Journal 9:

Question 1:  Selecting your frontend

 In C3, your team will implement a frontend for your InsightUBC implementation. Fundamentally, all web frontends rely on three technologies: HTML (to define the structure of the page as you saw when processing rooms in C2), CSS (for styling the page), and JavaScript (for making server requests and dynamically updating page elements). However, there are also numerous frameworks and libraries that offer different levels of abstraction for creating web pages including React, Angular, and Vue.js. A major decision that your team needs to make when planning your C3 implementation is what framework, in any, you will use.

• Describe three approaches that your team can use to implement your frontend. The approaches can be any combination of direct HTML/CSS/JS, sets of libraries/tools, and complete frameworks. For each approach, describe three advantages and three disadvantages. Finally, state which approach you would like your team to use.

Question 2: Understanding the Server PR

The C3 required PR provides a new Server class that will make it possible for clients to access your InsightFacade methods over the web. The low-level details of the server are delegated to the Express framework. Most of the backend work for C3 involves 'wiring up' Express so that it knows about the methods in InsightFacade and can expose them to web clients. This wiring up is done using endpoints. Very loosely, you can think of endpoints as functions that can be called over the web. Clients use the HTTP protocol to request (call) an endpoint. The endpoint performs the requested operation and then responds with (returns) the result of the operation to the client.

• To help you build some intuition about the structure of the server code, describe the behaviour of the /echo endpoint and how it corresponds to the server code. Based on the /echo example, how would you expose your listDataset method to web clients?

Requests sometimes need to be modified before they can be sent to an endpoint. The way this is handled in Express is using middleware, which are functions that are called in sequence to transform requests (and responses).

• Describe the purpose of each of the three middleware modules that are configured by the C3 server and why they are needed.

Question 3: Deploying and securing web services (like InsightUBC)

• Before web services were standardized and widely adopted, software (either source code or compiled binaries) needed to be sent to clients. Identify three things you would consider when deciding between hosting web endpoints (what you are implementing in C3) or distributing software (sending your C1/C2 source code) so that other people can use your InsightUBC implementation. 

• Briefly sketch out the high-level steps that would be necessary if you wanted to deploy your version of InsightUBC frontend (once it is complete) so that people on the web could access it (like the reference UI). 

• Using the STRIDE threat modelling framework, identify general threats that popular web services  (e.g., GitHub, YouTube, Spotify, etc.) are exposed to, and provide high-level ways that these threats could be mitigated. You should describe one threat and one mitigation for each type of threat in the STRIDE model.