Tweet
Tweet

Slide 1

Slide 1 text

BUILDING FOR THE WEB

Slide 2

Slide 2 text

DAY 2

Slide 3

Slide 3 text

http://bit.ly/bftw-day2-qna

Slide 4

Slide 4 text

JOSÉ PADILLA

Slide 5

Slide 5 text

No content

Slide 6

Slide 6 text

PERL

Slide 7

Slide 7 text

<!-- Set oWMP = CreateObject("WMPlayer.OCX.7") Set colCDROMs = oWMP.cdromCollection if colCDROMs.Count >= 1 then For i = 0 to colCDROMs.Count - 1 colCDROMs.Item(i).Eject Next ' cdrom End If -->

Slide 8

Slide 8 text

WSH & VBSCRIPT

Slide 9

Slide 9 text

PHP & MYSQL HTML & JAVASCRIPT

Slide 10

Slide 10 text

HACKER

Slide 11

Slide 11 text

ENTREPRENEUR

Slide 12

Slide 12 text

CO-FOUNDER AT BLIMP

Slide 13

Slide 13 text

No content

Slide 14

Slide 14 text

No content

Slide 15

Slide 15 text

jpadilla.com

Slide 16

Slide 16 text

THE BACKEND

Slide 17

Slide 17 text

MAKING DEVELOPERS HAPPIER, MORE PRODUCTIVE AND MORE EFFICIENT

Slide 18

Slide 18 text

“We allow teams to function as independently as possible. Developers are like artists; they produce their best work if they have the freedom to do so, but they need good tools.” Werner Vogels, CTO at Amazon

Slide 19

Slide 19 text

TOPICS PATTERNS • HTTP • HTTPS AJAX • WEBSOCKETS • DATABASES CACHING • ANALYTICS • SECURITY ARCH • APIS • LIVE CODE

Slide 20

Slide 20 text

WAYS TO WRITE WEB APPS

Slide 21

Slide 21 text

MONOLITHIC PATTERN

Slide 22

Slide 22 text

BUILDING A SINGLE COUPLED PROJECT

Slide 23

Slide 23 text

No content

Slide 24

Slide 24 text

SERVICE PATTERN

Slide 25

Slide 25 text

BUILDING VARIOUS SMALL INDEPENDENT WEB SERVICES

Slide 26

Slide 26 text

No content

Slide 27

Slide 27 text

No content

Slide 28

Slide 28 text

No content

Slide 29

Slide 29 text

No content

Slide 30

Slide 30 text

TOPICS PATTERNS • HTTP • HTTPS AJAX • WEBSOCKETS • DATABASES CACHING • ANALYTICS • SECURITY ARCH • APIS • LIVE CODE

Slide 31

Slide 31 text

HYPERTEXT TRANSFER PROTOCOL

Slide 32

Slide 32 text

No content

Slide 33

Slide 33 text

HTTP is simple

Slide 34

Slide 34 text

No content

Slide 35

Slide 35 text

1) The client sends a request

Slide 36

Slide 36 text

GET /v1/cars HTTP/1.1 Host: api.example.com Accept: application/json User-Agent: Mozilla/5.0 (Macintosh)

Slide 37

Slide 37 text

HTTP METHODS

Slide 38

Slide 38 text

GET /v1/cars HTTP/1.1

Slide 39

Slide 39 text

GET

Slide 40

Slide 40 text

Retrieve the resource from the server

Slide 41

Slide 41 text

POST

Slide 42

Slide 42 text

Create a resource on the server

Slide 43

Slide 43 text

PUT

Slide 44

Slide 44 text

Update the resource on the server

Slide 45

Slide 45 text

DELETE

Slide 46

Slide 46 text

Delete the resource from the server

Slide 47

Slide 47 text

URI

Slide 48

Slide 48 text

GET /v1/cars HTTP/1.1

Slide 49

Slide 49 text

Identifies the resource the client wants

Slide 50

Slide 50 text

REQUEST HEADERS

Slide 51

Slide 51 text

Host: api.example.com Accept: application/json User-Agent: Mozilla/5.0 (Macintosh)

Slide 52

Slide 52 text

2) The server returns a response

Slide 53

Slide 53 text

HTTP/1.1 200 OK Date: Tue, 12 Aug 2014 09:00:00 GMT Server: ngnix Content-Type: application/json { "message": "Hello World" }

Slide 54

Slide 54 text

HTTP/1.1 200 OK

Slide 55

Slide 55 text

STATUS CODES

Slide 56

Slide 56 text

HTTP/1.1 200 OK

Slide 57

Slide 57 text

INFORMATIONAL - 1XX 100 Continue 101 Switching Protocols

Slide 58

Slide 58 text

SUCCESSFUL - 2XX 200 OK 201 Created 202 Accepted 204 No Content

Slide 59

Slide 59 text

REDIRECTION - 3XX 301 Moved Permanently 302 Found 304 Not Modified

Slide 60

Slide 60 text

CLIENT ERROR - 4XX 400 Bad Request 401 Unauthorized 403 Forbidden 404 Not Found 405 Method Not Allowed

Slide 61

Slide 61 text

SERVER ERROR - 5XX 500 Internal Server Error 502 Bad Gateway 503 Service Unavailable

Slide 62

Slide 62 text

RESPONSE HEADERS

Slide 63

Slide 63 text

Date: Tue, 12 Aug 2014 09:00:00 GMT Server: ngnix Content-Type: application/json

Slide 64

Slide 64 text

RESPONSE BODY

Slide 65

Slide 65 text

{ "message": "Hello World" }

Slide 66

Slide 66 text

REQUEST + RESPONSES = HTTP

Slide 67

Slide 67 text

TOPICS PATTERNS • HTTP • HTTPS AJAX • WEBSOCKETS • DATABASES CACHING • ANALYTICS • SECURITY ARCH • APIS • LIVE CODE

Slide 68

Slide 68 text

Hypertext Transfer Protocol Secure

Slide 69

Slide 69 text

No content

Slide 70

Slide 70 text

Used for secure communication

Slide 71

Slide 71 text

HTTP + SSL/TLS

Slide 72

Slide 72 text

Privacy

Slide 73

Slide 73 text

Data integrity

Slide 74

Slide 74 text

When to use HTTPS?

Slide 75

Slide 75 text

Credit card details? Use HTTPS

Slide 76

Slide 76 text

Users/Passwords? Use HTTPS

Slide 77

Slide 77 text

USE HTTPS. ALWAYS.

Slide 78

Slide 78 text

WARNING

Slide 79

Slide 79 text

HTTPS is not a security silver bullet

Slide 80

Slide 80 text

Price: $10+ RapidSSL, StartSSL, Thawte...

Slide 81

Slide 81 text

TIPS

Slide 82

Slide 82 text

ssllabs.com

Slide 83

Slide 83 text

No content

Slide 84

Slide 84 text

Redirect HTTP to HTTPS

Slide 85

Slide 85 text

TOPICS PATTERNS • HTTP • HTTPS AJAX • WEBSOCKETS • DATABASES CACHING • ANALYTICS • SECURITY ARCH • APIS • CODE EXAMPLE

Slide 86

Slide 86 text

No content

Slide 87

Slide 87 text

No content

Slide 88

Slide 88 text

No content

Slide 89

Slide 89 text

JavaScript

Slide 90

Slide 90 text

XMLHttpRequest

Slide 91

Slide 91 text

Asynchronous JavaScript and XML

Slide 92

Slide 92 text

No content

Slide 93

Slide 93 text

No content

Slide 94

Slide 94 text

SERVER

Slide 95

Slide 95 text

GET /v1/cars HTTP/1.1 Host: api.example.com Accept: application/json User-Agent: Mozilla/5.0 (Macintosh) X-Requested-With: XMLHttpRequest

Slide 96

Slide 96 text

X-Requested-With: XMLHttpRequest

Slide 97

Slide 97 text

TOPICS PATTERNS • HTTP • HTTPS AJAX • WEBSOCKETS • DATABASES CACHING • ANALYTICS • SECURITY ARCH • APIS • LIVE CODE

Slide 98

Slide 98 text

No content

Slide 99

Slide 99 text

GET ws://websocket.example.com/ HTTP/1.1 Origin: http://example.com Connection: Upgrade Host: websocket.example.com Upgrade: websocket

Slide 100

Slide 100 text

HTTP/1.1 101 WebSocket Protocol Handshake Date: Wed, 16 Oct 2013 10:07:34 GMT Connection: Upgrade Upgrade: WebSocket

Slide 101

Slide 101 text

USE CASES

Slide 102

Slide 102 text

Real-time data/feeds

Slide 103

Slide 103 text

No content

Slide 104

Slide 104 text

Instant messaging and chat

Slide 105

Slide 105 text

No content

Slide 106

Slide 106 text

Collaborative editing

Slide 107

Slide 107 text

No content

Slide 108

Slide 108 text

Multiplayer games

Slide 109

Slide 109 text

No content

Slide 110

Slide 110 text

No content

Slide 111

Slide 111 text

No content

Slide 112

Slide 112 text

TOPICS PATTERNS • HTTP • HTTPS AJAX • WEBSOCKETS • DATABASES CACHING • ANALYTICS • SECURITY ARCH • APIS • LIVE CODE

Slide 113

Slide 113 text

SQL DATABASES

Slide 114

Slide 114 text

NOSQL DATABASES

Slide 115

Slide 115 text

HOW TO CHOOSE?

Slide 116

Slide 116 text

HOW I CHOSE?

Slide 117

Slide 117 text

BREAK!

Slide 118

Slide 118 text

TOPICS PATTERNS • HTTP • HTTPS AJAX • WEBSOCKETS • DATABASES CACHING • ANALYTICS • SECURITY ARCH • APIS • LIVE CODE

Slide 119

Slide 119 text

try finding the Monthly Report in the cache if the data is in the cache: return the cached Monthly Report else: execute complex and time-consuming queries save the generated Monthly Report return the cached Monthly Report

Slide 120

Slide 120 text

WHEN TO IMPLEMENT CACHING?

Slide 121

Slide 121 text

MEMCACHED

Slide 122

Slide 122 text

REDIS

Slide 123

Slide 123 text

TOPICS PATTERNS • HTTP • HTTPS AJAX • WEBSOCKETS • DATABASES CACHING • ANALYTICS • SECURITY ARCH • APIS • LIVE CODE

Slide 124

Slide 124 text

No content

Slide 125

Slide 125 text

STATSD

Slide 126

Slide 126 text

No content

Slide 127

Slide 127 text

NEW RELIC

Slide 128

Slide 128 text

No content

Slide 129

Slide 129 text

LOGGLY

Slide 130

Slide 130 text

No content

Slide 131

Slide 131 text

TOPICS PATTERNS • HTTP • HTTPS AJAX • WEBSOCKETS • DATABASES CACHING • ANALYTICS • SECURITY ARCH • APIS • LIVE CODE

Slide 132

Slide 132 text

DON'T REINVENT THE WHEEL

Slide 133

Slide 133 text

No content

Slide 134

Slide 134 text

UNFILTERED INPUT, UNESCAPED OUTPUT

Slide 135

Slide 135 text

CROSS-SITE SCRIPTING (XSS)

Slide 136

Slide 136 text

SQL INJECTION

Slide 137

Slide 137 text

No content

Slide 138

Slide 138 text

CROSS-SITE REQUEST FORGERY (CSRF)

Slide 139

Slide 139 text

DON'T STORE PASSWORDS IN PLAIN TEXT

Slide 140

Slide 140 text

DON'T EMAIL A USER'S PASSWORD

Slide 141

Slide 141 text

HASH PASSWORDS WITH PBKDF2

Slide 142

Slide 142 text

OWASP

Slide 143

Slide 143 text

TOPICS PATTERNS • HTTP • HTTPS AJAX • WEBSOCKETS • DATABASES CACHING • ANALYTICS • SECURITY ARCH • APIS • LIVE CODE

Slide 144

Slide 144 text

THE TWELVE- FACTOR APP

Slide 145

Slide 145 text

DECLARATIVE

Slide 146

Slide 146 text

MAXIMUM PORTABILITY

Slide 147

Slide 147 text

DEPLOY TO CLOUD

Slide 148

Slide 148 text

DEV/PROD PARITY

Slide 149

Slide 149 text

SCALABLE

Slide 150

Slide 150 text

TOPICS PATTERNS • HTTP • HTTPS AJAX • WEBSOCKETS • DATABASES CACHING • ANALYTICS • SECURITY ARCH • APIS • LIVE CODE

Slide 151

Slide 151 text

No content

Slide 152

Slide 152 text

IBM

Slide 153

Slide 153 text

No content

Slide 154

Slide 154 text

REPRESENTATIONAL STATE TRANSFER

Slide 155

Slide 155 text

RESOURCE-BASED

Slide 156

Slide 156 text

Verbs (Don't) POST /GetSongs HTTP/1.1

Slide 157

Slide 157 text

Nouns (Do) GET /songs HTTP/1.1

Slide 158

Slide 158 text

REPRESENTATIONS

Slide 159

Slide 159 text

{ "id": 1, "name": "Pretty When You Cry", "album": 1, "favorite": false }

Slide 160

Slide 160 text

1 Pretty When You Cry 1 false

Slide 161

Slide 161 text

STATELESS

Slide 162

Slide 162 text

UNIFORM INTERFACE

Slide 163

Slide 163 text

TIPS

Slide 164

Slide 164 text

API = DEV'S UI

Slide 165

Slide 165 text

USE RESTFUL URLS AND ACTIONS

Slide 166

Slide 166 text

GET /songs HTTP/1.1 Accept: application/json HTTP/1.1 200 OK Content-Type: application/json [{ "id": 1, "name": "Pretty When You Cry" }, { "id": 1, "name": "Money Power Glory" }]

Slide 167

Slide 167 text

GET /songs/1 HTTP/1.1 Accept: application/json HTTP/1.1 200 OK Content-Type: application/json { "id": 1, "name": "Pretty When You Cry" }

Slide 168

Slide 168 text

POST /songs HTTP/1.1 Accept: application/json { "name": "West Coast" } HTTP/1.1 201 CREATED Content-Type: application/json { "id": 3, "name": "West Coast" }

Slide 169

Slide 169 text

PUT /songs/3 HTTP/1.1 Accept: application/json { "name": "West Coast (Updated)" } HTTP/1.1 200 OK Content-Type: application/json { "id": 3, "name": "West Coast (Updated)" }

Slide 170

Slide 170 text

DELETE /songs/3 HTTP/1.1 Accept: application/json HTTP/1.1 204 NO CONTENT Content-Type: application/json

Slide 171

Slide 171 text

USE SSL. ALWAYS.

Slide 172

Slide 172 text

VERSIONING

Slide 173

Slide 173 text

GET /v1/songs

Slide 174

Slide 174 text

FILTERING, SORTING & SEARCHING

Slide 175

Slide 175 text

GET /songs?sort=-name GET /songs?favorite=true GET /songs?q=ritmo

Slide 176

Slide 176 text

ALLOW LIMITING FIELDS

Slide 177

Slide 177 text

GET /songs?fields=id,name

Slide 178

Slide 178 text

USE JSON

Slide 179

Slide 179 text

PAGINATION

Slide 180

Slide 180 text

UPDATES/CREATE SHOULD RETURN REPRESENTATION

Slide 181

Slide 181 text

CONSUMABLE ERROR PAYLOAD

Slide 182

Slide 182 text

{ "errors": { "email": "Email is required.", "password": "Password is required." } }

Slide 183

Slide 183 text

AUTHENTICATION

Slide 184

Slide 184 text

COOKIE-BASED

Slide 185

Slide 185 text

TOKEN-BASED

Slide 186

Slide 186 text

EFFECTIVELY USE HTTTP STATUS CODES

Slide 187

Slide 187 text

CHECK OUT JSONAPI.ORG

Slide 188

Slide 188 text

LANGUAGES & FRAMEWORKS

Slide 189

Slide 189 text

NODE.JS EXPRESS SAILS.JS METEOR

Slide 190

Slide 190 text

RUBY SINATRA RUBY ON RAILS

Slide 191

Slide 191 text

GO REVEL MARTINI

Slide 192

Slide 192 text

PYTHON DJANGO FLASK

Slide 193

Slide 193 text

Q&A