Slide 1

Slide 1 text

The REST Ascendancy

Slide 2

Slide 2 text

The REST Ascendancy OUTLINE 1. WHY REST 2. BEST OF THE REST 3. PAIN POINTS 4. THE FUTURE

Slide 3

Slide 3 text

The REST Ascendancy 1. WHY REST 2. STATE OF REST 3. PAIN POINTS 4. THE FUTURE

Slide 4

Slide 4 text

The REST Ascendancy

Slide 5

Slide 5 text

The REST Ascendancy • Database • Cache • App logic • Display logic • Interactions Frontend Backend

Slide 6

Slide 6 text

The REST Ascendancy • Database • Cache • App logic • Display logic • Interactions Frontend Backend HTML!

Slide 7

Slide 7 text

The REST Ascendancy • Database • Cache • App logic • Display logic • Interactions Frontend Backend HTML! and AJAX!

Slide 8

Slide 8 text

The REST Ascendancy • Database • Cache • App logic • Display logic • Interactions Frontend Backend

Slide 9

Slide 9 text

The REST Ascendancy • Database • Cache • App logic • Display logic • Interactions Frontend Backend Representational State Transfer!

Slide 10

Slide 10 text

The REST Ascendancy • Database • Cache • App logic • Display logic • Interactions Frontend Backend REST!

Slide 11

Slide 11 text

The REST Ascendancy 2. STATE OF REST 1. WHY REST 3. PAIN POINTS 4. THE FUTURE

Slide 12

Slide 12 text

The REST Ascendancy Django REST Framework 172,000 downloads Django Tastypie 37,000 downloads Django Piston 4,000 downloads Flask RESTful 60,000 downloads Pyramid Cornice 12,000 downloads

Slide 13

Slide 13 text

The REST Ascendancy SERIALIZERS class CatSerializer(serializers.ModelSerializer): class Meta: model = Cat fields = ['id', 'age', 'hair', 'grumpiness',]

Slide 14

Slide 14 text

The REST Ascendancy VIEWS class CatViewSet(viewsets.ModelViewSet): queryset = Cat.objects.all() serializer_class = CatSerializer

Slide 15

Slide 15 text

The REST Ascendancy PERMISSIONS class OwnerOrReadOnlyPermission(permissions.BasePermission): def has_object_permission(self, request, view, obj): if request.method in permissions.SAFE_METHODS: return True return obj.owner == request.user

Slide 16

Slide 16 text

The REST Ascendancy 3. PAIN POINTS 1. WHY REST 2. STATE OF REST 4. THE FUTURE

Slide 17

Slide 17 text

The REST Ascendancy WHO’S THE CONSUMER? Your API

Slide 18

Slide 18 text

The REST Ascendancy WHO’S THE CONSUMER? Your API Developers

Slide 19

Slide 19 text

The REST Ascendancy WHO’S THE CONSUMER? Your API Your App Developers

Slide 20

Slide 20 text

The REST Ascendancy • Database • Cache • App logic • Display logic • Interactions Frontend Backend

Slide 21

Slide 21 text

The REST Ascendancy • Database • Cache • App logic • Display logic • Interactions Frontend Backend

Slide 22

Slide 22 text

The REST Ascendancy • Database • Cache • App logic • Display logic • Interactions Untrusted Trusted

Slide 23

Slide 23 text

The REST Ascendancy • Database • Cache • App logic • Display logic • Interactions Untrusted Trusted

Slide 24

Slide 24 text

The REST Ascendancy AUTHENTICATION

Slide 25

Slide 25 text

The REST Ascendancy AUTHENTICATION • Session auth 'rest_framework.authentication.SessionAuthentication'

Slide 26

Slide 26 text

The REST Ascendancy AUTHENTICATION • Session auth • Token auth example.com/api/products/? jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3O DkwIiwibmFtZSI6IkpvaG4gRG9lIDIiLCJhZG1pbiI6dHJ1ZX0.wUJs5ArG9be wMeW3mZONhhAGs877ZWJWZlMHlROTyKU

Slide 27

Slide 27 text

The REST Ascendancy AUTHENTICATION • Session auth • Token auth • Signed auth example.com/api/products/? sign=svf668fe0d-a2ab-4855-bb65-baf210b1e64c:bZyPId_-Qmi5B- YUkifs5FLEqqI

Slide 28

Slide 28 text

The REST Ascendancy AUTHENTICATION • Session auth • Token auth • Signed auth • All the things!

Slide 29

Slide 29 text

The REST Ascendancy PERMISSIONS

Slide 30

Slide 30 text

The REST Ascendancy PERMISSIONS • Table-level permissions

Slide 31

Slide 31 text

The REST Ascendancy PERMISSIONS • Table-level permissions • Column-level permissions

Slide 32

Slide 32 text

The REST Ascendancy PERMISSIONS • Table-level permissions • Column-level permissions • Row-level permissions

Slide 33

Slide 33 text

The REST Ascendancy PERMISSIONS • Table-level permissions • Column-level permissions • Row-level permissions • Read vs write permissions

Slide 34

Slide 34 text

The REST Ascendancy PERMISSIONS • Table-level permissions • Column-level permissions • Row-level permissions • Read vs write permissions • Multiple simultaneous auth methods

Slide 35

Slide 35 text

The REST Ascendancy PERMISSIONS • Table-level permissions • Column-level permissions • Row-level permissions • Read vs write permissions • Multiple simultaneous auth methods • All the things!

Slide 36

Slide 36 text

The REST Ascendancy REAL EXAMPLE

Slide 37

Slide 37 text

The REST Ascendancy REAL EXAMPLE class OrderViewSet(SignViewSetMixin, viewsets.ModelViewSet): queryset = Order.objects.all() permission_classes = [ Or( And(IsOrganizationMember, IsReadOnly), And(IsOrganizationAdmin, patch_fields_factory()), IsVendorAdmin, And(SignedObjectActionPermission, IsReadOnly), IsAdminUser, ) ] ...

Slide 38

Slide 38 text

The REST Ascendancy REAL EXAMPLE class OrderViewSet(SignViewSetMixin, viewsets.ModelViewSet): queryset = Order.objects.all() permission_classes = [ Or( And(IsOrganizationMember, IsReadOnly), And(IsOrganizationAdmin, patch_fields_factory()), IsVendorAdmin, And(SignedObjectActionPermission, IsReadOnly), IsAdminUser, ) ] ...

Slide 39

Slide 39 text

The REST Ascendancy REAL EXAMPLE class OrderViewSet(SignViewSetMixin, viewsets.ModelViewSet): queryset = Order.objects.all() permission_classes = [ Or( And(IsOrganizationMember, IsReadOnly), And(IsOrganizationAdmin, patch_fields_factory()), IsVendorAdmin, And(SignedObjectActionPermission, IsReadOnly), IsAdminUser, ) ] ...

Slide 40

Slide 40 text

The REST Ascendancy REAL EXAMPLE class OrderViewSet(SignViewSetMixin, viewsets.ModelViewSet): queryset = Order.objects.all() permission_classes = [ Or( And(IsOrganizationMember, IsReadOnly), And(IsOrganizationAdmin, patch_fields_factory()), IsVendorAdmin, And(SignedObjectActionPermission, IsReadOnly), IsAdminUser, ) ] ...

Slide 41

Slide 41 text

The REST Ascendancy REAL EXAMPLE class OrderViewSet(SignViewSetMixin, viewsets.ModelViewSet): queryset = Order.objects.all() permission_classes = [ Or( And(IsOrganizationMember, IsReadOnly), And(IsOrganizationAdmin, patch_fields_factory()), IsVendorAdmin, And(SignedObjectActionPermission, IsReadOnly), IsAdminUser, ) ] ...

Slide 42

Slide 42 text

The REST Ascendancy REAL EXAMPLE class OrderViewSet(SignViewSetMixin, viewsets.ModelViewSet): queryset = Order.objects.all() permission_classes = [ Or( And(IsOrganizationMember, IsReadOnly), And(IsOrganizationAdmin, patch_fields_factory()), IsVendorAdmin, And(SignedObjectActionPermission, IsReadOnly), IsAdminUser, ) ] ...

Slide 43

Slide 43 text

The REST Ascendancy REAL EXAMPLE class OrderViewSet(SignViewSetMixin, viewsets.ModelViewSet): queryset = Order.objects.all() permission_classes = [ Or( And(IsOrganizationMember, IsReadOnly), And(IsOrganizationAdmin, patch_fields_factory()), IsVendorAdmin, And(SignedObjectActionPermission, IsReadOnly), IsAdminUser, ) ] ...

Slide 44

Slide 44 text

The REST Ascendancy REAL EXAMPLE class OrderViewSet(SignViewSetMixin, viewsets.ModelViewSet): queryset = Order.objects.all() permission_classes = [ Or( And(IsOrganizationMember, IsReadOnly), And(IsOrganizationAdmin, patch_fields_factory()), IsVendorAdmin, And(SignedObjectActionPermission, IsReadOnly), IsAdminUser, ) ] ...

Slide 45

Slide 45 text

The REST Ascendancy REAL EXAMPLE

Slide 46

Slide 46 text

The REST Ascendancy REAL EXAMPLE class OrderViewSet(SignViewSetMixin, viewsets.ModelViewSet): ... def get_queryset(self): queryset = super(OrderViewSet, self).get_queryset() if self.request.user.is_authenticated(): if self.request.user.is_staff: return self.queryset return self.queryset.filter( Q(organization__accounts=self.request.user) | Q(vendor__accounts=self.request.user), is_visible=True, ).distinct() return queryset.none()

Slide 47

Slide 47 text

The REST Ascendancy REAL EXAMPLE class OrderViewSet(SignViewSetMixin, viewsets.ModelViewSet): ... def get_queryset(self): queryset = super(OrderViewSet, self).get_queryset() if self.request.user.is_authenticated(): if self.request.user.is_staff: return self.queryset return self.queryset.filter( Q(organization__accounts=self.request.user) | Q(vendor__accounts=self.request.user), is_visible=True, ).distinct() return queryset.none()

Slide 48

Slide 48 text

The REST Ascendancy REAL EXAMPLE class OrderViewSet(SignViewSetMixin, viewsets.ModelViewSet): ... def get_queryset(self): queryset = super(OrderViewSet, self).get_queryset() if self.request.user.is_authenticated(): if self.request.user.is_staff: return self.queryset return self.queryset.filter( Q(organization__accounts=self.request.user) | Q(vendor__accounts=self.request.user), is_visible=True, ).distinct() return queryset.none()

Slide 49

Slide 49 text

The REST Ascendancy REAL EXAMPLE class OrderViewSet(SignViewSetMixin, viewsets.ModelViewSet): ... def get_queryset(self): queryset = super(OrderViewSet, self).get_queryset() if self.request.user.is_authenticated(): if self.request.user.is_staff: return self.queryset return self.queryset.filter( Q(organization__accounts=self.request.user) | Q(vendor__accounts=self.request.user), is_visible=True, ).distinct() return queryset.none()

Slide 50

Slide 50 text

The REST Ascendancy REAL EXAMPLE class OrderViewSet(SignViewSetMixin, viewsets.ModelViewSet): ... def get_queryset(self): queryset = super(OrderViewSet, self).get_queryset() if self.request.user.is_authenticated(): if self.request.user.is_staff: return self.queryset return self.queryset.filter( Q(organization__accounts=self.request.user) | Q(vendor__accounts=self.request.user), is_visible=True, ).distinct() return queryset.none()

Slide 51

Slide 51 text

The REST Ascendancy REAL EXAMPLE — LIBRARIES • Django REST Framework

Slide 52

Slide 52 text

The REST Ascendancy REAL EXAMPLE — LIBRARIES • Django REST Framework • rest_condition (forked)

Slide 53

Slide 53 text

The REST Ascendancy REAL EXAMPLE — LIBRARIES • Django REST Framework • rest_condition (forked) • signed viewsets (in-house)

Slide 54

Slide 54 text

The REST Ascendancy REAL EXAMPLE — LIBRARIES • Django REST Framework • rest_condition (forked) • signed viewsets (in-house) • patch fields factory (in-house)

Slide 55

Slide 55 text

The REST Ascendancy REAL EXAMPLE — CODE LOCATIONS • ViewSet class mixin

Slide 56

Slide 56 text

The REST Ascendancy REAL EXAMPLE — CODE LOCATIONS • ViewSet class mixin • ViewSet permissions list

Slide 57

Slide 57 text

The REST Ascendancy REAL EXAMPLE — CODE LOCATIONS • ViewSet class mixin • ViewSet permissions list • ViewSet get_queryset method

Slide 58

Slide 58 text

The REST Ascendancy REAL EXAMPLE — CODE LOCATIONS • ViewSet class mixin • ViewSet permissions list • ViewSet get_queryset method • Serializer fields (not depicted)

Slide 59

Slide 59 text

The REST Ascendancy REAL EXAMPLE — CODE LOCATIONS • ViewSet class mixin • ViewSet permissions list • ViewSet get_queryset method • Serializer fields (not depicted) • Permission classes (not depicted)

Slide 60

Slide 60 text

The REST Ascendancy 4. THE FUTURE 1. WHY REST 2. STATE OF REST 3. PAIN POINTS

Slide 61

Slide 61 text

The REST Ascendancy EMBETTERMENT • Better tokens and signed URLs

Slide 62

Slide 62 text

The REST Ascendancy EMBETTERMENT • Better tokens and signed URLs • Combined list/object permissions

Slide 63

Slide 63 text

The REST Ascendancy EMBETTERMENT • Better tokens and signed URLs • Combined list/object permissions • Permission organization

Slide 64

Slide 64 text

No content

Slide 65

Slide 65 text

The REST Ascendancy Jeff Schenck CTO & Co-Founder twitter @jeffschenck email jeff@chewse.com