[BreizhCamp, format 15min] Une api rest et GraphQL sans code grâce à PostgREST, sub0 et PostgreSQL
2 likes2,838 views
This document discusses the use of PostgREST to create a REST API without writing code, focusing on how to manage various aspects such as authentication, authorization, filtering, and versioning in a PostgreSQL database context. It outlines practices for maintaining schema version control and row-level security while providing examples of API endpoints for various database operations. Additionally, it highlights tools and methodologies for documentation, testing, and email management within this framework.
![[BreizhCamp, format 15min] Une api rest et GraphQL sans code grâce à PostgREST, sub0 et PostgreSQL](https://image.slidesharecdn.com/20170418uneapirestetgraphqlsanscodegraceapostgrestsub0etpostgresql-170426174719/85/BreizhCamp-format-15min-Une-api-rest-et-GraphQL-sans-code-grace-a-PostgREST-sub0-et-PostgreSQL-2-320.jpg)
![[BreizhCamp, format 15min] Une api rest et GraphQL sans code grâce à PostgREST, sub0 et PostgreSQL](https://image.slidesharecdn.com/20170418uneapirestetgraphqlsanscodegraceapostgrestsub0etpostgresql-170426174719/85/BreizhCamp-format-15min-Une-api-rest-et-GraphQL-sans-code-grace-a-PostgREST-sub0-et-PostgreSQL-10-320.jpg)
[BreizhCamp, format 15min] Une api rest et GraphQL sans code grâce à PostgREST, sub0 et PostgreSQL
- 1. Une API REST sans code grâce à Postgrest, Sub0 et PostgreSQL
- 5. François-Guillaume Ribreau — Ex-Bringr cofounder & CTO Ex-Architect @iAdvize
- 6. François-Guillaume Ribreau — Ex-Bringr cofounder & CTO Ex-Architect @iAdvize Architect & Head of development @Ouest-France
- 7. François-Guillaume Ribreau — Ex-Bringr cofounder & CTO Ex-Architect @iAdvize Architect & Head of development @Ouest-France 🌟 Founded @imagecharts @Redsmin @mailpopin
- 8. François-Guillaume Ribreau — Ex-Bringr cofounder & CTO Ex-Architect @iAdvize Architect & Head of development @Ouest-France 🌟 Founded @imagecharts @Redsmin @mailpopin 🚀 Trainer @EPSI_Nantes @UnivNantes
- 9. François-Guillaume Ribreau — Ex-Bringr cofounder & CTO Ex-Architect @iAdvize Architect & Head of development @Ouest-France 🌟 Founded @imagecharts @Redsmin @mailpopin 🚀 Trainer @EPSI_Nantes @UnivNantes 📢 Twitter/Github: @FGRibreau
- 11. API?
- 13. Single Source of Truth? API? Persistence API?
- 14. Single Source of Truth? DRY? API? Persistence API?
- 17. Validation Database (Schema (constraint)) API (Models / ORM (validation)) Front (validation)
- 18. Relation Database (Schema (referential integrity)) API (Models / ORM (relations)) Front
- 21. API DB • HTTP request handling • Authentication • Authorization • Request Parsing • Request Validation • Database Communication • Database Response Handling • HTTP Response Building Persistence API your job
- 22. API SQLHTTP DB • HTTP request handling • Authentication • Authorization • Request Parsing • Request Validation • Database Communication • Database Response Handling • HTTP Response Building Persistence API your job
- 23. API SQLHTTP DB Persistence API TL;DR: HTTP <-> SQL mapping … with a lot of space for potential mistakes. your job
- 24. Postgrest DB Persistence API your job #SSoT #DRY
- 25. Are we serious?
- 26. Are we serious?
- 27. Postgrest DB Persistence API your job #SSoT #DRY schema
- 28. Postgrest Read / Write requests (read) GET /projects (read) GET /account (write) POST /rpc/signUp (write) POST /rpc/logIn
- 29. How do you manage projection, filtering, ordering?
- 30. GET /people?age=gte.18&isStudent=is.true How do you manage projection, filtering, ordering?
- 31. GET /people?age=gte.18&isStudent=is.true GET /people?select=age::text,height,weight How do you manage projection, filtering, ordering?
- 32. GET /people?age=gte.18&isStudent=is.true GET /people?select=age::text,height,weight GET /stuff?metadata->a->>b=eq.2 How do you manage projection, filtering, ordering?
- 33. GET /people?age=gte.18&isStudent=is.true GET /people?select=age::text,height,weight GET /stuff?metadata->a->>b=eq.2 GET /projects?select=id,name,tasks{id,name} &order=id.asc&tasks.order=name.asc How do you manage projection, filtering, ordering?
- 34. How do you manage versioning?
- 35. How do you manage versioning? public private
- 36. How do you manage versioning? public private authentication schema i18n schema app schema …. schema
- 37. How do you manage versioning? public private v1_0 schema authentication schema i18n schema app schema …. view schemastored fn projects signIn signUp
- 38. How do you manage versioning? public private v1_0 schema v2_0 schema authentication schema i18n schema app schema …. view schemastored fn projects signIn signUp projects logIn signUp
- 39. How do you manage authentication?
- 40. How do you manage authentication?
- 41. How do you manage authorization?
- 42. How do you manage authorization? CREATE ROLE authenticator NOINHERIT LOGIN; CREATE ROLE anonymous; CREATE ROLE authenticated_user; GRANT anonymous, authenticated_user TO authenticator;
- 43. How do you manage authorization?
- 44. How do you manage authorization? Row Level Security (PG 9.5+)
- 45. How do you manage authorization? Row Level Security (PG 9.5+) ALTER TABLE app.project ENABLE ROW LEVEL SECURITY; CREATE POLICY user_can_only_access_its_own_project on app.project — Any rows for which the expression returns false or null will not be visible to the user (in a SELECT), and will not be available for modification (in an UPDATE or DELETE) using (user_id = current_setting('request.jwt.claim.user_id'))
- 46. How do you manage authorization? Row Level Security (PG 9.5+) ALTER TABLE app.project ENABLE ROW LEVEL SECURITY; CREATE POLICY user_can_only_access_its_own_project on app.project — Any rows for which the expression returns false or null will not be visible to the user (in a SELECT), and will not be available for modification (in an UPDATE or DELETE) using (user_id = current_setting('request.jwt.claim.user_id')) 2 lines of SQL Reliable security model (closed by default) Declarative Expressive
- 47. How do you manage emails/3rd parties? http://bit.ly/2oNbaKy
- 48. How do you manage emails/3rd parties? pg_notify (PG 9.2+) http://bit.ly/2oNbaKy
- 49. How do you manage documentation?
- 50. How do you manage documentation? OpenAPI (Swagger) format automatically extracted from schema
- 51. How do you manage code-reviews, tests, migrations? Pivotal/trilogy pg_tag pg_unit pg_unit2
- 52. How do you manage code-reviews, tests, migrations? It’s just SQL. Pivotal/trilogy pg_tag pg_unit pg_unit2
- 53. One more thing
- 54. PostgraphQL A GraphQL API created by reflection over a PostgreSQL schema. (NodeJS)
- 55. Sub0 ❤ GraphQL & REST API for your database
- 56. Free plans for Redis administration & monitoring at redsmin.com Questions? @FGRibreau No more server-side rendering pain, 1 url = 1 chart image-charts.com
- 57. Free plans for Redis administration & monitoring at redsmin.com We are looking for Front-end Developers twitter.com/iadvizetech Questions? @FGRibreau No more server-side rendering pain, 1 url = 1 chart image-charts.com