After spending some extensive time developing the backend for a personal project, as well as gaining some experience from work, I felt that it was time to add the missing part of a earlier post . This series is mainly focused on teaching new developers what parts of their software they can outsource to libraries or services, so they don't reinvent the wheel.
Backend development is crucial for many applications, because it holds and manages one of the companies most precious resources: data. This means that even more caution is required when working on these critical areas of the software. Fortunately, frameworks and libraries can be leveraged to save time and lead to more secure code. What parts you can delegate to third party tools or libraries will be discussed in this article, but ultimately that choice is up to you!
Request and Response Handling
Most backend frameworks usually come with at least some routing functionality that lets you define how the application can be addressed with a request, as well as the ability to return a response. There is generally no need to spend any time on your own implementation, but I'd suggest comparing how several frameworks or libraries implement this and picking one based on your preferences
User Authentication and Authorization
User permissions are critical to any application, as they guard sensitive information. Often, frameworks come with their own user functionality features, depending on how oppinionated the given framework is. These usually handle the following things for you, so you don't need to code them from scratch:
- Database model for the user
- Methods for basic user actions (registration, login, password reset)
- Session management to verify if a user is logged in
- Permission classes that let you differentiate between different types of users (for example admin vs regular user)
If you are going to code the registration and login manually, make sure you encrpyt passwords using an hashing library!
There are often libraries that offer additional functionality on top of the one provided by your given framework (for example "all-auth", a framework that builds on top of the python backend framework django). They are designed to provide out of the box solutions for user related patterns that are common, but maybe not so crucial that they are required as part of the base framework. I would suggest looking for a third part library if you are trying to do the following things:
- Account verification via email, recaptcha or another service
- Two factor authentication
- Token Generation for API
- Authentication via third-party accounts (Google, Facebook, etc.)
Serverside Rendered Templating
Most backend frameworks offer ways to generate HTML content dynamically using data from your database. This is standardly done using a templating language like jinja or thymeleaf. Most frameworks I know ship with this built in, I can't think of a reason to code this from scratch if you opt for SSR.
A lot of frameworks work with so called ORMs or allow you to easily add one. ORM stands for object relational mapping and let you map your database tables to objects for the given language that you are working in. They also provide more simple ways of accessing the data. While this can make development much more convenient, there is tradeoff in the additional overhead from using an ORM. If you prefer raw SQL, then you should still use a library to handle the database connection and sanitize your queries against SQL Injections.
API Payload Serialisation
When sending data between the client and server, you need to choose a data format that is used. API serialisation frameworks allow you to convert objects in your given programming language to common data formats, like JSON or XML.
API Endpoint Generation
When you are working with GraphQL, creating the endpoint logic from scratch can be pretty tedious. Libraries are popping up that make this much easier.
Even when using REST, you can often leverage "routers" that allow you to define a few generic methods (update, create, get, etc.) you want to support for a given object and the router generates an implementation for you.
The entire backend...?
Sometimes, your website does NOT need a backend! When is this the case? Well, nowadays API services make it possible to create apps that use third party data combined with frontend code. In addition, there are content management systems like Wordpress that, with the help of some plugins, might also be able to fullfill your needs. Finally, there are emerging BaaS (Backend as a Service) like Firebase that can be used when you aren't doing anything too fancy or unique and want to iterate quickly. This can include things like authentication, which can easily be outsourced to a third party like Google or Facebook using OAuth (notice how dev.to has done this by only allowing login with Twitter or GitHub).
I hope you enjoyed this short and sweet overview of some of the ways that you can cut corners when writing your backend code!