HTTP: The Webmachine github /edgurgel twitter /edgurjas gurgel.me 

HTTP • URI • Method • Header • Body • Status Codes Easy, right? 

HTTP • Authorisation • Authentication • Conditional redirection • Caching • Content representation • … 

Methods • GET • HEAD • POST • PUT • PATCH • OPTIONS • DELETE • TRACE • CONNECT 

Headers • Accept • Accept-Charset • Accept-Features • Accept-Encoding • Accept-Language • Accept-Ranges • Access-Control-Allow-Credentials • Access-Control-Allow-Origin • Access-Control-Allow-Methods • Access-Control-Allow-Headers • Access-Control-Max-Age • Access-Control-Expose-Headers • Access-Control-Request-Method • Access-Control-Request-Headers • Age • Allow • Alternates • Authorization • Cache-Control • Connection • Content-Encoding • Content-Language • Content-Length • Content-Location • Content-MD5 • Content-Range • Content-Security-Policy • Content-Type • Cookie • DNT • Date • ETag • Expect • Expires • From • Host • If-Match • If-Modified-Since • If-None-Match • If-Range • If-Unmodified-Since • Last-Event-ID 

Headers • Last-Modified • Link • Location • Max-Forwards • Negotiate • Origin • Pragma • Proxy-Authenticate • Proxy-Authorization • Range • Referer • Retry-After • Sec-Websocket-Extensions • Sec-Websocket-Key • Sec-Websocket-Origin • Sec-Websocket-Protocol • Sec-Websocket-Version • Server • Set-Cookie • Set-Cookie2 • Strict-Transport-Security • TCN • TE • Trailer • Transfer-Encoding • Upgrade • User-Agent • Variant-Vary • Vary • Via • Warning • WWW-Authenticate • X-Content-Duration • X-Content-Security-Policy • X-DNSPrefetch-Control • X-Frame-Options • X-Requested-With 

Status Codes • 100 Continue • 101 Switching Protocol • 200 OK • 201 Created • 202 Accepted • 203 Non-Authoritative Information • 204 No Content • 205 Reset Content • 206 Partial Content • 300 Multiple Choice • 301 Moved Permanently • 302 Found • 303 See Other • 304 Not Modified • 305 Use Proxy • 307 Temporary Redirect • 308 Permanent Redirect • 400 Bad Request • 401 Unauthorized • 402 Payment Required • 403 Forbidden • 404 Not Found • 405 Method Not Allowed • 406 Not Acceptable • 407 Proxy Authentication Required • 408 Request Timeout • 409 Conflict • 410 Gone • 411 Length Required • 412 Precondition Failed • 413 Request Entity Too Large • 414 Request-URI Too Long • 415 Unsupported Media Type • 416 Requested Range Not Satisfiable • 417 Expectation Failed • 500 Internal Server Error • 501 Not Implemented • 502 Bad Gateway • 503 Service Unavailable • 504 Gateway Timeout • 505 HTTP Version Not Supported 

Processing Request Response 

Rack class SomeMiddleware def initialize(app) @app = app end def call(env) # ... [status, headers, body] end end 

Middleware-based class ApplicationController < ActionController::Base # ... before_filter :set_current_user_for_logs before_filter :set_locale before_filter :set_mobile_view before_filter :inject_preview_style before_filter :disable_customization before_filter :block_if_readonly_mode before_filter :authorize_mini_profiler before_filter :preload_json before_filter :check_xhr before_filter :redirect_to_login_if_required # ... end 

Middleware-based • Order matters • Blind up, blind down • Hard to reuse • Env is a pile of data • Black box is a lie 

Protocol HTTP 1.1 RFCs 7230, 7231, 7232, 7233, 7234,7235 (305 pages) Finite State Machine 

Webmachine 

Webmachine 

Webmachine 

Describe your resource • resource_exists? • service_available? • is_authorized? • forbidden? • malformed_request? • content_types_provided • content_types_accepted • moved_temporarily? • moved_permanently? • create_path • known_methods • last_modified • expires • allowed_methods • generate_etag • languages_provided • charsets_provided • encodings_provided 

Example class OrderResource < Webmachine::Resource def allowed_methods ["GET"] end def content_types_provided [["application/json", :to_json]] end def to_json order.to_json end private def order @order ||= Order.find(id) end def id request.path_info[:id] end end /order/:id 

Example 

Example class OrderResource < Webmachine::Resource def allowed_methods ["GET"] end def content_types_provided [["application/json", :to_json]] end def to_json order.to_json end private def order @order ||= Order.find(id) end def id request.path_info[:id] end end 405 Method Not Allowed 406 Not Acceptable 200 OK /order/:id 

Example class OrderResource < Webmachine::Resource def allowed_methods ["GET"] end def content_types_provided [["application/json", :to_json]] end def resource_exists? order end def to_json order.to_json end private def order @order ||= Order.find(id) end def id request.path_info[:id] end end 404 Not Found 

class OrderResource < Webmachine::Resource include Webmachine::Resource::Authentication def allowed_methods ["GET"] end def content_types_provided [["application/json", :to_json]] end def resource_exists? order end def is_authorized?(authorization_header) basic_auth(authorization_header, "My Application") do |username, password| @user = User.auth!(username, password) [email protected]? end end def forbidden? order.allow?(@user) end def to_json order.to_json end private def order @order ||= Order.find(id) end def id request.path_info[:id] end end 401 Unauthorized 403 Forbidden 

So? • Descriptive • Consistent behaviour • Scalable • Unit testable • Customisable 

Implementations • Erlang (primary) - basho/webmachine! • Ruby - seancribbs/webmachine-ruby • Clojure - clojure-liberator/liberator • Haskell - larrytheliquid/Lemmachine • Javascript - tautologistics/nodemachine! • PHP - reflowstudio/phpmachine 

More 

More 

Questions ?