Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
RESTful Web API With Python, Flask and Mongo Nicola Iaroccimercol...
Good Morning.mercoledì 4 luglio 2012
@nicolaiaroccimercoledì 4 luglio 2012
Full Disclosuremercoledì 4 luglio 2012
I’m a .NET guy 20 years in the Microsoft ecosystem Scary, Y...
mercoledì 4 luglio 2012
Still with me? Great.mercoledì 4 luglio 2012
gestionaleamica.com invoicing & accountingmercoledì 4 luglio 2012
Your Typical Old School Desktop App... ... now going web & mobilemercoledì ...
Enter Python Flask and Mongomercoledì 4 luglio 2012
REST So What Is REST All About?mercoledì 4 luglio 2012
REST is not a standardmercoledì 4 luglio 2012
REST is not a protocolmercoledì 4 luglio 2012
REST is an architectural style for networked ...
REST defines a set of simple principles ...
#1 resource the source of a specific informationmercoledì 4 lugl...
A web page is not a resource rather, the representation of a resour...
#2 global permanent identifier every re...
#3 standard interface used to exchange representations of resources ...
#4 set of constraints separation of concerns, stateless, cacheability,...
The World Wide Web is built on REST and it is meant to be consumed by huma...
RESTful Web APIs are built on REST and are meant to be consumed by machi...
Beginners Reading How I Explained REST to My Wife ...
The Real Stuff Representational State Transfer (REST) ...
RESTful Web API Nuts & Boltsmercoledì 4 luglio 2012
The Tools or why I picked Flask and Mongomercoledì 4 luglio 2012
Flask web development, one drop at a timemercoledì 4 luglio 2012
Simple & Elegant from flask import Flask app = Flask(__name__) ...
RESTful request dispacthing @app.route(/user/<username>) ...
Built-in development server & debugger from flask import Flask ...
Explicit & passable application objects from flask import Flask ...
100% WSGI Compliant e.g., response objects are WSGI applications themselves from flask i...
Minimal Footprint Only 800 lines of source codemercoledì 4 luglio 2012
Heavily Tested 1500 lines of testsmercoledì 4 luglio 2012
Unittesting Support one day I will make good use of itmercoledì 4 luglio 2012
Bring Your Own Batteries we aim for flexibilitymercoledì 4 luglio...
No built-in ORM we want to be as close to the bare metal as possiblemercoledì 4 luglio 2012
No form validation we don’t need no freaking form validationmercoledì 4 luglio 2012
No data validation Python offers great tools to manipulate JSON, we...
Layered API built on Werkzeug, Jinja2, WSGImercoledì 4 luglio 2012
Built by the Pros The Pocoo Team did Werkzeug, Jinja2, Sphinx, P...
Excellent Documentation Over 200 pages, lots of examples and howtosme...
Active Community Widely adopted, extensions for everythingmercoledì 4 luglio 2012
“Flask is a sharp tool for building sharp services” ...
MongoDB scalable, high-performance, open source NoSQL databasemercoledì...
Similarity with RDBMS made NoSQL easy to grasp (even for a dumbhead like me)mercoledì...
Terminology RDBMS Mongo Database Database ...
JSON-style data store true selling point for memercoledì 4 luglio 2012
JSON & RESTful API GET Client ...
JSON & RESTful API GET Client API ...
JSON & RESTful API POST Client API ...
What about Queries? Queries in MongoDB are represented as JSON-style objects // select * from things ...
JSON & RESTful API FILTERING & SORTING ?w...
JSON all along the pipeline mapping to and from the database feels more naturalm...
Schema-less dynamic objects allow for a painless evolution of our schema (because yes, a schema exists at any ...
ORM Where we’re going we don’t need ORMs.mercoledì 4 luglio 2012
PyMongo official Python driver all we need to interact with th...
Also in MongoDB • setup is a breeze • lightweight • fast inser...
A Great Introduction To MongoDB The Little MongoDB Book ...
Shameless Plug Il Piccolo Libro di MongoDB ...
MongoDB Interactive Tutorial http://tutorial.mongly.com/tutorial/indexmer...
RESTful Web APIs are really just collection of resources a...
#1 each resource is identified by a persiste...
Collections API’s entry point + plural nouns http://api.example.com/v1/...
Collections Flask URL dispatcher allows for variables @app.route(/<coll...
Collections Flask URL dispatcher allows for variables @app.route(/<coll...
Collections Flask URL dispatcher allows for variables @app.route(/<coll...
RegEx by design, collection URLs are plural nouns @app.route(/<regex("[w]*[Ss]"):col...
RegEx We need to build our own Custom Converter class RegexConverter(BaseConverter): ...
Document Documents are identified by ObjectID http://api.example.com/v1/contacts/4f46445fc88e20185...
Document @app.route(/<regex("[w]*[Ss]"):collection>/<lookup>) @app.route(/<regex("[w]*[Ss]"):collection> ...
Document @app.route(/<regex("[w]*[Ss]"):collection>/<lookup>) @app.route(/<regex("[w]*[Ss]"):collection> ...
Document @app.route(/<regex("[w]*[Ss]"):collection>/<lookup>) @app.route(/<regex("[w]*[Ss]"):collection> ...
#2 representation of resources via media types JSON, XML or any ...
Accepted Media Types mapping supported media types to corresponding rend...
Accepted Media Types mapping supported media types to corresponding rend...
Accepted Media Types mapping supported media types to corresponding rend...
Accepted Media Types mapping supported media types to corresponding rend...
JSON Render datetimes and ObjectIDs call for further tinkering class APIEncoder(json.JSON...
JSON Render datetimes and ObjectIDs call for further tinkering class APIEncoder(json.JSON...
JSON Render datetimes and ObjectIDs call for further tinkering class APIEncoder(json.JSON...
JSON Render datetimes and ObjectIDs call for further tinkering class APIEncoder(json.JSON...
JSON Render datetimes and ObjectIDs call for further tinkering class APIEncoder(json.JSON...
Rendering Render to JSON or XML and get WSGI response object def prep_response(dct, status=200...
Rendering Render to JSON or XML and get WSGI response object def prep_response(dct, status=200...
Rendering Render to JSON or XML and get WSGI response object def prep_response(dct, status=200...
Rendering Render to JSON or XML and get WSGI response object def prep_response(dct, status=200...
Flask-MimeRender “Python module for RESTful resource representation using MIME Media-Types and the F...
Flask-MimeRender Render Functions render_json = jsonify render_xml = lambda message: <m...
Flask-MimeRender then you just decorate your end-point function @app.route(/) @mimerender( ...
Flask-MimeRender Requests $ curl -H "Accept: application/html" example.com/ <html><bo...
#3 resource manipulation through HTTP verbs “GET, POST, PUT,...
HTTP Methods Verbs are handled along with URL routing @app.route(/<collection>, methods=[GET, P...
HTTP Methods Verbs are handled along with URL routing @app.route(/<collection>, methods=[GET, P...
HTTP Methods Verbs are handled along with URL routing @app.route(/<collection>, methods=[GET, P...
HTTP Methods Verbs are handled along with URL routing @app.route(/<collection>, methods=[GET, P...
CRUD via REST Acttion HTTP Verb Context Collec...
GET Retrieve Multiple Documents (accepting Queries) http://api.example.com/v1/contacts?...
Collection GET http://api.example.com/v1/contacts?where={“age”: {“$gt”: 20}} def get_collection(collection):...
Collection GET http://api.example.com/v1/contacts?where={“age”: {“$gt”: 20}} def get_collection(collection):...
Collection GET http://api.example.com/v1/contacts?where={“age”: {“$gt”: 20}} def get_collection(collection):...
Collection GET http://api.example.com/v1/contacts?where={“age”: {“$gt”: 20}} def get_collection(collection):...
Collection GET http://api.example.com/v1/contacts?where={“age”: {“$gt”: 20}} def get_collection(collection):...
Interlude On encoding JSON datesmercoledì 4 luglio 2012
On encoding JSON dates • We don’t want to force metadata into ...
uy e g ind th eh is b ed R Because, you knowmercoledì 4 luglio 2012
Parsing JSON dates this is what I came out with >>> source = {"updated": "Thu...
Parsing JSON dates this is what I came out with >>> source = {"updated": "Thu...
Parsing JSON dates this is what I came out with >>> source = {"updated": "Thu...
Parsing JSON dates this is what I came out with >>> source = {"updated": "Thu...
Parsing JSON dates this is what I came out with >>> source = {"updated": "Thu...
Parsing JSON dates this is what I came out with >>> source = {"updated": "Thu...
PATCH Editing a Resourcemercoledì 4 luglio 2012
Why not PUT? • PUT means resource creation or replacement at a given URL ...
‘atomic’ PUT updates are ok when each field is itself a resource ht...
Enter PATCH “This specification defines the new method, PATCH, which is used to apply partial modificatio...
PATCH • send a “patch document” with just the changes to be applied to the...
PATCHing def patch_document(collection, original): docs = parse_request(request.form) if len(docs) > 1: ...
PATCHing def patch_document(collection, original): docs = parse_request(request.form) if len(docs) > 1: ...
PATCHing def patch_document(collection, original): docs = parse_request(request.form) if len(docs) > 1: ...
PATCHing def patch_document(collection, original): docs = parse_request(request.form) if len(docs) > 1: ...
PATCHing def patch_document(collection, original): docs = parse_request(request.form) if len(docs) > 1: ...
PATCHing def patch_document(collection, original): docs = parse_request(request.form) ...
PATCHing def patch_document(collection, original): docs = parse_request(request.form) mongo update() met...
PATCHing def patch_document(collection, original): docs = parse_request(request.form) if len(docs) > 1: ...
PATCHing def patch_document(collection, original): docs = parse_request(request.form) if len(docs) > 1: ...
POST Creating Resourcesmercoledì 4 luglio 2012
POSTing def post(collection): docs = parse_request(request.form) response = {} for key...
POSTing def post(collection): docs = parse_request(request.form) response = {} for key...
POSTing def post(collection): docs = parse_request(request.form) response = {} for key...
POSTing def post(collection): docs = parse_request(request.form) response = {} for key...
POSTing def post(collection): docs = parse_request(request.form) response = {} for key...
POSTing def post(collection): docs = parse_request(request.form) response = {} for key...
POSTing def post(collection): docs = parse_request(request.form) response = {} for key...
Data Validation We still need to validate incoming datamercoledì 4 luglio 2012
Data Validation DOMAIN = {} DOMAIN[contacts] = { ...
Data Validation DOMAIN = {} DOMAIN[contacts] = { ...
Data Validation DOMAIN = {} DOMAIN[contacts] = { ...
Data Validation DOMAIN = {} DOMAIN[contacts] = { ...
Data Validation DOMAIN = {} DOMAIN[contacts] = { ...
Data Validation (...) iban: { data_type: st...
Data Validation (...) contact_type: { ...
Data Validation (...) contact_type: { ...
I will spare you the validation function It’s pretty simple reallyme...
Hey but! You’re building your own ORM! Just a thin validat...
#4 Caching and concurrency control resource ...
Driving conditional requests Servers use Last-Modified and ETag response...
Last-Modified Generally considered a weak validator since it has a one...
ETag Entity Tag is a strong validator since its value can be changed every time the...
On ETags • Clients should be able to use ETag to compare representations of a...
Last-Modified or ETag? You can use either or both. Consider the...
Validating cached representations Clients use If-Modified-Since and If-None-Matc...
If-Mod-Since & ETag def get_document(collection, object_id=None, lookup=None): response = {} ...
If-Mod-Since & ETag def get_document(collection, object_id=None, lookup=None): response = {} ...
If-Mod-Since & ETag def get_document(collection, object_id=None, lookup=None): response = {} ...
If-Mod-Since & ETag def get_document(collection, object_id=None, lookup=None): response = {} ...
If-Mod-Since & ETag def get_document(collection, object_id=None, lookup=None): response = {} ...
Concurrency control Clients use If-Unmodified-Since and If-Match in request headers as ...
Concurrency control Create/Update/Delete are controlled by ETag def edit_document(collection,...
Concurrency control Create/Update/Delete are controlled by ETag def edit_document(collection,...
Concurrency control Create/Update/Delete are controlled by ETag def edit_document(collection,...
Concurrency control Create/Update/Delete are controlled by ETag def edit_document(collection,...
Sending cache & concurrency directives back to clientsmercoledì 4 luglio 2012
Cache & Concurrency def prep_response(dct, last_modified=None, etag=None, status=200): (...) resp.headers.add(Cach...
Cache & Concurrency def prep_response(dct, last_modified=None, etag=None, status=200): (...) resp.headers.add(Cach...
Cache & Concurrency def prep_response(dct, last_modified=None, etag=None, status=200): (...) resp.headers.add(Cach...
Cache & Concurrency def prep_response(dct, last_modified=None, etag=None, status=200): (...) resp.headers.add(Cach...
Cache & Concurrency def prep_response(dct, last_modified=None, etag=None, status=200): (...) resp.headers.add(Cach...
Cache & Concurrency def prep_response(dct, last_modified=None, etag=None, status=200): (...) resp.headers.add(Cach...
that ’s o ...
HATEOAS in a Nutshell • clients interact entirely through hypermedia...
It’s all about Links resource representation includes links to related resourcesmercoledì 4 luglio 2012
Collection { Representation  "links":[     "<link rel=parent title=home href=http://api.example.c...
Collection { Representation  "links":[     "<link rel=parent title=home href=http://api.example.c...
Collection { Representation  "links":[     "<link rel=parent title=home href=http://api.example.c...
Collection { Representation  "links":[     "<link rel=parent title=home href=http://api.example.c...
Developing RESTful Web APIs with Python, Flask and MongoDB
Developing RESTful Web APIs with Python, Flask and MongoDB
Developing RESTful Web APIs with Python, Flask and MongoDB
Developing RESTful Web APIs with Python, Flask and MongoDB
Developing RESTful Web APIs with Python, Flask and MongoDB
Developing RESTful Web APIs with Python, Flask and MongoDB
Developing RESTful Web APIs with Python, Flask and MongoDB
Developing RESTful Web APIs with Python, Flask and MongoDB
Developing RESTful Web APIs with Python, Flask and MongoDB
Developing RESTful Web APIs with Python, Flask and MongoDB
Developing RESTful Web APIs with Python, Flask and MongoDB
Developing RESTful Web APIs with Python, Flask and MongoDB
Developing RESTful Web APIs with Python, Flask and MongoDB
Developing RESTful Web APIs with Python, Flask and MongoDB
Developing RESTful Web APIs with Python, Flask and MongoDB
Developing RESTful Web APIs with Python, Flask and MongoDB
Developing RESTful Web APIs with Python, Flask and MongoDB
Developing RESTful Web APIs with Python, Flask and MongoDB
Upcoming SlideShare
Loading in …5
×

Developing RESTful Web APIs with Python, Flask and MongoDB

88,575 views

Published on

Presented at EuroPython 2012. The abstract: "In the last year we have been working on a full featured, Python powered, RESTful Web API. We learned quite a few things on REST best patterns, and we got a chance to put Python’s renowned web capabilities under review, even releasing a couple Open Source projects in the process. In my talk I will share what we learned. We will consider ‘pure’ REST API design and its many hurdles. We will look at what Python as to offer in this field and finally, we will dig further down by looking at some of the code we developed. Some of the technologies/stacks I’ll cover are (in no particular order): Flask, PyMongo, MongoDB, REST, JSON, XML, Heroku. Did you know? Like it or not, there is going to be a REST API in your future."

Published in: Technology
no profile picture user
  • Hello! I do no use writing service very often, only when I really have problems. But this one, I like best of all. The team of writers operates very quickly. It's called ⇒ www.WritePaper.info ⇐ Hope this helps!
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • You can ask here for a help. They helped me a lot an i`m highly satisfied with quality of work done. I can promise you 100% un-plagiarized text and good experts there. Use with pleasure! ⇒ www.HelpWriting.net ⇐
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Ich kann eine Website empfehlen. Er hat mir wirklich geholfen. ⇒ www.WritersHilfe.com ⇐ Zufrieden und beeindruckt.
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Hi there! I just wanted to share a list of sites that helped me a lot during my studies: .................................................................................................................................... www.EssayWrite.best - Write an essay .................................................................................................................................... www.LitReview.xyz - Summary of books .................................................................................................................................... www.Coursework.best - Online coursework .................................................................................................................................... www.Dissertations.me - proquest dissertations .................................................................................................................................... www.ReMovie.club - Movies reviews .................................................................................................................................... www.WebSlides.vip - Best powerpoint presentations .................................................................................................................................... www.WritePaper.info - Write a research paper .................................................................................................................................... www.EddyHelp.com - Homework help online .................................................................................................................................... www.MyResumeHelp.net - Professional resume writing service .................................................................................................................................. www.HelpWriting.net - Help with writing any papers ......................................................................................................................................... Save so as not to lose
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • PumaToto | Agen Togel Terpercaya PumaToto merupakan Togel Online | Togel Terpercaya dengan Prediksi Togel Akurat | Prediksi Angka Jitu Bagi kalian yang suka bermain Togel Singapore | Togel HK bisa untuk bergabung dengan PumaToto Cara Main Togel | Cara Pasang Togel | Pasang Togel Online di PumaToto, dengan Discount dan Hadiah Menarik Tentunya Daftarkan diri Anda bersama PumaToto https://caramaintogel.com/
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
Show More
Show More

Developing RESTful Web APIs with Python, Flask and MongoDB

  1. 1. RESTful Web API With Python, Flask and Mongo Nicola Iaroccimercoledì 4 luglio 2012
  2. 2. Good Morning.mercoledì 4 luglio 2012
  3. 3. @nicolaiaroccimercoledì 4 luglio 2012
  4. 4. Full Disclosuremercoledì 4 luglio 2012
  5. 5. I’m a .NET guy 20 years in the Microsoft ecosystem Scary, Yes.mercoledì 4 luglio 2012
  6. 6. mercoledì 4 luglio 2012
  7. 7. Still with me? Great.mercoledì 4 luglio 2012
  8. 8. gestionaleamica.com invoicing & accountingmercoledì 4 luglio 2012
  9. 9. Your Typical Old School Desktop App... ... now going web & mobilemercoledì 4 luglio 2012
  10. 10. Enter Python Flask and Mongomercoledì 4 luglio 2012
  11. 11. REST So What Is REST All About?mercoledì 4 luglio 2012
  12. 12. REST is not a standardmercoledì 4 luglio 2012
  13. 13. REST is not a protocolmercoledì 4 luglio 2012
  14. 14. REST is an architectural style for networked applicationsmercoledì 4 luglio 2012
  15. 15. REST defines a set of simple principles loosely followed by most API implementationsmercoledì 4 luglio 2012
  16. 16. #1 resource the source of a specific informationmercoledì 4 luglio 2012
  17. 17. A web page is not a resource rather, the representation of a resourcemercoledì 4 luglio 2012
  18. 18. #2 global permanent identifier every resource is uniquely identified (think a HTTP URI)mercoledì 4 luglio 2012
  19. 19. #3 standard interface used to exchange representations of resources (think the HTTP protocol)mercoledì 4 luglio 2012
  20. 20. #4 set of constraints separation of concerns, stateless, cacheability, layered system, uniform interface... we’ ll get to the se latermercoledì 4 luglio 2012
  21. 21. The World Wide Web is built on REST and it is meant to be consumed by humansmercoledì 4 luglio 2012
  22. 22. RESTful Web APIs are built on REST and are meant to be consumed by machinesmercoledì 4 luglio 2012
  23. 23. Beginners Reading How I Explained REST to My Wife by Ryan Tomayko http://tomayko.com/writings/rest-to-my-wifemercoledì 4 luglio 2012
  24. 24. The Real Stuff Representational State Transfer (REST) by Roy Thomas Fielding http://www.ics.uci.edu/~fielding/pubs/dissertation/rest_arch_style.htmmercoledì 4 luglio 2012
  25. 25. RESTful Web API Nuts & Boltsmercoledì 4 luglio 2012
  26. 26. The Tools or why I picked Flask and Mongomercoledì 4 luglio 2012
  27. 27. Flask web development, one drop at a timemercoledì 4 luglio 2012
  28. 28. Simple & Elegant from flask import Flask app = Flask(__name__) @app.route("/") def hello(): return "Hello World!" if __name__ == "__main__": app.run(debug=True)mercoledì 4 luglio 2012
  29. 29. RESTful request dispacthing @app.route(/user/<username>) def show_user_profile(username): return User %s % username @app.route(/post/<int:post_id>) def show_post(post_id): return Post %d % post_idmercoledì 4 luglio 2012
  30. 30. Built-in development server & debugger from flask import Flask app = Flask(__name__) @app.route("/") def hello(): return "Hello World!" if __name__ == "__main__": app.run(debug=True)mercoledì 4 luglio 2012
  31. 31. Explicit & passable application objects from flask import Flask app = Flask(__name__) @app.route("/") def hello(): return "Hello World!" if __name__ == "__main__": app.run(debug=True)mercoledì 4 luglio 2012
  32. 32. 100% WSGI Compliant e.g., response objects are WSGI applications themselves from flask import Flask app = Flask(__name__) @app.route("/") def hello(): return "Hello World!" if __name__ == "__main__": app.run(debug=True)mercoledì 4 luglio 2012
  33. 33. Minimal Footprint Only 800 lines of source codemercoledì 4 luglio 2012
  34. 34. Heavily Tested 1500 lines of testsmercoledì 4 luglio 2012
  35. 35. Unittesting Support one day I will make good use of itmercoledì 4 luglio 2012
  36. 36. Bring Your Own Batteries we aim for flexibilitymercoledì 4 luglio 2012
  37. 37. No built-in ORM we want to be as close to the bare metal as possiblemercoledì 4 luglio 2012
  38. 38. No form validation we don’t need no freaking form validationmercoledì 4 luglio 2012
  39. 39. No data validation Python offers great tools to manipulate JSON, we can tinker something ourselvesmercoledì 4 luglio 2012
  40. 40. Layered API built on Werkzeug, Jinja2, WSGImercoledì 4 luglio 2012
  41. 41. Built by the Pros The Pocoo Team did Werkzeug, Jinja2, Sphinx, Pygments, and much moremercoledì 4 luglio 2012
  42. 42. Excellent Documentation Over 200 pages, lots of examples and howtosmercoledì 4 luglio 2012
  43. 43. Active Community Widely adopted, extensions for everythingmercoledì 4 luglio 2012
  44. 44. “Flask is a sharp tool for building sharp services” Kenneth Reitz, DjangoCon 2012mercoledì 4 luglio 2012
  45. 45. MongoDB scalable, high-performance, open source NoSQL databasemercoledì 4 luglio 2012
  46. 46. Similarity with RDBMS made NoSQL easy to grasp (even for a dumbhead like me)mercoledì 4 luglio 2012
  47. 47. Terminology RDBMS Mongo Database Database Table Collection Rows(s) JSON Document Index Index Join Embedding & Linkingmercoledì 4 luglio 2012
  48. 48. JSON-style data store true selling point for memercoledì 4 luglio 2012
  49. 49. JSON & RESTful API GET Client Mongo JSON JSON accepted media type (BSON) maybe we can push directly to client?mercoledì 4 luglio 2012
  50. 50. JSON & RESTful API GET Client API Mongo JSON JSON/dict JSON accepted media type maps to python dict (BSON) almost.mercoledì 4 luglio 2012
  51. 51. JSON & RESTful API POST Client API Mongo JSON JSON/dict JSON maps to python dict objects (BSON) (validation layer) also works when posting (adding) items to the databasemercoledì 4 luglio 2012
  52. 52. What about Queries? Queries in MongoDB are represented as JSON-style objects // select * from things where x=3 and y="foo" db.things.find({x: 3, y: "foo”});mercoledì 4 luglio 2012
  53. 53. JSON & RESTful API FILTERING & SORTING ?where={x: 3, y: "foo”} Client API Mongo (very) thin native parsing JSON Mongo & validation (BSON) query syntax layermercoledì 4 luglio 2012
  54. 54. JSON all along the pipeline mapping to and from the database feels more naturalmercoledì 4 luglio 2012
  55. 55. Schema-less dynamic objects allow for a painless evolution of our schema (because yes, a schema exists at any point in time)mercoledì 4 luglio 2012
  56. 56. ORM Where we’re going we don’t need ORMs.mercoledì 4 luglio 2012
  57. 57. PyMongo official Python driver all we need to interact with the databasemercoledì 4 luglio 2012
  58. 58. Also in MongoDB • setup is a breeze • lightweight • fast inserts, updates and queries • excellent documentation • great support by 10gen • great communitymercoledì 4 luglio 2012
  59. 59. A Great Introduction To MongoDB The Little MongoDB Book by Karl Seguin http://openmymind.net/2011/3/28/The-Little-MongoDB-Book/mercoledì 4 luglio 2012
  60. 60. Shameless Plug Il Piccolo Libro di MongoDB by Karl Seguin, traduzione di Nicola Iarocci http://nicolaiarocci.com/il-piccolo-libro-di-mongodb-edizione-italiana/mercoledì 4 luglio 2012
  61. 61. MongoDB Interactive Tutorial http://tutorial.mongly.com/tutorial/indexmercoledì 4 luglio 2012
  62. 62. RESTful Web APIs are really just collection of resources accesible through to a uniform interfacemercoledì 4 luglio 2012
  63. 63. #1 each resource is identified by a persistent identifier We need to properly implement Request Dispatchingmercoledì 4 luglio 2012
  64. 64. Collections API’s entry point + plural nouns http://api.example.com/v1/contactsmercoledì 4 luglio 2012
  65. 65. Collections Flask URL dispatcher allows for variables @app.route(/<collection>) def collection(collection): if collection in DOMAIN.keys(): (...) abort(404) api.example.com/contacts api.example.com/invoices etc.mercoledì 4 luglio 2012
  66. 66. Collections Flask URL dispatcher allows for variables @app.route(/<collection>) def collection(collection): if collection in DOMAIN.keys(): (...) abort(404) validation dictonarymercoledì 4 luglio 2012
  67. 67. Collections Flask URL dispatcher allows for variables @app.route(/<collection>) def collection(collection): if collection in DOMAIN.keys(): (...) abort(404) we don’t know this collection, return a 404mercoledì 4 luglio 2012
  68. 68. RegEx by design, collection URLs are plural nouns @app.route(/<regex("[w]*[Ss]"):collection>) def collection(collection): if collection in DOMAIN.keys(): (...) abort(404) regular expressions can be used to better narrow a variable part URL. However...mercoledì 4 luglio 2012
  69. 69. RegEx We need to build our own Custom Converter class RegexConverter(BaseConverter): def __init__(self, url_map, *items): super(RegexConverter, self).__init__(url_map) self.regex = items[0] app.url_map.converters[regex] = RegexConverter subclass BaseConverter and pass the new converter to the url_mapmercoledì 4 luglio 2012
  70. 70. Document Documents are identified by ObjectID http://api.example.com/v1/contacts/4f46445fc88e201858000000 And eventually by an alternative lookup value http://api.example.com/v1/contacts/CUST12345mercoledì 4 luglio 2012
  71. 71. Document @app.route(/<regex("[w]*[Ss]"):collection>/<lookup>) @app.route(/<regex("[w]*[Ss]"):collection> /<regex("[a-f0-9]{24}"):object_id>) def document(collection, lookup=None, object_id=None): (...) URL dispatcher handles multiple variables http://api.example.com/v1/contacts/CUST12345mercoledì 4 luglio 2012
  72. 72. Document @app.route(/<regex("[w]*[Ss]"):collection>/<lookup>) @app.route(/<regex("[w]*[Ss]"):collection> /<regex("[a-f0-9]{24}"):object_id>) def document(collection, lookup=None, object_id=None): (...) and of course it also handles multiple RegEx variables http://api.example.com/v1/contacts/4f46445fc88e201858000000mercoledì 4 luglio 2012
  73. 73. Document @app.route(/<regex("[w]*[Ss]"):collection>/<lookup>) @app.route(/<regex("[w]*[Ss]"):collection> /<regex("[a-f0-9]{24}"):object_id>) def document(collection, lookup=None, object_id=None): (...) Different URLs can be dispatched to the same function just by piling up @app.route decorators.mercoledì 4 luglio 2012
  74. 74. #2 representation of resources via media types JSON, XML or any other valid internet media type dep ends on the reque st and not the identifiermercoledì 4 luglio 2012
  75. 75. Accepted Media Types mapping supported media types to corresponding renderer functions mime_types = {json_renderer: (application/json,), xml_renderer: (application/xml, text/xml, application/x-xml,)} JSON rendering functionmercoledì 4 luglio 2012
  76. 76. Accepted Media Types mapping supported media types to corresponding renderer functions mime_types = {json_renderer: (application/json,), xml_renderer: (application/xml, text/xml, application/x-xml,)} corresponding JSON internet media typemercoledì 4 luglio 2012
  77. 77. Accepted Media Types mapping supported media types to corresponding renderer functions mime_types = {json_renderer: (application/json,), xml_renderer: (application/xml, text/xml, application/x-xml,)} XML rendering functionmercoledì 4 luglio 2012
  78. 78. Accepted Media Types mapping supported media types to corresponding renderer functions mime_types = {json_renderer: (application/json,), xml_renderer: (application/xml, text/xml, application/x-xml,)} corresponding XML internet media typesmercoledì 4 luglio 2012
  79. 79. JSON Render datetimes and ObjectIDs call for further tinkering class APIEncoder(json.JSONEncoder): def default(self, obj): if isinstance(obj, datetime.datetime): return date_to_str(obj) elif isinstance(obj, ObjectId): return str(obj) return json.JSONEncoder.default(self, obj) def json_renderer(**data): return json.dumps(data, cls=APIEncoder) renderer function mapped to the appication/json media typemercoledì 4 luglio 2012
  80. 80. JSON Render datetimes and ObjectIDs call for further tinkering class APIEncoder(json.JSONEncoder): def default(self, obj): if isinstance(obj, datetime.datetime): return date_to_str(obj) elif isinstance(obj, ObjectId): return str(obj) return json.JSONEncoder.default(self, obj) def json_renderer(**data): return json.dumps(data, cls=APIEncoder) standard json encoding is not enough, we need a specialized JSONEncodermercoledì 4 luglio 2012
  81. 81. JSON Render datetimes and ObjectIDs call for further tinkering class APIEncoder(json.JSONEncoder): def default(self, obj): if isinstance(obj, datetime.datetime): return date_to_str(obj) elif isinstance(obj, ObjectId): return str(obj) return json.JSONEncoder.default(self, obj) def json_renderer(**data): return json.dumps(data, cls=APIEncoder) Python datetimes are encoded as RFC 1123 strings: “Wed, 06 Jun 2012 14:19:53 UTC”mercoledì 4 luglio 2012
  82. 82. JSON Render datetimes and ObjectIDs call for further tinkering class APIEncoder(json.JSONEncoder): def default(self, obj): if isinstance(obj, datetime.datetime): return date_to_str(obj) elif isinstance(obj, ObjectId): return str(obj) return json.JSONEncoder.default(self, obj) def json_renderer(**data): return json.dumps(data, cls=APIEncoder) Mongo ObjectId data types are encoded as strings: “4f46445fc88e201858000000”mercoledì 4 luglio 2012
  83. 83. JSON Render datetimes and ObjectIDs call for further tinkering class APIEncoder(json.JSONEncoder): def default(self, obj): if isinstance(obj, datetime.datetime): return date_to_str(obj) elif isinstance(obj, ObjectId): return str(obj) return json.JSONEncoder.default(self, obj) def json_renderer(**data): return json.dumps(data, cls=APIEncoder) we let json/simplejson handle the other data typesmercoledì 4 luglio 2012
  84. 84. Rendering Render to JSON or XML and get WSGI response object def prep_response(dct, status=200): mime, render = get_best_mime() rendered = globals()[render](**dct) resp = make_response(rendered, status) resp.mimetype = mime return resp best match between request Accept header and media types supported by the servicemercoledì 4 luglio 2012
  85. 85. Rendering Render to JSON or XML and get WSGI response object def prep_response(dct, status=200): mime, render = get_best_mime() rendered = globals()[render](**dct) resp = make_response(rendered, status) resp.mimetype = mime return resp call the appropriate render function and retrieve the encoded JSON or XMLmercoledì 4 luglio 2012
  86. 86. Rendering Render to JSON or XML and get WSGI response object def prep_response(dct, status=200): mime, render = get_best_mime() rendered = globals()[render](**dct) resp = make_response(rendered, status) resp.mimetype = mime return resp flask’s make_response() returns a WSGI response object wich we can use to attach headersmercoledì 4 luglio 2012
  87. 87. Rendering Render to JSON or XML and get WSGI response object def prep_response(dct, status=200): mime, render = get_best_mime() rendered = globals()[render](**dct) resp = make_response(rendered, status) resp.mimetype = mime return resp and finally, we set the appropriate mime type in the response headermercoledì 4 luglio 2012
  88. 88. Flask-MimeRender “Python module for RESTful resource representation using MIME Media-Types and the Flask Microframework” !"!#"$%&((#)(%*+,",-.-$/-.mercoledì 4 luglio 2012
  89. 89. Flask-MimeRender Render Functions render_json = jsonify render_xml = lambda message: <message>%s</message> % message render_txt = lambda message: message render_html = lambda message: <html><body>%s</body></html> % messagemercoledì 4 luglio 2012
  90. 90. Flask-MimeRender then you just decorate your end-point function @app.route(/) @mimerender( default = html, html = render_html, xml = render_xml, json = render_json, txt = render_txt ) def index(): if request.method == GET: return {message: Hello, World!}mercoledì 4 luglio 2012
  91. 91. Flask-MimeRender Requests $ curl -H "Accept: application/html" example.com/ <html><body>Hello, World!</body></html> $ curl -H "Accept: application/xml" example.com/ <message>Hello, World!</message> $ curl -H "Accept: application/json" example.com/ {message:Hello, World!} $ curl -H "Accept: text/plain" example.com/ Hello, World!mercoledì 4 luglio 2012
  92. 92. #3 resource manipulation through HTTP verbs “GET, POST, PUT, DELETE and all that mess”mercoledì 4 luglio 2012
  93. 93. HTTP Methods Verbs are handled along with URL routing @app.route(/<collection>, methods=[GET, POST]) def collection(collection): if collection in DOMAIN.keys(): if request.method == GET: return get_collection(collection) elif request.method == POST: return post(collection) abort(404) accepted HTTP verbs a PUT will throw a 405 Command Not Allowedmercoledì 4 luglio 2012
  94. 94. HTTP Methods Verbs are handled along with URL routing @app.route(/<collection>, methods=[GET, POST]) def collection(collection): if collection in DOMAIN.keys(): if request.method == GET: return get_collection(collection) elif request.method == POST: return post(collection) abort(404) the global request object provides access to clients’ request headersmercoledì 4 luglio 2012
  95. 95. HTTP Methods Verbs are handled along with URL routing @app.route(/<collection>, methods=[GET, POST]) def collection(collection): if collection in DOMAIN.keys(): if request.method == GET: return get_collection(collection) elif request.method == POST: return post(collection) abort(404) we respond to a GET request for a ‘collection’ resourcemercoledì 4 luglio 2012
  96. 96. HTTP Methods Verbs are handled along with URL routing @app.route(/<collection>, methods=[GET, POST]) def collection(collection): if collection in DOMAIN.keys(): if request.method == GET: return get_collection(collection) elif request.method == POST: return post(collection) abort(404) and here we respond to a POST request. Handling HTTP methods is easy!mercoledì 4 luglio 2012
  97. 97. CRUD via REST Acttion HTTP Verb Context Collection/ Get GET Document Create POST Collection Update PATCH* Document Delete DELETE Document * WTF?mercoledì 4 luglio 2012
  98. 98. GET Retrieve Multiple Documents (accepting Queries) http://api.example.com/v1/contacts?where={“age”: {“$gt”: 20}}mercoledì 4 luglio 2012
  99. 99. Collection GET http://api.example.com/v1/contacts?where={“age”: {“$gt”: 20}} def get_collection(collection): where = request.args.get(where) if where: args[spec] = json.loads(where, object_hook=datetime_parser) (...) response = {} documents = [] cursor = db(collection).find(**args) for document in cursor: documents.append(document) response[collection] = documents request.args returns the return prep_response(response) original URI’s query definition, in our example: where = {“age”: {“$gt”: 20}}mercoledì 4 luglio 2012
  100. 100. Collection GET http://api.example.com/v1/contacts?where={“age”: {“$gt”: 20}} def get_collection(collection): where = request.args.get(where) if where: args[spec] = json.loads(where, object_hook=datetime_parser) (...) response = {} documents = [] cursor = db(collection).find(**args) for document in cursor: documents.append(document) as the query already comes in as a Mongo expression: response[collection] = documents return prep_response(response) {“age”: {“$gt”: 20}} we simply convert it to JSON.mercoledì 4 luglio 2012
  101. 101. Collection GET http://api.example.com/v1/contacts?where={“age”: {“$gt”: 20}} def get_collection(collection): where = request.args.get(where) if where: args[spec] = json.loads(where, object_hook=datetime_parser) (...) response = {} documents = [] cursor = db(collection).find(**args) for document in cursor: documents.append(document) response[collection] = documents return prep_response(response) String-to-datetime conversion is obtained via the object_hook mechanismmercoledì 4 luglio 2012
  102. 102. Collection GET http://api.example.com/v1/contacts?where={“age”: {“$gt”: 20}} def get_collection(collection): where = request.args.get(where) if where: args[spec] = json.loads(where, object_hook=datetime_parser) (...) response = {} documents = [] cursor = db(collection).find(**args) for document in cursor: documents.append(document) response[collection] = documents find() accepts a python dict return prep_response(response) as query expression, and returns a cursor we can iteratemercoledì 4 luglio 2012
  103. 103. Collection GET http://api.example.com/v1/contacts?where={“age”: {“$gt”: 20}} def get_collection(collection): where = request.args.get(where) if where: args[spec] = json.loads(where, object_hook=datetime_parser) (...) response = {} documents = [] cursor = db(collection).find(**args) for document in cursor: documents.append(document) response[collection] = documents return prep_response(response) finally, we encode the response dict with the requested MIME media-typemercoledì 4 luglio 2012
  104. 104. Interlude On encoding JSON datesmercoledì 4 luglio 2012
  105. 105. On encoding JSON dates • We don’t want to force metadata into JSON representation: (“updated”: “$date: Thu 1, ..”) • Likewise, epochs are not an option • We are aiming for a broad solution not relying on the knoweldge of the current domainmercoledì 4 luglio 2012
  106. 106. uy e g ind th eh is b ed R Because, you knowmercoledì 4 luglio 2012
  107. 107. Parsing JSON dates this is what I came out with >>> source = {"updated": "Thu, 1 Mar 2012 10:00:49 UTC"} >>> dct = json.loads(source, object_hook=datetime_parser) >>> dct {uupdated: datetime.datetime(2012, 3, 1, 10, 0, 49)} def datetime_parser(dct):     for k, v in dct.items():         if isinstance(v, basestring) and re.search(" UTC", v):             try:                 dct[k] = datetime.datetime.strptime(v, DATE_FORMAT)             except:                 pass     return dct object_hook is usually used to deserialize JSON to classes (rings a ORM bell?)mercoledì 4 luglio 2012
  108. 108. Parsing JSON dates this is what I came out with >>> source = {"updated": "Thu, 1 Mar 2012 10:00:49 UTC"} >>> dct = json.loads(source, object_hook=datetime_parser) >>> dct {uupdated: datetime.datetime(2012, 3, 1, 10, 0, 49)} def datetime_parser(dct):     for k, v in dct.items():         if isinstance(v, basestring) and re.search(" UTC", v):             try:                 dct[k] = datetime.datetime.strptime(v, DATE_FORMAT)             except:                 pass     return dct the resulting dct now has datetime values instead of string representations of datesmercoledì 4 luglio 2012
  109. 109. Parsing JSON dates this is what I came out with >>> source = {"updated": "Thu, 1 Mar 2012 10:00:49 UTC"} >>> dct = json.loads(source, object_hook=datetime_parser) >>> dct {uupdated: datetime.datetime(2012, 3, 1, 10, 0, 49)} def datetime_parser(dct):     for k, v in dct.items():         if isinstance(v, basestring) and re.search(" UTC", v):             try:                 dct[k] = datetime.datetime.strptime(v, DATE_FORMAT)             except:                 pass     return dct the function receives a dict representing the decoded JSONmercoledì 4 luglio 2012
  110. 110. Parsing JSON dates this is what I came out with >>> source = {"updated": "Thu, 1 Mar 2012 10:00:49 UTC"} >>> dct = json.loads(source, object_hook=datetime_parser) >>> dct {uupdated: datetime.datetime(2012, 3, 1, 10, 0, 49)} def datetime_parser(dct):     for k, v in dct.items():         if isinstance(v, basestring) and re.search(" UTC", v):             try:                 dct[k] = datetime.datetime.strptime(v, DATE_FORMAT)             except:                 pass     return dct strings matching the RegEx (which probably should be better defined)...mercoledì 4 luglio 2012
  111. 111. Parsing JSON dates this is what I came out with >>> source = {"updated": "Thu, 1 Mar 2012 10:00:49 UTC"} >>> dct = json.loads(source, object_hook=datetime_parser) >>> dct {uupdated: datetime.datetime(2012, 3, 1, 10, 0, 49)} def datetime_parser(dct):     for k, v in dct.items():         if isinstance(v, basestring) and re.search(" UTC", v):             try:                 dct[k] = datetime.datetime.strptime(v, DATE_FORMAT)             except:                 pass     return dct ...are converted to datetime valuesmercoledì 4 luglio 2012
  112. 112. Parsing JSON dates this is what I came out with >>> source = {"updated": "Thu, 1 Mar 2012 10:00:49 UTC"} >>> dct = json.loads(source, object_hook=datetime_parser) >>> dct {uupdated: datetime.datetime(2012, 3, 1, 10, 0, 49)} def datetime_parser(dct):     for k, v in dct.items():         if isinstance(v, basestring) and re.search(" UTC", v):             try:                 dct[k] = datetime.datetime.strptime(v, DATE_FORMAT)             except:                 pass     return dct if conversion fails we assume that we are dealing a normal, legit stringmercoledì 4 luglio 2012
  113. 113. PATCH Editing a Resourcemercoledì 4 luglio 2012
  114. 114. Why not PUT? • PUT means resource creation or replacement at a given URL • PUT does not allow for partial updates of a resource • 99% of the time we are updating just one or two fields • We don’t want to send complete representations of the document we are updating • Mongo allows for atomic updates and we want to take advantage of thatmercoledì 4 luglio 2012
  115. 115. ‘atomic’ PUT updates are ok when each field is itself a resource http://api.example.com/v1/contacts/<id>/addressmercoledì 4 luglio 2012
  116. 116. Enter PATCH “This specification defines the new method, PATCH, which is used to apply partial modifications to a resource.” RFC5789mercoledì 4 luglio 2012
  117. 117. PATCH • send a “patch document” with just the changes to be applied to the document • saves bandwidth and reduces traffic • it’s been around since 1995 • it is a RFC Proposed Standard • Widely adopted (will replace PUT in Rails 4.0) • clients not supporting it can fallback to POST with ‘X-HTTP-Method-Override: PATCH’ header tagmercoledì 4 luglio 2012
  118. 118. PATCHing def patch_document(collection, original): docs = parse_request(request.form) if len(docs) > 1: abort(400) request.form returns a dict with request form data. key, value = docs.popitem() response_item = {} object_id = original[ID_FIELD] # Validation validate(value, collection, object_id) response_item[validation] = value[validation] if value[validation][response] != VALIDATION_ERROR: # Perform the update updates = {"$set": value[doc]} db(collection).update({"_Id": ObjectId(object_id)}, updates) response_item[ID_FIELD] = object_id return prep_response(response_item)mercoledì 4 luglio 2012
  119. 119. PATCHing def patch_document(collection, original): docs = parse_request(request.form) if len(docs) > 1: abort(400) we aren’t going to accept more than one document here key, value = docs.popitem() response_item = {} object_id = original[ID_FIELD] # Validation validate(value, collection, object_id) response_item[validation] = value[validation] if value[validation][response] != VALIDATION_ERROR: # Perform the update updates = {"$set": value[doc]} db(collection).update({"_Id": ObjectId(object_id)}, updates) response_item[ID_FIELD] = object_id return prep_response(response_item)mercoledì 4 luglio 2012
  120. 120. PATCHing def patch_document(collection, original): docs = parse_request(request.form) if len(docs) > 1: retrieve the original abort(400) document ID, will be used by key, value = docs.popitem() the update command response_item = {} object_id = original[ID_FIELD] # Validation validate(value, collection, object_id) response_item[validation] = value[validation] if value[validation][response] != VALIDATION_ERROR: # Perform the update updates = {"$set": value[doc]} db(collection).update({"_Id": ObjectId(object_id)}, updates) response_item[ID_FIELD] = object_id return prep_response(response_item)mercoledì 4 luglio 2012
  121. 121. PATCHing def patch_document(collection, original): docs = parse_request(request.form) if len(docs) > 1: abort(400) validate the updates key, value = docs.popitem() response_item = {} object_id = original[ID_FIELD] # Validation validate(value, collection, object_id) response_item[validation] = value[validation] if value[validation][response] != VALIDATION_ERROR: # Perform the update updates = {"$set": value[doc]} db(collection).update({"_Id": ObjectId(object_id)}, updates) response_item[ID_FIELD] = object_id return prep_response(response_item)mercoledì 4 luglio 2012
  122. 122. PATCHing def patch_document(collection, original): docs = parse_request(request.form) if len(docs) > 1: abort(400) add validation results to the response dictionary key, value = docs.popitem() response_item = {} object_id = original[ID_FIELD] # Validation validate(value, collection, object_id) response_item[validation] = value[validation] if value[validation][response] != VALIDATION_ERROR: # Perform the update updates = {"$set": value[doc]} db(collection).update({"_Id": ObjectId(object_id)}, updates) response_item[ID_FIELD] = object_id return prep_response(response_item)mercoledì 4 luglio 2012
  123. 123. PATCHing def patch_document(collection, original): docs = parse_request(request.form) $set accepts a dict if len(docs) > 1: abort(400) with the updates for the db eg: {“active”: False}. key, value = docs.popitem() response_item = {} object_id = original[ID_FIELD] # Validation validate(value, collection, object_id) response_item[validation] = value[validation] if value[validation][response] != VALIDATION_ERROR: # Perform the update updates = {"$set": value[doc]} db(collection).update({"_Id": ObjectId(object_id)}, updates) response_item[ID_FIELD] = object_id return prep_response(response_item)mercoledì 4 luglio 2012
  124. 124. PATCHing def patch_document(collection, original): docs = parse_request(request.form) mongo update() method if len(docs) > 1: commits updates to the abort(400) database. Updates are key, value = docs.popitem() atomic. response_item = {} object_id = original[ID_FIELD] # Validation validate(value, collection, object_id) response_item[validation] = value[validation] if value[validation][response] != VALIDATION_ERROR: # Perform the update updates = {"$set": value[doc]} db(collection).update({"_Id": ObjectId(object_id)}, updates) response_item[ID_FIELD] = object_id return prep_response(response_item)mercoledì 4 luglio 2012
  125. 125. PATCHing def patch_document(collection, original): docs = parse_request(request.form) if len(docs) > 1: udpate() takes the unique Id abort(400) of the document andthe update expression ($set) key, value = docs.popitem() response_item = {} object_id = original[ID_FIELD] # Validation validate(value, collection, object_id) response_item[validation] = value[validation] if value[validation][response] != VALIDATION_ERROR: # Perform the update updates = {"$set": value[doc]} db(collection).update({"_Id": ObjectId(object_id)}, updates) response_item[ID_FIELD] = object_id return prep_response(response_item)mercoledì 4 luglio 2012
  126. 126. PATCHing def patch_document(collection, original): docs = parse_request(request.form) if len(docs) > 1: as always, our response abort(400) dictionary is returned with proper encding key, value = docs.popitem() response_item = {} object_id = original[ID_FIELD] # Validation validate(value, collection, object_id) response_item[validation] = value[validation] if value[validation][response] != VALIDATION_ERROR: # Perform the update updates = {"$set": value[doc]} db(collection).update({"_Id": ObjectId(object_id)}, updates) response_item[ID_FIELD] = object_id return prep_response(response_item)mercoledì 4 luglio 2012
  127. 127. POST Creating Resourcesmercoledì 4 luglio 2012
  128. 128. POSTing def post(collection): docs = parse_request(request.form) response = {} for key, item in docs.items(): response_item = {} validate(item, collection) if item[validation][response] != VALIDATION_ERROR: document = item[doc] response_item[ID_FIELD] = db(collection).insert(document) response_item[link] = get_document_link(collection, response_item[ID_FIELD]) response_item[validation] = item[validation] response[key] = response_item return {response: response} we accept multiple documents (remember, we are at collection level here)mercoledì 4 luglio 2012
  129. 129. POSTing def post(collection): docs = parse_request(request.form) response = {} for key, item in docs.items(): response_item = {} validate(item, collection) if item[validation][response] != VALIDATION_ERROR: document = item[doc] response_item[ID_FIELD] = db(collection).insert(document) response_item[link] = get_document_link(collection, response_item[ID_FIELD]) response_item[validation] = item[validation] response[key] = response_item return {response: response} we loop through the documents to be insertedmercoledì 4 luglio 2012
  130. 130. POSTing def post(collection): docs = parse_request(request.form) response = {} for key, item in docs.items(): response_item = {} validate(item, collection) if item[validation][response] != VALIDATION_ERROR: document = item[doc] response_item[ID_FIELD] = db(collection).insert(document) response_item[link] = get_document_link(collection, response_item[ID_FIELD]) response_item[validation] = item[validation] response[key] = response_item return {response: response} perform validation on the documentmercoledì 4 luglio 2012
  131. 131. POSTing def post(collection): docs = parse_request(request.form) response = {} for key, item in docs.items(): response_item = {} validate(item, collection) if item[validation][response] != VALIDATION_ERROR: document = item[doc] response_item[ID_FIELD] = db(collection).insert(document) response_item[link] = get_document_link(collection, response_item[ID_FIELD]) response_item[validation] = item[validation] response[key] = response_item return {response: response} push document and get its ObjectId back from Mongo. like other CRUD operations, inserting is trivial in mongo.mercoledì 4 luglio 2012
  132. 132. POSTing def post(collection): docs = parse_request(request.form) response = {} for key, item in docs.items(): response_item = {} validate(item, collection) if item[validation][response] != VALIDATION_ERROR: document = item[doc] response_item[ID_FIELD] = db(collection).insert(document) response_item[link] = get_document_link(collection, response_item[ID_FIELD]) response_item[validation] = item[validation] response[key] = response_item return {response: response} a direct link to the resource we just created is added to the responsemercoledì 4 luglio 2012
  133. 133. POSTing def post(collection): docs = parse_request(request.form) response = {} for key, item in docs.items(): response_item = {} validate(item, collection) if item[validation][response] != VALIDATION_ERROR: document = item[doc] response_item[ID_FIELD] = db(collection).insert(document) response_item[link] = get_document_link(collection, response_item[ID_FIELD]) response_item[validation] = item[validation] response[key] = response_item return {response: response} validation result is always returned to the client, even if the doc has not been insertedmercoledì 4 luglio 2012
  134. 134. POSTing def post(collection): docs = parse_request(request.form) response = {} for key, item in docs.items(): response_item = {} validate(item, collection) if item[validation][response] != VALIDATION_ERROR: document = item[doc] response_item[ID_FIELD] = db(collection).insert(document) response_item[link] = get_document_link(collection, response_item[ID_FIELD]) response_item[validation] = item[validation] response[key] = response_item return {response: response} standard response enconding appliedmercoledì 4 luglio 2012
  135. 135. Data Validation We still need to validate incoming datamercoledì 4 luglio 2012
  136. 136. Data Validation DOMAIN = {} DOMAIN[contacts] = { secondary_id: name, fields: { name: { data_type: string, required: True, unique: True, max_length: 120, min_length: 1 }, DOMAIN is a Python dict containing our validation rules and schema structuremercoledì 4 luglio 2012
  137. 137. Data Validation DOMAIN = {} DOMAIN[contacts] = { secondary_id: name, fields: { name: { data_type: string, required: True, unique: True, max_length: 120, min_length: 1 }, every resource (collection) maintained by the API has a key in DOMAINmercoledì 4 luglio 2012
  138. 138. Data Validation DOMAIN = {} DOMAIN[contacts] = { secondary_id: name, fields: { name: { data_type: string, required: True, unique: True, max_length: 120, min_length: 1 }, if the resource allows for a secondary lookup field, we define it heremercoledì 4 luglio 2012
  139. 139. Data Validation DOMAIN = {} DOMAIN[contacts] = { secondary_id: name, fields: { name: { data_type: string, required: True, unique: True, max_length: 120, min_length: 1 }, known fields go in the fields dictmercoledì 4 luglio 2012
  140. 140. Data Validation DOMAIN = {} DOMAIN[contacts] = { secondary_id: name, fields: { name: { data_type: string, required: True, unique: True, max_length: 120, min_length: 1 }, validation rules for ‘name’ field. data_type is mostly needed to process datetimes and currency valuesmercoledì 4 luglio 2012
  141. 141. Data Validation (...) iban: { data_type: string, custom_validation: { module: customvalidation, function: validate_iban } } (...) we can define custom validation functions when the need arisesmercoledì 4 luglio 2012
  142. 142. Data Validation (...) contact_type: { data_type: array, allowed_values: [ client, agent, supplier, area manager, vector ] } (...) or we can define our own custom data types...mercoledì 4 luglio 2012
  143. 143. Data Validation (...) contact_type: { data_type: array, allowed_values: [ client, agent, supplier, area manager, vector ] } (...) ... like the array, which allows us to define a list of accepted values for the fieldmercoledì 4 luglio 2012
  144. 144. I will spare you the validation function It’s pretty simple reallymercoledì 4 luglio 2012
  145. 145. Hey but! You’re building your own ORM! Just a thin validation layer on which I have total control AKA So What?mercoledì 4 luglio 2012
  146. 146. #4 Caching and concurrency control resource representation describes how when and if it can be used, discarded or re-fetchedmercoledì 4 luglio 2012
  147. 147. Driving conditional requests Servers use Last-Modified and ETag response headers to drive conditional requestsmercoledì 4 luglio 2012
  148. 148. Last-Modified Generally considered a weak validator since it has a one-second resolution “Wed, 06 Jun 2012 14:19:53 UTC”mercoledì 4 luglio 2012
  149. 149. ETag Entity Tag is a strong validator since its value can be changed every time the server modifies the representation 7a9f477cde424cf93a7db20b69e05f7b680b7f08mercoledì 4 luglio 2012
  150. 150. On ETags • Clients should be able to use ETag to compare representations of a resouce • An ETag is supposed to be like an object’s hash code. • Actually, some web frameworks and a lot of implementations do just that • ETag computed on an entire representation of the resource may become a performance bottleneckmercoledì 4 luglio 2012
  151. 151. Last-Modified or ETag? You can use either or both. Consider the types of client consuming your service. Hint: use both.mercoledì 4 luglio 2012
  152. 152. Validating cached representations Clients use If-Modified-Since and If-None-Match in request headers for validating cached representationsmercoledì 4 luglio 2012
  153. 153. If-Mod-Since & ETag def get_document(collection, object_id=None, lookup=None): response = {} document = find_document(collection, object_id, lookup) if document: etag = get_etag(document) header_etag = request.headers.get(If-None-Match) if header_etag and header_etag == etag: return prep_response(dict(), status=304) if_modified_since = request.headers.get(If-Modified-Since) if if_modified_since: last_modified = document[LAST_UPDATED] if last_modified <= if_modified_since: return prep_response(dict(), status=304) response[collection.rstrip(s)] = document return prep_response(response, last_modified, etag) abort(404) retrieve the document from the databasemercoledì 4 luglio 2012
  154. 154. If-Mod-Since & ETag def get_document(collection, object_id=None, lookup=None): response = {} document = find_document(collection, object_id, lookup) if document: etag = get_etag(document) header_etag = request.headers.get(If-None-Match) if header_etag and header_etag == etag: return prep_response(dict(), status=304) if_modified_since = request.headers.get(If-Modified-Since) if if_modified_since: last_modified = document[LAST_UPDATED] if last_modified <= if_modified_since: return prep_response(dict(), status=304) response[collection.rstrip(s)] compute ETag for the current = document return prep_response(response, last_modified, etag) representation. We test ETag abort(404) first, as it is a stronger validatormercoledì 4 luglio 2012
  155. 155. If-Mod-Since & ETag def get_document(collection, object_id=None, lookup=None): response = {} document = find_document(collection, object_id, lookup) if document: etag = get_etag(document) header_etag = request.headers.get(If-None-Match) if header_etag and header_etag == etag: return prep_response(dict(), status=304) if_modified_since = request.headers.get(If-Modified-Since) if if_modified_since: last_modified = document[LAST_UPDATED] if last_modified <= if_modified_since: return prep_response(dict(), status=304) response[collection.rstrip(s)] = document return prep_response(response, last_modified, etag) abort(404) retrieve If-None-Match ETag from request headermercoledì 4 luglio 2012
  156. 156. If-Mod-Since & ETag def get_document(collection, object_id=None, lookup=None): response = {} document = find_document(collection, object_id, lookup) if document: etag = get_etag(document) header_etag = request.headers.get(If-None-Match) if header_etag and header_etag == etag: return prep_response(dict(), status=304) if_modified_since = request.headers.get(If-Modified-Since) if if_modified_since: last_modified = document[LAST_UPDATED] if last_modified <= if_modified_since: return prep_response(dict(), status=304) response[collection.rstrip(s)] = document return prep_response(response, last_modified, etag) abort(404) if client and server representations match, return a 304 Not Modifiedmercoledì 4 luglio 2012
  157. 157. If-Mod-Since & ETag def get_document(collection, object_id=None, lookup=None): response = {} document = find_document(collection, object_id, lookup) if document: etag = get_etag(document) header_etag = request.headers.get(If-None-Match) if header_etag and header_etag == etag: return prep_response(dict(), status=304) if_modified_since = request.headers.get(If-Modified-Since) if if_modified_since: last_modified = document[LAST_UPDATED] if last_modified <= if_modified_since: return prep_response(dict(), status=304) response[collection.rstrip(s)] = document return prep_response(response, last_modified, if the resource likewise, etag) abort(404) has not been modified since If-Modifed-Since, return 304 Not Modifiedmercoledì 4 luglio 2012
  158. 158. Concurrency control Clients use If-Unmodified-Since and If-Match in request headers as preconditions for concurrency controlmercoledì 4 luglio 2012
  159. 159. Concurrency control Create/Update/Delete are controlled by ETag def edit_document(collection, object_id, method): document = find_document(collection, object_id) if document: header_etag = request.headers.get(If-Match) if header_etag is None: return prep_response(If-Match missing from request header, status=403) if header_etag != get_etag(document[LAST_UPDATED]): # Precondition failed abort(412) else: if method in (PATCH, POST): return patch_document(collection, document) elif method == DELETE: return delete_document(collection, object_id) else: abort(404) retrieve client’s If-Match ETag from the request headermercoledì 4 luglio 2012
  160. 160. Concurrency control Create/Update/Delete are controlled by ETag def edit_document(collection, object_id, method): document = find_document(collection, object_id) if document: header_etag = request.headers.get(If-Match) if header_etag is None: return prep_response(If-Match missing from request header, status=403) if header_etag != get_etag(document[LAST_UPDATED]): # Precondition failed abort(412) else: if method in (PATCH, POST): return patch_document(collection, document) elif method == DELETE: return delete_document(collection, object_id) else: abort(404) editing is forbidden if ETag is not providedmercoledì 4 luglio 2012
  161. 161. Concurrency control Create/Update/Delete are controlled by ETag def edit_document(collection, object_id, method): document = find_document(collection, object_id) if document: header_etag = request.headers.get(If-Match) if header_etag is None: return prep_response(If-Match missing from request header, status=403) if header_etag != get_etag(document[LAST_UPDATED]): # Precondition failed abort(412) else: if method in (PATCH, POST): return patch_document(collection, document) elif method == DELETE: return delete_document(collection, object_id) else: client and server abort(404) representations don’t match. Precondition failed.mercoledì 4 luglio 2012
  162. 162. Concurrency control Create/Update/Delete are controlled by ETag def edit_document(collection, object_id, method): document = find_document(collection, object_id) if document: header_etag = request.headers.get(If-Match) if header_etag is None: client and server representation match, return prep_response(If-Match missing from request header, status=403) go ahead with the edit if header_etag != get_etag(document[LAST_UPDATED]): # Precondition failed abort(412) else: if method in (PATCH, POST): return patch_document(collection, document) elif method == DELETE: return delete_document(collection, object_id) else: abort(404)mercoledì 4 luglio 2012
  163. 163. Sending cache & concurrency directives back to clientsmercoledì 4 luglio 2012
  164. 164. Cache & Concurrency def prep_response(dct, last_modified=None, etag=None, status=200): (...) resp.headers.add(Cache-Control, max-age=%s,must-revalidate & 30) resp.expires = time.time() + 30 if etag: resp.headers.add(ETag, etag) if last_modified: resp.headers.add(Last-Modified, date_to_str(last_modified)) return resp encodes ‘dct’ according to client’s accepted MIME Data-Type (click here see that slide)mercoledì 4 luglio 2012
  165. 165. Cache & Concurrency def prep_response(dct, last_modified=None, etag=None, status=200): (...) resp.headers.add(Cache-Control, max-age=%s,must-revalidate & 30) resp.expires = time.time() + 30 if etag: resp.headers.add(ETag, etag) if last_modified: resp.headers.add(Last-Modified, date_to_str(last_modified)) return resp Cache-Control, a directive for HTTP/1.1 clients (and later) -RFC2616mercoledì 4 luglio 2012
  166. 166. Cache & Concurrency def prep_response(dct, last_modified=None, etag=None, status=200): (...) resp.headers.add(Cache-Control, max-age=%s,must-revalidate & 30) resp.expires = time.time() + 30 if etag: resp.headers.add(ETag, etag) if last_modified: resp.headers.add(Last-Modified, date_to_str(last_modified)) return resp Expires, a directive for HTTP/1.0 clientsmercoledì 4 luglio 2012
  167. 167. Cache & Concurrency def prep_response(dct, last_modified=None, etag=None, status=200): (...) resp.headers.add(Cache-Control, max-age=%s,must-revalidate & 30) resp.expires = time.time() + 30 if etag: resp.headers.add(ETag, etag) if last_modified: resp.headers.add(Last-Modified, date_to_str(last_modified)) return resp ETag. Notice that we don’t compute it on the rendered representation, this is by design.mercoledì 4 luglio 2012
  168. 168. Cache & Concurrency def prep_response(dct, last_modified=None, etag=None, status=200): (...) resp.headers.add(Cache-Control, max-age=%s,must-revalidate & 30) resp.expires = time.time() + 30 if etag: resp.headers.add(ETag, etag) if last_modified: resp.headers.add(Last-Modified, date_to_str(last_modified)) return resp And finally, we add the Last-Modified header tag.mercoledì 4 luglio 2012
  169. 169. Cache & Concurrency def prep_response(dct, last_modified=None, etag=None, status=200): (...) resp.headers.add(Cache-Control, max-age=%s,must-revalidate & 30) resp.expires = time.time() + 30 if etag: resp.headers.add(ETag, etag) if last_modified: resp.headers.add(Last-Modified, date_to_str(last_modified)) return resp the response object is now complete and ready to be returned to the clientmercoledì 4 luglio 2012
  170. 170. that ’s o long ne acro ass nym #5 HATEOAS “Hypertext As The Engine Of Application State”mercoledì 4 luglio 2012
  171. 171. HATEOAS in a Nutshell • clients interact entirely through hypermedia provided dynamically by the server • clients need no prior knowledge about how to interact with the server • clients access an application through a single well known URL (the entry point) • All future actions the clients may take are discovered within resource representations returned from the servermercoledì 4 luglio 2012
  172. 172. It’s all about Links resource representation includes links to related resourcesmercoledì 4 luglio 2012
  173. 173. Collection { Representation  "links":[     "<link rel=parent title=home href=http://api.example.com/ />",     "<link rel=collection title=contacts href=http://api.example.com/Contacts />",     "<link rel=next title=next page  href=http://api.example.com/Contacts?page=2 />"    ],    "contacts":[       {          "updated":"Wed, 06 Jun 2012 14:19:53 UTC",          "name":"Jon Doe",          "age": 27,          "etag":"7a9f477cde424cf93a7db20b69e05f7b680b7f08",          "link":"<link rel=self title=Contact every resource href=http://api.example.com/Contacts/ 4f46445fc88e201858000000 />", representation provides a          "_id":"4f46445fc88e201858000000", links section with       }, navigational info for ] clients }mercoledì 4 luglio 2012
  174. 174. Collection { Representation  "links":[     "<link rel=parent title=home href=http://api.example.com/ />",     "<link rel=collection title=contacts href=http://api.example.com/Contacts />",     "<link rel=next title=next page  href=http://api.example.com/Contacts?page=2 />"    ],    "contacts":[       {          "updated":"Wed, 06 Jun 2012 14:19:53 UTC",          "name":"Jon Doe",          "age": 27,          "etag":"7a9f477cde424cf93a7db20b69e05f7b680b7f08",          "link":"<link rel=self title=Contact href=http://api.example.com/Contacts/ attribute provides the rel 4f46445fc88e201858000000 />", the relationship between the          "_id":"4f46445fc88e201858000000",       }, linked resource and the one ] currently represented }mercoledì 4 luglio 2012
  175. 175. Collection { Representation  "links":[     "<link rel=parent title=home href=http://api.example.com/ />",     "<link rel=collection title=contacts href=http://api.example.com/Contacts />",     "<link rel=next title=next page  href=http://api.example.com/Contacts?page=2 />"    ],    "contacts":[       {          "updated":"Wed, 06 Jun 2012 14:19:53 UTC",          "name":"Jon Doe",          "age": 27,          "etag":"7a9f477cde424cf93a7db20b69e05f7b680b7f08",          "link":"<link rel=self title=Contact the title attribute provides href=http://api.example.com/Contacts/ 4f46445fc88e201858000000 />", a tag (or description) for          "_id":"4f46445fc88e201858000000", the linked resource. Could       }, be used as a caption for a ] client button. }mercoledì 4 luglio 2012
  176. 176. Collection { Representation  "links":[     "<link rel=parent title=home href=http://api.example.com/ />",     "<link rel=collection title=contacts href=http://api.example.com/Contacts />",     "<link rel=next title=next page  href=http://api.example.com/Contacts?page=2 />"    ],    "contacts":[       {          "updated":"Wed, 06 Jun 2012 14:19:53 UTC",          "name":"Jon Doe",          "age": 27,          "etag":"7a9f477cde424cf93a7db20b69e05f7b680b7f08",          "link":"<link rel=self title=Contact href=http://api.example.com/Contacts/ attribute provides the href 4f46445fc88e201858000000 />", and absolute path to the          "_id":"4f46445fc88e201858000000",       }, resource (the “permanent ] identifier” per REST def.) }mercoledì 4 luglio 2012

×