web architecture : 3rd week handout

Web Application ArchitecturesModule 3: Database InteractionsLecture 1: Relational Databases

c© 2011-13 G.L. Heileman Module 3, Lecture 1 1 / 9

Focus of our Attention

WebClient

(Browser)

WebServerNetwork

1: request

2: response

Database

Script/Service

Script/Service

Script/Service

Connector

DatabaseConnector

Clienttier

Webtier

Businesslogictier

Presentation logictier

Dataaccess

tier

Datatier


Relational Databases

Relational databases are the most common way to persistently storedata in web applications.A relational database is used to store a collection of relations. Thisinvolves storing “records” in tables.Each row in a table (or entity) corresponds to one record, and thecolumns correspond to fields (or attributes) of the record.

Ex.people

last_namefirst_nameid address

123

Frank Furter

JaneJohn

DoeDoe

1 Wiener Way

30 Smith PL30 Smith PL

phone

John Doe 30 Smith PL4

212-555-1234505-555-1234

505-463-1234505-463-4321



What’s the point of the id field in the previous table? It is used toform relationships to other tables. It’s referred to as the primary key ofthe table.For example, John Doe appeared in the previous table twice. Why?Because he has two phones. More specifically, there is a one-to-manyrelationship between people and phones — one person can have manyphones.We can normalize the database by creating two tables, one for peopleand a separate table for phones:

– Each record in the phone table will hold the id of a person.– In the phone table, this person_id is referred to as a foreign key.– Given the id of a person, we can now search the phone table for all

of the phones that belong to a person. This is typically done using thestructured query language (SQL), but in Rails we’ll by-pass this usingthe methods provided with Active Records.


Relational Databases – Normalization

Ex. A one-to-many relationship between tables:

phonesnumberperson_idid

123

212-555-1234505-555-1234505-463-4321

4 505-463-1234

1232

peoplelast_namefirst_nameid address

123

Frank Furter

JaneJohn

DoeDoe

1 Wiener Way

30 Smith PL30 Smith PL


Schema and Entity-Relationship Models

The structure/organization of the tables in a database is referred to asa schema.

An entity-relationship model is a common way of abstractly capturinga database schema.



Notice that we could further normalize the database by creating anaddress table.However, in this case, the one-to-many relationship is in the otherdirection, i.e., we have one address for many people in the table.You can imagine a situation where one person also has manyaddresses, e.g., one for work, one for home, etc.Thus, we really need to create a many-to-many relationship betweenpeople and addresses.This is done by creating a join table — it’s called this because it“joins” the people and addresses tables.The join table in the following example is calledaddresses_people. Notice that it only stores foreign keys, andhas no primary keys.


Relational Databases – Join Tables

Ex. A many-to-many relationship using a join table:

phonesnumberperson_idid

123

212-555-1234505-555-1234505-463-4321

4 505-463-1234

1232

peoplelast_namefirst_nameid

123

Frank Furter

JaneJohn

DoeDoe

addressescitystreetid state

12

1 Wiener Way30 Smith PL

Ketchup ORBland NE

addresses_peopleaddress_idperson_id

123

122


Entity-Relationship Model


Web Application ArchitecturesModule 3: Database Interactions

Lecture 2: Databases in Rails



WebClient

(Browser)

WebServerNetwork

1: request

2: response

Database

Script/Service

Script/Service

Script/Service

Connector

DatabaseConnector

Clienttier

Webtier

Businesslogictier


Dataaccess

tier

Datatier


Database Migrations

Each time we ran the scaffold generator in our blog application, Railscreated a database migration file and placed it in the db/migratedirectory.Rails uses the rake command to run these migrations, which createsa schema, from which appropriate databases can then be created.Because migrations can also be used to undo the work of previousmigrations (e.g., to make corrections), they are timestamped, andexecuted in the order they were created. The filename contains thetimestamp.


Rails Environments

Rails automatically sets up applications to run in one of three prebuiltenvironments (you can also add your own):

Development – Used when you’re developing the application.Test – Used when your run tests.Production – Used when you deploy your application.

By default, when you run:$ rails server

Rails runs in the development environment.

To force rails to run in a different environment, use:$ rails server -e production


Rails Databases

One of the architectural elements most likely to differ between developmentand production environments is the database:

During development, you (the developer) are the only one accessingthe database.Rails automatically sets up the development environment to useSQLite, a simple easy-to-use file-based relational database that runs inmemory. SQLite is not a production grade database.When an application goes into production, it may receive 100’s or1000’s of “hits” in a matter of seconds, and the database needs beable to handle the data requests associated with these hits.Popular production database include: PostgreSQL and MySQL.The databases that Rails will use in different environments is specifiedin: db/database.yml.



Lecture 3: The Active Record Design Pattern



WebClient

(Browser)

WebServerNetwork

1: request

2: response

Database

Script/Service

Script/Service

Script/Service

Connector

DatabaseConnector

Clienttier

Webtier

Businesslogictier


Dataaccess

tier

Datatier


Active Record Design Pattern

The Active Record design pattern was named by Martin Fowler in2003 in his book Patterns of Enterprise Application Architecture.

Active Records are commonly used in Ruby as a means of persistingdata, i.e., of saving data persistently, so that it can be recalled forlater use, even after you’ve closed the program that created the data,and turned off your computer.

More specifically, the Active Record pattern is used to access datastored in relational databases — it allows you to perform CRUDoperations without worrying about the specific underlying databasetechnology (e.g., SQLite, MySQL, PostgreSQL, SQL Server, Oracle,etc).


Active Record Design Pattern

Most software applications today are written using some OO language,and often it is necessary to persist (i.e., save and later retrieve) theobjects associated with these applications.There’s a big problem: The classes and objects associated with an OOlanguage are incompatible with the structure of relational databases.Active Records to the Rescue: This design pattern encapsulates thatnotion an object-relational mapping (ORM), i.e., a mapping betweenOO language constructs and relational databases constructs.The ORM provided by Active Records automatically converts objectinto constructs that can be stored in a database (and converts themback upon retrieval).This creates, in effect, a “virtual object database” that can be usedfrom within an OO language.


ORM – How It’s Done

Active Records use the following ORM:

OO Language Relations DBFeature ItemClasses −→ Tables

Objects −→ Records(Rows in a Table)

Attributes −→ Record Values(Columns in a Table)


Active Records in Ruby

The Active Record design pattern is provided in a Ruby module calledActiveRecord.

Using the functionality provided by this module you can:– Establish a connection to a database.– Create database tables.– Specify associations between tables that correspond to associations

between the Ruby classes.– Establish an ORM between Ruby classes/objects/attributes and the

tables/rows/columns in the underlying database.– Peform CRUD operations on Ruby ActiveRecord objects.

The ActiveRecord module is built into Rails – the functionalitiesabove are utilized when you create a Rails app and run scaffold andmodel generators.


Active Records in Rails

The ActiveRecord::Base.establish_connection methoduses the information in ./conifg/database.yml in order to connect aRails application to a database.

The ActiveRecord::Migration object is used to incrementallyevolve your database schema over time – migrations update the./db/schema.rb file.

The ActiveRecord::Schema.define method, in./db/schema.rb, is created by inspecting the database and thenexpressing its structure programmatically using a portable(database-independent) DSL. This can be loaded into any databasethat ActiveRecord supports.


ActiveRecord Module

If you create a new class by inheriting ActiveRecord::Base, andcall it Post, it is assumed a database table will exist that is calledposts. I.e., it pluaralizes the name of the class, and then looks for atable with that name.

The Base class in the ActiveRecord module will inspect theposts database, and determine that it has title and body fields,and it will automatically add member variables (and accessors) withthese same names in the Post class. I.e., it takes care of the ORM!

Furthermore, a query interface is also provided – in most cases,ActiveRecord insulates you from the need to use SQL.Ex. Post.all

Post.firstPost.find_by(1)Post.find_by_title("My First Post")


The Interactive Ruby Shell

The interactive Ruby shell (IRB) is an interpreter that is provided withRuby, and allows for real-time experimentation through interactivesessions – great for debugging. To use it, in a terminal window type:

$ irb

The Rails console allows you to interact with a Rails applicationthrough the IRB command line – i.e., it starts IRB and loads the Railsenvironment. To use it, from the root of a Rails application directorytype:

$ rails console



Lecture 4: The Blog App – Iteration 2 (Associations)


Associations in Rails

Because we used the scaffold generator for the posts and comments in ourblog application, the Active Record design pattern is “pre-wired.” Thismeans:

– A SQLite database able to store posts and comments was createdwhen we ran the migrations.

– A connection to this database was established.– The ORM for Post and Comment objects was set up — the “M” in

MVC.

However, there’s one thing missing — we need to ensure that anycomments entered for a particular post are permanently linked to that post.



We did make the connection between posts and comments in thedatabase — recall that a post_id can be stored with each comment.

To make our models in Rails fully functional we need to addassociations — each post needs to know the list of commentsassociated with it, and each comment needs to know which post itbelongs to.

There’s a many-to-one relationship between comments and posts — apost has many comments, and a comment belongs to a post:



The ActiveRecord module contains a set of class methods fortying objects together through foreign keys.

To enable these, you must declare associations within your modelsusing the following:

Model with no Model withRelationship foreign key foreign keyone-to-one has_one belongs_tomany-to-one has_many belongs_tomany-to-many has_and_belongs_to_many ?

? The foreign keys for each model are stored in a join table.



Lecture 5: The Blog App – Iteration 3 (Validations)


Data Validations in Web Apps

Data validation is the process of ensuring your web applicationoperates on clean, correct and useful data.

Ex.– Ensure a user provides a valid email address, phone number, etc.– Ensure that inputs (505) 255-1234, 505-255-1234 and 5052551234 are

all treated the same.– Ensure that “business rules” are not being violated, e.g., a comment

cannot be stored without a post ID.

The most common web application security weakness is failure tovalidate client-side input – SQL injection, cross-site scripting andbuffer overflow attacks are enabled.



WebClient

(Browser)

WebServerNetwork

1: request

2: response

Database

Script/Service

Script/Service

Script/Service

Connector

DatabaseConnector

JavaScriptHTML5 Controller-level

Model-level

Database-stored procedure



Client-side – Involves checking that HTML forms are filled out correctly.– JavaScript, running in the browser, has traditionally been used.– HTML5 now has more specific “input types” that can be checked,

along with a “required” attribute.– Works best when combined with server-side validations.

Server-side – Checks made after an HTML form has been submitted.– Database (stored procedures) – Database-dependent, so not portable.

Useful if many applications are using the database.– Controller-level – We’ll see later that you don’t want to put too much

logic in the controller (keep them skinny).– Model-level – A good way to ensure that only valid data is stored in

your database, in a database agnostic way.


ActiveRecord Callbacks

We can think of the objects in an OO system as having a lifecycle –they are first created, can later be updated and also destroyed.

ActiveRecord objects have methods that can be called in order toensure their integrity at the various stages of their lifecycle.Ex.

– Don’t create a new user object if the user already exists in thedatabase.

– Ensure that all of an object’s attributes are valid before allowing it tobe saved to the database.

– When destroying an object, destroy all of the objects that depend on it.

Callbacks are methods that get called at certain points in anActiveRecord object’s lifecycle – they are “hooks” into thelifecycle, allowing you to trigger logic before or after the state of anobject changes.


ActiveRecord Validations

Validations are a type of ActiveRecord callback that can be usedto ensure only valid data is stored in your Rails databases.

The create, save and update methods trigger validations, and will onlyallow a valid ActiveRecord object to be saved to the database.

Validations are defined in your models.

Ex.

class Person < ActiveRecord::Basevalidates_presence_of :namevalidates_numericality_of :age, :only_integer => truevalidates_ confirmation_of :emailvalidates_length_of :password, :in => 8..20

end


Module Overview

Relational DatabasesDatabases in RailsThe Active Record Design PatternThe Blog App – Iteration 2 (Associations)The Blog App – Iteration 3 (Validations)

c© 2011-13 G.L. Heileman Module 3: Overview 2 / 2

web architecture : 3rd week handout

Documents