Title

Click to edit the outline text formatSecond Outline LevelThird Outline LevelFourth Outline LevelFifth Outline LevelSixth Outline LevelSeventh Outline LevelEighth Outline LevelNinth Outline Level

PGDay.IT 2016 13 Dicembre 2016 - Prato

di

Postgrest: la REST API per i database PostgreSQL

Lucio Grenzil.grenzi@gmail.com

Who is this guy?

Delphi developer since 1999

IT Consultant

Front end web developer

Postgresql addicted

Nonantolando.blogspot.com lucio.grenzi lucio grenzi

Agenda

NoBackend: what and why

Postgresql: advantages

Postgrest features

Nobackend

noBackend is an approach to decouple apps from backends, by abstracting backend tasks with frontend code.

This allows frontend developers to focus on user experience and gives backend developers more flexibility on the implementation side.

- nobackend.org -

Our purpose

Create apps / webapps that don't need a backend at all

Writing business logic often duplicates, ignores or hobbles database structure

A single declarative source of truth: the data itself

How?

Using a REST API on top of your database

Build a backend in right way

SSL to rest api always!

Different schema to different portImplement only what you need

Use webserver to route in the right way

Authentication done by JWT

Row level security feature introduced from Postgresql 9.5

Why schemas?

It allows many users to use one database without interfering with each other.

It organizes database objects into logical groups to make them more manageable.

Third-party applications can be put into separate schemas so they do not collide with the names of other objects.

Why Postgresql

Versatility

json support

Custom languages (Plv8)

Lots of extensions

MVC logic inside the database

MVC

MVC is an architectural design pattern that encourages improved application organization through a separation of concerns. It enforces the isolation of business data (Models) from user interfaces (Views), with a third component (Controllers) traditionally managing logic, user-input, and coordination of Models and Views.

- Developing Backbone.js Applications -By Addy Osmani

Build an application

Focus on client related tecnology

Pick a frontend framework

Postgrest

Cleaner and a more standards compliant API

Quick to get startedNothing to install

Nothing to configure

Exchange data json format

Postgresql + Postgrest: combination that can give you a way to expose your data to other applications or web frontends.

Postgrest parameters/options

Usage: postgrest DB_URL (-a|--anonymous ROLE) [-s|--schema NAME] [-p|--port PORT] [-j|--jwt-secret SECRET] [-o|--pool COUNT] [-m|--max-rows COUNT] PostgREST 0.3.2.0 / create a REST API to an existing Postgres database

Available options: -h,--help Show this help text DB_URL (REQUIRED) database connection string, e.g. postgres://user:pass@host:port/db -a,--anonymous ROLE (REQUIRED) postgres role to use for non-authenticated requests -s,--schema NAME schema to use for API routes (default: "public") -p,--port PORT port number on which to run HTTP server (default: 3000) -j,--jwt-secret SECRET secret used to encrypt and decrypt JWT tokens (default: "secret") -o,--pool COUNT max connections in database pool (default: 10) -m,--max-rows COUNT max rows in response (default: "infinity")

Postgrest - security

PostgREST is designed to keep the database at the center of API security

All authorization happens through database roles and permissions

Use json web sockets to authenticate API request

authenticate with external services

Postgrest security with no jwt

If no JWT is present

it the role is invalid

it does not contain the role claim

SET LOCAL ROLE anonymous;

Postgrest security with jwt

CREATE ROLE authenticator NOINHERIT LOGIN;CREATE ROLE anonymous;

GRANT anonymous TO authenticator;

postgrest postgres://pgday@localhost:5432/pgday --anonymous anon

Postgrest - performances

Web application written in Haskell using Warp http server

It delegates as much calculation as possible to the databaseSerializing JSON responses directly in SQL

Data validation

Authorization

Postgrest - Versioning

A long-lived API needs the freedom to exist in multiple versions

PostgREST does versioning through database schemas

API matches

POST ~ INSERT

GET ~ SELECT

PATCH ~ UPDATE

PUT ~ UPSERT

DELETE ~ DELETE

Auth ~ user roles

API calls

GET /customer?select=name, age, city,nation

POST /customer name, age, city,nation John,40,Boston,USA

Try postgrest

Source: https://github.com/begriffs/postgrest/

Docker image https://hub.docker.com/r/begriffs/postgrest/

Heroku

Postgrest: http://postgrest.com/

Postgrest client

PostgREST JavaScript client provides bindings and features to be used with PostgREST APIs.

Install with NPM in your projects folder.

$ npm install postgrest-client var PostgREST = require('postgrest-client') var Api = new PostgREST('https://postgrest.pgday.it')

Similar tool to Postgrest

PgREST http://pgre.st/a JSON document store

PostGraphQL https://github.com/calebmer/postgraphqla GraphQL schema created over a PostgreSQL schema

Questions?