More with Three-Tiered Design
Last month, we began our investigation of three-tiered design for our web applications. By separating the database server from the web application itself by means of a “middleware” object layer, we simplify the logic in our web applications. Furthermore, by adding an abstraction layer between our web application layer and our database layer, we gain the ability to use the same middleware in non-web applications, as well as the possibility of changing the back end without telling the web application.
By the end of last month's column, we had implemented a simple middleware layer that could communicate with the People and Appointments tables we created in a PostgreSQL database. This month, we will briefly look at some web applications we can develop using these objects. You will see that at no time does our web layer directly access the relational database; the SQL is all contained within the objects.
In an ideal universe, we could create the web application layer using any language or technology we might want, communicating with the middleware layer using a universally agreed-to protocol. However, the world is not quite as advanced as we might like, and our choice of an object layer forces our hand when choosing a web application environment.
We created our objects in Perl, so we will need to use Perl to implement our web application. To avoid the overhead associated with CGI programs, and because we can get a great deal more power by tapping into the mod_perl module for Apache, we will use Mason, the Perl-based template and development application environment that we looked into last year. Each Mason component is compiled as necessary into a Perl subroutine, which is then compiled into Perl opcodes. These opcodes are then cached in the mod_perl module inside of Apache, where they can be executed at a much faster rate than would be possible using CGI.
Our first web application example will allow us to add a new person to our database. This will require two Mason components: an HTML form (which could equally well be a static form) and one which attempts to add a new person to the database. In order to accomplish this, we will use the middleware People object, which connects to the database for us and attempts to store a new row in the database. Simple versions of these two components are shown in Listings 1 and 2. These listings are too long to print here; they are available at ftp.linuxjournal.com/pub/lj/listings/issue82. The HTML form (add-person-form.html) submits its name-value pairs to add-person.html. The latter creates an instance, People, then invokes the new_person method to create a new person:
my $success = $people->new_person (first_name => $first_name, last_name => $last_name, country => $country, email => $email);
If $success is true, we know that a new person was added to the database with the arguments that we passed to $people->new_person. Otherwise, we know that the invocation has failed.
However, this is a very crude way of determining whether things have succeeded or failed; rather than present users with an all-or-nothing proposition, it would be nice to tell them what they did wrong so that they can fix the problem. If a hung database process produces the same error message as does an attempt to add a second person with the same e-mail address, it will be hard for anyone to solve the problem.
Thus, the solution is for our web application to check its inputs before passing them to the middleware layer. The more such checks we can insert into our code, and the more application-level error messages we can display, the better.
Our add-person.html component performs two basic checks that demonstrate this: It uses Mason's <%args> section to require that each of the potential arguments has been passed. An HTML form that tries to submit its values to add-person.html must provide each of the listed form elements, or Mason will refuse to honor the request and print a stack trace describing what went wrong. End users won't see this error if they make a mistake filling out the form, but you'll see it if you leave required <input> tags out.
Once our Mason component executes, we can thus be sure that we have at least received the appropriate name-value pairs. But do they contain legal values? In an “unless” statement at the top of add-person.html, we check that we received non-empty values for the four parameters that we will use in our invocation of $people->new_person. If any of them are missing, a message is displayed telling the user what is expected.
To be even safer, we also check that the e-mail address looks relatively valid. The regular expression in Listing 2 will not match all e-mail addresses, but it is good enough for the purposes of this simple example. Users who try to pass an invalid e-mail address are shown an error message that tells them what to change.
Once we can be sure that the values are relatively sane, we can then invoke $people->new_person. Notice how add-person.html manages to do all of this without ever talking directly to the database. DBI is obviously taking an active role in each invocation of $people->new_person, but that happens behind the scenes, and our Mason components don't need to concern themselves with it. This means that if the People object has been thoroughly debugged, there should not be any chance of encountering SQL errors.
|Android Candy: Copay—the Next-Generation Bitcoin Wallet||Sep 03, 2015|
|The True Internet of Things||Sep 02, 2015|
|September 2015 Issue of Linux Journal: HOW-TOs||Sep 01, 2015|
|September 2015 Video Preview||Sep 01, 2015|
|Using tshark to Watch and Inspect Network Traffic||Aug 31, 2015|
|Where's That Pesky Hidden Word?||Aug 28, 2015|
- The True Internet of Things
- Using tshark to Watch and Inspect Network Traffic
- Android Candy: Copay—the Next-Generation Bitcoin Wallet
- Problems with Ubuntu's Software Center and How Canonical Plans to Fix Them
- September 2015 Issue of Linux Journal: HOW-TOs
- Firefox Security Exploit Targets Linux Users and Web Developers
- Concerning Containers' Connections: on Docker Networking
- Where's That Pesky Hidden Word?
- A Project to Guarantee Better Security for Open-Source Projects
- My Network Go-Bag