Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying Hands-On RESTful Web Services with Go
  • Table Of Contents Toc
Hands-On RESTful Web Services with Go

Hands-On RESTful Web Services with Go - Second Edition

By : Yellavula
1.8 (4)
Buy this Book
close
close
Hands-On RESTful Web Services with Go

Hands-On RESTful Web Services with Go

1.8 (4)
By: Yellavula
Buy this Book

Overview of this book

Building RESTful web services can be tough as there are countless standards and ways to develop API. In modern architectures such as microservices, RESTful APIs are common in communication, making idiomatic and scalable API development crucial. This book covers basic through to advanced API development concepts and supporting tools. You’ll start with an introduction to REST API development before moving on to building the essential blocks for working with Go. You’ll explore routers, middleware, and available open source web development solutions in Go to create robust APIs, and understand the application and database layers to build RESTful web services. You’ll learn various data formats like protocol buffers and JSON, and understand how to serve them over HTTP and gRPC. After covering advanced topics such as asynchronous API design and GraphQL for building scalable web services, you’ll discover how microservices can benefit from REST. You’ll also explore packaging artifacts in the form of containers and understand how to set up an ideal deployment ecosystem for web services. Finally, you’ll cover the provisioning of infrastructure using infrastructure as code (IaC) and secure your REST API. By the end of the book, you’ll have intermediate knowledge of web service development and be able to apply the skills you’ve learned in a practical way.
Table of Contents (16 chapters)
close
close
close
Preface
Icon
Preface
Icon
Who this book is for
Icon
What this book covers
Icon
To get the most out of this book
Icon
Get in touch
1
Getting Started with REST API Development
Icon
Getting Started with REST API Development
Icon
Technical requirements
Icon
Types of web services
Icon
REST verbs and status codes
Icon
The rise of the REST API with SPAs
Icon
Setting up the project and running the development server
Icon
Building our first service – finding the fastest mirror site from a list
Icon
Open API and Swagger
Icon
Summary
Lock Free Chapter
2
Handling Routing for our REST Services
chevron up
Icon
Handling Routing for our REST Services
Icon
Technical requirements
Icon
Understanding Go's net/http package
Icon
ServeMux – a basic router in Go
Icon
Understanding httprouter – a lightweight HTTP router
Icon
Introducing gorilla/mux – a powerful HTTP router
Icon
SQL injection in URLs and ways to avoid them
Icon
Reader's challenge – an API for URL shortening
Icon
Summary
3
Working with Middleware and RPC
Icon
Working with Middleware and RPC
Icon
Technical requirements
Icon
What is middleware?
Icon
Multiple middleware and chaining
Icon
Painless middleware chaining with Alice
Icon
Using Gorilla handlers middleware for logging
Icon
What is RPC?
Icon
JSON-RPC using Gorilla RPC
Icon
Summary
4
Simplifying RESTful Services with Popular Go Frameworks
Icon
Simplifying RESTful Services with Popular Go Frameworks
Icon
Technical requirements
Icon
Introducing go-restful – a REST API framework
Icon
SQLite3 basics and CRUD operations
Icon
Building a Metro Rail API with go-restful
Icon
Building RESTful API with the Gin framework
Icon
Building a RESTful API with revel.go
Icon
Summary
5
Working with MongoDB and Go to Create a REST API
Icon
Working with MongoDB and Go to Create a REST API
Icon
Technical requirements
Icon
Introduction to MongoDB
Icon
Installing MongoDB and using the shell
Icon
Introducing mongo-driver, an official MongoDB driver for Go
Icon
RESTful API with gorilla/mux and MongoDB
Icon
Boosting the querying performance with indexing
Icon
Designing MongoDB documents for a delivery logistics API
Icon
Summary
6
Working with Protocol Buffers and gRPC
Icon
Working with Protocol Buffers and gRPC
Icon
Technical requirements
Icon
Introduction to protocol buffers
Icon
Protocol buffer language
Icon
Compiling a protocol buffer with protoc
Icon
Introduction to gRPC
Icon
Bidirectional streaming with gRPC
Icon
Summary
7
Working with PostgreSQL, JSON, and Go
Icon
Working with PostgreSQL, JSON, and Go
Icon
Technical requirements
Icon
Discussing PostgreSQL installation options
Icon
Introducing pq, a pure PostgreSQL database driver for Go
Icon
Implementing a URL-shortening service using PostgreSQL and pq
Icon
Exploring the JSONStore feature in PostgreSQL
Icon
Summary
8
Building a REST API Client in Go
Icon
Building a REST API Client in Go
Icon
Technical requirements
Icon
Plan for building a REST API client
Icon
Basics for writing a command-line tool in Go
Icon
Cobra, an advanced CLI library
Icon
grequests a REST API package for Go
Icon
Getting comfortable with the GitHub REST API
Icon
Creating a CLI tool as an API client for the GitHub REST API
Icon
Using Redis to cache the API data
Icon
Summary
9
Asynchronous API Design
Icon
Asynchronous API Design
Icon
Technical requirements
Icon
Understanding sync/async API requests
Icon
Fan-in/fan-out of services
Icon
Delaying API jobs with queuing
Icon
Long-running task design
Icon
Caching strategies for APIs
Icon
Event-driven API
Icon
Summary
10
GraphQL and Go
Icon
GraphQL and Go
Icon
Technical requirements
Icon
What is GraphQL?
Icon
Over-fetching and under-fetching problems in the REST API
Icon
GraphQL basics
Icon
Creating GraphQL clients in Go
Icon
Creating GraphQL servers in Go
Icon
Summary
11
Scaling our REST API Using Microservices
Icon
Scaling our REST API Using Microservices
Icon
Technical requirements
Icon
What are microservices?
Icon
Monoliths versus microservices
Icon
Introducing Go Micro, a package for building microservices
Icon
Adding logging to microservices
Icon
Summary
12
Containerizing REST Services for Deployment
Icon
Containerizing REST Services for Deployment
Icon
Technical requirements
Icon
Installing the Nginx server
Icon
What is a reverse proxy server?
Icon
Deploying a Go service using Nginx
Icon
Monitoring our Go API server with Supervisord
Icon
Makefile and Docker Compose-based deployment
Icon
Summary
13
Deploying REST Services on Amazon Web Services
Icon
Deploying REST Services on Amazon Web Services
Icon
Technical requirements
Icon
Basics for working with AWS
Icon
IaC with Terraform
Icon
Why is an API Gateway required?
Icon
Introducing Amazon API Gateway
Icon
Other API Gateways
Icon
Summary
14
Handling Authentication for our REST Services
Icon
Handling Authentication for our REST Services
Icon
Technical requirements
Icon
How simple authentication works
Icon
Introducing Postman, a visual client for testing a REST API
Icon
Persisting client sessions with Redis
Icon
Introducing JWT and OAuth2
Icon
JWT in an OAuth2.0 workflow
Icon
Exercise
Icon
Security aspects of an API
Icon
Summary
15
Other Books You May Enjoy
Icon
Other Books You May Enjoy
Icon
Leave a review - let other readers know what you think

SQL injection in URLs and ways to avoid them

SQL injection is a process of attacking a database with malicious scripts. If one is not careful when defining URL routes, there may be an opportunity for SQL injection. These attacks can happen for all kinds of REST operations. For example, if we are allowing the client to pass parameters to the server, then there is a chance for an attacker to append an ill-formed string to those parameters. If we are using those variables/parameters directly into an SQL query executing on our database, it could lead to a potential vulnerability.

Look at the following Go code snippet that inserts username and password details into the database. It collects values from an HTTP POST request and appends raw values to the SQL query:

username := r.Form.Get("id")
password := r.Form.Get("category")
sql := "SELECT * FROM article WHERE id='" + username + "' AND category='" + password + "'"
Db.Exec(sql)

In the snippet, we are executing a database SQL query, but since we are appending the values directly, we may include malicious SQL statements such as -- comments and ORDER BY n range clauses in the query:

?category=books&id=10 ORDER BY 10--

If the application returns the database response directly to the client, it can leak information about the columns the table has. An attacker can change the ORDER BY to another number and extract sensitive information:

Unknown column '10' in 'order clause'

We will see more about this in our upcoming chapters where we build fully-fledged REST services with other methods, such as POST, PUT, and so on:

Now, how to avoid these injections. There are several precautions:

  • Set the user level permissions to various tables in the database
  • Log the requests and find the suspicious ones
  • Use the HTMLEscapeString function from Go's text/template package to escape special characters in the API parameters, such as body and path
  • Use a driver program instead of executing raw SQL queries
  • Stop relaying database debug messages back to the client
  • Use security tools such as sqlmap to find out vulnerabilities

With the basics of routing and security covered, in the next section we present an interesting challenge for the reader. It is to create a URL shortening service. We provide all the background details briefly in the next section.

CONTINUE READING
83
Tech Concepts
36
Programming languages
73
Tech Tools
Icon Unlimited access to the largest independent learning library in tech of over 8,000 expert-authored tech books and videos.
Icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Icon 50+ new titles added per month and exclusive early access to books as they are being written.
Hands-On RESTful Web Services with Go
End of Section 2
Next Section
notes
bookmark Notes and Bookmarks search Search in title playlist Add to playlist download Download options
font-size Font size

Change the font size

margin-width Margin width

Change margin width

day-mode Day/Sepia/Night Modes

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Confirmation

Modal Close icon
claim successful
Order Page Read Now

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY

Submit Your Feedback

Modal Close icon
Modal Close icon
Modal Close icon