Lab 2.3: Developing the Complete System (Server Side)

Overview

In previous labs you learned  how to develop an android application, and learned how to develop a web server that communicates in a standard way. So, lets close the loop! You have all the knowledge to deliver a complete system from server side to client. You can publish an android application in Google Play Store that is supported with your own fully customized server. From now on, nothing limits your next great idea to become real and a tangible product that can be published to the whole world, and of course, you may become rich!

Lets come back to work, in this lab we will do the following:

  • Create a simple web API the relys on MySQL database instead of files.
  • Create a bare minimum android  app that: sends location descriptions (GPS coordinates, location name and description), and reads the location feed from the server and list them appropriately.

Instructions will be provided for PHP language, though you may use your preferred programming language instead.

API Requirements

We will build a simple location sharing application, where an android user can add a location (location name, description, coordinates) to your server. The user can also list all locations and view each location detail.

  • The data format is JSON (mime: application/json).

We will implement the following Web API:

GET requests:

  • <your server>/locations/ : returns a list of  all checked out locations. Each object in the list contains 3 fields, name, latitude and longitude. Name is string, the rest are numerical.
  • <your server>/locations/<location name> : returns location description. An object with one field “description” of string type.

POST requests:

  • <your server>/locations/<location name>: accepts data of mime type “applicatoin/json” with 3 fields, description, latitude and longitude.

Status Codes: For simplicity, we will implement two status types only.

  • 400 Bad Request: When there is some error at the server side.
  • 200 Ok: When operation is succesful.

 

MySQL Installation

The easiest way is to simply execute the following commands in a terminal on your server. Note that you will be prompted to choose a password for the root mysql user:

If you aren’t familiar with mysql, follow this tutorial to get you started.

Preparing Database

  • Run MySQL CLI as a root. If yo don’t start as root, you will get classical permission denied errors:
  • Create a user:

    Note that MySQL commands are case insensitive; however, in the web you may find tutorials using capital letter for commands just to differentiate from the variables
  • Lets go back to MySQL CLI. To see current databases:
  • Create a database named ‘mydb’:
  • give permission to the user you created over all tables in mydb database.
  • Select the database.
  • create a table:
  • Specify key field.
  • See all tables:
  • See details about table “locations”:
  • Insert dummy records:
  • Read all rows in the table:
  • Delete a location based on given name:
  • Test your server connection. Create file (sudo nano /var/www/php/mysql.php), and add the following lines. Remember to change “user”, “password”, and “database” with above created user, password, and database.
  • Open file in browser (/php/mysql.php). You should get a message “Connected to MySQL”

That’s all we need for now.  Lets start with GET APIs.

 

GET API

  • Create a directory for your web application.
  • create a file list.php:
  • Create another file desc.php that receives GET variable ‘name’  and outputs a JSON  according to above requirements.

     
  • Configure Apache mod_rewrite to comply with the requirements. Open Apache configuration file sudo nano /etc/httpd.conf, and add these lines under REQUEST_METHOD ^GET, and restart Apache (sudo /etc/init.d/httpd restart).
  • Test your code:
    • To display all locations (http://server-addres/locations/)
    • To display a specific location (http://server-addres/locations/masdar)
  • Modify the above code (i.e. desc.php) to return error 404 whenever a location is not found, then test it with some unknown location (http://server-addres/locations/xxx).

POST API

  • Create a script ‘create.php’ that accepts JSON according to above requirements (description, latitude and longitude). Field ‘name’ should be read as an environment variable.
  • Return status 400 on mysqli_error().
  • Note that name may contain space. One way to encode space in the URL is by replacing it by plus ‘+’ sign. Make sure you replace ‘+’ by  space. You need to do such only with POST requests, because with GET mod_rewrite does this automatically when passing  to a URL variable:
  • Configure Apache mod_rewrite to comply with the requirements. Add these lines under REQUEST_METHOD ^POST, and restart Apache.
  • Test your code by sending some dummy POST requests using nc command.

Notes

Now, you have good knowledge of how to develop a web API. However there are few things to address in a well polished product:

  • Try to use HTTPS instead of HTTP  when sending or retrieving sensitive data. The configuration is fairly easy in Apache. All you need is a certificate (either self signed or signed by CA), and few lines configuration. Android supports HTTPS in the same classes we used.
  • In your server you should always check SQL variables contents.  SQL injection means storing an SQL code inside a variable given by client (ex. name=”; DELETE * FROM ..etc).
  • Use some type of client authentication when calling POST requests. User name and password can be encapsulated inside JSON content.