🕸️Introduction to Web Applications

Introduction to Web Applications

• Web applications are interactive programs that run right in your web browser. Unlike old-school static websites, they let you do things like shop online, post comments, or update content in real-time, all without refreshing the page. They work using a client-server setup: your browser (the "client") talks to a remote computer (the "server") that handles the heavy work.

• Back in the day, websites were like digital flyers, static and unchanging unless a developer manually tweaked them. This was called Web 1.0. Today, we’re in the Web 2.0 era, where web applications power dynamic sites that respond to your clicks instantly, like adding an item to your cart or liking a post.

Web Apps vs Native OS Apps

• Unlike apps you download from an app store, web applications don’t need to be installed. They run in your browser on any device, saving space on your hard drive. Plus, updates happen behind the scenes, developers tweak the app once, and everyone gets the new version instantly.

• Advantages of Web Apps:

  • No Installation: Just open your browser and go.

  • Same Version for All: No juggling different updates for different devices.

  • Less Maintenance: One update fixes everything, no user action needed.

• Native OS Apps Have Their Strengths Too:

  • Speed: They load faster since they’re built into the device.

  • Hardware Access: They can tap into your phone’s camera or GPS more deeply.

• For many tasks, though, web apps are the simpler, more flexible choice.

How Web Applications Are Set Up

• No two web apps are the same, they’re built for different purposes and audiences. The way their "back-end infrastructure" (the server stuff) is organized can vary. Here are the four main setups:

  • Client-Server: Your browser (client) connects to a server hosting the app. Simple and common.

  • One Server: Everything, app and database, lives on one server. Easy to build, but risky if it crashes or gets hacked.

  • Many Servers - One Database: Multiple servers run the app, sharing one database. Great for handling lots of users.

  • Many Servers - Many Databases: Each server has its own database. Perfect for big apps needing backups and security.

• Each setup balances ease, safety, and scale differently. For example, "One Server" is straightforward but an "all eggs in one basket" deal, while "Many Servers - Many Databases" is complex but super secure.

The Building Blocks of Web Applications

• Every web app has key parts that work together:

  • Client: Your browser.

  • Server: The computer running the app.

  • Webserver: Software (like Apache or NGINX) handling web requests.

  • Web Application Logic: The code telling the app what to do.

  • Database: Where data (like your username) is stored.

  • Services/Microservices: Small, independent tasks (more on these later).

  • Integrations: Links to outside tools or APIs.

• These parts often split into a three-tier architecture:

  • Presentation Layer: The user interface you see (like buttons and text).

  • Application Layer: The brains deciding what happens when you click something.

  • Data Layer: Where data is saved and grabbed from.

Microservices: Little Helpers

• Imagine microservices as a team of experts, each handling one job, like payments or reviews in an online store. They talk to each other and the browser but work independently. This makes apps easier to update and grow.

Why Microservices Are Cool:

• Agility: Teams can tweak one piece without messing up the rest.

• Scalability: Boost just the busy parts.

• Resilience: If one fails, the others keep going.

Front-End: What You See

• The front-end is the part of a web app you interact with. It’s built with three main tools:

HTML (HyperText Markup Language)

• HTML is the skeleton of a web page, setting up things like titles and paragraphs. Here’s a basic example:

<!DOCTYPE html>
<html>
    <head>
        <title>My Page</title>
    </head>
    <body>
        <h1>Hello!</h1>
        <p>This is my page.</p>
    </body>
</html>

• When a browser loads an HTML page, it parses the HTML code and converts it into a tree-like structure of objects called the DOM. This structure represents the page’s elements, such as headings, paragraphs, or buttons, as nodes that can be accessed and manipulated programmatically.

• HTML to DOM: Consider this simple HTML:

<html>
    <body>
        <h1>Hello</h1>
        <p id="text">World</p>
    </body>
</html>

• The browser builds a DOM tree where <html> is the root, <body> is a child node, and <h1> and <p> are its children.

• Dynamic Manipulation: JavaScript can interact with the DOM to change the page without reloading it. For example:

document.getElementById("text").innerHTML = "Universe";

• The DOM enables interactivity in web applications, like updating a shopping cart or displaying new comments, making it a cornerstone of dynamic, user-driven experiences in Web 2.0.

CSS (Cascading Style Sheets)

• CSS styles the page, controlling colors, layouts, and responsiveness. Example:

body {
    background-color: #f5f5f5;
    font-family: Arial, sans-serif;
}
h1 {
    color: #2c3e50;
    font-size: 28px;
}

JavaScript

• JavaScript adds interactivity, think buttons that fetch data or forms that validate input. Example:

document.querySelector('button').addEventListener('click', () => {
    alert('Button clicked!');
});

• Javascript can be implemented in two primary ways: inline within the HTML or in a separate file. Both approaches have distinct use cases.

• Inline JavaScript (Code is written directly within a <script> tag in the HTML file)

  • Use Case: Quick scripts or page-specific logic that doesn’t need reuse.

  • Example:

<html>
    <body>
        <script type="text/javascript">
            alert("Hello, World!");
        </script>
    </body>
</html>

• Separate JavaScript File (Code is stored in an external .js file and linked to the HTML using a tag with a src attribute.)

  • Use Case: Large projects, reusable code across multiple pages, or better organization and maintenance.

  • Example:

<html>
    <body>
        <script src="script.js"></script>
    </body>
</html>

• Separating JavaScript into external files improves scalability and collaboration, while inline scripts are handy for small, one-off tasks.

• Frameworks: Tools like React, Angular, or Vue.js simplify development with reusable components and efficient state management.

• The front-end is all about delivering a seamless, responsive experience to users.

URL Structure and DNS Resolution

• A URL (Uniform Resource Locator) is the address used to locate resources on the web. It consists of several components:

  • Scheme: http:// or https:// (the protocol).

  • User Info: Optional credentials (e.g., username:password@, rarely used today).

  • Host: The domain (e.g., www.example.com) or IP address.

  • Port: Optional (e.g., :80 for HTTP, :443 for HTTPS).

  • Path: The resource’s location (e.g., /blog/post1).

  • Query String: Parameters (e.g., ?id=123&sort=asc).

  • Fragment: A section within the page (e.g., #comments).

• Example: https://user:pass@www.example.com:443/blog/post1?id=123#comments

DNS Resolution

• When you enter a URL, the browser needs the server’s IP address. This process, called DNS resolution, works as follows:

  • Local Hosts File: The browser first checks the /etc/hosts file on your device (e.g., C:\Windows\System32\drivers\etc\hosts on Windows or /etc/hosts on Unix-like systems). This file can manually map domains to IPs, like:127.0.0.1 localhost 192.168.1.10 example.comIf found, it skips further lookups.

  • DNS Query: If no match exists, the browser queries a DNS (Domain Name System) server to translate the domain (e.g., www.example.com) into an IP address (e.g., 93.184.216.34).

  • Connection: With the IP resolved, the browser connects to the server on the specified port.

• This process ensures human-readable domains work seamlessly with the internet’s numeric addressing system.

Back-End: Powering the App

• The back-end runs on servers and handles the logic, data, and processing. Here’s what makes it tick:

  • Back-End Servers: Physical or virtual machines (e.g., AWS EC2 instances) running OSes like Linux or Windows.

  • Web Servers: Software that manages HTTP traffic:

    • Apache: Flexible and widely used.

    • NGINX: High-performance, great for load balancing.

    • IIS: Microsoft’s web server for Windows environments.

  • Databases: Store and manage data:

    • Relational: Structured tables (e.g., MySQL, PostgreSQL, MSSQL).

    • Non-Relational: Flexible formats (e.g., MongoDB, Cassandra).

  • Development Frameworks: Speed up coding with pre-built features:

    • Django (Python)

    • Laravel (PHP)

    • Spring (Java)

    • Express (Node.js)

• The back-end ensures the app runs smoothly and securely behind the scenes.

APIs: Bridging Front and Back

• APIs (Application Programming Interfaces) enable the front-end and back-end to communicate. They define how requests are made and what data is returned, typically over HTTP.

SOAP vs. REST

• SOAP (Simple Object Access Protocol):

  • Uses XML for structured, formal messaging.

  • Ideal for complex, stateful operations (e.g., banking transactions).

  • Pros: Robust and standardized.

  • Cons: Verbose and slower due to XML overhead.

• REST (Representational State Transfer):

  • Lightweight and URL-based, using HTTP methods (GET, POST, PUT, DELETE).

  • Returns data in JSON, which is compact and easy to parse.

  • Pros: Simple, scalable, and widely adopted.

  • Cons: Less strict, relies on conventions.

  • Example REST API calls:

    • GET /api/users: Fetch all users.

    • POST /api/users: Create a new user with data in the request body.

    • PUT /api/users/1: Update user 1.

    • DELETE /api/users/1: Delete user 1.

  • REST’s simplicity makes it the go-to choice for most web applications today.

HTTP: The Web’s Communication Protocol

• HTTP (HyperText Transfer Protocol) is how clients and servers talk to each other. It’s stateless, each request is independent, and follows a request-response pattern.

HTTP Requests

• A request includes:

  • Method: What action to perform (e.g., GET).

  • Path: The resource (e.g., /page.html).

  • Headers: Metadata (e.g., Host: example.com).

  • Body: Data (optional, used with POST or PUT).

• Example:

GET /index.html HTTP/1.1
Host: www.example.com
User-Agent: Mozilla/5.0
Accept: text/html

HTTP Responses

• A response includes:

  • Status Code: Result of the request (e.g., 200 OK).

  • Headers: Metadata (e.g., Content-Type).

  • Body: The content (e.g., HTML).

Popular HTTP Status Code Examples

• HTTP status codes indicate the result of a request. Here are common examples across categories:

  • 1xx (Informational):

    • 100 Continue: The server has received the request headers and the client should proceed.

  • 2xx (Success):

    • 200 OK: Request succeeded (e.g., page loaded).

    • 201 Created: Resource created (e.g., new user added).

  • 3xx (Redirection):

    • 301 Moved Permanently: Resource has a new URL.

    • 302 Found: Temporary redirect.

  • 4xx (Client Error):

    • 400 Bad Request: Invalid request syntax.

    • 403 Forbidden: Access denied.

  • 404 Not Found: Resource doesn’t exist.

  • 5xx (Server Error):

    • 500 Internal Server Error: Generic server failure.

    • 502 Bad Gateway: Invalid response from an upstream server.

• Example:

HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 123

<html>...</html>

HTTP Header Categories and Descriptions

• HTTP headers provide metadata for requests and responses. They’re grouped into categories, each with specific roles:

General Headers

• Apply to both requests and responses.

• Examples:

  • Date: Wed, 21 Oct 2023 07:28:00 GMT – Timestamp of the message.

  • Connection: keep-alive – Keeps the connection open for multiple requests.

Entity Headers

• Describe the content (body) of the message.

• Examples:

  • Content-Type: application/json – Specifies the data format.

  • Content-Length: 256 – Size of the body in bytes.

Request Headers

• Sent by the client to provide context.

• Examples:

  • Host: www.example.com – The target domain.

  • User-Agent: Mozilla/5.0 – Identifies the browser or client.

  • Cookie: session=abc123 – Sends session data.

  • Authorization: Bearer token123 – Authentication credentials.

Response Headers

• Sent by the server with additional info.

• Examples:

  • Server: Apache/2.4.41 – Web server software.

  • Set-Cookie: session=xyz789 – Sets a cookie on the client.

Security Headers

• Enhance security by controlling browser behavior.

• Examples:

  • Content-Security-Policy: default-src 'self' – Limits resources to the same origin.

  • Strict-Transport-Security: max-age=31536000 – Enforces HTTPS for a year.

• These headers ensure efficient, secure, and contextual communication.

HTTP Verbs (Methods): An Overview

• HTTP verbs, also known as HTTP methods, are actions that a client (like a browser or an app) can request from a server. They tell the server what kind of operation to perform on a resource (e.g., a webpage, a file, or a database entry). These methods are the foundation of how the web and RESTful APIs work. Below is a list of the most common HTTP methods and their purposes:

  • GET: Retrieves a resource from the server, like fetching a webpage or a list of items.

  • POST: Sends data to the server to create a new resource, such as submitting a form or uploading a file.

  • PUT: Updates or replaces an existing resource, for example, editing a user’s profile.

  • DELETE: Removes a resource, like deleting a blog post.

  • PATCH: Makes a partial update to a resource, such as changing just one field in a record.

  • HEAD: Retrieves only the headers of a resource (no content), useful for checking if something exists.

  • OPTIONS: Asks the server what methods or capabilities are supported for a resource.

GET vs. POST: Detailed Comparison

• GET and POST are two of the most frequently used HTTP methods. While both can send data to the server, they do so in very different ways, making them suited to different tasks. Here’s a breakdown of their differences:

• Data Location

  • GET:

    • Data is sent in the URL as query parameters.

    • Example: GET /search?query=books&sort=asc

    • The URL shows the data: /search?query=books&sort=asc.

  • POST:

    • Data is sent in the request body, not in the URL.

    • Example:

POST /login HTTP/1.1
Host: example.com
Content-Type: application/x-www-form-urlencoded

username=john&password=secret

• Visibility and Security

  • GET:

    • Data is visible in the URL, browser history, and server logs.

    • Not secure for sensitive data (e.g., passwords) because anyone can see it or bookmark it.

  • POST:

    • Data is hidden from the URL and not stored in browser history or logs by default.

    • Better for sensitive information like login details or payment data.

• Data Size

  • GET:

    • Limited by URL length (often 2048 characters max, depending on the browser or server).

    • Can’t handle large data, like file uploads.

  • POST:

    • Can send large amounts of data, including files or complex forms.

    • No strict size limit (though servers might set their own rules).

HTTP vs. HTTPS: Differences and How They Work

• HTTP (HyperText Transfer Protocol) and HTTPS (HTTP Secure) govern how data is exchanged between clients (browsers) and servers, but they differ significantly in security.

HTTP

• Definition: A plain-text protocol for transferring data.

• How It Works: Sends requests and responses unencrypted over the network.

• Risks: Vulnerable to eavesdropping (e.g., Man-in-the-Middle attacks), where attackers can intercept sensitive data like passwords.

HTTPS

• Definition: HTTP with encryption via SSL/TLS (Secure Sockets Layer/Transport Layer Security).

• How It Works:

  • Handshake: The client and server negotiate encryption keys.

  • Certificate Verification: The server provides an SSL certificate (issued by a trusted authority) to prove its identity.

  • Encrypted Communication: Data is encrypted before transmission, ensuring privacy and integrity.

• Benefits: Protects against interception and tampering, making it essential for secure transactions (e.g., banking, logins).

• Modern browsers favor HTTPS, often warning users about HTTP sites.