Postgrest: the REST API for PostgreSQL databases

PGDay.IT 2016 – 13 Dicembre 2016 - Prato 1 di 24
Postgrest: la REST API per i database PostgreSQL
Lucio Grenzi
l.grenzi@gmail.com

Who is this guy?
Delphi developer since 1999
IT Consultant
Front end web developer
Postgresql addicted
      Nonantolando.blogspot.com
      lucio.grenzi
      lucio grenzi

AgendaAgenda
NoBackend: what and why
Postgresql: advantages
Postgrest features

NobackendNobackend
noBackend is an approach to decouple apps from backends, by abstracting
backend tasks with frontend code.
This allows frontend developers to focus on user experience and gives
backend developers more flexibility on the implementation side.
nobackend.org

Our purposeOur purpose
Create apps / webapps that don't need a backend at all
Writing business logic often duplicates, ignores or hobbles
database structure
A single declarative source of truth: the data itself
How?
Using a REST API on top of your database

Build a backend in right wayBuild a backend in right way
SSL to rest api always!
Different schema to different port
Implement only what you need
Use webserver to route in the right way
Authentication done by JWT
Row level security feature introduced from Postgresql 9.5

Why schemas?Why schemas?
It allows many users to use one database without interfering
with each other.
It organizes database objects into logical groups to make them
more manageable.
Thirdparty applications can be put into separate schemas so
they do not collide with the names of other objects.

Why PostgresqlWhy Postgresql
Versatility
json support
Custom languages (Plv8)
Lots of extensions
MVC logic inside the database

MVCMVC
MVC is an architectural design pattern that encourages
improved application organization through a separation of
concerns. It enforces the isolation of business data (Models)
from user interfaces (Views), with a third component
(Controllers) traditionally managing logic, userinput, and
coordination of Models and Views.
Developing Backbone.js Applications
By Addy Osmani

Build an applicationBuild an application
Focus on client related tecnology
Pick a frontend framework

PostgrestPostgrest
Cleaner and a more standards compliant API
Quick to get started
Nothing to install
Nothing to configure
Exchange data json format
Postgresql + Postgrest: combination that can give you a way to expose your
data to other applications or web frontends.

Postgrest parameters/optionsPostgrest parameters/options
Usage: postgrest DB_URL (-a|--anonymous ROLE) [-s|--schema NAME]
[-p|--port PORT] [-j|--jwt-secret SECRET] [-o|--pool COUNT]
[-m|--max-rows COUNT]
PostgREST 0.3.2.0 / create a REST API to an existing Postgres database
Available options:
-h,--help Show this help text
DB_URL (REQUIRED) database connection string, e.g.
postgres://user:pass@host:port/db
-a,--anonymous ROLE (REQUIRED) postgres role to use for non-
authenticated requests
-s,--schema NAME schema to use for API routes (default: "public")
-p,--port PORT port number on which to run HTTP
server (default: 3000)
-j,--jwt-secret SECRET secret used to encrypt and decrypt JWT
tokens (default: "secret")
-o,--pool COUNT max connections in database pool (default: 10)
-m,--max-rows COUNT max rows in response (default: "infinity")

Postgrest - securityPostgrest - security
PostgREST is designed to keep the database at the center of API security
All authorization happens through database roles and permissions
Use json web sockets to
authenticate API request
authenticate with external services

Postgrest – security with no jwtPostgrest – security with no jwt
If
no JWT is present
it the role is invalid
it does not contain the role claim
SET LOCAL ROLE anonymous;

Postgrest – security with jwtPostgrest – security with jwt
CREATE ROLE authenticator NOINHERIT LOGIN;
CREATE ROLE anonymous;
GRANT anonymous TO authenticator;
postgrest postgres://pgday@localhost:5432/pgday anonymous anon

Postgrest - performancesPostgrest - performances
Web application written in Haskell
using Warp http server
It delegates as much calculation as possible to the database
Serializing JSON responses directly in SQL
Data validation
Authorization

Postgrest - VersioningPostgrest - Versioning
A longlived API needs the freedom to exist in multiple
versions
PostgREST does versioning through database schemas

API matchesAPI matches
    POST ~ INSERT
    GET ~ SELECT
    PATCH ~ UPDATE
    PUT ~ UPSERT
    DELETE ~ DELETE
    Auth ~ user roles

API callsAPI calls
GET /customer?select=name, age, city,nation
POST /customer name, age, city,nation John,40,Boston,USA

Try postgrestTry postgrest
Source: https://github.com/begriffs/postgrest/
Docker image https://hub.docker.com/r/begriffs/postgrest/
Heroku
Postgrest: http://postgrest.com/

Postgrest clientPostgrest client
PostgREST JavaScript client provides bindings and features
to be used with PostgREST APIs.
Install with NPM in your project‘s folder.
$ npm install postgrestclient

var PostgREST = require('postgrestclient')
var Api = new PostgREST('https://postgrest.pgday.it')

Similar tool to PostgrestSimilar tool to Postgrest
PgREST http://pgre.st/
a JSON document store
PostGraphQL https://github.com/calebmer/postgraphql
a GraphQL schema created over a PostgreSQL schema

Questions?Questions?

Postgrest: the REST API for PostgreSQL databases

More Related Content

What's hot (20)

Viewers also liked (20)

Similar to Postgrest: the REST API for PostgreSQL databases (20)

More from Lucio Grenzi (10)

Recently uploaded (20)

Postgrest: the REST API for PostgreSQL databases