013
10:07:34 GMT Connection: Upgrade Upgrade: WebSocket
USE CASES
Real-time data/feeds
None
Instant messaging and chat
None
Collaborative editing
None
Multiplayer games
None
None
None
TOPICS PATTERNS • HTTP • HTTPS AJAX • WEBSOCKETS •
DATABASES CACHING • ANALYTICS • SECURITY ARCH • APIS • LIVE CODE
SQL DATABASES
NOSQL DATABASES
HOW TO CHOOSE?
HOW I CHOSE?
BREAK!
TOPICS PATTERNS • HTTP • HTTPS AJAX • WEBSOCKETS •
DATABASES CACHING • ANALYTICS • SECURITY ARCH • APIS • LIVE CODE
try finding the Monthly Report in the cache if the
data is in the cache: return the cached Monthly Report else: execute complex and time-consuming queries save the generated Monthly Report return the cached Monthly Report
WHEN TO IMPLEMENT CACHING?
MEMCACHED
REDIS
TOPICS PATTERNS • HTTP • HTTPS AJAX • WEBSOCKETS •
DATABASES CACHING • ANALYTICS • SECURITY ARCH • APIS • LIVE CODE
None
STATSD
None
NEW RELIC
None
LOGGLY
None
TOPICS PATTERNS • HTTP • HTTPS AJAX • WEBSOCKETS •
DATABASES CACHING • ANALYTICS • SECURITY ARCH • APIS • LIVE CODE
DON'T REINVENT THE WHEEL
None
UNFILTERED INPUT, UNESCAPED OUTPUT
CROSS-SITE SCRIPTING (XSS)
SQL INJECTION
None
CROSS-SITE REQUEST FORGERY (CSRF)
DON'T STORE PASSWORDS IN PLAIN TEXT
DON'T EMAIL A USER'S PASSWORD
HASH PASSWORDS WITH PBKDF2
OWASP
TOPICS PATTERNS • HTTP • HTTPS AJAX • WEBSOCKETS •
DATABASES CACHING • ANALYTICS • SECURITY ARCH • APIS • LIVE CODE
THE TWELVE- FACTOR APP
DECLARATIVE
MAXIMUM PORTABILITY
DEPLOY TO CLOUD
DEV/PROD PARITY
SCALABLE
TOPICS PATTERNS • HTTP • HTTPS AJAX • WEBSOCKETS •
DATABASES CACHING • ANALYTICS • SECURITY ARCH • APIS • LIVE CODE
None
<?xml version="1.0"?> <soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope"> <soap:Header> </soap:Header> <soap:Body> <m:GetStockPrice xmlns:m="http://www.example.org/stock"> <m:StockName>IBM</m:StockName>
</m:GetStockPrice> </soap:Body> </soap:Envelope>
None
REPRESENTATIONAL STATE TRANSFER
RESOURCE-BASED
Verbs (Don't) POST /GetSongs HTTP/1.1
Nouns (Do) GET /songs HTTP/1.1
REPRESENTATIONS
{ "id": 1, "name": "Pretty When You Cry", "album": 1,
"favorite": false }
<song> <id>1</id> <name>Pretty When You Cry</name> <album>1</album> <favorite>false</favorite> </song>
STATELESS
UNIFORM INTERFACE
TIPS
API = DEV'S UI
USE RESTFUL URLS AND ACTIONS
GET /songs HTTP/1.1 Accept: application/json HTTP/1.1 200 OK Content-Type: application/json
[{ "id": 1, "name": "Pretty When You Cry" }, { "id": 1, "name": "Money Power Glory" }]
GET /songs/1 HTTP/1.1 Accept: application/json HTTP/1.1 200 OK Content-Type: application/json
{ "id": 1, "name": "Pretty When You Cry" }
POST /songs HTTP/1.1 Accept: application/json { "name": "West Coast" }
HTTP/1.1 201 CREATED Content-Type: application/json { "id": 3, "name": "West Coast" }
PUT /songs/3 HTTP/1.1 Accept: application/json { "name": "West Coast (Updated)"
} HTTP/1.1 200 OK Content-Type: application/json { "id": 3, "name": "West Coast (Updated)" }
DELETE /songs/3 HTTP/1.1 Accept: application/json HTTP/1.1 204 NO CONTENT Content-Type:
application/json
USE SSL. ALWAYS.
VERSIONING
GET /v1/songs
FILTERING, SORTING & SEARCHING
GET /songs?sort=-name GET /songs?favorite=true GET /songs?q=ritmo
ALLOW LIMITING FIELDS
GET /songs?fields=id,name
USE JSON
PAGINATION
UPDATES/CREATE SHOULD RETURN REPRESENTATION
CONSUMABLE ERROR PAYLOAD
{ "errors": { "email": "Email is required.", "password": "Password is
required." } }
AUTHENTICATION
COOKIE-BASED
TOKEN-BASED
EFFECTIVELY USE HTTTP STATUS CODES
CHECK OUT JSONAPI.ORG
LANGUAGES & FRAMEWORKS
NODE.JS EXPRESS SAILS.JS METEOR
RUBY SINATRA RUBY ON RAILS
GO REVEL MARTINI
PYTHON DJANGO FLASK
Q&A