26 Nisan 2020 Pazar

WHAT IS REST?

                                   What is REST?

REST stands for Representational State Transfer.
It is an architectural style that facilitates systems to communicate with each other by providing certain standards on the web. It can also be said that REST is a communication approach that is frequently used in various web developments as well as architectural style.  

Let's say you want to go to the required cinema. You enter the website of a cinema company that has branches in different places over the Internet. There is always a lot of data that is changing, such as movies on display, different cities, movie session hours. Of course, we receive this data as a request to the server and a response to the client. The client requests the information from the server through an API, and then the server sends a response to the client.  Here, the response sent to the client is in the form of an HTML Web Page. However, we prefer that this data be returned in JSON, XML, etc. structured formats rather than complex HTML returns. Both JSON and XML formats have an appropriate hierarchical structure of the data. However, the only problem available so far in this framework is that you need to use many methods to obtain the necessary information. Using these methods to get information becomes quite complex when you need complex data. It is much faster to get data or manipulate it in various formats (XML, JSON, HTML, TEXT etc.).  This is where the REST API comes into play. The REST API creates an object and then sends the values of an object in response to the client. Here you have an object and you submit the status of an object. That is why it is known as the REST Representative State Transfer. 
The REST architectural structure has 6 limitations:
  1. Client-server architecture
  2. Statelessness
  3. Cacheability
  4. Layered system
  5. Code on demand (optional)
  6. Uniform interface

If an API has all the limitations of the REST architecture, then it is called the RESTful API.

NOTE: REST API Request can be used by any site or application, regardless of what language it is written because it is based on the universal HTTP protocol and is usually returned in JSON format, where almost all programming languages can be read.

In the REST architectural style, the implementation of the client and the implementation of the server can be done independently, each unaware of the other. This means that the code on the client-side can be changed at any time without affecting the operation of the server, and vice versa. As long as each party knows which format to send messages to the other, they can be kept modular and separate. Also, this separation process allows each component to develop independently. Using a REST interface, different clients can hit the same REST endpoints, perform the same actions, and receive the same responses. As you understand, the systems that follow the REST paradigm are stateless, and also, the server does not need to know anything about the client's state. In this way, both the server and the client can understand received messages without seeing previous messages. This stateless constraint is implemented using resources rather than commands. In REST, server-side information is considered a resource where developers can access web URIs uniformly using HTTP.

REST APIs allow developers to create any type of web application to perform CRUD operations (Create, Read, Update, Delete). According to the REST directives, it is necessary to use Web HTTP methods to call the server. Here are the four most important HTTP methods to obtain the necessary resources from the server and their equivalent CRUD operations : 


In the REST architecture, clients send requests to retrieve or replace resources, and servers send responses to these requests.


The Anatomy of A Request

  1. The Endpoint 
  2. The Method
  3. The Headers
  4. The Data (or body)


Endpoint
Is the URL you requested. 
Is the starting point of the API you requested.

In this article, we will use the command-line utility called cURL. We will use cURL because API documents are normally written concerning cURL. If you understand how to use CURL, you won't have trouble understanding API documentation. Then, you can easily fulfill your requests with your preferred language. 

Check your curl version first:
curl --version

If cURL is not installed, you will receive a "command not found" error.  Install cURL :
 sudo apt install curl

When using cURL, you must type cURL followed by the desired endpoint. For example, let's do this for Github:
curl https://api.github.com

you will get such an output :




The Method

The method is the type of request you send to the server. You can choose from these five types below:
  • GET
  • POST
  • PUT
  • DELETE
  • PATCH
These methods provide meaning for the request you’re making. They are used to perform four possible actions: Create, Read, Update and Delete (CRUD). 
You have seen their correspondence in the table above.









You can set the request method in cURL by writing -X or --request, followed by the request method. This command below tries to create a repository via cURL:

curl -X POST https://api.github.com/user/repos
you will, of course, have to verify identity when you try to run this request.



The Headers

Headers are used to provide information to both the client and server. It can be used for many purposes, such as authentication and providing information about the body content.
HTTP Headers are property-value pairs that are separated by a colon. The example below shows a header that tells the server to expect JSON content :

"Content-Type: application/json". Missing the opening ".

You can send HTTP headers with the curl with the option -H or --header. For example, let's send the header above to Github's API:

curl -H "Content-Type: application/json" https://api.github.com

You can use the -v or --verbose option to send the request, for example:

curl -H "Content-Type: application/json" https://api.github.com -v




The Data (or Body)

The data (sometimes called “body” or “message”) contains information you want to be sent to the server. This option is used only in POST, PUT, PATCH or DELETE requests.

To send data through cURL, you can use the -d or --data option:
curl -X POST <URL> -d property1=value1









https://www.smashingmagazine.com/2018/01/understanding-using-rest-api/

15 Nisan 2020 Çarşamba

HTTP Cookies and Sessions


                         What is HTTP COOKIES? 


        HTTP cookies are used to display information about the user, such as the date, time, websites accessed, browser selections on a website. The HTTP cookie (also known as a web cookie, Internet cookie, browser cookie, or just cookie) is a small piece of data, up to the maximum 4KB size, that is sent from that site to the user's browser and stored on the computer.

   Cookies are created and shared between the browser and the server using the HTTP header. As we all know, HTTP stateless is a protocol. HTTP cookies help the server to remind the status of these websites that the client has previously visited. It provides an individualization for the user. For example, you have logged into your mail account. After doing your work, you logged out and did not press the Remember me button either. When you want to log in to your mail again later, the web server can send a cookie containing the last used mail address information to log in. This way, your mail can be filled in automatically the next time you sign in. The server encodes the preferences in a cookie and sends the cookie back to the browser, so that each time the user accesses a page on the website, the server can personalize the page according to the user's preferences.

It is not efficient to allocate most of the server-side to anonymous clients, as many clients can visit the site only once. For this reason, it is preferred to store cookies on the client rather than on the server. 

      Cookies are mainly used for three purposes: 

-Session management:
Logins, shopping carts, game scores, or anything else the server should remember 

-Personalization:
User preferences, themes, and other settings

-Tracking:
Recording and analyzing user behavior

Now, let's make a simple application
When we log in to a site, our name, or our e-mail address, appears automatically when we next log in. Let's do an example with Flask to see this.
We will get name information from the user .
"The name you entered is registered this way" will return when the user refresh the page.

I saved this app.py:
#/usr/bin/python
# -*- coding: UTF-8 -*-
from flask import Flask,request, render_template,redirect, url_for, flash, make_response
app = Flask(__name__)

@app.route('/', methods=['GET', 'POST'])
def index():
    name = None
    if request.method == 'POST':
        name = request.form['name']
        res = make_response("The name you entered is registered this way.")
        res.set_cookie("name", name, 60*60*24*15)
        return res

    if not request.cookies.get('name'):
        return render_template('index.html', name=name)
    else:
        return render_template('index.html', name=request.cookies.get('name'))

@app.route('/delete/')
def delete_cookie():
    res = make_response("Cookie Removed")
    res.set_cookie('name', '', expires=0)
    return res

if __name__ == '__main__':
    app.run(debug=True)
Run this commands in the same directory with this code we wrote.

$mkdir templates
$cd templates

Now, create  index.html
<html>
  <head>
    <title>Cookie Test</title>
  </head>
  <body>
    <div class="container">
      <form action="" method="post">
        <input type="text" placeholder="Name" name="name" value="{{ request.form.username }}">
        <input class="btn btn-default" type="submit" value="Submit">
      </form>
      {% if name %}
        <p class="Name"><strong>Name:</strong> Adınız {{ name }} olarak kayıtlı.
      {% endif %}
    </div>
  </body>
</html>

And run this commands:

$export FLASK_APP=app.py
$flask run

This application will run at localhost:5000



You will see a page like this. Enter name and click submit















And refresh the page



Now, delete the cookie from localhost:5000/delete





Cookies are considered extremely insecure, as the user can easily change their content. For this reason, you should always verify the cookie data.


             So are cookies really safe? Is our personal data protected?


Cookies are harmless on their own. Cookies can store a wealth of data, enough to potentially identify you without your consent. When you search for a seat to get home on the Internet, and then on an irrelevant website, you will see the advertisement for that seat and similar products.  Cookies are the primary tool that advertisers use to track your online activity so that they can target you with highly specific ads. Given the amount of data that cookies can contain, they can be considered personal data(when cookies can identify an individual via their device, it is considered personal data) in certain circumstances and, therefore, subject to the GDPR

Things get complicated when data provided by users are served to third-party websites. The user should always be informed of the storage or monitoring mechanisms used. Although browsers allow you to delete or decline cookies, many sites do not accept it. Technologies like Evercookie recreate cookies even if they are deleted.

The GDPR now requires users to accept cookies stored on their computers. Cookie storage is legal only if the website or company tells the user how to use their data. However, there are many ways to circumvent a user's choices.
Persistent cookies can retrieve their information after deleting a user's cookies. The files are recreated and can continue to inform websites about user activities without their consent.

Deleting cookies is a deliberate act and should, therefore, be respected.

Persistent Cookies like Evercookies, Super Cookies, and Cookie Forever will no longer be available in digital space in 2019. The new cookie law and the EU's GDPR have now made permanent cookies illegal, and companies that use them will receive huge penalties.





Cookies are used by the server to implement sessions. Usually an application's cookie contains an identifier for a session.

                      What is HTTP SESSION ?


       While shopping on a shopping site, you can browse many products and add more than one product to your cart. When you want to complete the shopping, you will see all the products in your cart. But HTTP stateless is a protocol and how do you say that? 
      
     Cookies or URL parameters are convenient ways to move data between 2 or more requests. However, if you don't want the data to be readable/editable on the client-side, you need to do something else if you want it to be safe.

    It can act as if it maintains an ongoing connection with the server, with an HTTP stateless protocol and help from your browser. It enables the servers to recognize the clients by having the server send a unique token to the client and sending it back to the server as part of the client every time the client requests it. Each time the client requests this server, the client adds this token as part of the request, allowing the server to identify the clients. The mechanism of transferring the session ID back and forth between the client and the server creates a permanent connection feeling between requests.

    Sessions are a temporary and interactive exchange of information between two or more communication devices or between a computer and the user. A session is established at a specific time. A session creates a file on the server where session variables and values ​​stored in a temporary directory are stored. This data can be used by all pages on the site during the visit. After the user closes the browser or leaves the site, the server ends the session after a predetermined time (usually 30 minutes). Session data is automatically deleted.

 Sessions use the cookie as a kind of key to associate it with data stored on the server-side. Sessions store your login information on servers, unlike clients. So it is safer than cookies. Sessions also create and send cookies to your computer, but the cookie sent in this session event is sent encrypted.

A session identifier, session ID or session identifier is a piece of data used in network communication (usually over HTTP) to identify a session, a series of related message exchanges. Session identifiers become necessary when they use a stateless protocol such as HTTP. For example, a user who has access to a shopping site wants to collect several items in a virtual shopping cart and then go to the site's payment page to complete the shopping.  This usually involves continuous communication, where several web pages are requested by the client and sent back to them by the server. It is necessary to track the current user and status of the shopping cart, and a session ID helps us with this.


Usually, on your first visit to a website, you are given a session ID. So what is session ID?

  Each session is assigned a unique ID used to retrieve the stored values. When a session is created, a cookie containing the unique session ID is stored on the user's computer and returned with each request to the server. The login ID can be stored as a cookie, form field, or URL.

Sessions have a relatively large data storage capacity compared to cookies











6 Nisan 2020 Pazartesi

HTTP Request Header: User-Agent


         What is the HTTP Request Header: User-Agent?

     HTTP headers User-Agent is a request header that allows network protocol peers to be introduced to the server as a characteristic string when you request a website, such as Browser, Operating System, IP address.

In 2020, Google announced that they would be phasing out support for the User-Agent header in their Google Chrome browser. Google explained that its goal it to provide a healty compromise to give its developers the information they may need and still respect one's privacy. They stated that other major web browser vendors were supportive of the move, but that they did not know when other vendors would follow suit. Before the deprecation of the User Agent string, Chrome will introduce a new feature called User Agent Client Hints or UA-CH. Simply put, UA-CH will provide all of the same information that the User Agent string provides today, but each portion of the data must be explicitly asked for and approved by the browser. At the start, there are no protections on this information, but it will be simple for a browser to detect and block any unnecessary UA-CH requests.


         How User-Agent Works?

      User-Agent transmits the information such as browser, operating system, IP address as a string to the server. When the browser you are using brings a website to you, it identifies itself as a medium and your browser sends the user-agent ID and the information it holds about the device and network it is working on as a set of data. This event takes place on every website you enter.
When your browser connects to a website, a user-agent field opens in the HTTP header.




To give an example;


                                                               



Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/537.36 (KHTML, like 











Gecko) Chrome/51.0.2704.84 Safari/537.36























Breaking the example down, we get the following information:



















































The user-agent application is Mozilla version 5.0, or a piece of software compatible with it.
























The operating system is OS X version 10.2.2 (and is running on a Mac)















The client is Chrome version 51.0.2704.84













The client is based on Safari version 537.36



















The engine responsible for displaying content on this device is AppleWebKit version 537.36





























(And KHTML, an open-source layout engine, is present too)































    




























  




 After tge User-Agent introduces itself to the web server, the web server uses this information to























provide web pages suitable for different browsers and different operating systems. The web server 


























can edit the page design according to its user-agent string, return a web page version. This 
























information provided by  user-agent is used by websites for improving user experience, customization

























and higher performance on web sites.





















































Now, lets get the desktop view for Android in Firefox using the User-Agent. I will adjust the desktop 























view of my browser on my computer. For this, I go to whatu.info site. This website directly displays























your information such as your IP address, User-Agent ID, location etc.





























My User-Agent :  Mozilla/5.0 (X11; Lİnux x86_64) AppleWebKit/537.36   (KHTML, like Gecko)
























Ubuntu Chromium/80.0.3987.149  Chrome/80.0.3987.149 Safari/537.36
















































































Step1: Open the Firefox for Android  and let's go to www.google.com










           









   



















































































































Step2: In the Firefox address bar, type "about:config" and press Enter.
































































































Step3:  Click on + icon.

















































































Step4: For name, enter "general.useragent.override" , for type enter "String"  and for value, enter the




















browser user-agent string you want to use.




















































































Step5: Restart Firefox and confirm that web sites are loading the desktop versions.











































































 








    







 






    Basic Example with Flask


















































      Now,  Let's make a simple example with Flask. What is Flask and how to set it up?






















      We will create an HTTP server and print the browser information according to the user-agent















 

information of the user.





























If the user uses Chrome as a browser, let's write Chrome on the screen.



















If the user uses Firefox as a browser, let's write a Firefox on the screen.





















       



















 I saved this code as server.py .  It will work running on  http://127.0.0.1:5000/


























         







 
#/usr/bin/python

from flask import Flask,request
import httpagentparser
app = Flask(__name__)

import logging
logging.basicConfig(format="%(asctime)s | %(name)s | %(message)s", level=logging.INFO)
LOG = logging.getLogger('simple-example')

@app.route('/')
def detectBrowser():
    agent = request.environ.get('HTTP_USER_AGENT')
    browser =httpagentparser.detect(agent)
    if not browser['platform']['name']:
        browser = agent.split('/')[0]
    else:
        browser = browser['browser']['name']

    return browser

LOG.info("Starting HTTP server...")
try:
        app.run(host='0.0.0.0')
except KeyboardInterrupt:
        LOG.info("Exit requested")
        worker.close()


if __name__ == '__main__':

 app.run(debug=True)
















 























    To run, we make ;



























   




       $ export FLASK_APP=server

















     
       $ flask run
























 


     to the console and the connect to localhost:5000

























































     Note that you can also send request with curl. You will see that it says curl on the console.