SlideShare una empresa de Scribd logo

MongoDB user group israel May

Alon Horev
Alon Horev

Protecting MongoDB with a RESTful API

Tecnología
1 de 42
Descargar para leer sin conexión
Protecting MongoDB With A RESTful API Alon Horev Israel MongoDB user group May 2013
Meta Alon Horev Twitter: @alonhorev Mail: alon@horev.net Blog: http://alon.horev.net
Cellular networks are choking Automatic optimization to the rescue: 1. Collect analytics 2. Analyze and update network configuration 3. Back to 1! SON – self optimizing networks An example: a loaded cell We’re a proud Python shop
Agenda Why and how we migrated to MongoDB Do you need an API? What is a RESTful API? A review of Intucell’s API MongoDB best practices
Why MongoDB? Scale and failover just works! Data center partition tolerance Development speed Fast prototyping – schema changes frequently Slows down when in need for joins and transactions
Migration Challenges Migrating from MySQL to MongoDB People have direct access to the DB 20 developers 40 analysts and tech support “No joins? SQL? Transactions? GUI?” A lot to make up for!
Why An API? Complement mongo – reports (joins!) and PQL Hide implementation – data store(s), short names Security - auth isn’t enough: {$where:'while(1){}‟} Resource management – run slow queries on slaves Schema and referential integrity
Type Of API Small layer on top of your driver Dictionaries and hashes - not OO! MongoEngine/MongoKit (ODM) Your own! RESTful Cross language Inherent to web apps Standards for caching, auth, throttling
RESTful “Representational state transfer” Not a standard but an architectural style Basically it’s a bunch of guidelines! Real world APIs break some of them HTTP as a communication layer Implementing CRUD using HTTP
RESTful Routes Resource Method and Route Meaning Users collection GET /users/ Read users DELETE /users/ Delete users PUT /users/ Update users POST /users/ Create user/s A user GET /users/<id> Read a user DELETE /users/<id> Delete a user PUT /users/<id> Update a user POST /users/<id> Create a user * RESTful APIs usually don’t support batch operations of create/update/delete
HTTP Crash Course GET /search?q=foo&source=web HTTP/1.1 Host: www.google.co.il Cache-Control: max-age=0 User-Agent: Mozilla/5.0 Accept: text/html,application/xml Accept-Encoding: gzip,deflate,sdch Cookie: PREF=ID=9a768e836b317d:U=fd620232bd98bd * Note that I removed and shortened some headers * query string parameters are limited to 2k! (browser specific)
HTTP Crash Course POST /api/v1/system/auth/users/alonho/ HTTP/1.1 Host: localhost Content-Length: 20 Content-Type: application/json User-Agent: python-requests/0.9.3 Cookie: token=6f01a9decd518f5cf5b4e14bddad {"password": "none"} * Note that I removed and shortened some headers * Content (body) is allowed only in POST/PUT
CLI for HTTP A CLI can make your life easier Each API call is defined by: A resource A method Parameters % son_cli –-create users name=„alon‟ +--------------------------+------+ | id | name | +==========================+======+ | 5192605a9716ab5a94b37d3c | alon | +--------------------------+------+
Resource Generation We already use MongoEngine Declarative Enforces schema Supports inheritance (multiple types in one collection) class User(Document): name = StringField(required=True) age = IntField(min_value=13, help_text=„Years alive‟, required=True) register_mongo_resource(User, „/users‟)
Create % son_cli –c users age=3 {„error‟: „Bad Request‟, „code‟: 400, „message‟: „Value 3 for field “age” is less than minimum value: 13‟} % son_cli -c users name='alon' age=120 +--------------------------+------+-----+ | id | name | age | +==========================+======+=====+ | 5192605a9716ab5a94b37d3c | alon | 120 | +--------------------------+------+-----+
Read % son_cli –r users +--------------------------+------+-----+ | id | name | age | +==========================+======+=====+ | 5192605a9716ab5a94b37d3c | alon | 120 | +--------------------------+------+-----+ | 5192608d9716ab5a94b37d3d | john | 100 | +--------------------------+------+-----+ | 519265909716ab5a94b37d3e | snow | 30 | +--------------------------+------+-----+ Sane defaults: by default read returns first 50 documents
Read Less % son_cli -r users page_size=2 page=0 fields=name,age +------+-----+ | name | age | +======+=====+ | alon | 120 | +------+-----+ | john | 100 | +------+-----+
Read Ordered % son_cli -r users fields=name,age order=age +------+-----+ | name | age | +======+=====+ | snow | 30 | +------+-----+ | john | 100 | +------+-----+ | alon | 120 | +------+-----+ How would you order by ascending age and descending name: % son_cli -r users order=age,-name
Read Filtered % son_cli -r users query=„age < 40 or name == “john”‟ +--------------------------+------+-----+ | id | name | age | +==========================+======+=====+ | 5192608d9716ab5a94b37d3d | john | 100 | +--------------------------+------+-----+ | 519265909716ab5a94b37d3e | snow | 30 | +--------------------------+------+-----+
Update % son_cli -u users.5192605a9716ab5a94b37d3c name=anakin +--------------------------+--------+-----+ | id | name | age | +==========================+========+=====+ | 5192605a9716ab5a94b37d3c | anakin | 120 | +--------------------------+--------+-----+ % son_cli –u users query=„age >= 120‟ age=100 +-------+ | count | +=======+ | 1 | +-------+
Delete % son_cli -d users.5192605a9716ab5a94b37d3c +--------------------------+--------+-----+ | id | name | age | +==========================+========+=====+ | 5192605a9716ab5a94b37d3c | anakin | 120 | +--------------------------+--------+-----+ % son_cli –d users query=„age >= 120‟ +-------+ | count | +=======+ | 1 | +-------+
Aggregations API % son_cli -r users.view.count +-------+ | count | +=======+ | 4 | +-------+ % son_cli -r users.view.count sum=age +-------+-----+ | count | age | +=======+=====+ | 4 | 321 | +-------+-----+
Aggregations API % son_cli -r users.view.count groupby=„age > 60‟ +-------+----------+ | count | age > 60 | +=======+==========+ | 3 | True | +-------+----------+ | 1 | False | +-------+----------+ % son_cli -r users.view.count groupby='age > 60,age % 2‟ sum=age +-------+---------+----------+-----+ | count | age % 2 | age > 60 | age | +=======+=========+==========+=====+ | 1 | 1 | True | 71 | +-------+---------+----------+-----+ | 2 | 0 | True | 220 | +-------+---------+----------+-----+ | 1 | 0 | False | 30 | +-------+---------+----------+-----+
Output Format % son_cli -r users.view.count groupby=„age > 60‟ format=csv "count","age > 60" "3","True" "1","False” % son_cli --json -r users.view.count fields='age > 60' [ { "count": 3, "age > 60": true }, { "count": 1, "age > 60": false } ]
Schema % son_cli --json -r users.schema { "type": "object", "properties": { "age": { "minimum": 13, "type": "integer", "description": "Years alive" }, "name": { "type": "string" }, "id": { "type": "string” } } } This JSON describing JSON is called JSON Schema
Defying REST Collection level updates are rarely seen Performance – how long will it take? Query strings too long for GET (2k) Fall back to POST/PUT (lose caching) Extend OPTIONS for route completion OPTIONS returns supported methods Added an extension that returns routes
Route Discovery % curl -X OPTIONS http://localhost/api/v1/ {„options‟: [„users/‟, „posts/‟]} % curl –X OPTIONS http://localhost/api/v1/users/ {„options‟: [„alon‟, „john‟]} % curl http://localhost/api/v1/users/alon {„name‟: „alon‟, „twitter‟: „alonhorev‟} * Available as an extension to flask called route-options
Documentation  Exposed through the API at /api/v1/docs  Displayed visually in the GUI
PQL
Querying Lets filter some users by names: Mongo: user_names = [„foo‟, „bar‟] db.users.find({„name‟: {„$in‟: user_names}}) SQL: name_list = „, ‟.join(map(sql_escape, user_names)) sql = „select * from users where name in ({})‟.format(name_list) * SQL users: do yourselves a favor and use an ORM.
Querying Lets find users older than 60 or younger than 20: Mongo: db.users.find({„$or‟: [{„age‟: {„$gt‟: 60}}, {„age‟: {„$lt‟: 20}}]) SQL: sql = „select * from users where age > 60 or age < 20‟
PQL Mongo’s queries are easier to compose SQL is easier to write when invoking ad-hoc queries PQL was born – Mongo queries for humans! >>> pql.find('age < 20 or age > 60‟) {'$or': [{'age': {'$lt': 20}}, {'age': {'$gt': 60}}]}
PQL – Schema! >>> pql.find('name == "foo"', schema={'first_name': pql.StringField(), 'last_name': pql.StringField()}) Traceback (most recent call last): ... ParseError: Field not found: name. options: ['first_name', 'last_name']
PQL - Aggregations Car listing: {made_on: ISODate("1973-03-24T00:00:02.013Z”), price: 21000} Number of cars and total of prices per year in 1970-1990: > from pql import project, match, group > collection.aggregate( project(made_on='year(made_on)', price='price') | match('made_on >= 1970 and made_on <= 1990') | group(_id='made_on', count='sum(1)', total='sum(price)'))
PQL - Aggregations Compare to this: > collection.aggregate([ {'$project': {'made_on': {'$year': '$made_on'}, 'price': '$price'}}, {'$match': {'made_on': {'$gte': 1970, '$lte': 1990}}}, {'$group': {'_id': '$made_on', 'count': {'$sum': 1}, 'total‟: {'$sum': '$price'}}}]) Write less characters: > project(price='base * tax + commision‟) [{'$project': {'price‟: {'$add': [{'$multiply': ['$base', '$tax']},'$commision']}}}]
BSON != JSON ObjectID and Date are BSON specific! Convert them to strings Using a codec is better – symmetrical! >>> from bson import json_util >>> json_util.dumps(datetime.datetime.now()) {"$date”: 1367970875910} >>> json_util.dumps(bson.ObjectId()) {"$oid": "51896a43b46551eff3f43594"}
Python != JSON JSON Document Python Dictionary Key type Only strings Anything immutable Key order Ordered Unordered Example: user id to name mapping Python: {1234: „Alon Horev‟, 1038: „John Wayne‟} Javascript: [{„id‟: 1234, „name‟: „Alon Horev‟}, {„id‟: 1038, „name‟: „John Wayne‟}]
Python != JSON db.users.ensureIndex({'friends.id': 1}) db.users.insert({friends: [{id: 123, name: „foo‟}]}) db.users.find({'friends.id': 123}).explain() { "cursor": "BtreeCursor friends.id_1", ... }
References http://python-eve.org/ - A new RESTful API for MongoDB written in Python http://flask.pocoo.org/– A great python web framework https://github.com/alonho/pql - The PQL query translator https://github.com/micha/resty - resty enhances curl for RESTful API calls Learn from others! Twitter and Facebook have great RESTful APIs

Recomendados

OSCamp #4 on Foreman | CLI tools with Foreman by Martin Bačovský
OSCamp #4 on Foreman | CLI tools with Foreman by Martin BačovskýOSCamp #4 on Foreman | CLI tools with Foreman by Martin Bačovský
OSCamp #4 on Foreman | CLI tools with Foreman by Martin BačovskýNETWAYS
 
I Don't Care About Security (And Neither Should You)
I Don't Care About Security (And Neither Should You)I Don't Care About Security (And Neither Should You)
I Don't Care About Security (And Neither Should You)Joel Lord
 
SunshinePHP 2017 - Making the most out of MySQL
SunshinePHP 2017 - Making the most out of MySQLSunshinePHP 2017 - Making the most out of MySQL
SunshinePHP 2017 - Making the most out of MySQLGabriela Ferrara
 
Index chrome
Index chromeIndex chrome
Index chromeHeverton Peres
 
I Don't Care About Security (And Neither Should You)
I Don't Care About Security (And Neither Should You)I Don't Care About Security (And Neither Should You)
I Don't Care About Security (And Neither Should You)Joel Lord
 
Hypermedia APIs - GeekOut
Hypermedia APIs - GeekOutHypermedia APIs - GeekOut
Hypermedia APIs - GeekOutJan Kronquist
 
Jsp Notes
Jsp NotesJsp Notes
Jsp NotesRajiv Gupta
 
A bug bounty tale: Chrome, stylesheets, cookies, and AES
A bug bounty tale: Chrome, stylesheets, cookies, and AESA bug bounty tale: Chrome, stylesheets, cookies, and AES
A bug bounty tale: Chrome, stylesheets, cookies, and AEScgvwzq
 

Recomendados

OSCamp #4 on Foreman | CLI tools with Foreman by Martin Bačovský
OSCamp #4 on Foreman | CLI tools with Foreman by Martin BačovskýOSCamp #4 on Foreman | CLI tools with Foreman by Martin Bačovský
OSCamp #4 on Foreman | CLI tools with Foreman by Martin BačovskýNETWAYS
 
I Don't Care About Security (And Neither Should You)
I Don't Care About Security (And Neither Should You)I Don't Care About Security (And Neither Should You)
I Don't Care About Security (And Neither Should You)Joel Lord
 
SunshinePHP 2017 - Making the most out of MySQL
SunshinePHP 2017 - Making the most out of MySQLSunshinePHP 2017 - Making the most out of MySQL
SunshinePHP 2017 - Making the most out of MySQLGabriela Ferrara
 
Index chrome
Index chromeIndex chrome
Index chromeHeverton Peres
 
I Don't Care About Security (And Neither Should You)
I Don't Care About Security (And Neither Should You)I Don't Care About Security (And Neither Should You)
I Don't Care About Security (And Neither Should You)Joel Lord
 
Hypermedia APIs - GeekOut
Hypermedia APIs - GeekOutHypermedia APIs - GeekOut
Hypermedia APIs - GeekOutJan Kronquist
 
Jsp Notes
Jsp NotesJsp Notes
Jsp NotesRajiv Gupta
 
A bug bounty tale: Chrome, stylesheets, cookies, and AES
A bug bounty tale: Chrome, stylesheets, cookies, and AESA bug bounty tale: Chrome, stylesheets, cookies, and AES
A bug bounty tale: Chrome, stylesheets, cookies, and AEScgvwzq
 
Dr.Repi
Dr.Repi Dr.Repi
Dr.Repi Driton Haliti
 
I Don't Care About Security (And Neither Should You)
I Don't Care About Security (And Neither Should You)I Don't Care About Security (And Neither Should You)
I Don't Care About Security (And Neither Should You)Joel Lord
 
Anex....,,,.
Anex....,,,.Anex....,,,.
Anex....,,,.Carlos Catanejo
 
Summit2014 topic 0066 - 10 enhancements that require 10 lines of code
Summit2014 topic 0066 - 10 enhancements that require 10 lines of codeSummit2014 topic 0066 - 10 enhancements that require 10 lines of code
Summit2014 topic 0066 - 10 enhancements that require 10 lines of codeAngel Borroy López
 
User registration and login using stored procedure in php
User registration and login using stored procedure in phpUser registration and login using stored procedure in php
User registration and login using stored procedure in phpPHPGurukul Blog
 
Writing Secure Code for WordPress
Writing Secure Code for WordPressWriting Secure Code for WordPress
Writing Secure Code for WordPressShawn Hooper
 
ASP.Net, move data to and from a SQL Server Database
ASP.Net, move data to and from a SQL Server DatabaseASP.Net, move data to and from a SQL Server Database
ASP.Net, move data to and from a SQL Server DatabaseChristopher Singleton
 
Sps mad2019 es el momento, empieza a desarrollar para microsoft teams
Sps mad2019 es el momento, empieza a desarrollar para microsoft teams Sps mad2019 es el momento, empieza a desarrollar para microsoft teams
Sps mad2019 es el momento, empieza a desarrollar para microsoft teams Ruben Ramos
 
Modern query optimisation features in MySQL 8.
Modern query optimisation features in MySQL 8.Modern query optimisation features in MySQL 8.
Modern query optimisation features in MySQL 8.Mydbops
 
OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control - W...
OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control - W...OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control - W...
OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control - W...Maarten Balliauw
 
Fluentd 20150918 no_demo_public
Fluentd 20150918 no_demo_publicFluentd 20150918 no_demo_public
Fluentd 20150918 no_demo_publicSaewoong Lee
 
Short Intro to PHP and MySQL
Short Intro to PHP and MySQLShort Intro to PHP and MySQL
Short Intro to PHP and MySQLJussi Pohjolainen
 
Real
RealReal
RealJoshua Silver
 
[CB16] Esoteric Web Application Vulnerabilities by Andrés Riancho
[CB16] Esoteric Web Application Vulnerabilities by Andrés Riancho[CB16] Esoteric Web Application Vulnerabilities by Andrés Riancho
[CB16] Esoteric Web Application Vulnerabilities by Andrés RianchoCODE BLUE
 
Being HAPI! Reverse Proxying on Purpose
Being HAPI! Reverse Proxying on PurposeBeing HAPI! Reverse Proxying on Purpose
Being HAPI! Reverse Proxying on PurposeAman Kohli
 
Python RESTful webservices with Python: Flask and Django solutions
Python RESTful webservices with Python: Flask and Django solutionsPython RESTful webservices with Python: Flask and Django solutions
Python RESTful webservices with Python: Flask and Django solutionsSolution4Future
 
Cognitive data capture with Elis - Rossum's technical webinar
Cognitive data capture with Elis - Rossum's technical webinarCognitive data capture with Elis - Rossum's technical webinar
Cognitive data capture with Elis - Rossum's technical webinarPetr Baudis
 
Pentesting RESTful webservices
Pentesting RESTful webservicesPentesting RESTful webservices
Pentesting RESTful webservicesMohammed A. Imran
 
Why you should be using structured logs
Why you should be using structured logsWhy you should be using structured logs
Why you should be using structured logsStefan Krawczyk
 
OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control
OAuth-as-a-service using ASP.NET Web API and Windows Azure Access ControlOAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control
OAuth-as-a-service using ASP.NET Web API and Windows Azure Access ControlMaarten Balliauw
 
The top 10 security issues in web applications
The top 10 security issues in web applicationsThe top 10 security issues in web applications
The top 10 security issues in web applicationsDevnology
 
SharePoint 2010 authentications
SharePoint 2010 authenticationsSharePoint 2010 authentications
SharePoint 2010 authenticationsWyngate Solutions
 

Más contenido relacionado

La actualidad más candente

I Don't Care About Security (And Neither Should You)
I Don't Care About Security (And Neither Should You)I Don't Care About Security (And Neither Should You)
I Don't Care About Security (And Neither Should You)Joel Lord
 
Summit2014 topic 0066 - 10 enhancements that require 10 lines of code
Summit2014 topic 0066 - 10 enhancements that require 10 lines of codeSummit2014 topic 0066 - 10 enhancements that require 10 lines of code
Summit2014 topic 0066 - 10 enhancements that require 10 lines of codeAngel Borroy López
 
User registration and login using stored procedure in php
User registration and login using stored procedure in phpUser registration and login using stored procedure in php
User registration and login using stored procedure in phpPHPGurukul Blog
 
Writing Secure Code for WordPress
Writing Secure Code for WordPressWriting Secure Code for WordPress
Writing Secure Code for WordPressShawn Hooper
 
ASP.Net, move data to and from a SQL Server Database
ASP.Net, move data to and from a SQL Server DatabaseASP.Net, move data to and from a SQL Server Database
ASP.Net, move data to and from a SQL Server DatabaseChristopher Singleton
 
Sps mad2019 es el momento, empieza a desarrollar para microsoft teams
Sps mad2019 es el momento, empieza a desarrollar para microsoft teams Sps mad2019 es el momento, empieza a desarrollar para microsoft teams
Sps mad2019 es el momento, empieza a desarrollar para microsoft teams Ruben Ramos
 

La actualidad más candente (8)

Dr.Repi
Dr.Repi Dr.Repi
Dr.Repi
 
I Don't Care About Security (And Neither Should You)
I Don't Care About Security (And Neither Should You)I Don't Care About Security (And Neither Should You)
I Don't Care About Security (And Neither Should You)
 
Anex....,,,.
Anex....,,,.Anex....,,,.
Anex....,,,.
 
Summit2014 topic 0066 - 10 enhancements that require 10 lines of code
Summit2014 topic 0066 - 10 enhancements that require 10 lines of codeSummit2014 topic 0066 - 10 enhancements that require 10 lines of code
Summit2014 topic 0066 - 10 enhancements that require 10 lines of code
 
User registration and login using stored procedure in php
User registration and login using stored procedure in phpUser registration and login using stored procedure in php
User registration and login using stored procedure in php
 
Writing Secure Code for WordPress
Writing Secure Code for WordPressWriting Secure Code for WordPress
Writing Secure Code for WordPress
 
ASP.Net, move data to and from a SQL Server Database
ASP.Net, move data to and from a SQL Server DatabaseASP.Net, move data to and from a SQL Server Database
ASP.Net, move data to and from a SQL Server Database
 
Sps mad2019 es el momento, empieza a desarrollar para microsoft teams
Sps mad2019 es el momento, empieza a desarrollar para microsoft teams Sps mad2019 es el momento, empieza a desarrollar para microsoft teams
Sps mad2019 es el momento, empieza a desarrollar para microsoft teams
 

Similar a MongoDB user group israel May

Modern query optimisation features in MySQL 8.
Modern query optimisation features in MySQL 8.Modern query optimisation features in MySQL 8.
Modern query optimisation features in MySQL 8.Mydbops
 
OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control - W...
OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control - W...OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control - W...
OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control - W...Maarten Balliauw
 
Fluentd 20150918 no_demo_public
Fluentd 20150918 no_demo_publicFluentd 20150918 no_demo_public
Fluentd 20150918 no_demo_publicSaewoong Lee
 
Short Intro to PHP and MySQL
Short Intro to PHP and MySQLShort Intro to PHP and MySQL
Short Intro to PHP and MySQLJussi Pohjolainen
 
[CB16] Esoteric Web Application Vulnerabilities by Andrés Riancho
[CB16] Esoteric Web Application Vulnerabilities by Andrés Riancho[CB16] Esoteric Web Application Vulnerabilities by Andrés Riancho
[CB16] Esoteric Web Application Vulnerabilities by Andrés RianchoCODE BLUE
 
Being HAPI! Reverse Proxying on Purpose
Being HAPI! Reverse Proxying on PurposeBeing HAPI! Reverse Proxying on Purpose
Being HAPI! Reverse Proxying on PurposeAman Kohli
 
Python RESTful webservices with Python: Flask and Django solutions
Python RESTful webservices with Python: Flask and Django solutionsPython RESTful webservices with Python: Flask and Django solutions
Python RESTful webservices with Python: Flask and Django solutionsSolution4Future
 
Cognitive data capture with Elis - Rossum's technical webinar
Cognitive data capture with Elis - Rossum's technical webinarCognitive data capture with Elis - Rossum's technical webinar
Cognitive data capture with Elis - Rossum's technical webinarPetr Baudis
 
Pentesting RESTful webservices
Pentesting RESTful webservicesPentesting RESTful webservices
Pentesting RESTful webservicesMohammed A. Imran
 
Why you should be using structured logs
Why you should be using structured logsWhy you should be using structured logs
Why you should be using structured logsStefan Krawczyk
 
OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control
OAuth-as-a-service using ASP.NET Web API and Windows Azure Access ControlOAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control
OAuth-as-a-service using ASP.NET Web API and Windows Azure Access ControlMaarten Balliauw
 
The top 10 security issues in web applications
The top 10 security issues in web applicationsThe top 10 security issues in web applications
The top 10 security issues in web applicationsDevnology
 
SharePoint 2010 authentications
SharePoint 2010 authenticationsSharePoint 2010 authentications
SharePoint 2010 authenticationsWyngate Solutions
 
Architecting Secure and Compliant Applications with MongoDB
Architecting Secure and Compliant Applications with MongoDB Architecting Secure and Compliant Applications with MongoDB
Architecting Secure and Compliant Applications with MongoDB MongoDB
 
OAuth-as-a-service - using ASP.NET Web API and Windows Azure Access Control -...
OAuth-as-a-service - using ASP.NET Web API and Windows Azure Access Control -...OAuth-as-a-service - using ASP.NET Web API and Windows Azure Access Control -...
OAuth-as-a-service - using ASP.NET Web API and Windows Azure Access Control -...Maarten Balliauw
 
Windows Server 2008 (PowerShell Scripting Uygulamaları)
Windows Server 2008 (PowerShell Scripting Uygulamaları)Windows Server 2008 (PowerShell Scripting Uygulamaları)
Windows Server 2008 (PowerShell Scripting Uygulamaları)ÇözümPARK
 
Automating Networks by using API
Automating Networks by using APIAutomating Networks by using API
Automating Networks by using API一清 井上
 
Observability of InfluxDB IOx: Tracing, Metrics and System Tables
Observability of InfluxDB IOx: Tracing, Metrics and System TablesObservability of InfluxDB IOx: Tracing, Metrics and System Tables
Observability of InfluxDB IOx: Tracing, Metrics and System TablesInfluxData
 

Similar a MongoDB user group israel May (20)

Modern query optimisation features in MySQL 8.
Modern query optimisation features in MySQL 8.Modern query optimisation features in MySQL 8.
Modern query optimisation features in MySQL 8.
 
OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control - W...
OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control - W...OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control - W...
OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control - W...
 
Fluentd 20150918 no_demo_public
Fluentd 20150918 no_demo_publicFluentd 20150918 no_demo_public
Fluentd 20150918 no_demo_public
 
Short Intro to PHP and MySQL
Short Intro to PHP and MySQLShort Intro to PHP and MySQL
Short Intro to PHP and MySQL
 
Real
RealReal
Real
 
[CB16] Esoteric Web Application Vulnerabilities by Andrés Riancho
[CB16] Esoteric Web Application Vulnerabilities by Andrés Riancho[CB16] Esoteric Web Application Vulnerabilities by Andrés Riancho
[CB16] Esoteric Web Application Vulnerabilities by Andrés Riancho
 
Being HAPI! Reverse Proxying on Purpose
Being HAPI! Reverse Proxying on PurposeBeing HAPI! Reverse Proxying on Purpose
Being HAPI! Reverse Proxying on Purpose
 
Python RESTful webservices with Python: Flask and Django solutions
Python RESTful webservices with Python: Flask and Django solutionsPython RESTful webservices with Python: Flask and Django solutions
Python RESTful webservices with Python: Flask and Django solutions
 
Cognitive data capture with Elis - Rossum's technical webinar
Cognitive data capture with Elis - Rossum's technical webinarCognitive data capture with Elis - Rossum's technical webinar
Cognitive data capture with Elis - Rossum's technical webinar
 
Pentesting RESTful webservices
Pentesting RESTful webservicesPentesting RESTful webservices
Pentesting RESTful webservices
 
Why you should be using structured logs
Why you should be using structured logsWhy you should be using structured logs
Why you should be using structured logs
 
OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control
OAuth-as-a-service using ASP.NET Web API and Windows Azure Access ControlOAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control
OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control
 
The top 10 security issues in web applications
The top 10 security issues in web applicationsThe top 10 security issues in web applications
The top 10 security issues in web applications
 
SharePoint 2010 authentications
SharePoint 2010 authenticationsSharePoint 2010 authentications
SharePoint 2010 authentications
 
Architecting Secure and Compliant Applications with MongoDB
Architecting Secure and Compliant Applications with MongoDB Architecting Secure and Compliant Applications with MongoDB
Architecting Secure and Compliant Applications with MongoDB
 
OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control
OAuth-as-a-service using ASP.NET Web API and Windows Azure Access ControlOAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control
OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control
 
OAuth-as-a-service - using ASP.NET Web API and Windows Azure Access Control -...
OAuth-as-a-service - using ASP.NET Web API and Windows Azure Access Control -...OAuth-as-a-service - using ASP.NET Web API and Windows Azure Access Control -...
OAuth-as-a-service - using ASP.NET Web API and Windows Azure Access Control -...
 
Windows Server 2008 (PowerShell Scripting Uygulamaları)
Windows Server 2008 (PowerShell Scripting Uygulamaları)Windows Server 2008 (PowerShell Scripting Uygulamaları)
Windows Server 2008 (PowerShell Scripting Uygulamaları)
 
Automating Networks by using API
Automating Networks by using APIAutomating Networks by using API
Automating Networks by using API
 
Observability of InfluxDB IOx: Tracing, Metrics and System Tables
Observability of InfluxDB IOx: Tracing, Metrics and System TablesObservability of InfluxDB IOx: Tracing, Metrics and System Tables
Observability of InfluxDB IOx: Tracing, Metrics and System Tables
 

Último

GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesBoston Institute of Analytics
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfhans926745
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 

Último (20)

GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 

MongoDB user group israel May

  • 1. Protecting MongoDB With A RESTful API Alon Horev Israel MongoDB user group May 2013
  • 2. Meta Alon Horev Twitter: @alonhorev Mail: alon@horev.net Blog: http://alon.horev.net
  • 3. Cellular networks are choking Automatic optimization to the rescue: 1. Collect analytics 2. Analyze and update network configuration 3. Back to 1! SON – self optimizing networks An example: a loaded cell We’re a proud Python shop
  • 4. Agenda Why and how we migrated to MongoDB Do you need an API? What is a RESTful API? A review of Intucell’s API MongoDB best practices
  • 5. Why MongoDB? Scale and failover just works! Data center partition tolerance Development speed Fast prototyping – schema changes frequently Slows down when in need for joins and transactions
  • 6. Migration Challenges Migrating from MySQL to MongoDB People have direct access to the DB 20 developers 40 analysts and tech support “No joins? SQL? Transactions? GUI?” A lot to make up for!
  • 7. Why An API? Complement mongo – reports (joins!) and PQL Hide implementation – data store(s), short names Security - auth isn’t enough: {$where:'while(1){}‟} Resource management – run slow queries on slaves Schema and referential integrity
  • 8. Type Of API Small layer on top of your driver Dictionaries and hashes - not OO! MongoEngine/MongoKit (ODM) Your own! RESTful Cross language Inherent to web apps Standards for caching, auth, throttling
  • 9. RESTful “Representational state transfer” Not a standard but an architectural style Basically it’s a bunch of guidelines! Real world APIs break some of them HTTP as a communication layer Implementing CRUD using HTTP
  • 10. RESTful Routes Resource Method and Route Meaning Users collection GET /users/ Read users DELETE /users/ Delete users PUT /users/ Update users POST /users/ Create user/s A user GET /users/<id> Read a user DELETE /users/<id> Delete a user PUT /users/<id> Update a user POST /users/<id> Create a user * RESTful APIs usually don’t support batch operations of create/update/delete
  • 11. HTTP Crash Course GET /search?q=foo&source=web HTTP/1.1 Host: www.google.co.il Cache-Control: max-age=0 User-Agent: Mozilla/5.0 Accept: text/html,application/xml Accept-Encoding: gzip,deflate,sdch Cookie: PREF=ID=9a768e836b317d:U=fd620232bd98bd * Note that I removed and shortened some headers * query string parameters are limited to 2k! (browser specific)
  • 12. HTTP Crash Course POST /api/v1/system/auth/users/alonho/ HTTP/1.1 Host: localhost Content-Length: 20 Content-Type: application/json User-Agent: python-requests/0.9.3 Cookie: token=6f01a9decd518f5cf5b4e14bddad {"password": "none"} * Note that I removed and shortened some headers * Content (body) is allowed only in POST/PUT
  • 13. CLI for HTTP A CLI can make your life easier Each API call is defined by: A resource A method Parameters % son_cli –-create users name=„alon‟ +--------------------------+------+ | id | name | +==========================+======+ | 5192605a9716ab5a94b37d3c | alon | +--------------------------+------+
  • 14. Resource Generation We already use MongoEngine Declarative Enforces schema Supports inheritance (multiple types in one collection) class User(Document): name = StringField(required=True) age = IntField(min_value=13, help_text=„Years alive‟, required=True) register_mongo_resource(User, „/users‟)
  • 15. Create % son_cli –c users age=3 {„error‟: „Bad Request‟, „code‟: 400, „message‟: „Value 3 for field “age” is less than minimum value: 13‟} % son_cli -c users name='alon' age=120 +--------------------------+------+-----+ | id | name | age | +==========================+======+=====+ | 5192605a9716ab5a94b37d3c | alon | 120 | +--------------------------+------+-----+
  • 16. Read % son_cli –r users +--------------------------+------+-----+ | id | name | age | +==========================+======+=====+ | 5192605a9716ab5a94b37d3c | alon | 120 | +--------------------------+------+-----+ | 5192608d9716ab5a94b37d3d | john | 100 | +--------------------------+------+-----+ | 519265909716ab5a94b37d3e | snow | 30 | +--------------------------+------+-----+ Sane defaults: by default read returns first 50 documents
  • 17. Read Less % son_cli -r users page_size=2 page=0 fields=name,age +------+-----+ | name | age | +======+=====+ | alon | 120 | +------+-----+ | john | 100 | +------+-----+
  • 18. Read Ordered % son_cli -r users fields=name,age order=age +------+-----+ | name | age | +======+=====+ | snow | 30 | +------+-----+ | john | 100 | +------+-----+ | alon | 120 | +------+-----+ How would you order by ascending age and descending name: % son_cli -r users order=age,-name
  • 19. Read Filtered % son_cli -r users query=„age < 40 or name == “john”‟ +--------------------------+------+-----+ | id | name | age | +==========================+======+=====+ | 5192608d9716ab5a94b37d3d | john | 100 | +--------------------------+------+-----+ | 519265909716ab5a94b37d3e | snow | 30 | +--------------------------+------+-----+
  • 20. Update % son_cli -u users.5192605a9716ab5a94b37d3c name=anakin +--------------------------+--------+-----+ | id | name | age | +==========================+========+=====+ | 5192605a9716ab5a94b37d3c | anakin | 120 | +--------------------------+--------+-----+ % son_cli –u users query=„age >= 120‟ age=100 +-------+ | count | +=======+ | 1 | +-------+
  • 21. Delete % son_cli -d users.5192605a9716ab5a94b37d3c +--------------------------+--------+-----+ | id | name | age | +==========================+========+=====+ | 5192605a9716ab5a94b37d3c | anakin | 120 | +--------------------------+--------+-----+ % son_cli –d users query=„age >= 120‟ +-------+ | count | +=======+ | 1 | +-------+
  • 22. Aggregations API % son_cli -r users.view.count +-------+ | count | +=======+ | 4 | +-------+ % son_cli -r users.view.count sum=age +-------+-----+ | count | age | +=======+=====+ | 4 | 321 | +-------+-----+
  • 23. Aggregations API % son_cli -r users.view.count groupby=„age > 60‟ +-------+----------+ | count | age > 60 | +=======+==========+ | 3 | True | +-------+----------+ | 1 | False | +-------+----------+ % son_cli -r users.view.count groupby='age > 60,age % 2‟ sum=age +-------+---------+----------+-----+ | count | age % 2 | age > 60 | age | +=======+=========+==========+=====+ | 1 | 1 | True | 71 | +-------+---------+----------+-----+ | 2 | 0 | True | 220 | +-------+---------+----------+-----+ | 1 | 0 | False | 30 | +-------+---------+----------+-----+
  • 24. Output Format % son_cli -r users.view.count groupby=„age > 60‟ format=csv "count","age > 60" "3","True" "1","False” % son_cli --json -r users.view.count fields='age > 60' [ { "count": 3, "age > 60": true }, { "count": 1, "age > 60": false } ]
  • 25. Schema % son_cli --json -r users.schema { "type": "object", "properties": { "age": { "minimum": 13, "type": "integer", "description": "Years alive" }, "name": { "type": "string" }, "id": { "type": "string” } } } This JSON describing JSON is called JSON Schema
  • 26. Defying REST Collection level updates are rarely seen Performance – how long will it take? Query strings too long for GET (2k) Fall back to POST/PUT (lose caching) Extend OPTIONS for route completion OPTIONS returns supported methods Added an extension that returns routes
  • 27. Route Discovery % curl -X OPTIONS http://localhost/api/v1/ {„options‟: [„users/‟, „posts/‟]} % curl –X OPTIONS http://localhost/api/v1/users/ {„options‟: [„alon‟, „john‟]} % curl http://localhost/api/v1/users/alon {„name‟: „alon‟, „twitter‟: „alonhorev‟} * Available as an extension to flask called route-options
  • 28. Documentation  Exposed through the API at /api/v1/docs  Displayed visually in the GUI
  • 29. PQL
  • 30. Querying Lets filter some users by names: Mongo: user_names = [„foo‟, „bar‟] db.users.find({„name‟: {„$in‟: user_names}}) SQL: name_list = „, ‟.join(map(sql_escape, user_names)) sql = „select * from users where name in ({})‟.format(name_list) * SQL users: do yourselves a favor and use an ORM.
  • 31. Querying Lets find users older than 60 or younger than 20: Mongo: db.users.find({„$or‟: [{„age‟: {„$gt‟: 60}}, {„age‟: {„$lt‟: 20}}]) SQL: sql = „select * from users where age > 60 or age < 20‟
  • 32. PQL Mongo’s queries are easier to compose SQL is easier to write when invoking ad-hoc queries PQL was born – Mongo queries for humans! >>> pql.find('age < 20 or age > 60‟) {'$or': [{'age': {'$lt': 20}}, {'age': {'$gt': 60}}]}
  • 33. PQL – Schema! >>> pql.find('name == "foo"', schema={'first_name': pql.StringField(), 'last_name': pql.StringField()}) Traceback (most recent call last): ... ParseError: Field not found: name. options: ['first_name', 'last_name']
  • 34. PQL - Aggregations Car listing: {made_on: ISODate("1973-03-24T00:00:02.013Z”), price: 21000} Number of cars and total of prices per year in 1970-1990: > from pql import project, match, group > collection.aggregate( project(made_on='year(made_on)', price='price') | match('made_on >= 1970 and made_on <= 1990') | group(_id='made_on', count='sum(1)', total='sum(price)'))
  • 35. PQL - Aggregations Compare to this: > collection.aggregate([ {'$project': {'made_on': {'$year': '$made_on'}, 'price': '$price'}}, {'$match': {'made_on': {'$gte': 1970, '$lte': 1990}}}, {'$group': {'_id': '$made_on', 'count': {'$sum': 1}, 'total‟: {'$sum': '$price'}}}]) Write less characters: > project(price='base * tax + commision‟) [{'$project': {'price‟: {'$add': [{'$multiply': ['$base', '$tax']},'$commision']}}}]
  • 36.
  • 37.
  • 38. BSON != JSON ObjectID and Date are BSON specific! Convert them to strings Using a codec is better – symmetrical! >>> from bson import json_util >>> json_util.dumps(datetime.datetime.now()) {"$date”: 1367970875910} >>> json_util.dumps(bson.ObjectId()) {"$oid": "51896a43b46551eff3f43594"}
  • 39.
  • 40. Python != JSON JSON Document Python Dictionary Key type Only strings Anything immutable Key order Ordered Unordered Example: user id to name mapping Python: {1234: „Alon Horev‟, 1038: „John Wayne‟} Javascript: [{„id‟: 1234, „name‟: „Alon Horev‟}, {„id‟: 1038, „name‟: „John Wayne‟}]
  • 41. Python != JSON db.users.ensureIndex({'friends.id': 1}) db.users.insert({friends: [{id: 123, name: „foo‟}]}) db.users.find({'friends.id': 123}).explain() { "cursor": "BtreeCursor friends.id_1", ... }
  • 42. References http://python-eve.org/ - A new RESTful API for MongoDB written in Python http://flask.pocoo.org/– A great python web framework https://github.com/alonho/pql - The PQL query translator https://github.com/micha/resty - resty enhances curl for RESTful API calls Learn from others! Twitter and Facebook have great RESTful APIs

Notas del editor

  1. Developers use the database for debugging and introspection.Analysts learned SQL and used the database for performance analysis and report generation.
  2. You would not find a spec or a reference implementation.There are good examples out there (facebook, twitter) and good framworks to help you build RESTful APIs.
  3. Stands for python query language