BFTW: The Backend

Becd166a81dc51c0009f602d175d0cc8?s=47 José Padilla
August 13, 2014
Technology
4
150

BFTW: The Backend

Day 2 of Building for the Web. Discussing backend development for modern web apps.

Becd166a81dc51c0009f602d175d0cc8?s=128

José Padilla

August 13, 2014
Tweet

More Decks by José Padilla

See All by José Padilla
Becd166a81dc51c0009f602d175d0cc8?s=48 jpadilla
0
11
Becd166a81dc51c0009f602d175d0cc8?s=48 jpadilla
0
3.8k
Becd166a81dc51c0009f602d175d0cc8?s=48 jpadilla
0
130
Becd166a81dc51c0009f602d175d0cc8?s=48 jpadilla
0
1.9k
Becd166a81dc51c0009f602d175d0cc8?s=48 jpadilla
15
9.4k
Becd166a81dc51c0009f602d175d0cc8?s=48 jpadilla
0
120
Becd166a81dc51c0009f602d175d0cc8?s=48 jpadilla
2
330
Becd166a81dc51c0009f602d175d0cc8?s=48 jpadilla
3
2.1k
Becd166a81dc51c0009f602d175d0cc8?s=48 jpadilla
2
150

Other Decks in Technology

See All in Technology
332f89cc697355902a817506b6995f2b?s=48 ytaka23
2
1k
42d77f62a04b402d6f7cad816a417592?s=48 watawatavoltage
0
230
Ecad9d801d79f6c6e5df93094690685e?s=48 sinsoku
6
2.2k
9b600b6d2f592d0944507e989770b9b3?s=48 issei126
1
760
Cc8a208e174943d1da814783841abd50?s=48 shinodogg
0
180
0620564f0125b8b3b7f4fe40c10b8b4e?s=48 tattn
4
870
42ba906dc35ef460ffcb1b7c3307ef45?s=48 spring_raining
0
1.2k
098ad475722e3697ec2fba28c8654f9f?s=48 yuhta28
0
400
93fc2d713bc4d0e9c594bf8c9e6bcc62?s=48 oztick139
0
130
Cf18e42df2acc7a1fc1700bcd8e76487?s=48 syrusakbary
0
250
F0ec1a6cb9e7be1911ed97b6561ed5ac?s=48 k1nakayama
0
140
2102a6b8760bd6f57f672805723dd83a?s=48 line_developers_tw
0
760

Featured

See All Featured
761be20b5ebd271008bcee1244fc5b52?s=48 matthewcrist
71
7k
06f8b41980eb4c577fa40c41d5030c19?s=48 keathley
15
530
Dafc4723e9a1c067796c0fec6f509774?s=48 lemiorhan
622
40k
5b6a2bd86ef643786a381a212e0ef2f1?s=48 geoffreycrofte
11
520
C7393b7ba7ec9c8890dd77d209fbb3c9?s=48 maltzj
499
36k
1b8ad785acdd1ce1c99914b1c2a4e10e?s=48 sugarenia
230
790k
C51b39fa3c79ccb99dcb8a076bc98287?s=48 brianwarren
82
4.6k
E14f55d3f939977cecbf51b64ff6f861?s=48 keithpitt
399
20k
Ae14cc4491ac334f9cd23f9f93b4305e?s=48 orderedlist
PRO
326
35k
6bb82b13cda86d3b821fa44100335ddf?s=48 thoeni
3
370
Aff5641764408271f7bc398f2097edd0?s=48 denniskardys
219
110k
C4de88ea47538e4594750e3861a341c8?s=48 brettharned
92
2.8k

Transcript

  1. BUILDING FOR THE WEB

  2. DAY 2

  3. http://bit.ly/bftw-day2-qna

  4. JOSÉ PADILLA

  5. None

  6. PERL

  7. <script language="VBScript"> <!-- Set oWMP = CreateObject("WMPlayer.OCX.7") Set colCDROMs =

    oWMP.cdromCollection if colCDROMs.Count >= 1 then For i = 0 to colCDROMs.Count - 1 colCDROMs.Item(i).Eject Next ' cdrom End If --> </script>

  8. WSH & VBSCRIPT

  9. PHP & MYSQL HTML & JAVASCRIPT

  10. HACKER

  11. ENTREPRENEUR

  12. CO-FOUNDER AT BLIMP

  13. None
  14. None

  15. jpadilla.com

  16. THE BACKEND

  17. MAKING DEVELOPERS HAPPIER, MORE PRODUCTIVE AND MORE EFFICIENT

  18. “We allow teams to function as independently as possible. Developers

    are like artists; they produce their best work if they have the freedom to do so, but they need good tools.” Werner Vogels, CTO at Amazon

  19. TOPICS PATTERNS • HTTP • HTTPS AJAX • WEBSOCKETS •

    DATABASES CACHING • ANALYTICS • SECURITY ARCH • APIS • LIVE CODE

  20. WAYS TO WRITE WEB APPS

  21. MONOLITHIC PATTERN

  22. BUILDING A SINGLE COUPLED PROJECT

  23. None

  24. SERVICE PATTERN

  25. BUILDING VARIOUS SMALL INDEPENDENT WEB SERVICES

  26. None
  27. None
  28. None
  29. None

  30. TOPICS PATTERNS • HTTP • HTTPS AJAX • WEBSOCKETS •

    DATABASES CACHING • ANALYTICS • SECURITY ARCH • APIS • LIVE CODE

  31. HYPERTEXT TRANSFER PROTOCOL

  32. None

  33. HTTP is simple

  34. None

  35. 1) The client sends a request

  36. GET /v1/cars HTTP/1.1 Host: api.example.com Accept: application/json User-Agent: Mozilla/5.0 (Macintosh)

  37. HTTP METHODS

  38. GET /v1/cars HTTP/1.1

  39. GET

  40. Retrieve the resource from the server

  41. POST

  42. Create a resource on the server

  43. PUT

  44. Update the resource on the server

  45. DELETE

  46. Delete the resource from the server

  47. URI

  48. GET /v1/cars HTTP/1.1

  49. Identifies the resource the client wants

  50. REQUEST HEADERS

  51. Host: api.example.com Accept: application/json User-Agent: Mozilla/5.0 (Macintosh)

  52. 2) The server returns a response

  53. HTTP/1.1 200 OK Date: Tue, 12 Aug 2014 09:00:00 GMT

    Server: ngnix Content-Type: application/json { "message": "Hello World" }

  54. HTTP/1.1 200 OK

  55. STATUS CODES

  56. HTTP/1.1 200 OK

  57. INFORMATIONAL - 1XX 100 Continue 101 Switching Protocols

  58. SUCCESSFUL - 2XX 200 OK 201 Created 202 Accepted 204

    No Content

  59. REDIRECTION - 3XX 301 Moved Permanently 302 Found 304 Not

    Modified

  60. CLIENT ERROR - 4XX 400 Bad Request 401 Unauthorized 403

    Forbidden 404 Not Found 405 Method Not Allowed

  61. SERVER ERROR - 5XX 500 Internal Server Error 502 Bad

    Gateway 503 Service Unavailable

  62. RESPONSE HEADERS

  63. Date: Tue, 12 Aug 2014 09:00:00 GMT Server: ngnix Content-Type:

    application/json

  64. RESPONSE BODY

  65. { "message": "Hello World" }

  66. REQUEST + RESPONSES = HTTP

  67. TOPICS PATTERNS • HTTP • HTTPS AJAX • WEBSOCKETS •

    DATABASES CACHING • ANALYTICS • SECURITY ARCH • APIS • LIVE CODE

  68. Hypertext Transfer Protocol Secure

  69. None

  70. Used for secure communication

  71. HTTP + SSL/TLS

  72. Privacy

  73. Data integrity

  74. When to use HTTPS?

  75. Credit card details? Use HTTPS

  76. Users/Passwords? Use HTTPS

  77. USE HTTPS. ALWAYS.

  78. WARNING

  79. HTTPS is not a security silver bullet

  80. Price: $10+ RapidSSL, StartSSL, Thawte...

  81. TIPS

  82. ssllabs.com

  83. None

  84. Redirect HTTP to HTTPS

  85. TOPICS PATTERNS • HTTP • HTTPS AJAX • WEBSOCKETS •

    DATABASES CACHING • ANALYTICS • SECURITY ARCH • APIS • CODE EXAMPLE
  86. None
  87. None
  88. None

  89. JavaScript

  90. XMLHttpRequest

  91. Asynchronous JavaScript and XML

  92. None
  93. None

  94. SERVER

  95. GET /v1/cars HTTP/1.1 Host: api.example.com Accept: application/json User-Agent: Mozilla/5.0 (Macintosh)

    X-Requested-With: XMLHttpRequest

  96. X-Requested-With: XMLHttpRequest

  97. TOPICS PATTERNS • HTTP • HTTPS AJAX • WEBSOCKETS •

    DATABASES CACHING • ANALYTICS • SECURITY ARCH • APIS • LIVE CODE
  98. None

  99. GET ws://websocket.example.com/ HTTP/1.1 Origin: http://example.com Connection: Upgrade Host: websocket.example.com Upgrade:

    websocket

  100. HTTP/1.1 101 WebSocket Protocol Handshake Date: Wed, 16 Oct 2013

    10:07:34 GMT Connection: Upgrade Upgrade: WebSocket

  101. USE CASES

  102. Real-time data/feeds

  103. None

  104. Instant messaging and chat

  105. None

  106. Collaborative editing

  107. None

  108. Multiplayer games

  109. None
  110. None
  111. None

  112. TOPICS PATTERNS • HTTP • HTTPS AJAX • WEBSOCKETS •

    DATABASES CACHING • ANALYTICS • SECURITY ARCH • APIS • LIVE CODE

  113. SQL DATABASES

  114. NOSQL DATABASES

  115. HOW TO CHOOSE?

  116. HOW I CHOSE?

  117. BREAK!

  118. TOPICS PATTERNS • HTTP • HTTPS AJAX • WEBSOCKETS •

    DATABASES CACHING • ANALYTICS • SECURITY ARCH • APIS • LIVE CODE

  119. try finding the Monthly Report in the cache if the

    data is in the cache: return the cached Monthly Report else: execute complex and time-consuming queries save the generated Monthly Report return the cached Monthly Report

  120. WHEN TO IMPLEMENT CACHING?

  121. MEMCACHED

  122. REDIS

  123. TOPICS PATTERNS • HTTP • HTTPS AJAX • WEBSOCKETS •

    DATABASES CACHING • ANALYTICS • SECURITY ARCH • APIS • LIVE CODE
  124. None

  125. STATSD

  126. None

  127. NEW RELIC

  128. None

  129. LOGGLY

  130. None

  131. TOPICS PATTERNS • HTTP • HTTPS AJAX • WEBSOCKETS •

    DATABASES CACHING • ANALYTICS • SECURITY ARCH • APIS • LIVE CODE

  132. DON'T REINVENT THE WHEEL

  133. None

  134. UNFILTERED INPUT, UNESCAPED OUTPUT

  135. CROSS-SITE SCRIPTING (XSS)

  136. SQL INJECTION

  137. None

  138. CROSS-SITE REQUEST FORGERY (CSRF)

  139. DON'T STORE PASSWORDS IN PLAIN TEXT

  140. DON'T EMAIL A USER'S PASSWORD

  141. HASH PASSWORDS WITH PBKDF2

  142. OWASP

  143. TOPICS PATTERNS • HTTP • HTTPS AJAX • WEBSOCKETS •

    DATABASES CACHING • ANALYTICS • SECURITY ARCH • APIS • LIVE CODE

  144. THE TWELVE- FACTOR APP

  145. DECLARATIVE

  146. MAXIMUM PORTABILITY

  147. DEPLOY TO CLOUD

  148. DEV/PROD PARITY

  149. SCALABLE

  150. TOPICS PATTERNS • HTTP • HTTPS AJAX • WEBSOCKETS •

    DATABASES CACHING • ANALYTICS • SECURITY ARCH • APIS • LIVE CODE
  151. None

  152. <?xml version="1.0"?> <soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope"> <soap:Header> </soap:Header> <soap:Body> <m:GetStockPrice xmlns:m="http://www.example.org/stock"> <m:StockName>IBM</m:StockName>

    </m:GetStockPrice> </soap:Body> </soap:Envelope>
  153. None

  154. REPRESENTATIONAL STATE TRANSFER

  155. RESOURCE-BASED

  156. Verbs (Don't) POST /GetSongs HTTP/1.1

  157. Nouns (Do) GET /songs HTTP/1.1

  158. REPRESENTATIONS

  159. { "id": 1, "name": "Pretty When You Cry", "album": 1,

    "favorite": false }

  160. <song> <id>1</id> <name>Pretty When You Cry</name> <album>1</album> <favorite>false</favorite> </song>

  161. STATELESS

  162. UNIFORM INTERFACE

  163. TIPS

  164. API = DEV'S UI

  165. USE RESTFUL URLS AND ACTIONS

  166. GET /songs HTTP/1.1 Accept: application/json HTTP/1.1 200 OK Content-Type: application/json

    [{ "id": 1, "name": "Pretty When You Cry" }, { "id": 1, "name": "Money Power Glory" }]

  167. GET /songs/1 HTTP/1.1 Accept: application/json HTTP/1.1 200 OK Content-Type: application/json

    { "id": 1, "name": "Pretty When You Cry" }

  168. POST /songs HTTP/1.1 Accept: application/json { "name": "West Coast" }

    HTTP/1.1 201 CREATED Content-Type: application/json { "id": 3, "name": "West Coast" }

  169. PUT /songs/3 HTTP/1.1 Accept: application/json { "name": "West Coast (Updated)"

    } HTTP/1.1 200 OK Content-Type: application/json { "id": 3, "name": "West Coast (Updated)" }

  170. DELETE /songs/3 HTTP/1.1 Accept: application/json HTTP/1.1 204 NO CONTENT Content-Type:

    application/json

  171. USE SSL. ALWAYS.

  172. VERSIONING

  173. GET /v1/songs

  174. FILTERING, SORTING & SEARCHING

  175. GET /songs?sort=-name GET /songs?favorite=true GET /songs?q=ritmo

  176. ALLOW LIMITING FIELDS

  177. GET /songs?fields=id,name

  178. USE JSON

  179. PAGINATION

  180. UPDATES/CREATE SHOULD RETURN REPRESENTATION

  181. CONSUMABLE ERROR PAYLOAD

  182. { "errors": { "email": "Email is required.", "password": "Password is

    required." } }

  183. AUTHENTICATION

  184. COOKIE-BASED

  185. TOKEN-BASED

  186. EFFECTIVELY USE HTTTP STATUS CODES

  187. CHECK OUT JSONAPI.ORG

  188. LANGUAGES & FRAMEWORKS

  189. NODE.JS EXPRESS SAILS.JS METEOR

  190. RUBY SINATRA RUBY ON RAILS

  191. GO REVEL MARTINI

  192. PYTHON DJANGO FLASK

  193. Q&A