SlideShare uma empresa Scribd logo

MongoDB user group israel May

Alon Horev
Alon Horev

Protecting MongoDB with a RESTful API

Tecnologia
1 de 42
Baixar para ler offline
Protecting MongoDB With A RESTful API Alon Horev Israel MongoDB user group May 2013
Meta Alon Horev Twitter: @alonhorev Mail: alon@horev.net Blog: http://alon.horev.net
Cellular networks are choking Automatic optimization to the rescue: 1. Collect analytics 2. Analyze and update network configuration 3. Back to 1! SON – self optimizing networks An example: a loaded cell We’re a proud Python shop
Agenda Why and how we migrated to MongoDB Do you need an API? What is a RESTful API? A review of Intucell’s API MongoDB best practices
Why MongoDB? Scale and failover just works! Data center partition tolerance Development speed Fast prototyping – schema changes frequently Slows down when in need for joins and transactions
Migration Challenges Migrating from MySQL to MongoDB People have direct access to the DB 20 developers 40 analysts and tech support “No joins? SQL? Transactions? GUI?” A lot to make up for!
Why An API? Complement mongo – reports (joins!) and PQL Hide implementation – data store(s), short names Security - auth isn’t enough: {$where:'while(1){}‟} Resource management – run slow queries on slaves Schema and referential integrity
Type Of API Small layer on top of your driver Dictionaries and hashes - not OO! MongoEngine/MongoKit (ODM) Your own! RESTful Cross language Inherent to web apps Standards for caching, auth, throttling
RESTful “Representational state transfer” Not a standard but an architectural style Basically it’s a bunch of guidelines! Real world APIs break some of them HTTP as a communication layer Implementing CRUD using HTTP
RESTful Routes Resource Method and Route Meaning Users collection GET /users/ Read users DELETE /users/ Delete users PUT /users/ Update users POST /users/ Create user/s A user GET /users/<id> Read a user DELETE /users/<id> Delete a user PUT /users/<id> Update a user POST /users/<id> Create a user * RESTful APIs usually don’t support batch operations of create/update/delete
HTTP Crash Course GET /search?q=foo&source=web HTTP/1.1 Host: www.google.co.il Cache-Control: max-age=0 User-Agent: Mozilla/5.0 Accept: text/html,application/xml Accept-Encoding: gzip,deflate,sdch Cookie: PREF=ID=9a768e836b317d:U=fd620232bd98bd * Note that I removed and shortened some headers * query string parameters are limited to 2k! (browser specific)
HTTP Crash Course POST /api/v1/system/auth/users/alonho/ HTTP/1.1 Host: localhost Content-Length: 20 Content-Type: application/json User-Agent: python-requests/0.9.3 Cookie: token=6f01a9decd518f5cf5b4e14bddad {"password": "none"} * Note that I removed and shortened some headers * Content (body) is allowed only in POST/PUT
CLI for HTTP A CLI can make your life easier Each API call is defined by: A resource A method Parameters % son_cli –-create users name=„alon‟ +--------------------------+------+ | id | name | +==========================+======+ | 5192605a9716ab5a94b37d3c | alon | +--------------------------+------+
Resource Generation We already use MongoEngine Declarative Enforces schema Supports inheritance (multiple types in one collection) class User(Document): name = StringField(required=True) age = IntField(min_value=13, help_text=„Years alive‟, required=True) register_mongo_resource(User, „/users‟)
Create % son_cli –c users age=3 {„error‟: „Bad Request‟, „code‟: 400, „message‟: „Value 3 for field “age” is less than minimum value: 13‟} % son_cli -c users name='alon' age=120 +--------------------------+------+-----+ | id | name | age | +==========================+======+=====+ | 5192605a9716ab5a94b37d3c | alon | 120 | +--------------------------+------+-----+
Read % son_cli –r users +--------------------------+------+-----+ | id | name | age | +==========================+======+=====+ | 5192605a9716ab5a94b37d3c | alon | 120 | +--------------------------+------+-----+ | 5192608d9716ab5a94b37d3d | john | 100 | +--------------------------+------+-----+ | 519265909716ab5a94b37d3e | snow | 30 | +--------------------------+------+-----+ Sane defaults: by default read returns first 50 documents
Read Less % son_cli -r users page_size=2 page=0 fields=name,age +------+-----+ | name | age | +======+=====+ | alon | 120 | +------+-----+ | john | 100 | +------+-----+
Read Ordered % son_cli -r users fields=name,age order=age +------+-----+ | name | age | +======+=====+ | snow | 30 | +------+-----+ | john | 100 | +------+-----+ | alon | 120 | +------+-----+ How would you order by ascending age and descending name: % son_cli -r users order=age,-name
Read Filtered % son_cli -r users query=„age < 40 or name == “john”‟ +--------------------------+------+-----+ | id | name | age | +==========================+======+=====+ | 5192608d9716ab5a94b37d3d | john | 100 | +--------------------------+------+-----+ | 519265909716ab5a94b37d3e | snow | 30 | +--------------------------+------+-----+
Update % son_cli -u users.5192605a9716ab5a94b37d3c name=anakin +--------------------------+--------+-----+ | id | name | age | +==========================+========+=====+ | 5192605a9716ab5a94b37d3c | anakin | 120 | +--------------------------+--------+-----+ % son_cli –u users query=„age >= 120‟ age=100 +-------+ | count | +=======+ | 1 | +-------+
Delete % son_cli -d users.5192605a9716ab5a94b37d3c +--------------------------+--------+-----+ | id | name | age | +==========================+========+=====+ | 5192605a9716ab5a94b37d3c | anakin | 120 | +--------------------------+--------+-----+ % son_cli –d users query=„age >= 120‟ +-------+ | count | +=======+ | 1 | +-------+
Aggregations API % son_cli -r users.view.count +-------+ | count | +=======+ | 4 | +-------+ % son_cli -r users.view.count sum=age +-------+-----+ | count | age | +=======+=====+ | 4 | 321 | +-------+-----+
Aggregations API % son_cli -r users.view.count groupby=„age > 60‟ +-------+----------+ | count | age > 60 | +=======+==========+ | 3 | True | +-------+----------+ | 1 | False | +-------+----------+ % son_cli -r users.view.count groupby='age > 60,age % 2‟ sum=age +-------+---------+----------+-----+ | count | age % 2 | age > 60 | age | +=======+=========+==========+=====+ | 1 | 1 | True | 71 | +-------+---------+----------+-----+ | 2 | 0 | True | 220 | +-------+---------+----------+-----+ | 1 | 0 | False | 30 | +-------+---------+----------+-----+
Output Format % son_cli -r users.view.count groupby=„age > 60‟ format=csv "count","age > 60" "3","True" "1","False” % son_cli --json -r users.view.count fields='age > 60' [ { "count": 3, "age > 60": true }, { "count": 1, "age > 60": false } ]
Schema % son_cli --json -r users.schema { "type": "object", "properties": { "age": { "minimum": 13, "type": "integer", "description": "Years alive" }, "name": { "type": "string" }, "id": { "type": "string” } } } This JSON describing JSON is called JSON Schema
Defying REST Collection level updates are rarely seen Performance – how long will it take? Query strings too long for GET (2k) Fall back to POST/PUT (lose caching) Extend OPTIONS for route completion OPTIONS returns supported methods Added an extension that returns routes
Route Discovery % curl -X OPTIONS http://localhost/api/v1/ {„options‟: [„users/‟, „posts/‟]} % curl –X OPTIONS http://localhost/api/v1/users/ {„options‟: [„alon‟, „john‟]} % curl http://localhost/api/v1/users/alon {„name‟: „alon‟, „twitter‟: „alonhorev‟} * Available as an extension to flask called route-options
Documentation  Exposed through the API at /api/v1/docs  Displayed visually in the GUI
PQL
Querying Lets filter some users by names: Mongo: user_names = [„foo‟, „bar‟] db.users.find({„name‟: {„$in‟: user_names}}) SQL: name_list = „, ‟.join(map(sql_escape, user_names)) sql = „select * from users where name in ({})‟.format(name_list) * SQL users: do yourselves a favor and use an ORM.
Querying Lets find users older than 60 or younger than 20: Mongo: db.users.find({„$or‟: [{„age‟: {„$gt‟: 60}}, {„age‟: {„$lt‟: 20}}]) SQL: sql = „select * from users where age > 60 or age < 20‟
PQL Mongo’s queries are easier to compose SQL is easier to write when invoking ad-hoc queries PQL was born – Mongo queries for humans! >>> pql.find('age < 20 or age > 60‟) {'$or': [{'age': {'$lt': 20}}, {'age': {'$gt': 60}}]}
PQL – Schema! >>> pql.find('name == "foo"', schema={'first_name': pql.StringField(), 'last_name': pql.StringField()}) Traceback (most recent call last): ... ParseError: Field not found: name. options: ['first_name', 'last_name']
PQL - Aggregations Car listing: {made_on: ISODate("1973-03-24T00:00:02.013Z”), price: 21000} Number of cars and total of prices per year in 1970-1990: > from pql import project, match, group > collection.aggregate( project(made_on='year(made_on)', price='price') | match('made_on >= 1970 and made_on <= 1990') | group(_id='made_on', count='sum(1)', total='sum(price)'))
PQL - Aggregations Compare to this: > collection.aggregate([ {'$project': {'made_on': {'$year': '$made_on'}, 'price': '$price'}}, {'$match': {'made_on': {'$gte': 1970, '$lte': 1990}}}, {'$group': {'_id': '$made_on', 'count': {'$sum': 1}, 'total‟: {'$sum': '$price'}}}]) Write less characters: > project(price='base * tax + commision‟) [{'$project': {'price‟: {'$add': [{'$multiply': ['$base', '$tax']},'$commision']}}}]
BSON != JSON ObjectID and Date are BSON specific! Convert them to strings Using a codec is better – symmetrical! >>> from bson import json_util >>> json_util.dumps(datetime.datetime.now()) {"$date”: 1367970875910} >>> json_util.dumps(bson.ObjectId()) {"$oid": "51896a43b46551eff3f43594"}
Python != JSON JSON Document Python Dictionary Key type Only strings Anything immutable Key order Ordered Unordered Example: user id to name mapping Python: {1234: „Alon Horev‟, 1038: „John Wayne‟} Javascript: [{„id‟: 1234, „name‟: „Alon Horev‟}, {„id‟: 1038, „name‟: „John Wayne‟}]
Python != JSON db.users.ensureIndex({'friends.id': 1}) db.users.insert({friends: [{id: 123, name: „foo‟}]}) db.users.find({'friends.id': 123}).explain() { "cursor": "BtreeCursor friends.id_1", ... }
References http://python-eve.org/ - A new RESTful API for MongoDB written in Python http://flask.pocoo.org/– A great python web framework https://github.com/alonho/pql - The PQL query translator https://github.com/micha/resty - resty enhances curl for RESTful API calls Learn from others! Twitter and Facebook have great RESTful APIs

Recomendados

OSCamp #4 on Foreman | CLI tools with Foreman by Martin Bačovský
OSCamp #4 on Foreman | CLI tools with Foreman by Martin BačovskýOSCamp #4 on Foreman | CLI tools with Foreman by Martin Bačovský
OSCamp #4 on Foreman | CLI tools with Foreman by Martin BačovskýNETWAYS
 
I Don't Care About Security (And Neither Should You)
I Don't Care About Security (And Neither Should You)I Don't Care About Security (And Neither Should You)
I Don't Care About Security (And Neither Should You)Joel Lord
 
SunshinePHP 2017 - Making the most out of MySQL
SunshinePHP 2017 - Making the most out of MySQLSunshinePHP 2017 - Making the most out of MySQL
SunshinePHP 2017 - Making the most out of MySQLGabriela Ferrara
 
Index chrome
Index chromeIndex chrome
Index chromeHeverton Peres
 
I Don't Care About Security (And Neither Should You)
I Don't Care About Security (And Neither Should You)I Don't Care About Security (And Neither Should You)
I Don't Care About Security (And Neither Should You)Joel Lord
 
Hypermedia APIs - GeekOut
Hypermedia APIs - GeekOutHypermedia APIs - GeekOut
Hypermedia APIs - GeekOutJan Kronquist
 
Jsp Notes
Jsp NotesJsp Notes
Jsp NotesRajiv Gupta
 
A bug bounty tale: Chrome, stylesheets, cookies, and AES
A bug bounty tale: Chrome, stylesheets, cookies, and AESA bug bounty tale: Chrome, stylesheets, cookies, and AES
A bug bounty tale: Chrome, stylesheets, cookies, and AEScgvwzq
 

Recomendados

OSCamp #4 on Foreman | CLI tools with Foreman by Martin Bačovský
OSCamp #4 on Foreman | CLI tools with Foreman by Martin BačovskýOSCamp #4 on Foreman | CLI tools with Foreman by Martin Bačovský
OSCamp #4 on Foreman | CLI tools with Foreman by Martin BačovskýNETWAYS
 
I Don't Care About Security (And Neither Should You)
I Don't Care About Security (And Neither Should You)I Don't Care About Security (And Neither Should You)
I Don't Care About Security (And Neither Should You)Joel Lord
 
SunshinePHP 2017 - Making the most out of MySQL
SunshinePHP 2017 - Making the most out of MySQLSunshinePHP 2017 - Making the most out of MySQL
SunshinePHP 2017 - Making the most out of MySQLGabriela Ferrara
 
Index chrome
Index chromeIndex chrome
Index chromeHeverton Peres
 
I Don't Care About Security (And Neither Should You)
I Don't Care About Security (And Neither Should You)I Don't Care About Security (And Neither Should You)
I Don't Care About Security (And Neither Should You)Joel Lord
 
Hypermedia APIs - GeekOut
Hypermedia APIs - GeekOutHypermedia APIs - GeekOut
Hypermedia APIs - GeekOutJan Kronquist
 
Jsp Notes
Jsp NotesJsp Notes
Jsp NotesRajiv Gupta
 
A bug bounty tale: Chrome, stylesheets, cookies, and AES
A bug bounty tale: Chrome, stylesheets, cookies, and AESA bug bounty tale: Chrome, stylesheets, cookies, and AES
A bug bounty tale: Chrome, stylesheets, cookies, and AEScgvwzq
 
Dr.Repi
Dr.Repi Dr.Repi
Dr.Repi Driton Haliti
 
I Don't Care About Security (And Neither Should You)
I Don't Care About Security (And Neither Should You)I Don't Care About Security (And Neither Should You)
I Don't Care About Security (And Neither Should You)Joel Lord
 
Anex....,,,.
Anex....,,,.Anex....,,,.
Anex....,,,.Carlos Catanejo
 
Summit2014 topic 0066 - 10 enhancements that require 10 lines of code
Summit2014 topic 0066 - 10 enhancements that require 10 lines of codeSummit2014 topic 0066 - 10 enhancements that require 10 lines of code
Summit2014 topic 0066 - 10 enhancements that require 10 lines of codeAngel Borroy López
 
User registration and login using stored procedure in php
User registration and login using stored procedure in phpUser registration and login using stored procedure in php
User registration and login using stored procedure in phpPHPGurukul Blog
 
Writing Secure Code for WordPress
Writing Secure Code for WordPressWriting Secure Code for WordPress
Writing Secure Code for WordPressShawn Hooper
 
ASP.Net, move data to and from a SQL Server Database
ASP.Net, move data to and from a SQL Server DatabaseASP.Net, move data to and from a SQL Server Database
ASP.Net, move data to and from a SQL Server DatabaseChristopher Singleton
 
Sps mad2019 es el momento, empieza a desarrollar para microsoft teams
Sps mad2019 es el momento, empieza a desarrollar para microsoft teams Sps mad2019 es el momento, empieza a desarrollar para microsoft teams
Sps mad2019 es el momento, empieza a desarrollar para microsoft teams Ruben Ramos
 
Modern query optimisation features in MySQL 8.
Modern query optimisation features in MySQL 8.Modern query optimisation features in MySQL 8.
Modern query optimisation features in MySQL 8.Mydbops
 
OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control - W...
OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control - W...OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control - W...
OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control - W...Maarten Balliauw
 
Fluentd 20150918 no_demo_public
Fluentd 20150918 no_demo_publicFluentd 20150918 no_demo_public
Fluentd 20150918 no_demo_publicSaewoong Lee
 
Short Intro to PHP and MySQL
Short Intro to PHP and MySQLShort Intro to PHP and MySQL
Short Intro to PHP and MySQLJussi Pohjolainen
 
Real
RealReal
RealJoshua Silver
 
[CB16] Esoteric Web Application Vulnerabilities by Andrés Riancho
[CB16] Esoteric Web Application Vulnerabilities by Andrés Riancho[CB16] Esoteric Web Application Vulnerabilities by Andrés Riancho
[CB16] Esoteric Web Application Vulnerabilities by Andrés RianchoCODE BLUE
 
Being HAPI! Reverse Proxying on Purpose
Being HAPI! Reverse Proxying on PurposeBeing HAPI! Reverse Proxying on Purpose
Being HAPI! Reverse Proxying on PurposeAman Kohli
 
Python RESTful webservices with Python: Flask and Django solutions
Python RESTful webservices with Python: Flask and Django solutionsPython RESTful webservices with Python: Flask and Django solutions
Python RESTful webservices with Python: Flask and Django solutionsSolution4Future
 
Cognitive data capture with Elis - Rossum's technical webinar
Cognitive data capture with Elis - Rossum's technical webinarCognitive data capture with Elis - Rossum's technical webinar
Cognitive data capture with Elis - Rossum's technical webinarPetr Baudis
 
Pentesting RESTful webservices
Pentesting RESTful webservicesPentesting RESTful webservices
Pentesting RESTful webservicesMohammed A. Imran
 
Why you should be using structured logs
Why you should be using structured logsWhy you should be using structured logs
Why you should be using structured logsStefan Krawczyk
 
OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control
OAuth-as-a-service using ASP.NET Web API and Windows Azure Access ControlOAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control
OAuth-as-a-service using ASP.NET Web API and Windows Azure Access ControlMaarten Balliauw
 
The top 10 security issues in web applications
The top 10 security issues in web applicationsThe top 10 security issues in web applications
The top 10 security issues in web applicationsDevnology
 
SharePoint 2010 authentications
SharePoint 2010 authenticationsSharePoint 2010 authentications
SharePoint 2010 authenticationsWyngate Solutions
 

Mais conteúdo relacionado

Mais procurados

I Don't Care About Security (And Neither Should You)
I Don't Care About Security (And Neither Should You)I Don't Care About Security (And Neither Should You)
I Don't Care About Security (And Neither Should You)Joel Lord
 
Summit2014 topic 0066 - 10 enhancements that require 10 lines of code
Summit2014 topic 0066 - 10 enhancements that require 10 lines of codeSummit2014 topic 0066 - 10 enhancements that require 10 lines of code
Summit2014 topic 0066 - 10 enhancements that require 10 lines of codeAngel Borroy López
 
User registration and login using stored procedure in php
User registration and login using stored procedure in phpUser registration and login using stored procedure in php
User registration and login using stored procedure in phpPHPGurukul Blog
 
Writing Secure Code for WordPress
Writing Secure Code for WordPressWriting Secure Code for WordPress
Writing Secure Code for WordPressShawn Hooper
 
ASP.Net, move data to and from a SQL Server Database
ASP.Net, move data to and from a SQL Server DatabaseASP.Net, move data to and from a SQL Server Database
ASP.Net, move data to and from a SQL Server DatabaseChristopher Singleton
 
Sps mad2019 es el momento, empieza a desarrollar para microsoft teams
Sps mad2019 es el momento, empieza a desarrollar para microsoft teams Sps mad2019 es el momento, empieza a desarrollar para microsoft teams
Sps mad2019 es el momento, empieza a desarrollar para microsoft teams Ruben Ramos
 

Mais procurados (8)

Dr.Repi
Dr.Repi Dr.Repi
Dr.Repi
 
I Don't Care About Security (And Neither Should You)
I Don't Care About Security (And Neither Should You)I Don't Care About Security (And Neither Should You)
I Don't Care About Security (And Neither Should You)
 
Anex....,,,.
Anex....,,,.Anex....,,,.
Anex....,,,.
 
Summit2014 topic 0066 - 10 enhancements that require 10 lines of code
Summit2014 topic 0066 - 10 enhancements that require 10 lines of codeSummit2014 topic 0066 - 10 enhancements that require 10 lines of code
Summit2014 topic 0066 - 10 enhancements that require 10 lines of code
 
User registration and login using stored procedure in php
User registration and login using stored procedure in phpUser registration and login using stored procedure in php
User registration and login using stored procedure in php
 
Writing Secure Code for WordPress
Writing Secure Code for WordPressWriting Secure Code for WordPress
Writing Secure Code for WordPress
 
ASP.Net, move data to and from a SQL Server Database
ASP.Net, move data to and from a SQL Server DatabaseASP.Net, move data to and from a SQL Server Database
ASP.Net, move data to and from a SQL Server Database
 
Sps mad2019 es el momento, empieza a desarrollar para microsoft teams
Sps mad2019 es el momento, empieza a desarrollar para microsoft teams Sps mad2019 es el momento, empieza a desarrollar para microsoft teams
Sps mad2019 es el momento, empieza a desarrollar para microsoft teams
 

Semelhante a MongoDB user group israel May

Modern query optimisation features in MySQL 8.
Modern query optimisation features in MySQL 8.Modern query optimisation features in MySQL 8.
Modern query optimisation features in MySQL 8.Mydbops
 
OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control - W...
OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control - W...OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control - W...
OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control - W...Maarten Balliauw
 
Fluentd 20150918 no_demo_public
Fluentd 20150918 no_demo_publicFluentd 20150918 no_demo_public
Fluentd 20150918 no_demo_publicSaewoong Lee
 
Short Intro to PHP and MySQL
Short Intro to PHP and MySQLShort Intro to PHP and MySQL
Short Intro to PHP and MySQLJussi Pohjolainen
 
[CB16] Esoteric Web Application Vulnerabilities by Andrés Riancho
[CB16] Esoteric Web Application Vulnerabilities by Andrés Riancho[CB16] Esoteric Web Application Vulnerabilities by Andrés Riancho
[CB16] Esoteric Web Application Vulnerabilities by Andrés RianchoCODE BLUE
 
Being HAPI! Reverse Proxying on Purpose
Being HAPI! Reverse Proxying on PurposeBeing HAPI! Reverse Proxying on Purpose
Being HAPI! Reverse Proxying on PurposeAman Kohli
 
Python RESTful webservices with Python: Flask and Django solutions
Python RESTful webservices with Python: Flask and Django solutionsPython RESTful webservices with Python: Flask and Django solutions
Python RESTful webservices with Python: Flask and Django solutionsSolution4Future
 
Cognitive data capture with Elis - Rossum's technical webinar
Cognitive data capture with Elis - Rossum's technical webinarCognitive data capture with Elis - Rossum's technical webinar
Cognitive data capture with Elis - Rossum's technical webinarPetr Baudis
 
Pentesting RESTful webservices
Pentesting RESTful webservicesPentesting RESTful webservices
Pentesting RESTful webservicesMohammed A. Imran
 
Why you should be using structured logs
Why you should be using structured logsWhy you should be using structured logs
Why you should be using structured logsStefan Krawczyk
 
OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control
OAuth-as-a-service using ASP.NET Web API and Windows Azure Access ControlOAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control
OAuth-as-a-service using ASP.NET Web API and Windows Azure Access ControlMaarten Balliauw
 
The top 10 security issues in web applications
The top 10 security issues in web applicationsThe top 10 security issues in web applications
The top 10 security issues in web applicationsDevnology
 
SharePoint 2010 authentications
SharePoint 2010 authenticationsSharePoint 2010 authentications
SharePoint 2010 authenticationsWyngate Solutions
 
Architecting Secure and Compliant Applications with MongoDB
Architecting Secure and Compliant Applications with MongoDB Architecting Secure and Compliant Applications with MongoDB
Architecting Secure and Compliant Applications with MongoDB MongoDB
 
OAuth-as-a-service - using ASP.NET Web API and Windows Azure Access Control -...
OAuth-as-a-service - using ASP.NET Web API and Windows Azure Access Control -...OAuth-as-a-service - using ASP.NET Web API and Windows Azure Access Control -...
OAuth-as-a-service - using ASP.NET Web API and Windows Azure Access Control -...Maarten Balliauw
 
Windows Server 2008 (PowerShell Scripting Uygulamaları)
Windows Server 2008 (PowerShell Scripting Uygulamaları)Windows Server 2008 (PowerShell Scripting Uygulamaları)
Windows Server 2008 (PowerShell Scripting Uygulamaları)ÇözümPARK
 
Automating Networks by using API
Automating Networks by using APIAutomating Networks by using API
Automating Networks by using API一清 井上
 
Observability of InfluxDB IOx: Tracing, Metrics and System Tables
Observability of InfluxDB IOx: Tracing, Metrics and System TablesObservability of InfluxDB IOx: Tracing, Metrics and System Tables
Observability of InfluxDB IOx: Tracing, Metrics and System TablesInfluxData
 

Semelhante a MongoDB user group israel May (20)

Modern query optimisation features in MySQL 8.
Modern query optimisation features in MySQL 8.Modern query optimisation features in MySQL 8.
Modern query optimisation features in MySQL 8.
 
OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control - W...
OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control - W...OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control - W...
OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control - W...
 
Fluentd 20150918 no_demo_public
Fluentd 20150918 no_demo_publicFluentd 20150918 no_demo_public
Fluentd 20150918 no_demo_public
 
Short Intro to PHP and MySQL
Short Intro to PHP and MySQLShort Intro to PHP and MySQL
Short Intro to PHP and MySQL
 
Real
RealReal
Real
 
[CB16] Esoteric Web Application Vulnerabilities by Andrés Riancho
[CB16] Esoteric Web Application Vulnerabilities by Andrés Riancho[CB16] Esoteric Web Application Vulnerabilities by Andrés Riancho
[CB16] Esoteric Web Application Vulnerabilities by Andrés Riancho
 
Being HAPI! Reverse Proxying on Purpose
Being HAPI! Reverse Proxying on PurposeBeing HAPI! Reverse Proxying on Purpose
Being HAPI! Reverse Proxying on Purpose
 
Python RESTful webservices with Python: Flask and Django solutions
Python RESTful webservices with Python: Flask and Django solutionsPython RESTful webservices with Python: Flask and Django solutions
Python RESTful webservices with Python: Flask and Django solutions
 
Cognitive data capture with Elis - Rossum's technical webinar
Cognitive data capture with Elis - Rossum's technical webinarCognitive data capture with Elis - Rossum's technical webinar
Cognitive data capture with Elis - Rossum's technical webinar
 
Pentesting RESTful webservices
Pentesting RESTful webservicesPentesting RESTful webservices
Pentesting RESTful webservices
 
Why you should be using structured logs
Why you should be using structured logsWhy you should be using structured logs
Why you should be using structured logs
 
OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control
OAuth-as-a-service using ASP.NET Web API and Windows Azure Access ControlOAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control
OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control
 
The top 10 security issues in web applications
The top 10 security issues in web applicationsThe top 10 security issues in web applications
The top 10 security issues in web applications
 
SharePoint 2010 authentications
SharePoint 2010 authenticationsSharePoint 2010 authentications
SharePoint 2010 authentications
 
Architecting Secure and Compliant Applications with MongoDB
Architecting Secure and Compliant Applications with MongoDB Architecting Secure and Compliant Applications with MongoDB
Architecting Secure and Compliant Applications with MongoDB
 
OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control
OAuth-as-a-service using ASP.NET Web API and Windows Azure Access ControlOAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control
OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control
 
OAuth-as-a-service - using ASP.NET Web API and Windows Azure Access Control -...
OAuth-as-a-service - using ASP.NET Web API and Windows Azure Access Control -...OAuth-as-a-service - using ASP.NET Web API and Windows Azure Access Control -...
OAuth-as-a-service - using ASP.NET Web API and Windows Azure Access Control -...
 
Windows Server 2008 (PowerShell Scripting Uygulamaları)
Windows Server 2008 (PowerShell Scripting Uygulamaları)Windows Server 2008 (PowerShell Scripting Uygulamaları)
Windows Server 2008 (PowerShell Scripting Uygulamaları)
 
Automating Networks by using API
Automating Networks by using APIAutomating Networks by using API
Automating Networks by using API
 
Observability of InfluxDB IOx: Tracing, Metrics and System Tables
Observability of InfluxDB IOx: Tracing, Metrics and System TablesObservability of InfluxDB IOx: Tracing, Metrics and System Tables
Observability of InfluxDB IOx: Tracing, Metrics and System Tables
 

Último

TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DaySri Ambati
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 

Último (20)

TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 

MongoDB user group israel May

  • 1. Protecting MongoDB With A RESTful API Alon Horev Israel MongoDB user group May 2013
  • 2. Meta Alon Horev Twitter: @alonhorev Mail: alon@horev.net Blog: http://alon.horev.net
  • 3. Cellular networks are choking Automatic optimization to the rescue: 1. Collect analytics 2. Analyze and update network configuration 3. Back to 1! SON – self optimizing networks An example: a loaded cell We’re a proud Python shop
  • 4. Agenda Why and how we migrated to MongoDB Do you need an API? What is a RESTful API? A review of Intucell’s API MongoDB best practices
  • 5. Why MongoDB? Scale and failover just works! Data center partition tolerance Development speed Fast prototyping – schema changes frequently Slows down when in need for joins and transactions
  • 6. Migration Challenges Migrating from MySQL to MongoDB People have direct access to the DB 20 developers 40 analysts and tech support “No joins? SQL? Transactions? GUI?” A lot to make up for!
  • 7. Why An API? Complement mongo – reports (joins!) and PQL Hide implementation – data store(s), short names Security - auth isn’t enough: {$where:'while(1){}‟} Resource management – run slow queries on slaves Schema and referential integrity
  • 8. Type Of API Small layer on top of your driver Dictionaries and hashes - not OO! MongoEngine/MongoKit (ODM) Your own! RESTful Cross language Inherent to web apps Standards for caching, auth, throttling
  • 9. RESTful “Representational state transfer” Not a standard but an architectural style Basically it’s a bunch of guidelines! Real world APIs break some of them HTTP as a communication layer Implementing CRUD using HTTP
  • 10. RESTful Routes Resource Method and Route Meaning Users collection GET /users/ Read users DELETE /users/ Delete users PUT /users/ Update users POST /users/ Create user/s A user GET /users/<id> Read a user DELETE /users/<id> Delete a user PUT /users/<id> Update a user POST /users/<id> Create a user * RESTful APIs usually don’t support batch operations of create/update/delete
  • 11. HTTP Crash Course GET /search?q=foo&source=web HTTP/1.1 Host: www.google.co.il Cache-Control: max-age=0 User-Agent: Mozilla/5.0 Accept: text/html,application/xml Accept-Encoding: gzip,deflate,sdch Cookie: PREF=ID=9a768e836b317d:U=fd620232bd98bd * Note that I removed and shortened some headers * query string parameters are limited to 2k! (browser specific)
  • 12. HTTP Crash Course POST /api/v1/system/auth/users/alonho/ HTTP/1.1 Host: localhost Content-Length: 20 Content-Type: application/json User-Agent: python-requests/0.9.3 Cookie: token=6f01a9decd518f5cf5b4e14bddad {"password": "none"} * Note that I removed and shortened some headers * Content (body) is allowed only in POST/PUT
  • 13. CLI for HTTP A CLI can make your life easier Each API call is defined by: A resource A method Parameters % son_cli –-create users name=„alon‟ +--------------------------+------+ | id | name | +==========================+======+ | 5192605a9716ab5a94b37d3c | alon | +--------------------------+------+
  • 14. Resource Generation We already use MongoEngine Declarative Enforces schema Supports inheritance (multiple types in one collection) class User(Document): name = StringField(required=True) age = IntField(min_value=13, help_text=„Years alive‟, required=True) register_mongo_resource(User, „/users‟)
  • 15. Create % son_cli –c users age=3 {„error‟: „Bad Request‟, „code‟: 400, „message‟: „Value 3 for field “age” is less than minimum value: 13‟} % son_cli -c users name='alon' age=120 +--------------------------+------+-----+ | id | name | age | +==========================+======+=====+ | 5192605a9716ab5a94b37d3c | alon | 120 | +--------------------------+------+-----+
  • 16. Read % son_cli –r users +--------------------------+------+-----+ | id | name | age | +==========================+======+=====+ | 5192605a9716ab5a94b37d3c | alon | 120 | +--------------------------+------+-----+ | 5192608d9716ab5a94b37d3d | john | 100 | +--------------------------+------+-----+ | 519265909716ab5a94b37d3e | snow | 30 | +--------------------------+------+-----+ Sane defaults: by default read returns first 50 documents
  • 17. Read Less % son_cli -r users page_size=2 page=0 fields=name,age +------+-----+ | name | age | +======+=====+ | alon | 120 | +------+-----+ | john | 100 | +------+-----+
  • 18. Read Ordered % son_cli -r users fields=name,age order=age +------+-----+ | name | age | +======+=====+ | snow | 30 | +------+-----+ | john | 100 | +------+-----+ | alon | 120 | +------+-----+ How would you order by ascending age and descending name: % son_cli -r users order=age,-name
  • 19. Read Filtered % son_cli -r users query=„age < 40 or name == “john”‟ +--------------------------+------+-----+ | id | name | age | +==========================+======+=====+ | 5192608d9716ab5a94b37d3d | john | 100 | +--------------------------+------+-----+ | 519265909716ab5a94b37d3e | snow | 30 | +--------------------------+------+-----+
  • 20. Update % son_cli -u users.5192605a9716ab5a94b37d3c name=anakin +--------------------------+--------+-----+ | id | name | age | +==========================+========+=====+ | 5192605a9716ab5a94b37d3c | anakin | 120 | +--------------------------+--------+-----+ % son_cli –u users query=„age >= 120‟ age=100 +-------+ | count | +=======+ | 1 | +-------+
  • 21. Delete % son_cli -d users.5192605a9716ab5a94b37d3c +--------------------------+--------+-----+ | id | name | age | +==========================+========+=====+ | 5192605a9716ab5a94b37d3c | anakin | 120 | +--------------------------+--------+-----+ % son_cli –d users query=„age >= 120‟ +-------+ | count | +=======+ | 1 | +-------+
  • 22. Aggregations API % son_cli -r users.view.count +-------+ | count | +=======+ | 4 | +-------+ % son_cli -r users.view.count sum=age +-------+-----+ | count | age | +=======+=====+ | 4 | 321 | +-------+-----+
  • 23. Aggregations API % son_cli -r users.view.count groupby=„age > 60‟ +-------+----------+ | count | age > 60 | +=======+==========+ | 3 | True | +-------+----------+ | 1 | False | +-------+----------+ % son_cli -r users.view.count groupby='age > 60,age % 2‟ sum=age +-------+---------+----------+-----+ | count | age % 2 | age > 60 | age | +=======+=========+==========+=====+ | 1 | 1 | True | 71 | +-------+---------+----------+-----+ | 2 | 0 | True | 220 | +-------+---------+----------+-----+ | 1 | 0 | False | 30 | +-------+---------+----------+-----+
  • 24. Output Format % son_cli -r users.view.count groupby=„age > 60‟ format=csv "count","age > 60" "3","True" "1","False” % son_cli --json -r users.view.count fields='age > 60' [ { "count": 3, "age > 60": true }, { "count": 1, "age > 60": false } ]
  • 25. Schema % son_cli --json -r users.schema { "type": "object", "properties": { "age": { "minimum": 13, "type": "integer", "description": "Years alive" }, "name": { "type": "string" }, "id": { "type": "string” } } } This JSON describing JSON is called JSON Schema
  • 26. Defying REST Collection level updates are rarely seen Performance – how long will it take? Query strings too long for GET (2k) Fall back to POST/PUT (lose caching) Extend OPTIONS for route completion OPTIONS returns supported methods Added an extension that returns routes
  • 27. Route Discovery % curl -X OPTIONS http://localhost/api/v1/ {„options‟: [„users/‟, „posts/‟]} % curl –X OPTIONS http://localhost/api/v1/users/ {„options‟: [„alon‟, „john‟]} % curl http://localhost/api/v1/users/alon {„name‟: „alon‟, „twitter‟: „alonhorev‟} * Available as an extension to flask called route-options
  • 28. Documentation  Exposed through the API at /api/v1/docs  Displayed visually in the GUI
  • 29. PQL
  • 30. Querying Lets filter some users by names: Mongo: user_names = [„foo‟, „bar‟] db.users.find({„name‟: {„$in‟: user_names}}) SQL: name_list = „, ‟.join(map(sql_escape, user_names)) sql = „select * from users where name in ({})‟.format(name_list) * SQL users: do yourselves a favor and use an ORM.
  • 31. Querying Lets find users older than 60 or younger than 20: Mongo: db.users.find({„$or‟: [{„age‟: {„$gt‟: 60}}, {„age‟: {„$lt‟: 20}}]) SQL: sql = „select * from users where age > 60 or age < 20‟
  • 32. PQL Mongo’s queries are easier to compose SQL is easier to write when invoking ad-hoc queries PQL was born – Mongo queries for humans! >>> pql.find('age < 20 or age > 60‟) {'$or': [{'age': {'$lt': 20}}, {'age': {'$gt': 60}}]}
  • 33. PQL – Schema! >>> pql.find('name == "foo"', schema={'first_name': pql.StringField(), 'last_name': pql.StringField()}) Traceback (most recent call last): ... ParseError: Field not found: name. options: ['first_name', 'last_name']
  • 34. PQL - Aggregations Car listing: {made_on: ISODate("1973-03-24T00:00:02.013Z”), price: 21000} Number of cars and total of prices per year in 1970-1990: > from pql import project, match, group > collection.aggregate( project(made_on='year(made_on)', price='price') | match('made_on >= 1970 and made_on <= 1990') | group(_id='made_on', count='sum(1)', total='sum(price)'))
  • 35. PQL - Aggregations Compare to this: > collection.aggregate([ {'$project': {'made_on': {'$year': '$made_on'}, 'price': '$price'}}, {'$match': {'made_on': {'$gte': 1970, '$lte': 1990}}}, {'$group': {'_id': '$made_on', 'count': {'$sum': 1}, 'total‟: {'$sum': '$price'}}}]) Write less characters: > project(price='base * tax + commision‟) [{'$project': {'price‟: {'$add': [{'$multiply': ['$base', '$tax']},'$commision']}}}]
  • 36.
  • 37.
  • 38. BSON != JSON ObjectID and Date are BSON specific! Convert them to strings Using a codec is better – symmetrical! >>> from bson import json_util >>> json_util.dumps(datetime.datetime.now()) {"$date”: 1367970875910} >>> json_util.dumps(bson.ObjectId()) {"$oid": "51896a43b46551eff3f43594"}
  • 39.
  • 40. Python != JSON JSON Document Python Dictionary Key type Only strings Anything immutable Key order Ordered Unordered Example: user id to name mapping Python: {1234: „Alon Horev‟, 1038: „John Wayne‟} Javascript: [{„id‟: 1234, „name‟: „Alon Horev‟}, {„id‟: 1038, „name‟: „John Wayne‟}]
  • 41. Python != JSON db.users.ensureIndex({'friends.id': 1}) db.users.insert({friends: [{id: 123, name: „foo‟}]}) db.users.find({'friends.id': 123}).explain() { "cursor": "BtreeCursor friends.id_1", ... }
  • 42. References http://python-eve.org/ - A new RESTful API for MongoDB written in Python http://flask.pocoo.org/– A great python web framework https://github.com/alonho/pql - The PQL query translator https://github.com/micha/resty - resty enhances curl for RESTful API calls Learn from others! Twitter and Facebook have great RESTful APIs

Notas do Editor

  1. Developers use the database for debugging and introspection.Analysts learned SQL and used the database for performance analysis and report generation.
  2. You would not find a spec or a reference implementation.There are good examples out there (facebook, twitter) and good framworks to help you build RESTful APIs.
  3. Stands for python query language