Upgrade to Pro — share decks privately, control downloads, hide ads and more …

tips_for_writing_a_web_server_and_beyond.pdf

 tips_for_writing_a_web_server_and_beyond.pdf

Apoorv Kothari

October 19, 2019
Tweet

More Decks by Apoorv Kothari

Other Decks in Programming

Transcript

  1. Tips for writing a

    web server and beyond
    Apoorv Kothari
    toidiu.com
    @toidiuCodes

    View full-size slide

  2. content
    • designing with lifetimes
    • db management
    • logging
    • code hardening
    working code available at:
    github.com/toidiu/fin-public

    View full-size slide

  3. designing with lifetimes

    View full-size slide

  4. designing with lifetimes(cont..)
    system boundaries

    View full-size slide

  5. designing with lifetimes(cont..)
    system boundaries

    View full-size slide

  6. designing with lifetimes(cont..)
    system boundaries

    View full-size slide

  7. designing with lifetimes(cont..)
    system boundaries

    View full-size slide

  8. designing with lifetimes(cont..)
    system boundaries

    View full-size slide

  9. designing with lifetimes(cont..)
    system boundaries

    View full-size slide

  10. designing with lifetimes(cont..)
    system boundaries(cont..)

    View full-size slide

  11. designing with lifetimes(cont..)
    system boundaries(cont..)

    View full-size slide

  12. designing with lifetimes(cont..)
    system boundaries(cont..)

    View full-size slide

  13. designing with lifetimes(cont..)
    system boundaries(cont..)

    View full-size slide

  14. designing with lifetimes(cont..)
    system boundaries(cont..)

    View full-size slide

  15. designing with lifetimes(cont..)
    system boundaries

    View full-size slide

  16. designing with lifetimes(cont..)
    system boundaries

    View full-size slide

  17. designing with lifetimes(cont..)
    system boundaries

    View full-size slide

  18. db management

    View full-size slide

  19. • manage database schema
    • evolve schema
    • code review and test schema
    changes
    db management (cont..)
    migrations with diesel_cli

    View full-size slide

  20. db management (cont..)
    ORM vs raw SQL
    ORM (Diesel)
    • pro: queries typed checked at
    compile time!
    • con: can be difficult to write
    complex queries and need to
    learn a new framework
    raw SQL
    • pro: simply write the SQL you
    want
    • con: need to write queries
    manually which can be error
    prone

    View full-size slide

  21. db management (cont..)
    postgres crate
    • flexibility of raw SQL
    but
    • error prone
    • difficult to maintain

    View full-size slide

  22. db management (cont..)
    postgres crate
    • ideal SQL

    View full-size slide

  23. db management (cont..)
    postgres-mapper
    • derive procedural macro
    • UserData::from_postgres_row(row) ->
    Result
    • attribute procedural macro
    • UserData::sql_fields() -> users.id, 

    users.email
    • UserData::sql_table() -> users

    View full-size slide

  24. db management (cont..)
    postgres-mapper
    • derive procedural macro
    • UserData::from_postgres_row(row) ->
    Result
    • attribute procedural macro
    • UserData::sql_fields() -> ”users.id,
    users.email”
    • UserData::sql_table() -> ”users”

    View full-size slide

  25. db management (cont..)
    postgres crate

    View full-size slide

  26. db management(cont..)
    db testing
    • setup
    • run test
    • teardown

    View full-size slide

  27. db management(cont..)
    db testing
    • setup DB for testing
    • get a connection
    (needs a real
    postgres instance)
    • re-use migration
    scripts!!

    View full-size slide

  28. logging(cont..)
    slog composable
    • composable plugin model `trait Drain`
    json vs plain async vs sync file vs network

    View full-size slide

  29. logging(cont..)
    slog composable
    • composable plugin model `trait Drain`
    json vs plain async vs sync file vs network

    View full-size slide

  30. logging(cont..)
    slog composable
    • composable plugin model `trait Drain`
    json vs plain async vs sync file vs network

    View full-size slide

  31. logging(cont..)
    slog structured
    • log data should be machine searchable vs writing complex regex
    • think key-value pairs
    • ex: filter logs by ‘error codes’, ‘app version’, ‘req id’

    View full-size slide

  32. logging(cont..)
    slog contextual
    • give context around error
    • trace code path
    • Logger is cheap to clone

    View full-size slide

  33. logging(cont..)
    line!
    • `lineError!` macro to get line info with your logging
    • works because macro expands to rust code at compile time

    View full-size slide

  34. code hardening

    View full-size slide

  35. code hardening(cont..)
    error handling
    • declare global AppError(FinError) enum



    • declare type alias AppResult(ResultFin)

    • all functions that return Result should only return AppResult!!

    View full-size slide

  36. code hardening(cont..)
    user error msg
    • declare a user error struct
    • code = info for developer
    • message = info for user

    View full-size slide

  37. Fin
    Apoorv Kothari
    toidiu.com
    @toidiuCodes
    github.com/toidiu/fin-public

    View full-size slide

  38. auth(cont..)
    password management
    • libpasta
    • Easy-to-use password storage with strong defaults (scrypt).
    • `libpasta::hash_password(&password);`
    • `libpasta::verify_password(&user.password_hash,
    &password)`
    • Migration support for passwords to new algorithms.
    • `new_algo (old_algo ( password ))`

    View full-size slide

  39. auth(cont..)
    password management
    • libpasta
    • Easy-to-use password storage with strong defaults (scrypt).
    • `libpasta::hash_password(&password);`
    • `libpasta::verify_password(&user.password_hash,
    &password)`
    • Migration support for passwords to new algorithms.
    • `new_algo (old_algo ( password ))`

    View full-size slide

  40. auth(cont..)
    password management
    • libpasta
    • Easy-to-use password storage with strong defaults (scrypt).
    • `libpasta::hash_password(&password);`
    • `libpasta::verify_password(&user.password_hash,
    &password)`
    • Migration support for passwords to new algorithms.
    • `new_algo (old_algo ( password ))`

    View full-size slide

  41. auth(cont..)
    stateless session token
    • paseto
    • paseto is JWT but with sane defaults and smaller surface area
    • you can specify `version` and `purpose`
    • only allows authenticated tokens

    View full-size slide

  42. Fin
    Apoorv Kothari
    toidiu.com
    @toidiuCodes
    github.com/toidiu/fin-public

    View full-size slide