In the last couple of years several Mobile Backend as a Service (MBaaS) providers are hitting the market offering varying level of services and features. While those services are great to have backends for mobile and web apps ready in minutes and often without writing any server side code, those solutions are not always suitable in the enterprise context, where security and data privacy are key requirements. Moreover, most of the MBaaS on the market, while sharing similar features, such as User Management, Photo Collections, Custom Objects, Push Notifications and Social Network integration, often don't offer capabilities of connecting to existing data.
In this workshop, we introduce two open source platforms, DreamFactory and LoopBack, that permit to create custom Backends on your data center or in your own cloud hosting. This allows a company to use the same deployment and management practices that they are already using for other applications. They don?t need to trust external MBaaS providers that could have potentially access to their data.
In particular, we illustrate how those platforms permit to securely expose existing data coming from different source, building CRUD REST APIs to be consumed by mobile clients and HTML5 web apps. Data sources could be relational or non-relational database or in turn other REST APIs, with the ability to create relations and associations between them. Additionally API access can be restricted with user authentication and authorization implementing Access Control Lists.After demoing the two platforms, we will provide a comparison between them.
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Building Enterprise Mobile Backends with Open Source Platforms
1. Building Enterprise Mobile Backends
with Open Source Platforms
Antonio Calanducci
http://www.etnatraining.it
2. www.etnatraining.it
Agenda
!
Overview of mBaaS features
Enterprise requirements for mobility
DreamFactory, the open source REST API
platform
Demo
Build your own mobile backend with LoopBack
Demo
3. www.etnatraining.it
About me
Founder of EtnaTraining
Appcelerator Training Partner
Titanium Certified Instructor / Developer
Tecnologyst@National Institute of Nuclear Physics
and contract professor@University of Catania, Italy
Consultant at World Food Programme, Rome
@tcaland
antonio@etnatraining.it
4. www.etnatraining.it
BaaS Overview
Acronym of “Backend as a Service”
APIs that offer a set of predefined services out of
the box for application developers
Example of services:
Users, Files, Collections, Custom Objects,
Email, Photos, Social Integrations, Analytics
Push Notifications, Locations, Geofencing (m)
mBaaS: m stands for “mobile”
5. www.etnatraining.it
Benefits of mBaaS
Reduce server side coding (or in some simpler
cases, eliminate)
developers can focus on front-end development;
faster schedules
often providers offer SDKs that wrap REST API
calls and handle in/out parameters:
both HTML/JS and native (iOS, Android,
Windows Phone)
No server setup hassle, ready to use
Deployed on the cloud, with built-in scalability
6. www.etnatraining.it
Popular mBaaS providers
Parse (acquired by Facebook)
JSON Objects, Social, Local Datastore, Custom server-side
login, Push
20Gb storage/2TB transfer/1M recipients/30req/s
Kinvey
AuthLinks/OAuth/Data encryption
100 active users/2Gb/5M push-emails
Appcelerator Cloud Services (ACS)
20built-in services, 5M API calls per month, 20Gb, 250k API
calls per day, Custom Server-side with Node.js
7. www.etnatraining.it
Commercial mBaaS for enterprise?
Generally data backed on NoSQL db
Enterprise requirements:
generally uses SQL db
integrate with legacy databases
access (structured) relational data with ACLs
Biggest problems: data privacy
where data is stored? who has access to it? is
data replicated? disaster recovery plans
Data lock-in
9. Build your OWN mBaaS
and deploy it on-premises
(or your virtual private cloud)
10. www.etnatraining.it
DreamFactory: enter the Service Platform
Provides access to backend services through a
standard REST APIs to:
local and remote SQL Services
storage services
NoSQL databases
No lock-in:
backend can be swapped while app is running or
switched easily from development, test,
production environments
no need to recode client apps
11. www.etnatraining.it
Cloud Lock-in
The API Jungle!
Developer!
Different interfaces, security
models, and!
user permissions!
NoSQL!
IaaS!
SQL!
External!Storage!
PaaS!
13. www.etnatraining.it
DreamFactory: features
Open Source
PHP/Symphony/Angular.JS
Deployable in the Cloud or on-premises
Amazon/VMWare/Azure VMs, BitNami installer
Packages for Linux Distros (RedHat, Ubuntu, Debian)
User management, user roles and permissions, and
secure password hashing
Flexible access control over applications, services, files,
and database CRUD permissions
14. www.etnatraining.it
DreamFactory: features
Supported SQL DBs:
MySQL, PostgreSQL, MSSql (Oracle soon)
Supported NoSQL DBs:
MongoDB, CouchDB, DynamoDB, Azure Tables
Storage Supported:
Amazon S3, LocalStorage, OpenStack, Azure BLOB
External WebService (SOAP/REST), OAuth supported with
Portal Service
Custom server side scripts with JavaScript (V8 engine)
16. www.etnatraining.it
DreamFactory: client SDK
Native Mobile Clients:
iOS, Android, Windows 8
HTML5/JavaScript
AngularJS, Sencha, jQuery, PhoneGap/Cordova
Titanium SDK since version 1.5
Titanium Classic, wrapper over HTTP with Promises
18. www.etnatraining.it
Getting started with DreamFactory
Download the Bitnami installer or VM images at:
https://bitnami.com/stack/dreamfactory
or sign up for the Free Hosted Edition at:
https://www.dreamfactory.com/user/register
Open you browser at:
http://localhost:8080
and login to the DSP LaunchPad with your admin credentials
Create a new App, create a new Table (Schema panel), populate the
table (Data panel), browse the table via API/SDK panel
!
19. www.etnatraining.it
DSP REST APIs
Create an User and a Role, assign the Role to the created App and assign the
Database service to the Role
Login the user with:
curl -X POST -d '{"email": "pippo@email.com", "password": "pippo1234"}'
http://localhost:8080/rest/user/session?app_name=Todo
Keep note of the returned session_id
Fetch all the records with:
curl -H "X-DreamFactory-Session-Token: 8rena0119llqjagvfdn08kh6f2"
http://localhost:8080/rest/db/todo2?app_name=todo
Add some records with:
curl -X POST -H "X-DreamFactory-Session-Token:
8rena0119llqjagvfdn08kh6f2" -d '{"title":"new todo", "location": "somewhere",
"completed": false}' http://localhost:8080/rest/db/todo2?app_name=todo
20. www.etnatraining.it
Access your existing SQL DB
Create a new service of type Remote SQL DB
API name is the REST endpoint
Set the Username and Password to your DB
Set the connection string to the DB:
mysql:host=localhost;dbname=etnatraining.it
Add the new created services to the previous created Role
Access your DB through REST APIs:
curl -H "X-DreamFactory-Session-Token:
gpapq4itp198g6c38sk3gvr9j3" ‘http://localhost:8080/rest/
etna/wp_posts?
app_name=Todo&limit=1&post_type=feedback'
21. www.etnatraining.it
Titanium DreamFactory
Simple wrapper over DSP REST APIs available here:
https://github.com/dreamfactorysoftware/titanium-dreamfactory
Use JS Promises to avoid callback hell
Provided as a Common.JS module:
include dreamfactory.js and Promises.js
A simple GET request looks like this:
!
22. www.etnatraining.it
Trainees app
Simple Titanium Alloy App that fetches Trainees that attend to
EtnaTraining classes on Titanium
DSP used to access the www.etnatraining.it
WordPress backend
Source code available at:
https://github.com/EtnaTraining/Trainees
!
23. www.etnatraining.it
DreamFactory features
App hosting for HTML5 apps
Lookup keys
Connect to existing users in SQL or NoSQL
Server Side Filters
Fine grained table permissions based on user, role, application
Server side events
events can trigger custom scripts on select, update, insert, delete,
describe
!
!
24. www.etnatraining.it
LoopBack
Open Source API framework powered by Node.js
Made by StrongLoop
Developers of a commercial version of Node.js with
clustering and monitoring support
contributors to Node.js and several npm packages
Allows to create REST APIs on top of enterprise data
Provides built-in services to handle:
Push Notifications, Geolocation, Offline replication and
synchronization, File Storage
25. www.etnatraining.it
LoopBack Models
REST APIs are based on Models
defined based on existing schema (both relational and no
relational)
open model (free form)
can be discovered automatically
can be synchronized if developer change model definition
can be defined in code with JavaScript APIs (both in the
client and in the server, isomorphic JS) and/or in JSON file
with LDL (LoopBack Definition Language)
28. www.etnatraining.it
LoopBack features
Model relations support
define hasMany, belongsTo, hasAndBelongsToMany
relationships
User authentication and authorization for models:
oAuth user and registration models
Fine grained Role-based access control list
offline support and data replication (new!)
custom remote method definition with events
30. www.etnatraining.it
Getting started with Loopback
Install with npm:
npm install -g strong-cli
Create a LoopBack project
slc lb project mybackend
Create a model interactively
cd mybackend
slc lb model todo -i
slc lb model anything
(free form model)
Run your loopback app:
node app
Browse your REST API at:
http://localhost:3000/
explorer
31. www.etnatraining.it
Let’s play with the REST APIs
Our todos model is available at:
http://localhost:3000/api/todos
Create some todo model instances:
curl -X POST -H "Content-Type:application/json" -d
'{"title": "Buy the milk", "location": "Amsterdam",
"completed": false}' http://localhost:3000/api/todos
Retrieve all the completed todos:
GET to http://localhost:3000/api/todos?filter[where]
[completed]=true
curl 'http://localhost:3000/api/todos?filter%5Bwhere
%5D5Bcompleted%5D=true'
32. www.etnatraining.it
Make the model instances persistent
Create a datasource:
slc lb datasource mylocaldb --connector mysql
Install the loopback-connector-mysql
npm install loopback-connector-mysql
Edit the datasources.json:
!
Change models.json and set:
"dataSource": "mylocaldb"
PS: You have to had previously created the todo table into the db
33. www.etnatraining.it
Model discovery from SQL db
Loopback provides methods to create model from existing data:
Create first the datasource in datasources.json:
!
Call the method discoverSchema() or discoverAndBuildModels() on
the defined datasources:
run discovery.js:
!
!
node discovery.js >> wp_posts.json
add the discovered models to models.json
34. www.etnatraining.it
Some query example with filters
Limit the number of entries
http://localhost:3000/api/WpPosts?filter[limit]=5
Select only given fields:
http://localhost:3000/api/WpPosts?filter[fields]
[postContent]=true&filter[fields]
[postTitle]=true&filter[limit]=20
Select only fields with a given value:
http://localhost:3000/api/WpPosts?filter[where]
[postType]=feedback&filter[limit]=3
35. www.etnatraining.it
Model synchronization with SQL db
We have seen how to access pre-existing data on SQL DBs
But we can also define new models and Loopback can create or
update DB schema for us:
Define the datasource
Define the new schema
(you can also in code)
call the ds.automigrate() method
WARNING: if the schema already
exists in the DB, it will be dropped
and all data lost
36. www.etnatraining.it
Model synchronization with SQL db
We can also alter the model without destroying existing data, if we
change our Model:
Define the datasource
Define the new schema
(this can also be done in code)
call the ds.autoupdate() method
Loopback will calculate the
differences between the new model
and table schema definition
37. www.etnatraining.it
Loopback SDKs
Native Mobile SDKs:
iOS (Objective-C), Android (Java)
Browser SDKs:
Angular.JS (isomorphic LoopBack)
REST APIs
Titanium SDK?
Option 1: Use the REST API
Option 2: Alloy Wrapper (in progress) made by Aaron Saunders:
https://github.com/aaronksaunders/strongloopAlloy
38. www.etnatraining.it
DreamFactory vs LoopBack
DreamFactory LoopBack
No code required
CLI helps, but definitively
required
Super easy to use
Learning curve can be quite
steep
customization is limited (server
side scripts/events)
great customization of your
REST API: it’s a platform and
you build an app
Classical Horizontal scaling if
you deploy on the Cloud
(OpenShift)
easy to scale and monitor with
StrongLoop cluster support and
StrongOps
Currently not supported, but
soon available
Provide specific mobile
services: cross-platfom push
notification, geolocation