Web Development w/ Google’s Go (golang) Programming Language

Templates allow us to customize information for a use. This is how we get personalized webpages. Templates are the first thing you must learn to do web programming.

Go encourages the developer to think like a programmer. How can you solve this problem with programming? Could we create a webpage, and merge data with it, by just working with strings?

We are going to store our templates in their own files. It is customary practice to give these files a “.gohtml” extension. We will go through two steps to use our templates: (1) Parse (2) Execute. In this course, we will use ParseGlob and ExecuteTemplate. Package text/template is explained.

• steps

• PARSE the template

• EXECUTE the template

• performance

• always parse your templates upon application initialization

• do not parse your templates every time a user asks for a template

• *Template

• container that holds the parsed templates

• Quick Note

• Atom will require tweaking of keymap.cson to allow some plugins like Emmet to work on tab expansion

• 'atom-text-editor[data-grammar="text html gohtml"]:not([mini])':

'tab': 'emmet:expand-abbreviation-with-tab

• Will allow Emmet plugin to tab expand on files with the gohtml extension

When we execute our template, we can pass data into our template.

We can assign values to variables in templates.

ASSIGN

{‌{$wisdom := .}}

USE

{‌{$wisdom}}

This lecture provides you with examples of passing various data types to templates.

During execution functions are found in two function maps: first in the template, then in the global function map. By default, no functions are defined in the template but the Funcs method can be used to add them. Predefined global functions are defined in text/template.

Pipelines allow us to take the value which is output from one process or function, and pass it as the input to the next function. Also covered in this video: working with package time and formatting type Time in a template.

During execution functions are found in two function maps: first in the template, then in the global function map. By default, no functions are defined in the template but the Funcs method can be used to add them. Predefined global functions are defined in text/template.

When parsing a template, another template may be defined and associated with the template being parsed. Template definitions must appear at the top level of the template, much like global variables in a Go program. The syntax of such definitions is to surround each template declaration with a "define" and "end" action. Comments in templates are also covered.

In this lecture, we will pass data structures into templates. We will build our data structures using composition. FYI, from wikipedia though modified: Composition is the principle that types should achieve polymorphic behavior and code reuse by their composition (by embedding other types). An implementation of composition typically begins with the creation of various interfaces representing the behaviors that the system must exhibit. The use of interfaces allows this technique to support the Polymorphic behavior that is so valuable. Types implementing the identified interfaces are built and added as needed. Thus, system behaviors are realized without inheritance.

In this lecture, we will pass data structures into templates. We will build our data structures using composition. FYI, from wikipedia though modified: Composition is the principle that types should achieve polymorphic behavior and code reuse by their composition (by embedding other types). An implementation of composition typically begins with the creation of various interfaces representing the behaviors that the system must exhibit. The use of interfaces allows this technique to support the Polymorphic behavior that is so valuable. Types implementing the identified interfaces are built and added as needed. Thus, system behaviors are realized without inheritance.

Here are several hands-on exercises, with solutions, to help you learn how to pass data to templates.

Package html/template has all of the functionality of package text/template, plus additional functionality specific to HTML pages. In particular, package html/template has context aware escaping so that dangers like cross-site scripting are avoided.

Before we get started building our own server, there are several important things to know:

• synonymous terms in web programming

• router

• request router

• multiplexer

• mux

• servemux

• server

• http router

• http request router

• http multiplexer

• http mux

• http servemux

• http server

• client / server architecture

• request / response pattern

• like in restaurants

• OSI model

• HTTP runs on top of TCP

• HTTP is a protocol - rules of communication

• HyperText Transfer Protocol

• IETF sets recommendations for HTTP

• Request For Comment - RFC 7230 is for HTTP1.1

We can create our own tcp server using the net package from the standard library. There are three main steps: (1) Listen (2) Accept (3) Write or Read to the connection. We will use telnet to call into the TCP server we created. Telnet provides bidirectional interactive text-oriented communication using a virtual terminal connection over the Transmission Control Protocol (TCP).

We will now modify our TCP server to handle multiple connections. We will do this by using goroutines. We will also modify our TCP server to read from the connection. We will then contact our TCP server on port 8080 using our web browser. This will allow us to see the text sent from the browser to the TCP server and how this text adheres to HTTP (RFC 7230).

Now we are going to read and write from/to our connection.

We can use the net package to create a client which dials into our TCP server.

Here are two sample TCP server apps.

Here is how we build the foundation of a TCP server to handle HTTP requests and responses. This video also introduces a hands-on exercise.

This is the solution to the hands-on exercise of retrieving the URI and displaying it. The next hands-on exercise is also introduced.

This is the solution to the hands-on exercise of creating a TCP server that handles requests & responses adhering to HTTP. The server will respond with different code according the both the method and the URI.

The best entry point to understanding the net/http package is covered. It is essential to know the standards of HTTP. The first thing you should know about the net/http package is the Handler interface. ListenAndServe takes a value which implements the handler interface.

ListenAndServe is built using what we have just learned: from the net package, Listen & Accept. ListenAndServe takes an address, the port on which you want to listen, and a Handler. It is imperative that you solidly know type Handler.

The foundation of the net/http package is type Handler and ListenAndServe. ListenAndServe takes a value of type Handler. Type Handler has two parameters of type ResponseWriter and a pointer to a Request. Understanding the relationship of these parts is essential to building web apps with Go.

When a user submits data to a server, that data is attached to the request. Remember, the HTTP specification (RFC 7230) says that a request will have three parts: (1) request line, (2) headers, (3) body (also known as payload). We can retrieve values submitted by the user by working with the Request type. The type Handler has a pointer to a Request (*http.Request) as one of the parameters required by the ServeHTTP method. The Request type is a struct with Form & PostForm fields that allow us to access data submitted by a user. We can also use methods attached to the Request type to access data: FormValue & FormFile.

There are other request values which we can retrieve such as the method and the URL.

This video will continue to reinforce your understanding of the net/http package. We will learn how to read documentation and write headers to our response.

Reviewing: type Handler, ListenAndServe, *Request, ResponseWriter.

ServeMux is an HTTP request multiplexer. A ServeMux matches the URL of each incoming request against a list of registered patterns and calls the handler for the pattern that most closely matches the URL.

• ServeMux

• NewServeMux

• We can create a *ServeMux by using NewServeMux.

• default ServeMux

• We can use the default ServeMux by passing nil to ListenAndServe.

• Handle

• takes a value of type Handler

• HandleFunc

takes a func with this signature: func(ResponseWriter, *Request)

The differences between func(ResponseWriter, *Request) and HandlerFunc are explained and illustrated.

Julien Schmidt’s package httprouter "github.com/julienschmidt/httprouter" is a trie based high performance HTTP request router.

These hands-on exercises will reinforce what you are learning.

Solutions to hands on exercises in folder 022_hands-on/01

Solutions to hands on exercises in folder 022_hands-on/02

io.Copy allows us to copy from a reader to a writer. We can use io.Copy to read from a file and then write the file to the response.

ServeContent & ServeFile both allow us to serve a single file.

The preferred method for serving files is http.FileServer.

The preferred method for serving files is http.FileServer. We will use StripPrefix to facilitate the serving of files.

There is a special case: if you have an index.html file in a directory that FileServer is serving, then the FileServer will serve that file when only the root of the directory (“/”) is asked for

Here are two pieces of code that you will sometimes see.

These hands-on exercises will help reinforce what you are learning

Here are the solutions to the hands-on exercises.

We can use the NotFoundHandler as the Handler for something that isn’t found

When deploying a project to Google Cloud, it is good to have your domain with Google Domains. This will make the configuration of your domain easier

Publishing your site on google cloud.

HTTP does not have state built into it. You could say HTTP is stateless, though it has the tools necessary for you, as a developer, to create state. In this section, we’ll learn how to create state on the web.

We can pass values through the URL. We can retrieve them with req.FormValue

When a form is submitted, we can pass the submitted values either through the request body payload or through the URL. If the form’s method attribute is post, then the values of the form are sent to the server through the request body’s payload. If the form’s method attribute is get, then the values of the form are sent to the server through the URL.

In many web programming languages, dealing with files can be a challenge. In Go, it’s easy. We’ll see in this video how to allow a user to upload a file. We’ll also see how to read that file and, if you want, create a new file to store on the server.

“When you make a POST request, you have to encode the data that forms the body of the request in some way.  HTML forms provide three methods for encoding.

On the web, we have a client / server architecture. Clients make requests, and servers write responses to those clients. The request and response are both just text that must conform to the rules of HTTP. Both the request & response have a start line, headers, and a body.

The definitive source for knowing which status code to use for HTTP/1.1 is RFC 7231.

Here is a code review of redirects in action.

Cookies allow us to maintain state. We can write a unique ID to a cookie. When a client makes a request to a server at a particular domain, if there is a cookie from that particular domain on the client’s machine, the browser will include that cookie in the request. The server can then read that cookie, pull out the unique ID, and know which user is making the request. There are various methods to make this all secure, but the primary method is to use HTTPS.

How to write and read a cookie to and from a client’s machine.

Two examples showing how (1) you can write multiple cookies and (2) you can create a counter.

How to create a counter to track how many times a user has been to your website domain using a cookie.

To delete a cookie, set the “MaxAge” field to either zero or a negative number. You can expire a cookie by setting one of these two fields: Expires or MaxAge Expires sets the exact time when the cookie expires. Expires is Deprecated. MaxAge sets how long the cookie should live (in seconds).

In computer science, a session is an interactive information interchange, also known as a dialogue, a conversation or a meeting, between two or more communicating devices, or between a computer and user. A session is set up or established at a certain point in time, and then torn down at some later point.

An HTTP exchange between a browser and a server may include an HTTP cookie which identifies state using a unique ID which can be used to look up the user.

Each transaction in HTTP creates a separate connection. Maintaining session continuity between phases requires a session ID. The session ID is embedded within the <A HREF> or <FORM> links of dynamic web pages so that it is passed back to the server. The server then uses the session ID to ensure session continuity between transactions.

A unique ID session token is a unique identifier that is generated and sent from a server to a client. The client usually stores and sends the token as an HTTP cookie and/or sends it as a parameter in GET or POST queries. The reason to use session tokens is that the client only has to handle the identifier—all session data is stored on the server (usually in a database, to which the client does not have direct access) linked to that identifier.

A universally unique identifier (UUID) is an identifier standard used in software construction. A UUID is simply a 128-bit value. The meaning of each bit is defined by any of several variants. For human-readable display, many systems use a canonical format using hexadecimal text with inserted hyphen characters. For example: 123e4567-e89b-12d3-a456-426655440000 The intent of UUIDs is to enable distributed systems to uniquely identify information without significant central coordination. In this context the word unique should be taken to mean "practically unique" rather than "guaranteed unique". Since the identifiers have a finite size, it is possible for two differing items to share the same identifier. This is a form of hash collision. The identifier size and generation process need to be selected so as to make this sufficiently improbable in practice. Anyone can create a UUID and use it to identify something with reasonable confidence that the same identifier will never be unintentionally created by anyone to identify something else. Information labeled with UUIDs can therefore be later combined into a single database without needing to resolve identifier (ID) conflicts. Adoption of UUIDs is widespread with many computing platforms providing support for generating UUIDs and for parsing/generating their textual representation. Only after generating 1 billion UUIDs every second for the next 100 years would the probability of creating just one duplicate would be about 50%.

Creating a session ID for looking up user info.

Creating a user sign-up page. Processing the form submission. Storing information in our maps.

Bcrypt is a password hashing function designed by Niels Provos and David Mazières. Besides incorporating a salt to protect against rainbow table attacks, bcrypt is an adaptive function: over time, the iteration count can be increased to make it slower, so it remains resistant to brute-force search attacks even with increasing computation power. The bcrypt function is the default password hash algorithm for OpenBSD and other systems including some Linux distributions such as SUSE Linux. We will use bcrypt to encrypt user passwords before storing them.

We will create a form that allows a user to login. We will then check the login credentials to see if the user successfully authenticates.

We will create the functionality to allow a user to logout. This will end the user’s session

We will add the ability for different users to have different permissions. These different permissions will allow some users to access some areas, while others can’t. For instance, if someone had “admin” rights, then they could access the “admin” areas.

We will create the ability for a user’s session to expire after a certain period of time. We will need to clear the user’s cookie, and remove the entry in the session’s map which stores that user’s session. In addition, we will want to clear out our session’s map on some interval. We will use the “MaxAge” field of the cookie to set the length of time, in seconds, that a cookie lasts.

We will look at some of the various parts of Amazon Web Services (AWS) including: EC2 (Elastic Compute Cloud), S3 (Simple Storage Service), RDS, DynamoDB, ElastiCache, Elastic BeanStalk, and Route 53. CLoud computing is covered, as is IAAS, PAAS, SAAS.

We will create a virtual machine running linux ubuntu on Amazon’s elastic cloud computing.

Uploading code to EC2 involves a few steps. First we will build our binary to run on the correct architecture and operating system. Then we will use secure copy to copy our binary to the remote server. After that, we will use secure shell to log into our remote server and run our code.

To have an application continue running after our terminal session ends, we must complete a few steps. Specifically, we will be using systemd. systemd is an init system used in Linux distributions to bootstrap the user space and manage all processes. One of systemd's main goals is to unify basic Linux configurations and service behaviors across all distributions. As of 2015, most Linux distributions have adopted systemd as their default init system.

For this hands-on exercise, deploy the code in "030_sessions/08_expire-session" and get it running on AWS.

For this hands-on exercise, deploy the code in "030_sessions/08_expire-session" and get it running on AWS.

When we are finished working with machines, we need to terminate them. Failure to do this might result in billing.