REST web services suggestions - web-services

I want to make a REST services based application and I have no ideas to start with. Do you have any suggestions?
I know what REST services are and how to implement them, but I don't have an idea for what application to do.

Probably the most standard REST example or case study is a content management system. ie a system where the main resources are "documents" (/documents/1 /documents/2 etc). It could also be "posts" for a blog or "tweets" etc.
You can then enhance it with a separate resource for authors, add policies for reading and writing posts, and so on.
The good thing about this model is there's no real business logic or API scraping to implement, and it's easy to test by checking document contents.
Of course, the best projects to use, when you have the luxury of choosing them, are always those you have a passion for developing.

Related

Architect admin interface for single page app

I have a single page app built with emberjs with an a rails backend. Is it a common pattern to build an admin interface on rails serverside on a subdomain. What is the right approach for this?
Your question is vague but I will try to answer it my best. I have done this with a Node and a Go backend combined with Ember.js.
No, there is technically nothing to prevent you from doing a single page application for an admin interface.
Rails is a good choice for this, and generally you should stick with the backend framework/language you and your team master the most.
As for what would be the right approach, there is no magic recipes. Document your code, write test and follow best practices for the tools you are using.
One key element though will be the communication between your frontend and your backend. Ember chose to follow the JSON API specification (http://jsonapi.org/) and comes out of the box with an adapter to talk with these kind of API. Using such adapter will help you save a lot of time.
Here are some implementation of JSON API for Ruby : http://jsonapi.org/implementations/#server-libraries-ruby
One more thing about your frontend code structure. You haven't say how big your app will be. If it gets big, you may want to take the pod approach in ember-cli (http://ember-cli.com/user-guide/#pod-structure). It basically changes the structure of the code so it's easier to maintain a lot of files.

WebServices for CRUD in playframework

Me and some friends are going to develop a web site with playframework and a mobile application (android and iphone). So we need to make some webservices for the mobile application(CRUD). So we thought about using this web services in our playframework application instead of wasting time and creating the CRUD with anorm(writing all the sql requests).
Well, I'm here to ask for your opinion. Is this a good thing to do ? What's the best advised method here ?
Thank you.
PS: the web services are automatically generated with Netbeans from our database.
There are various reasons why I would advice against this approach.
A general design rule is not to expose your internal data model to the user. This rule comes in many flavors in which the layered architecture is probably the most known one.
In detail there will be issues like:
Tuning performance: This is hard to achieve because your have no, or not much control over the generated web services. When your application is really taking of your will suffer from this limitation
Access the service: I don't know whether you generate RESTful web services or WS-* ones. The latter will get you in trouble when accessing them via iphone.
Design Play vs. synchronous web services: Also somehow related to performance is the issue that the generated service is likely synchronous, blocking, which does not fit well with the non-blocking approach which the play framework is taking.
Abstraction level: Because your database is based on sets but your business model is likely not, you will have issues developing a decent client, tuning the performance, doing proper validation, security, etc.
Authentication, authorization and accounting: Hard to do because the database only knows the db system users
Change: What if you change your database model? Will the generated services continue to work? Do your have do adopt them event if you just add a column?
...
Some of those reasons do overlap, but I think the general problem should be clear.
Instead of this approach I would recommend the following. Develop a RESTfull endpoint for your app, which is not that hard to to. This is the external contract against which the clients should be developing. play-mini for example has a very need, Unfiltered based, API to do this. While doing this, focus on the operations your app really needs. CRUD in general is a bad model when thinking about production ready software.
How you access your database is another decision your have to make but probably it is not that important because it is not your external contract so your can change it when your have the need for doing so.

Difference between a Desktop application and a Web application

What is difference between a Desktop application and a Web development application? What is Testing Strategy for a web site/web application?
I will briefly share some of my experiences, as they may help establish a foundation for you.
The main differences that I have encountered are obviously the usage of markup languages (HTML/HTML5/XML, etc), AJAX, jQuery, and javascript (well, scripting in general). Tools like .NET framework amongst others also exist. You can look those up to get a full definition of what they are and how they work together, but they introduce a new way of problem solving in terms of building small bridges to reach the end result.
As in any application, keep in mind the user-end side of the application. Millions of people will have access to it at exactly the same time. Security is paramount with web apps. Ensure you have strong security measures tied into your page.
Aesthetics will take more precedence than with desk applications (depending on what they are). Web applications are a visual experience. You want to make sure that when you design it, fields are easily identifiable, the app is easy navigable, and easy to read.
For testing, simply save your code with the right extension and run it from wherever you saved it. Most current Op Systems know what kind of web code the file is written in and will open it in a browser. Say if you wrote "myPage.html" and saved it to your desktop, you will see an HTML icon that says "myPage". If you need to make changes, edit your code, re-save it, then simply refresh your web browser.
I know this is a very very general answer but I'm attempting to brush upon everything that I've experienced over the summer. Hopefully this is helpful, or atleast brings some considerations to mind when designing your web app. Good luck!

Securing a financial application with a web interface

I am in the process of designing an application that users will be able to log on remotely and use - via a web interface.
Security is of paramount importance (think credit card and personal banking type information)- so I need to make sure that I get the security aspect nailed down - HARD.
I intend to provide the application functionality via traditional (stateful) web pages , as well as web services.
For what its worth, I am intending to use web2py as my web application framework.
Is there a list of guidelines I can follow to make sure that I have all areas covered?
One stop shopping: https://www.owasp.org/index.php/Main_Page
Read that and take every suggestion to heart.
you should consider at least the following:
authentication. getting users to log on in some manner. which authentication method they use depends on what you aim to provide
privacy. making sure the information they send is only visible to them and your application and not an eavesdropper.
in the simplest case SSL can take care of both of the above. it will always provide encryption but can also be used to authenticate or at least make some simple authentication mechanism more secure. one thing to look at is security of ssl. ssl is suceptible to a man in the middle attack particluarly when the users already have a trust relationship with, say, their employer - who can them proceed to install an ssl gateway which is effectively a mim.
authorisation. making sure users are only allowed to see what you want them to see and no more.
this really depends on technology you are using.
non reputidation. making sure the user cannot dispute the actions they perform
this is a very open ended question. legally this is seldom (never?) used so it depends... something like signed logs of user requested actions for example is probably enough.
Your biggest threat, by far, is writing server-side webapp code that introduces vulnerabilities in your web application layer. This is not something you can checklist. For a starter, make sure you are 100% comfortable with the items in the OWASP Top Ten and understand how to code safely against them. If you are not expert in web application vulnerabilities, strongly consider hiring someone who is to help review the web layer. At the least, i would consider contacting a security testing company to perform some form of penetration testing, preferably with a code review component.
If you ever do anything with credit card data, you will need to comply with the PCI DSS which will require at least quarterly remote-testing from an Approved Scanning Vendor.

Componentizing complex functionality in an MVC web app

This is question about MVC web-app architecture, and how it can be extended
to handle componentizing moderately complex units of functionality.
I have an MVC style web-app with a customer facing credit card charge page.
I've been asked to allow the admins to enter credit card payments as well,
for times when credit cards are taken over the phone.
The customer facing credit card charge section of the website is currently
it's own controller, with approximately 3 pages and a login. That controller
is responsible for:
Customer login credential authentication
Credit card data collection
Calling a library to do the actual charge.
reporting the results to the user.
I would like to extract the card data collection pages into a component of
some kind so that I can easily reuse the code on the admin side of the app.
Right now my components are limited to single "view" pages with PHP style
embedded Perl code.
This is a simple, custom MVC framework written in Perl. Right now, controllers
are called directly from the framework to service web requests. My idea is to
allow controllers to be called from other controllers, so that I can componentize
more complex functionality.
For simplicity I think I prefer composition over inheritance, even though it will
require writing a bunch of pass-through methods (actions). Being Perl, I could in
theory do multiple inheritance.
I'm wondering if anyone with experience in other MVC web frameworks can comment
on how this sort of thing is usually done.
Thank you.
Create a component (class?) which wraps all the cc specific functionality, and expose it through appropriate methods/functions.
Use composition to provide your controllers, both customer and admin facing, an instance of the cc component, and have both call the appropriate methods to achieve what needs to happen.
I have dealt with something similar many times, and I absolutely prefer keeping my "controllers" (or any other code that depends directly on third party libraries for that matter) as "stupid" as possible, and do like you said - pass through anything that calls for functionality that's specific to your app. This keeps my code easy to test, which is what drives most of my design these days.
I hope we're talking about the same things, MVC can be applied at so many different levels it sometimes gets confusing.