Ember & SOA

Ember & SOA

 

 

Stumbling towards SOA

 

The story of CloudHDR

My original app

A collection of services

CloudHDR Structure

Outline

  1. Context, Goals & Requirements
  2. First Steps
  3. Authenticaion
  4. Leaving localhost

A bit about me



Jeremy Green

drummer, coder, entrepreneur, photographer, brewer

organizer of OkcRuby.org

@jagthedrummer
jeremy@octolabs.com
http://www.octolabs.com/

CloudHDR

HDR Photo Processing Automation

 

 

HDR == High Dynamic Range

Why HDR?

You don't want this:

You want this!

Goals & Reqs

Goals & Reqs

  • Small focused apps
  • Single sign on/off
  • Minimize code duplication
  • Support a variety of app/service types
  • Friendly to people and robots

Getting Started

Getting Started

 

Start a local service


  $ rails -p 3007

 

Configure Ember Data


  // Configure Ember Data
  App.ApplicationAdapter = DS.RESTAdapter.extend({
    host: 'http://localhost:3007'
  });

Better than hard coding

 


  $ export FILE_SERVICE=http://localhost:3007/

 


  // Configure Ember Data
  App.ApplicationAdapter = DS.RESTAdapter.extend({
    host: '<%= ENV["FILE_SERVICE"]%>',
    namespace: 'api/v1'
  });

Response Codes for
JSON Requests

 

  • Send a meaningful response code
  • Don't just issue a redirect

Proceed as normal

  • Routes
  • Controllers
  • Models
  • Components
  • Etc...

Congratulations!

 

You're "doing SOA"!

Authentication

Authentication

 

OAuth(2)

An open standard for delegated authorization

A Brief Intro

Or Review

Ember + OAuth

 

Session Based Auth

Code for the Ember app

 

  1. Retrieve some data
  2. Handle authorization errors

Just get the current user when the app is ready


  App = Ember.Application.create({
    ready: function(){
      var store = App.__container__.lookup('store:main');
      var id = 'me?_=' + (new Date()).getTime();
      store.find('user',id).then(function(user){
        App.currentUser = user;
      });
    }
  });

Custom 401 error handler


  App.ApplicationAdapter = DS.RESTAdapter.extend({
    ajaxError: function(jqXHR) {
      var error = this._super(jqXHR);
      if (jqXHR && jqXHR.status === 401) {
        var newLocation = "http://files.cloudhdr.com/auth?return=";
        newLocation += encodeURIComponent(document.location.toString());
        document.location = newLocation;
      } else {
        return error;
      }
    }
  });

Token Based Auth*

 

*I have not actually implemented this yet

Leaving localhost

Leaving localhost


Cross domain issues

Cancelled in the browser

200 OK on the server

Check the console


CORS


Cross Origin Resource Sharing

Allows a site to tell browsers

that it is willing to

provide content/services to other sites


    # Gemfile
    gem "rack-cors", :require => "rack/cors"
  

    # config/application.rb
    config.middleware.use Rack::Cors do
      allow do
        origins(/http:\/\/localhost:\d*/,
                /https:\/\/cloudhdr-\w*-octolabs\.fwd\.wf/,
                /http:\/\/[\w-]*\.cloudhdr\.com/
               )
        resource '/api/v1/*', 
                  :headers => :any, 
                  :methods => [:get, :post, :put, :delete, :options]
      end
    end
  

Public/Open API



    # config/application.rb
    config.middleware.use Rack::Cors do
      allow do
        origins('*')
        resource '/api/public/v1/*',
          :headers => :any,
          :methods => [:get]
      end
    end
  

Do NOT Do This!



    # config/application.rb
    config.middleware.use Rack::Cors do
      allow do
        origins('*')
        resource '*',
          :headers => :any,
          :methods => [:get, :post, :put, :delete, :options]
      end
    end
  

Learn about Cross Site Scripting!

The AJAX Cookie Problem

by default

jQuery

does not

send cookies

with AJAX requests

withCredentials to the rescue!



  // send cookies with AJAX requests
  $.ajaxPrefilter( function( options, originalOptions, jqXHR ) {
    options.xhrFields = { withCredentials : true };
  });
  

Yay!

Yay!

Wrap Up

Wrap Up

  • Understand your requirements
  • Set up authentication
  • Get ready for deployment
  • Enjoy your SOA!

Thanks For Watching!

@jagthedrummer

jeremy@octolabs.com

http://www.octolabs.com/