If you can't read please download the document
Upload
lucio-grenzi
View
112
Download
1
Embed Size (px)
Citation preview
Title
Click to edit the outline text formatSecond Outline LevelThird Outline LevelFourth Outline LevelFifth Outline LevelSixth Outline LevelSeventh Outline LevelEighth Outline LevelNinth Outline Level
PGDay.IT 2016 13 Dicembre 2016 - Prato
di
Postgrest: la REST API per i database PostgreSQL
Lucio [email protected]
Who is this guy?
Delphi developer since 1999
IT Consultant
Front end web developer
Postgresql addicted
Nonantolando.blogspot.com lucio.grenzi lucio grenzi
Agenda
NoBackend: what and why
Postgresql: advantages
Postgrest features
Nobackend
noBackend is an approach to decouple apps from backends, by abstracting backend tasks with frontend code.
This allows frontend developers to focus on user experience and gives backend developers more flexibility on the implementation side.
- nobackend.org -
Our purpose
Create apps / webapps that don't need a backend at all
Writing business logic often duplicates, ignores or hobbles database structure
A single declarative source of truth: the data itself
How?
Using a REST API on top of your database
Build a backend in right way
SSL to rest api always!
Different schema to different portImplement only what you need
Use webserver to route in the right way
Authentication done by JWT
Row level security feature introduced from Postgresql 9.5
Why schemas?
It allows many users to use one database without interfering with each other.
It organizes database objects into logical groups to make them more manageable.
Third-party applications can be put into separate schemas so they do not collide with the names of other objects.
Why Postgresql
Versatility
json support
Custom languages (Plv8)
Lots of extensions
MVC logic inside the database
MVC
MVC is an architectural design pattern that encourages improved application organization through a separation of concerns. It enforces the isolation of business data (Models) from user interfaces (Views), with a third component (Controllers) traditionally managing logic, user-input, and coordination of Models and Views.
- Developing Backbone.js Applications -By Addy Osmani
Build an application
Focus on client related tecnology
Pick a frontend framework
Postgrest
Cleaner and a more standards compliant API
Quick to get startedNothing to install
Nothing to configure
Exchange data json format
Postgresql + Postgrest: combination that can give you a way to expose your data to other applications or web frontends.
Postgrest parameters/options
Usage: postgrest DB_URL (-a|--anonymous ROLE) [-s|--schema NAME] [-p|--port PORT] [-j|--jwt-secret SECRET] [-o|--pool COUNT] [-m|--max-rows COUNT] PostgREST 0.3.2.0 / create a REST API to an existing Postgres database
Available options: -h,--help Show this help text DB_URL (REQUIRED) database connection string, e.g. postgres://user:pass@host:port/db -a,--anonymous ROLE (REQUIRED) postgres role to use for non-authenticated requests -s,--schema NAME schema to use for API routes (default: "public") -p,--port PORT port number on which to run HTTP server (default: 3000) -j,--jwt-secret SECRET secret used to encrypt and decrypt JWT tokens (default: "secret") -o,--pool COUNT max connections in database pool (default: 10) -m,--max-rows COUNT max rows in response (default: "infinity")
Postgrest - security
PostgREST is designed to keep the database at the center of API security
All authorization happens through database roles and permissions
Use json web sockets to authenticate API request
authenticate with external services
Postgrest security with no jwt
If no JWT is present
it the role is invalid
it does not contain the role claim
SET LOCAL ROLE anonymous;
Postgrest security with jwt
CREATE ROLE authenticator NOINHERIT LOGIN;CREATE ROLE anonymous;
GRANT anonymous TO authenticator;
postgrest postgres://pgday@localhost:5432/pgday --anonymous anon
Postgrest - performances
Web application written in Haskell using Warp http server
It delegates as much calculation as possible to the databaseSerializing JSON responses directly in SQL
Data validation
Authorization
Postgrest - Versioning
A long-lived API needs the freedom to exist in multiple versions
PostgREST does versioning through database schemas
API matches
POST ~ INSERT
GET ~ SELECT
PATCH ~ UPDATE
PUT ~ UPSERT
DELETE ~ DELETE
Auth ~ user roles
API calls
GET /customer?select=name, age, city,nation
POST /customer name, age, city,nation John,40,Boston,USA
Try postgrest
Source: https://github.com/begriffs/postgrest/
Docker image https://hub.docker.com/r/begriffs/postgrest/
Heroku
Postgrest: http://postgrest.com/
Postgrest client
PostgREST JavaScript client provides bindings and features to be used with PostgREST APIs.
Install with NPM in your projects folder.
$ npm install postgrest-client var PostgREST = require('postgrest-client') var Api = new PostgREST('https://postgrest.pgday.it')
Similar tool to Postgrest
PgREST http://pgre.st/a JSON document store
PostGraphQL https://github.com/calebmer/postgraphqla GraphQL schema created over a PostgreSQL schema
Questions?