Roman Gorel: Building better APIs on Rails.
-
Upload
sphere-consulting-inc -
Category
Technology
-
view
141 -
download
0
description
Transcript of Roman Gorel: Building better APIs on Rails.
![Page 1: Roman Gorel: Building better APIs on Rails.](https://reader034.fdocuments.us/reader034/viewer/2022052623/559cabd61a28abed5b8b4851/html5/thumbnails/1.jpg)
Building better APIs on RailsRoman Gorel @ kiev.rb #3
![Page 2: Roman Gorel: Building better APIs on Rails.](https://reader034.fdocuments.us/reader034/viewer/2022052623/559cabd61a28abed5b8b4851/html5/thumbnails/2.jpg)
Рельсы - не всегда лучше
● Интегрируется с рельсами как Rack
mountable engine
● Меньше время ответа
● Ничего лишнего
![Page 3: Roman Gorel: Building better APIs on Rails.](https://reader034.fdocuments.us/reader034/viewer/2022052623/559cabd61a28abed5b8b4851/html5/thumbnails/3.jpg)
rails-api gem
● Не реквайрит то, что не нужно для API
(например, темплейты)
● Ускоряет время ответа
● Уменьшает потребляемые ресурсы
![Page 4: Roman Gorel: Building better APIs on Rails.](https://reader034.fdocuments.us/reader034/viewer/2022052623/559cabd61a28abed5b8b4851/html5/thumbnails/4.jpg)
Уберем ненужное
● Для новых приложений
● Для существующих приложений
![Page 5: Roman Gorel: Building better APIs on Rails.](https://reader034.fdocuments.us/reader034/viewer/2022052623/559cabd61a28abed5b8b4851/html5/thumbnails/5.jpg)
Добавим роуты
![Page 6: Roman Gorel: Building better APIs on Rails.](https://reader034.fdocuments.us/reader034/viewer/2022052623/559cabd61a28abed5b8b4851/html5/thumbnails/6.jpg)
Неймспейсы, версии, формат
![Page 7: Roman Gorel: Building better APIs on Rails.](https://reader034.fdocuments.us/reader034/viewer/2022052623/559cabd61a28abed5b8b4851/html5/thumbnails/7.jpg)
Субдомен
http://api.pumpkins.ua/v1/pumpkins
![Page 8: Roman Gorel: Building better APIs on Rails.](https://reader034.fdocuments.us/reader034/viewer/2022052623/559cabd61a28abed5b8b4851/html5/thumbnails/8.jpg)
Субдомены в development env
● /etc/hosts
● api.lvh.me
● pow
![Page 9: Roman Gorel: Building better APIs on Rails.](https://reader034.fdocuments.us/reader034/viewer/2022052623/559cabd61a28abed5b8b4851/html5/thumbnails/9.jpg)
Структура контроллеров
![Page 10: Roman Gorel: Building better APIs on Rails.](https://reader034.fdocuments.us/reader034/viewer/2022052623/559cabd61a28abed5b8b4851/html5/thumbnails/10.jpg)
Делаем API аббревиатурой
Api::V1::PumpkinsController → API::V1::PumpkinsController
config/initializers/inflections.rb
![Page 11: Roman Gorel: Building better APIs on Rails.](https://reader034.fdocuments.us/reader034/viewer/2022052623/559cabd61a28abed5b8b4851/html5/thumbnails/11.jpg)
Контроллер
![Page 12: Roman Gorel: Building better APIs on Rails.](https://reader034.fdocuments.us/reader034/viewer/2022052623/559cabd61a28abed5b8b4851/html5/thumbnails/12.jpg)
Разные форматы данных?
![Page 13: Roman Gorel: Building better APIs on Rails.](https://reader034.fdocuments.us/reader034/viewer/2022052623/559cabd61a28abed5b8b4851/html5/thumbnails/13.jpg)
Сокращаем код
![Page 14: Roman Gorel: Building better APIs on Rails.](https://reader034.fdocuments.us/reader034/viewer/2022052623/559cabd61a28abed5b8b4851/html5/thumbnails/14.jpg)
Как поменять представление?
![Page 15: Roman Gorel: Building better APIs on Rails.](https://reader034.fdocuments.us/reader034/viewer/2022052623/559cabd61a28abed5b8b4851/html5/thumbnails/15.jpg)
Куча гемов для кастомизации
представления
● Темплейты: rabl, jbuilder
● Презентеры: representable, acts_as_api
● Сериалайзеры: ActiveModelSerializers
![Page 16: Roman Gorel: Building better APIs on Rails.](https://reader034.fdocuments.us/reader034/viewer/2022052623/559cabd61a28abed5b8b4851/html5/thumbnails/16.jpg)
Путь Очумелых Ручекapp/presenters/api/v1/pumpkin_presenter.rb
![Page 17: Roman Gorel: Building better APIs on Rails.](https://reader034.fdocuments.us/reader034/viewer/2022052623/559cabd61a28abed5b8b4851/html5/thumbnails/17.jpg)
Путь Очумелых Ручек
![Page 18: Roman Gorel: Building better APIs on Rails.](https://reader034.fdocuments.us/reader034/viewer/2022052623/559cabd61a28abed5b8b4851/html5/thumbnails/18.jpg)
Больше гибкости!
![Page 19: Roman Gorel: Building better APIs on Rails.](https://reader034.fdocuments.us/reader034/viewer/2022052623/559cabd61a28abed5b8b4851/html5/thumbnails/19.jpg)
Больше гибкости!
![Page 20: Roman Gorel: Building better APIs on Rails.](https://reader034.fdocuments.us/reader034/viewer/2022052623/559cabd61a28abed5b8b4851/html5/thumbnails/20.jpg)
А как насчет коллекций?app/presenters/api/array_presenter.rb
![Page 21: Roman Gorel: Building better APIs on Rails.](https://reader034.fdocuments.us/reader034/viewer/2022052623/559cabd61a28abed5b8b4851/html5/thumbnails/21.jpg)
Документация
![Page 22: Roman Gorel: Building better APIs on Rails.](https://reader034.fdocuments.us/reader034/viewer/2022052623/559cabd61a28abed5b8b4851/html5/thumbnails/22.jpg)
RDoc
FAIL
![Page 23: Roman Gorel: Building better APIs on Rails.](https://reader034.fdocuments.us/reader034/viewer/2022052623/559cabd61a28abed5b8b4851/html5/thumbnails/23.jpg)
Документируем красиво
● swagger
● apipie
● rspec_api_documentation
![Page 24: Roman Gorel: Building better APIs on Rails.](https://reader034.fdocuments.us/reader034/viewer/2022052623/559cabd61a28abed5b8b4851/html5/thumbnails/24.jpg)
Документация через тесты
● Не захламляет контроллер
● Проще поддерживать в актуальном
состоянии
● Прогоняет тесты при генерации
● Меньше писать руками
● Заставляет писать тесты :)
![Page 25: Roman Gorel: Building better APIs on Rails.](https://reader034.fdocuments.us/reader034/viewer/2022052623/559cabd61a28abed5b8b4851/html5/thumbnails/25.jpg)
Документируем из тестовGemfile
spec/support/rspec_api_documentation.rb
![Page 26: Roman Gorel: Building better APIs on Rails.](https://reader034.fdocuments.us/reader034/viewer/2022052623/559cabd61a28abed5b8b4851/html5/thumbnails/26.jpg)
Документируем из тестовspec/acceptance/pumpkins_spec.rb
![Page 27: Roman Gorel: Building better APIs on Rails.](https://reader034.fdocuments.us/reader034/viewer/2022052623/559cabd61a28abed5b8b4851/html5/thumbnails/27.jpg)
Описываем методы
![Page 28: Roman Gorel: Building better APIs on Rails.](https://reader034.fdocuments.us/reader034/viewer/2022052623/559cabd61a28abed5b8b4851/html5/thumbnails/28.jpg)
Описываем методы
![Page 29: Roman Gorel: Building better APIs on Rails.](https://reader034.fdocuments.us/reader034/viewer/2022052623/559cabd61a28abed5b8b4851/html5/thumbnails/29.jpg)
Два в одном
$ rake docs:generate
● Прогоняет тесты
● Генерирует доку
![Page 30: Roman Gorel: Building better APIs on Rails.](https://reader034.fdocuments.us/reader034/viewer/2022052623/559cabd61a28abed5b8b4851/html5/thumbnails/30.jpg)
Наслаждаемся результатом
![Page 31: Roman Gorel: Building better APIs on Rails.](https://reader034.fdocuments.us/reader034/viewer/2022052623/559cabd61a28abed5b8b4851/html5/thumbnails/31.jpg)
Наслаждаемся результатом
![Page 32: Roman Gorel: Building better APIs on Rails.](https://reader034.fdocuments.us/reader034/viewer/2022052623/559cabd61a28abed5b8b4851/html5/thumbnails/32.jpg)
Аутентификация
![Page 33: Roman Gorel: Building better APIs on Rails.](https://reader034.fdocuments.us/reader034/viewer/2022052623/559cabd61a28abed5b8b4851/html5/thumbnails/33.jpg)
Базовая Аутентификация
![Page 34: Roman Gorel: Building better APIs on Rails.](https://reader034.fdocuments.us/reader034/viewer/2022052623/559cabd61a28abed5b8b4851/html5/thumbnails/34.jpg)
Базовая Аутентификация
![Page 35: Roman Gorel: Building better APIs on Rails.](https://reader034.fdocuments.us/reader034/viewer/2022052623/559cabd61a28abed5b8b4851/html5/thumbnails/35.jpg)
FAIL :(
![Page 36: Roman Gorel: Building better APIs on Rails.](https://reader034.fdocuments.us/reader034/viewer/2022052623/559cabd61a28abed5b8b4851/html5/thumbnails/36.jpg)
Digest Auth + token
● Делаем POST /sessions с
захэшированными логином и паролем
● Получаем в ответ токен
● Используем токен в последующих
запросах
![Page 37: Roman Gorel: Building better APIs on Rails.](https://reader034.fdocuments.us/reader034/viewer/2022052623/559cabd61a28abed5b8b4851/html5/thumbnails/37.jpg)
Digest Auth
![Page 38: Roman Gorel: Building better APIs on Rails.](https://reader034.fdocuments.us/reader034/viewer/2022052623/559cabd61a28abed5b8b4851/html5/thumbnails/38.jpg)
Digest Auth$ curl -v --digest -u "Roman:password" -X POST --data {} http://api.pumpkins.ua:3000/v1/sessions
![Page 39: Roman Gorel: Building better APIs on Rails.](https://reader034.fdocuments.us/reader034/viewer/2022052623/559cabd61a28abed5b8b4851/html5/thumbnails/39.jpg)
Token
![Page 40: Roman Gorel: Building better APIs on Rails.](https://reader034.fdocuments.us/reader034/viewer/2022052623/559cabd61a28abed5b8b4851/html5/thumbnails/40.jpg)
Token
$ curl -H 'Authorization: Token token="48990736263c9f573ff634a1cb66cbcd"' http://api.pumpkins.ua:3000/v1/pumpkins
![Page 41: Roman Gorel: Building better APIs on Rails.](https://reader034.fdocuments.us/reader034/viewer/2022052623/559cabd61a28abed5b8b4851/html5/thumbnails/41.jpg)
Проблемы
● Сложная аутентификация
● Открытый токен
![Page 42: Roman Gorel: Building better APIs on Rails.](https://reader034.fdocuments.us/reader034/viewer/2022052623/559cabd61a28abed5b8b4851/html5/thumbnails/42.jpg)
JSON Web token
● Реализации под множество платформ
● Простота использования
● Секьюрность
jwt.io
![Page 43: Roman Gorel: Building better APIs on Rails.](https://reader034.fdocuments.us/reader034/viewer/2022052623/559cabd61a28abed5b8b4851/html5/thumbnails/43.jpg)
Аутентификация с JWT
![Page 44: Roman Gorel: Building better APIs on Rails.](https://reader034.fdocuments.us/reader034/viewer/2022052623/559cabd61a28abed5b8b4851/html5/thumbnails/44.jpg)
Аутентификация с JWT
$ curl -H 'Authorization: Token token="eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjoxfQ.y8f9uijQS6sxeX58dQH4fwJYLxvmBt3HHAvnrj5w1Rg"' http://api.pumpkins.ua:3000/v1/pumpkins
![Page 45: Roman Gorel: Building better APIs on Rails.](https://reader034.fdocuments.us/reader034/viewer/2022052623/559cabd61a28abed5b8b4851/html5/thumbnails/45.jpg)
Структура JWT
● Заголовок (тип сообщения и алгоритм,
JSON + Base64)
● Тело сообщения (JSON + Base64)
● Подпись (тело + заголовок,
зашифрованные секретным ключом)
eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjoxfQ.y8f9uijQS6sxeX58dQH4fwJYLxvmBt3HHAvnrj5w1Rg
![Page 46: Roman Gorel: Building better APIs on Rails.](https://reader034.fdocuments.us/reader034/viewer/2022052623/559cabd61a28abed5b8b4851/html5/thumbnails/46.jpg)
Попробуем подменить данные
тело сообщения
![Page 47: Roman Gorel: Building better APIs on Rails.](https://reader034.fdocuments.us/reader034/viewer/2022052623/559cabd61a28abed5b8b4851/html5/thumbnails/47.jpg)
Тем не менее, токен все еще
можно перехватить!
![Page 48: Roman Gorel: Building better APIs on Rails.](https://reader034.fdocuments.us/reader034/viewer/2022052623/559cabd61a28abed5b8b4851/html5/thumbnails/48.jpg)
Expiration
![Page 50: Roman Gorel: Building better APIs on Rails.](https://reader034.fdocuments.us/reader034/viewer/2022052623/559cabd61a28abed5b8b4851/html5/thumbnails/50.jpg)
Ваши вопросы