SlideShare a Scribd company logo

MongoDB user group israel May

Alon Horev
Alon Horev

Protecting MongoDB with a RESTful API

Technology
1 of 42
Download to read offline
Protecting MongoDB With A RESTful API Alon Horev Israel MongoDB user group May 2013
Meta Alon Horev Twitter: @alonhorev Mail: alon@horev.net Blog: http://alon.horev.net
Cellular networks are choking Automatic optimization to the rescue: 1. Collect analytics 2. Analyze and update network configuration 3. Back to 1! SON – self optimizing networks An example: a loaded cell We’re a proud Python shop
Agenda Why and how we migrated to MongoDB Do you need an API? What is a RESTful API? A review of Intucell’s API MongoDB best practices
Why MongoDB? Scale and failover just works! Data center partition tolerance Development speed Fast prototyping – schema changes frequently Slows down when in need for joins and transactions
Migration Challenges Migrating from MySQL to MongoDB People have direct access to the DB 20 developers 40 analysts and tech support “No joins? SQL? Transactions? GUI?” A lot to make up for!
Why An API? Complement mongo – reports (joins!) and PQL Hide implementation – data store(s), short names Security - auth isn’t enough: {$where:'while(1){}‟} Resource management – run slow queries on slaves Schema and referential integrity
Type Of API Small layer on top of your driver Dictionaries and hashes - not OO! MongoEngine/MongoKit (ODM) Your own! RESTful Cross language Inherent to web apps Standards for caching, auth, throttling
RESTful “Representational state transfer” Not a standard but an architectural style Basically it’s a bunch of guidelines! Real world APIs break some of them HTTP as a communication layer Implementing CRUD using HTTP
RESTful Routes Resource Method and Route Meaning Users collection GET /users/ Read users DELETE /users/ Delete users PUT /users/ Update users POST /users/ Create user/s A user GET /users/<id> Read a user DELETE /users/<id> Delete a user PUT /users/<id> Update a user POST /users/<id> Create a user * RESTful APIs usually don’t support batch operations of create/update/delete
HTTP Crash Course GET /search?q=foo&source=web HTTP/1.1 Host: www.google.co.il Cache-Control: max-age=0 User-Agent: Mozilla/5.0 Accept: text/html,application/xml Accept-Encoding: gzip,deflate,sdch Cookie: PREF=ID=9a768e836b317d:U=fd620232bd98bd * Note that I removed and shortened some headers * query string parameters are limited to 2k! (browser specific)
HTTP Crash Course POST /api/v1/system/auth/users/alonho/ HTTP/1.1 Host: localhost Content-Length: 20 Content-Type: application/json User-Agent: python-requests/0.9.3 Cookie: token=6f01a9decd518f5cf5b4e14bddad {"password": "none"} * Note that I removed and shortened some headers * Content (body) is allowed only in POST/PUT
CLI for HTTP A CLI can make your life easier Each API call is defined by: A resource A method Parameters % son_cli –-create users name=„alon‟ +--------------------------+------+ | id | name | +==========================+======+ | 5192605a9716ab5a94b37d3c | alon | +--------------------------+------+
Resource Generation We already use MongoEngine Declarative Enforces schema Supports inheritance (multiple types in one collection) class User(Document): name = StringField(required=True) age = IntField(min_value=13, help_text=„Years alive‟, required=True) register_mongo_resource(User, „/users‟)
Create % son_cli –c users age=3 {„error‟: „Bad Request‟, „code‟: 400, „message‟: „Value 3 for field “age” is less than minimum value: 13‟} % son_cli -c users name='alon' age=120 +--------------------------+------+-----+ | id | name | age | +==========================+======+=====+ | 5192605a9716ab5a94b37d3c | alon | 120 | +--------------------------+------+-----+
Read % son_cli –r users +--------------------------+------+-----+ | id | name | age | +==========================+======+=====+ | 5192605a9716ab5a94b37d3c | alon | 120 | +--------------------------+------+-----+ | 5192608d9716ab5a94b37d3d | john | 100 | +--------------------------+------+-----+ | 519265909716ab5a94b37d3e | snow | 30 | +--------------------------+------+-----+ Sane defaults: by default read returns first 50 documents
Read Less % son_cli -r users page_size=2 page=0 fields=name,age +------+-----+ | name | age | +======+=====+ | alon | 120 | +------+-----+ | john | 100 | +------+-----+
Read Ordered % son_cli -r users fields=name,age order=age +------+-----+ | name | age | +======+=====+ | snow | 30 | +------+-----+ | john | 100 | +------+-----+ | alon | 120 | +------+-----+ How would you order by ascending age and descending name: % son_cli -r users order=age,-name
Read Filtered % son_cli -r users query=„age < 40 or name == “john”‟ +--------------------------+------+-----+ | id | name | age | +==========================+======+=====+ | 5192608d9716ab5a94b37d3d | john | 100 | +--------------------------+------+-----+ | 519265909716ab5a94b37d3e | snow | 30 | +--------------------------+------+-----+
Update % son_cli -u users.5192605a9716ab5a94b37d3c name=anakin +--------------------------+--------+-----+ | id | name | age | +==========================+========+=====+ | 5192605a9716ab5a94b37d3c | anakin | 120 | +--------------------------+--------+-----+ % son_cli –u users query=„age >= 120‟ age=100 +-------+ | count | +=======+ | 1 | +-------+
Delete % son_cli -d users.5192605a9716ab5a94b37d3c +--------------------------+--------+-----+ | id | name | age | +==========================+========+=====+ | 5192605a9716ab5a94b37d3c | anakin | 120 | +--------------------------+--------+-----+ % son_cli –d users query=„age >= 120‟ +-------+ | count | +=======+ | 1 | +-------+
Aggregations API % son_cli -r users.view.count +-------+ | count | +=======+ | 4 | +-------+ % son_cli -r users.view.count sum=age +-------+-----+ | count | age | +=======+=====+ | 4 | 321 | +-------+-----+
Aggregations API % son_cli -r users.view.count groupby=„age > 60‟ +-------+----------+ | count | age > 60 | +=======+==========+ | 3 | True | +-------+----------+ | 1 | False | +-------+----------+ % son_cli -r users.view.count groupby='age > 60,age % 2‟ sum=age +-------+---------+----------+-----+ | count | age % 2 | age > 60 | age | +=======+=========+==========+=====+ | 1 | 1 | True | 71 | +-------+---------+----------+-----+ | 2 | 0 | True | 220 | +-------+---------+----------+-----+ | 1 | 0 | False | 30 | +-------+---------+----------+-----+
Output Format % son_cli -r users.view.count groupby=„age > 60‟ format=csv "count","age > 60" "3","True" "1","False” % son_cli --json -r users.view.count fields='age > 60' [ { "count": 3, "age > 60": true }, { "count": 1, "age > 60": false } ]
Schema % son_cli --json -r users.schema { "type": "object", "properties": { "age": { "minimum": 13, "type": "integer", "description": "Years alive" }, "name": { "type": "string" }, "id": { "type": "string” } } } This JSON describing JSON is called JSON Schema
Defying REST Collection level updates are rarely seen Performance – how long will it take? Query strings too long for GET (2k) Fall back to POST/PUT (lose caching) Extend OPTIONS for route completion OPTIONS returns supported methods Added an extension that returns routes
Route Discovery % curl -X OPTIONS http://localhost/api/v1/ {„options‟: [„users/‟, „posts/‟]} % curl –X OPTIONS http://localhost/api/v1/users/ {„options‟: [„alon‟, „john‟]} % curl http://localhost/api/v1/users/alon {„name‟: „alon‟, „twitter‟: „alonhorev‟} * Available as an extension to flask called route-options
Documentation  Exposed through the API at /api/v1/docs  Displayed visually in the GUI
PQL
Querying Lets filter some users by names: Mongo: user_names = [„foo‟, „bar‟] db.users.find({„name‟: {„$in‟: user_names}}) SQL: name_list = „, ‟.join(map(sql_escape, user_names)) sql = „select * from users where name in ({})‟.format(name_list) * SQL users: do yourselves a favor and use an ORM.
Querying Lets find users older than 60 or younger than 20: Mongo: db.users.find({„$or‟: [{„age‟: {„$gt‟: 60}}, {„age‟: {„$lt‟: 20}}]) SQL: sql = „select * from users where age > 60 or age < 20‟
PQL Mongo’s queries are easier to compose SQL is easier to write when invoking ad-hoc queries PQL was born – Mongo queries for humans! >>> pql.find('age < 20 or age > 60‟) {'$or': [{'age': {'$lt': 20}}, {'age': {'$gt': 60}}]}
PQL – Schema! >>> pql.find('name == "foo"', schema={'first_name': pql.StringField(), 'last_name': pql.StringField()}) Traceback (most recent call last): ... ParseError: Field not found: name. options: ['first_name', 'last_name']
PQL - Aggregations Car listing: {made_on: ISODate("1973-03-24T00:00:02.013Z”), price: 21000} Number of cars and total of prices per year in 1970-1990: > from pql import project, match, group > collection.aggregate( project(made_on='year(made_on)', price='price') | match('made_on >= 1970 and made_on <= 1990') | group(_id='made_on', count='sum(1)', total='sum(price)'))
PQL - Aggregations Compare to this: > collection.aggregate([ {'$project': {'made_on': {'$year': '$made_on'}, 'price': '$price'}}, {'$match': {'made_on': {'$gte': 1970, '$lte': 1990}}}, {'$group': {'_id': '$made_on', 'count': {'$sum': 1}, 'total‟: {'$sum': '$price'}}}]) Write less characters: > project(price='base * tax + commision‟) [{'$project': {'price‟: {'$add': [{'$multiply': ['$base', '$tax']},'$commision']}}}]
BSON != JSON ObjectID and Date are BSON specific! Convert them to strings Using a codec is better – symmetrical! >>> from bson import json_util >>> json_util.dumps(datetime.datetime.now()) {"$date”: 1367970875910} >>> json_util.dumps(bson.ObjectId()) {"$oid": "51896a43b46551eff3f43594"}
Python != JSON JSON Document Python Dictionary Key type Only strings Anything immutable Key order Ordered Unordered Example: user id to name mapping Python: {1234: „Alon Horev‟, 1038: „John Wayne‟} Javascript: [{„id‟: 1234, „name‟: „Alon Horev‟}, {„id‟: 1038, „name‟: „John Wayne‟}]
Python != JSON db.users.ensureIndex({'friends.id': 1}) db.users.insert({friends: [{id: 123, name: „foo‟}]}) db.users.find({'friends.id': 123}).explain() { "cursor": "BtreeCursor friends.id_1", ... }
References http://python-eve.org/ - A new RESTful API for MongoDB written in Python http://flask.pocoo.org/– A great python web framework https://github.com/alonho/pql - The PQL query translator https://github.com/micha/resty - resty enhances curl for RESTful API calls Learn from others! Twitter and Facebook have great RESTful APIs

Recommended

OSCamp #4 on Foreman | CLI tools with Foreman by Martin Bačovský
OSCamp #4 on Foreman | CLI tools with Foreman by Martin BačovskýOSCamp #4 on Foreman | CLI tools with Foreman by Martin Bačovský
OSCamp #4 on Foreman | CLI tools with Foreman by Martin BačovskýNETWAYS
 
I Don't Care About Security (And Neither Should You)
I Don't Care About Security (And Neither Should You)I Don't Care About Security (And Neither Should You)
I Don't Care About Security (And Neither Should You)Joel Lord
 
SunshinePHP 2017 - Making the most out of MySQL
SunshinePHP 2017 - Making the most out of MySQLSunshinePHP 2017 - Making the most out of MySQL
SunshinePHP 2017 - Making the most out of MySQLGabriela Ferrara
 
Index chrome
Index chromeIndex chrome
Index chromeHeverton Peres
 
I Don't Care About Security (And Neither Should You)
I Don't Care About Security (And Neither Should You)I Don't Care About Security (And Neither Should You)
I Don't Care About Security (And Neither Should You)Joel Lord
 
Hypermedia APIs - GeekOut
Hypermedia APIs - GeekOutHypermedia APIs - GeekOut
Hypermedia APIs - GeekOutJan Kronquist
 
Jsp Notes
Jsp NotesJsp Notes
Jsp NotesRajiv Gupta
 
A bug bounty tale: Chrome, stylesheets, cookies, and AES
A bug bounty tale: Chrome, stylesheets, cookies, and AESA bug bounty tale: Chrome, stylesheets, cookies, and AES
A bug bounty tale: Chrome, stylesheets, cookies, and AEScgvwzq
 

More Related Content

What's hot

I Don't Care About Security (And Neither Should You)
I Don't Care About Security (And Neither Should You)I Don't Care About Security (And Neither Should You)
I Don't Care About Security (And Neither Should You)Joel Lord
 
Summit2014 topic 0066 - 10 enhancements that require 10 lines of code
Summit2014 topic 0066 - 10 enhancements that require 10 lines of codeSummit2014 topic 0066 - 10 enhancements that require 10 lines of code
Summit2014 topic 0066 - 10 enhancements that require 10 lines of codeAngel Borroy López
 
User registration and login using stored procedure in php
User registration and login using stored procedure in phpUser registration and login using stored procedure in php
User registration and login using stored procedure in phpPHPGurukul Blog
 
Writing Secure Code for WordPress
Writing Secure Code for WordPressWriting Secure Code for WordPress
Writing Secure Code for WordPressShawn Hooper
 
ASP.Net, move data to and from a SQL Server Database
ASP.Net, move data to and from a SQL Server DatabaseASP.Net, move data to and from a SQL Server Database
ASP.Net, move data to and from a SQL Server DatabaseChristopher Singleton
 
Sps mad2019 es el momento, empieza a desarrollar para microsoft teams
Sps mad2019 es el momento, empieza a desarrollar para microsoft teams Sps mad2019 es el momento, empieza a desarrollar para microsoft teams
Sps mad2019 es el momento, empieza a desarrollar para microsoft teams Ruben Ramos
 

What's hot (8)

Dr.Repi
Dr.Repi Dr.Repi
Dr.Repi
 
I Don't Care About Security (And Neither Should You)
I Don't Care About Security (And Neither Should You)I Don't Care About Security (And Neither Should You)
I Don't Care About Security (And Neither Should You)
 
Anex....,,,.
Anex....,,,.Anex....,,,.
Anex....,,,.
 
Summit2014 topic 0066 - 10 enhancements that require 10 lines of code
Summit2014 topic 0066 - 10 enhancements that require 10 lines of codeSummit2014 topic 0066 - 10 enhancements that require 10 lines of code
Summit2014 topic 0066 - 10 enhancements that require 10 lines of code
 
User registration and login using stored procedure in php
User registration and login using stored procedure in phpUser registration and login using stored procedure in php
User registration and login using stored procedure in php
 
Writing Secure Code for WordPress
Writing Secure Code for WordPressWriting Secure Code for WordPress
Writing Secure Code for WordPress
 
ASP.Net, move data to and from a SQL Server Database
ASP.Net, move data to and from a SQL Server DatabaseASP.Net, move data to and from a SQL Server Database
ASP.Net, move data to and from a SQL Server Database
 
Sps mad2019 es el momento, empieza a desarrollar para microsoft teams
Sps mad2019 es el momento, empieza a desarrollar para microsoft teams Sps mad2019 es el momento, empieza a desarrollar para microsoft teams
Sps mad2019 es el momento, empieza a desarrollar para microsoft teams
 

Similar to MongoDB user group israel May

Modern query optimisation features in MySQL 8.
Modern query optimisation features in MySQL 8.Modern query optimisation features in MySQL 8.
Modern query optimisation features in MySQL 8.Mydbops
 
OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control - W...
OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control - W...OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control - W...
OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control - W...Maarten Balliauw
 
Fluentd 20150918 no_demo_public
Fluentd 20150918 no_demo_publicFluentd 20150918 no_demo_public
Fluentd 20150918 no_demo_publicSaewoong Lee
 
Short Intro to PHP and MySQL
Short Intro to PHP and MySQLShort Intro to PHP and MySQL
Short Intro to PHP and MySQLJussi Pohjolainen
 
[CB16] Esoteric Web Application Vulnerabilities by Andrés Riancho
[CB16] Esoteric Web Application Vulnerabilities by Andrés Riancho[CB16] Esoteric Web Application Vulnerabilities by Andrés Riancho
[CB16] Esoteric Web Application Vulnerabilities by Andrés RianchoCODE BLUE
 
Being HAPI! Reverse Proxying on Purpose
Being HAPI! Reverse Proxying on PurposeBeing HAPI! Reverse Proxying on Purpose
Being HAPI! Reverse Proxying on PurposeAman Kohli
 
Python RESTful webservices with Python: Flask and Django solutions
Python RESTful webservices with Python: Flask and Django solutionsPython RESTful webservices with Python: Flask and Django solutions
Python RESTful webservices with Python: Flask and Django solutionsSolution4Future
 
Cognitive data capture with Elis - Rossum's technical webinar
Cognitive data capture with Elis - Rossum's technical webinarCognitive data capture with Elis - Rossum's technical webinar
Cognitive data capture with Elis - Rossum's technical webinarPetr Baudis
 
Pentesting RESTful webservices
Pentesting RESTful webservicesPentesting RESTful webservices
Pentesting RESTful webservicesMohammed A. Imran
 
Why you should be using structured logs
Why you should be using structured logsWhy you should be using structured logs
Why you should be using structured logsStefan Krawczyk
 
OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control
OAuth-as-a-service using ASP.NET Web API and Windows Azure Access ControlOAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control
OAuth-as-a-service using ASP.NET Web API and Windows Azure Access ControlMaarten Balliauw
 
The top 10 security issues in web applications
The top 10 security issues in web applicationsThe top 10 security issues in web applications
The top 10 security issues in web applicationsDevnology
 
SharePoint 2010 authentications
SharePoint 2010 authenticationsSharePoint 2010 authentications
SharePoint 2010 authenticationsWyngate Solutions
 
Architecting Secure and Compliant Applications with MongoDB
Architecting Secure and Compliant Applications with MongoDB Architecting Secure and Compliant Applications with MongoDB
Architecting Secure and Compliant Applications with MongoDB MongoDB
 
OAuth-as-a-service - using ASP.NET Web API and Windows Azure Access Control -...
OAuth-as-a-service - using ASP.NET Web API and Windows Azure Access Control -...OAuth-as-a-service - using ASP.NET Web API and Windows Azure Access Control -...
OAuth-as-a-service - using ASP.NET Web API and Windows Azure Access Control -...Maarten Balliauw
 
Windows Server 2008 (PowerShell Scripting Uygulamaları)
Windows Server 2008 (PowerShell Scripting Uygulamaları)Windows Server 2008 (PowerShell Scripting Uygulamaları)
Windows Server 2008 (PowerShell Scripting Uygulamaları)ÇözümPARK
 
Automating Networks by using API
Automating Networks by using APIAutomating Networks by using API
Automating Networks by using API一清 井上
 
Observability of InfluxDB IOx: Tracing, Metrics and System Tables
Observability of InfluxDB IOx: Tracing, Metrics and System TablesObservability of InfluxDB IOx: Tracing, Metrics and System Tables
Observability of InfluxDB IOx: Tracing, Metrics and System TablesInfluxData
 

Similar to MongoDB user group israel May (20)

Modern query optimisation features in MySQL 8.
Modern query optimisation features in MySQL 8.Modern query optimisation features in MySQL 8.
Modern query optimisation features in MySQL 8.
 
OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control - W...
OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control - W...OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control - W...
OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control - W...
 
Fluentd 20150918 no_demo_public
Fluentd 20150918 no_demo_publicFluentd 20150918 no_demo_public
Fluentd 20150918 no_demo_public
 
Short Intro to PHP and MySQL
Short Intro to PHP and MySQLShort Intro to PHP and MySQL
Short Intro to PHP and MySQL
 
Real
RealReal
Real
 
[CB16] Esoteric Web Application Vulnerabilities by Andrés Riancho
[CB16] Esoteric Web Application Vulnerabilities by Andrés Riancho[CB16] Esoteric Web Application Vulnerabilities by Andrés Riancho
[CB16] Esoteric Web Application Vulnerabilities by Andrés Riancho
 
Being HAPI! Reverse Proxying on Purpose
Being HAPI! Reverse Proxying on PurposeBeing HAPI! Reverse Proxying on Purpose
Being HAPI! Reverse Proxying on Purpose
 
Python RESTful webservices with Python: Flask and Django solutions
Python RESTful webservices with Python: Flask and Django solutionsPython RESTful webservices with Python: Flask and Django solutions
Python RESTful webservices with Python: Flask and Django solutions
 
Cognitive data capture with Elis - Rossum's technical webinar
Cognitive data capture with Elis - Rossum's technical webinarCognitive data capture with Elis - Rossum's technical webinar
Cognitive data capture with Elis - Rossum's technical webinar
 
Pentesting RESTful webservices
Pentesting RESTful webservicesPentesting RESTful webservices
Pentesting RESTful webservices
 
Why you should be using structured logs
Why you should be using structured logsWhy you should be using structured logs
Why you should be using structured logs
 
OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control
OAuth-as-a-service using ASP.NET Web API and Windows Azure Access ControlOAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control
OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control
 
The top 10 security issues in web applications
The top 10 security issues in web applicationsThe top 10 security issues in web applications
The top 10 security issues in web applications
 
SharePoint 2010 authentications
SharePoint 2010 authenticationsSharePoint 2010 authentications
SharePoint 2010 authentications
 
Architecting Secure and Compliant Applications with MongoDB
Architecting Secure and Compliant Applications with MongoDB Architecting Secure and Compliant Applications with MongoDB
Architecting Secure and Compliant Applications with MongoDB
 
OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control
OAuth-as-a-service using ASP.NET Web API and Windows Azure Access ControlOAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control
OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control
 
OAuth-as-a-service - using ASP.NET Web API and Windows Azure Access Control -...
OAuth-as-a-service - using ASP.NET Web API and Windows Azure Access Control -...OAuth-as-a-service - using ASP.NET Web API and Windows Azure Access Control -...
OAuth-as-a-service - using ASP.NET Web API and Windows Azure Access Control -...
 
Windows Server 2008 (PowerShell Scripting Uygulamaları)
Windows Server 2008 (PowerShell Scripting Uygulamaları)Windows Server 2008 (PowerShell Scripting Uygulamaları)
Windows Server 2008 (PowerShell Scripting Uygulamaları)
 
Automating Networks by using API
Automating Networks by using APIAutomating Networks by using API
Automating Networks by using API
 
Observability of InfluxDB IOx: Tracing, Metrics and System Tables
Observability of InfluxDB IOx: Tracing, Metrics and System TablesObservability of InfluxDB IOx: Tracing, Metrics and System Tables
Observability of InfluxDB IOx: Tracing, Metrics and System Tables
 

Recently uploaded

Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...Nikki Chapple
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch TuesdayIvanti
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda
 
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data IntegrationBridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integrationmarketing932765
 
Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Kaya Weers
 
A Glance At The Java Performance Toolbox
A Glance At The Java Performance ToolboxA Glance At The Java Performance Toolbox
A Glance At The Java Performance ToolboxAna-Maria Mihalceanu
 
Landscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdfLandscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdfAarwolf Industries LLC
 
4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sector
4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sector4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sector
4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sectoritnewsafrica
 
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...itnewsafrica
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI AgeCprime
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
React Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkReact Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkPixlogix Infotech
 
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesMuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesManik S Magar
 
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)Mark Simos
 
Accelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with PlatformlessAccelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with PlatformlessWSO2
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Hiroshi SHIBATA
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Alkin Tezuysal
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq
 
QCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesQCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesBernd Ruecker
 

Recently uploaded (20)

Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and Insights
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
 
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data IntegrationBridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
 
Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)
 
A Glance At The Java Performance Toolbox
A Glance At The Java Performance ToolboxA Glance At The Java Performance Toolbox
A Glance At The Java Performance Toolbox
 
Landscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdfLandscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdf
 
4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sector
4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sector4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sector
4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sector
 
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI Age
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
React Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkReact Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App Framework
 
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesMuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
 
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
 
Accelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with PlatformlessAccelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with Platformless
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
 
QCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesQCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architectures
 

MongoDB user group israel May

  • 1. Protecting MongoDB With A RESTful API Alon Horev Israel MongoDB user group May 2013
  • 2. Meta Alon Horev Twitter: @alonhorev Mail: alon@horev.net Blog: http://alon.horev.net
  • 3. Cellular networks are choking Automatic optimization to the rescue: 1. Collect analytics 2. Analyze and update network configuration 3. Back to 1! SON – self optimizing networks An example: a loaded cell We’re a proud Python shop
  • 4. Agenda Why and how we migrated to MongoDB Do you need an API? What is a RESTful API? A review of Intucell’s API MongoDB best practices
  • 5. Why MongoDB? Scale and failover just works! Data center partition tolerance Development speed Fast prototyping – schema changes frequently Slows down when in need for joins and transactions
  • 6. Migration Challenges Migrating from MySQL to MongoDB People have direct access to the DB 20 developers 40 analysts and tech support “No joins? SQL? Transactions? GUI?” A lot to make up for!
  • 7. Why An API? Complement mongo – reports (joins!) and PQL Hide implementation – data store(s), short names Security - auth isn’t enough: {$where:'while(1){}‟} Resource management – run slow queries on slaves Schema and referential integrity
  • 8. Type Of API Small layer on top of your driver Dictionaries and hashes - not OO! MongoEngine/MongoKit (ODM) Your own! RESTful Cross language Inherent to web apps Standards for caching, auth, throttling
  • 9. RESTful “Representational state transfer” Not a standard but an architectural style Basically it’s a bunch of guidelines! Real world APIs break some of them HTTP as a communication layer Implementing CRUD using HTTP
  • 10. RESTful Routes Resource Method and Route Meaning Users collection GET /users/ Read users DELETE /users/ Delete users PUT /users/ Update users POST /users/ Create user/s A user GET /users/<id> Read a user DELETE /users/<id> Delete a user PUT /users/<id> Update a user POST /users/<id> Create a user * RESTful APIs usually don’t support batch operations of create/update/delete
  • 11. HTTP Crash Course GET /search?q=foo&source=web HTTP/1.1 Host: www.google.co.il Cache-Control: max-age=0 User-Agent: Mozilla/5.0 Accept: text/html,application/xml Accept-Encoding: gzip,deflate,sdch Cookie: PREF=ID=9a768e836b317d:U=fd620232bd98bd * Note that I removed and shortened some headers * query string parameters are limited to 2k! (browser specific)
  • 12. HTTP Crash Course POST /api/v1/system/auth/users/alonho/ HTTP/1.1 Host: localhost Content-Length: 20 Content-Type: application/json User-Agent: python-requests/0.9.3 Cookie: token=6f01a9decd518f5cf5b4e14bddad {"password": "none"} * Note that I removed and shortened some headers * Content (body) is allowed only in POST/PUT
  • 13. CLI for HTTP A CLI can make your life easier Each API call is defined by: A resource A method Parameters % son_cli –-create users name=„alon‟ +--------------------------+------+ | id | name | +==========================+======+ | 5192605a9716ab5a94b37d3c | alon | +--------------------------+------+
  • 14. Resource Generation We already use MongoEngine Declarative Enforces schema Supports inheritance (multiple types in one collection) class User(Document): name = StringField(required=True) age = IntField(min_value=13, help_text=„Years alive‟, required=True) register_mongo_resource(User, „/users‟)
  • 15. Create % son_cli –c users age=3 {„error‟: „Bad Request‟, „code‟: 400, „message‟: „Value 3 for field “age” is less than minimum value: 13‟} % son_cli -c users name='alon' age=120 +--------------------------+------+-----+ | id | name | age | +==========================+======+=====+ | 5192605a9716ab5a94b37d3c | alon | 120 | +--------------------------+------+-----+
  • 16. Read % son_cli –r users +--------------------------+------+-----+ | id | name | age | +==========================+======+=====+ | 5192605a9716ab5a94b37d3c | alon | 120 | +--------------------------+------+-----+ | 5192608d9716ab5a94b37d3d | john | 100 | +--------------------------+------+-----+ | 519265909716ab5a94b37d3e | snow | 30 | +--------------------------+------+-----+ Sane defaults: by default read returns first 50 documents
  • 17. Read Less % son_cli -r users page_size=2 page=0 fields=name,age +------+-----+ | name | age | +======+=====+ | alon | 120 | +------+-----+ | john | 100 | +------+-----+
  • 18. Read Ordered % son_cli -r users fields=name,age order=age +------+-----+ | name | age | +======+=====+ | snow | 30 | +------+-----+ | john | 100 | +------+-----+ | alon | 120 | +------+-----+ How would you order by ascending age and descending name: % son_cli -r users order=age,-name
  • 19. Read Filtered % son_cli -r users query=„age < 40 or name == “john”‟ +--------------------------+------+-----+ | id | name | age | +==========================+======+=====+ | 5192608d9716ab5a94b37d3d | john | 100 | +--------------------------+------+-----+ | 519265909716ab5a94b37d3e | snow | 30 | +--------------------------+------+-----+
  • 20. Update % son_cli -u users.5192605a9716ab5a94b37d3c name=anakin +--------------------------+--------+-----+ | id | name | age | +==========================+========+=====+ | 5192605a9716ab5a94b37d3c | anakin | 120 | +--------------------------+--------+-----+ % son_cli –u users query=„age >= 120‟ age=100 +-------+ | count | +=======+ | 1 | +-------+
  • 21. Delete % son_cli -d users.5192605a9716ab5a94b37d3c +--------------------------+--------+-----+ | id | name | age | +==========================+========+=====+ | 5192605a9716ab5a94b37d3c | anakin | 120 | +--------------------------+--------+-----+ % son_cli –d users query=„age >= 120‟ +-------+ | count | +=======+ | 1 | +-------+
  • 22. Aggregations API % son_cli -r users.view.count +-------+ | count | +=======+ | 4 | +-------+ % son_cli -r users.view.count sum=age +-------+-----+ | count | age | +=======+=====+ | 4 | 321 | +-------+-----+
  • 23. Aggregations API % son_cli -r users.view.count groupby=„age > 60‟ +-------+----------+ | count | age > 60 | +=======+==========+ | 3 | True | +-------+----------+ | 1 | False | +-------+----------+ % son_cli -r users.view.count groupby='age > 60,age % 2‟ sum=age +-------+---------+----------+-----+ | count | age % 2 | age > 60 | age | +=======+=========+==========+=====+ | 1 | 1 | True | 71 | +-------+---------+----------+-----+ | 2 | 0 | True | 220 | +-------+---------+----------+-----+ | 1 | 0 | False | 30 | +-------+---------+----------+-----+
  • 24. Output Format % son_cli -r users.view.count groupby=„age > 60‟ format=csv "count","age > 60" "3","True" "1","False” % son_cli --json -r users.view.count fields='age > 60' [ { "count": 3, "age > 60": true }, { "count": 1, "age > 60": false } ]
  • 25. Schema % son_cli --json -r users.schema { "type": "object", "properties": { "age": { "minimum": 13, "type": "integer", "description": "Years alive" }, "name": { "type": "string" }, "id": { "type": "string” } } } This JSON describing JSON is called JSON Schema
  • 26. Defying REST Collection level updates are rarely seen Performance – how long will it take? Query strings too long for GET (2k) Fall back to POST/PUT (lose caching) Extend OPTIONS for route completion OPTIONS returns supported methods Added an extension that returns routes
  • 27. Route Discovery % curl -X OPTIONS http://localhost/api/v1/ {„options‟: [„users/‟, „posts/‟]} % curl –X OPTIONS http://localhost/api/v1/users/ {„options‟: [„alon‟, „john‟]} % curl http://localhost/api/v1/users/alon {„name‟: „alon‟, „twitter‟: „alonhorev‟} * Available as an extension to flask called route-options
  • 28. Documentation  Exposed through the API at /api/v1/docs  Displayed visually in the GUI
  • 29. PQL
  • 30. Querying Lets filter some users by names: Mongo: user_names = [„foo‟, „bar‟] db.users.find({„name‟: {„$in‟: user_names}}) SQL: name_list = „, ‟.join(map(sql_escape, user_names)) sql = „select * from users where name in ({})‟.format(name_list) * SQL users: do yourselves a favor and use an ORM.
  • 31. Querying Lets find users older than 60 or younger than 20: Mongo: db.users.find({„$or‟: [{„age‟: {„$gt‟: 60}}, {„age‟: {„$lt‟: 20}}]) SQL: sql = „select * from users where age > 60 or age < 20‟
  • 32. PQL Mongo’s queries are easier to compose SQL is easier to write when invoking ad-hoc queries PQL was born – Mongo queries for humans! >>> pql.find('age < 20 or age > 60‟) {'$or': [{'age': {'$lt': 20}}, {'age': {'$gt': 60}}]}
  • 33. PQL – Schema! >>> pql.find('name == "foo"', schema={'first_name': pql.StringField(), 'last_name': pql.StringField()}) Traceback (most recent call last): ... ParseError: Field not found: name. options: ['first_name', 'last_name']
  • 34. PQL - Aggregations Car listing: {made_on: ISODate("1973-03-24T00:00:02.013Z”), price: 21000} Number of cars and total of prices per year in 1970-1990: > from pql import project, match, group > collection.aggregate( project(made_on='year(made_on)', price='price') | match('made_on >= 1970 and made_on <= 1990') | group(_id='made_on', count='sum(1)', total='sum(price)'))
  • 35. PQL - Aggregations Compare to this: > collection.aggregate([ {'$project': {'made_on': {'$year': '$made_on'}, 'price': '$price'}}, {'$match': {'made_on': {'$gte': 1970, '$lte': 1990}}}, {'$group': {'_id': '$made_on', 'count': {'$sum': 1}, 'total‟: {'$sum': '$price'}}}]) Write less characters: > project(price='base * tax + commision‟) [{'$project': {'price‟: {'$add': [{'$multiply': ['$base', '$tax']},'$commision']}}}]
  • 36.
  • 37.
  • 38. BSON != JSON ObjectID and Date are BSON specific! Convert them to strings Using a codec is better – symmetrical! >>> from bson import json_util >>> json_util.dumps(datetime.datetime.now()) {"$date”: 1367970875910} >>> json_util.dumps(bson.ObjectId()) {"$oid": "51896a43b46551eff3f43594"}
  • 39.
  • 40. Python != JSON JSON Document Python Dictionary Key type Only strings Anything immutable Key order Ordered Unordered Example: user id to name mapping Python: {1234: „Alon Horev‟, 1038: „John Wayne‟} Javascript: [{„id‟: 1234, „name‟: „Alon Horev‟}, {„id‟: 1038, „name‟: „John Wayne‟}]
  • 41. Python != JSON db.users.ensureIndex({'friends.id': 1}) db.users.insert({friends: [{id: 123, name: „foo‟}]}) db.users.find({'friends.id': 123}).explain() { "cursor": "BtreeCursor friends.id_1", ... }
  • 42. References http://python-eve.org/ - A new RESTful API for MongoDB written in Python http://flask.pocoo.org/– A great python web framework https://github.com/alonho/pql - The PQL query translator https://github.com/micha/resty - resty enhances curl for RESTful API calls Learn from others! Twitter and Facebook have great RESTful APIs

Editor's Notes

  1. Developers use the database for debugging and introspection.Analysts learned SQL and used the database for performance analysis and report generation.
  2. You would not find a spec or a reference implementation.There are good examples out there (facebook, twitter) and good framworks to help you build RESTful APIs.
  3. Stands for python query language