Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us money per month for bills, and since we don't believe in showing ads to our users, we try to make the money back through forum registrations.
 
  • Post
  • Reply
Powerful Two-Hander
Mar 10, 2004

Mods please change my name to "Tooter Skeleton" TIA.


Soricidus posted:

I helped debug a thing today where it turned out the third party api returned 200 application/json in all cases, but if there was an error then sometimes the content was not in fact json

please do not do this.

hello do you work with our intranet team? Any request that you route through our internal portal that fails will get silently replaced with an http500 so you can get stupid poo poo like you post json expecting json back but actually you get html wrapping a 500

Adbot
ADBOT LOVES YOU

karms
Jan 22, 2006

by Nyc_Tattoo
Yam Slacker
hmm i guess the grass isnt always greener on the other side..

champagne posting
Apr 5, 2006

YOU ARE A BRAIN
IN A BUNKER


there’s always more and it’s always worse

Soricidus
Oct 21, 2010
freedom-hating statist shill

Chalks posted:

It depends how you define your endpoint. If the functionality is "create this user or return details of the user if it already exists" it's not an error condition if it already exists. Something can "fail" to do what the user is attempting, without being an error as long as it's an anticipated part of your process flow.

An error condition of "everything is completely fine, we expect this to happen all the time" isn't really an error condition. There was no mistake.

yes, but that kind of case isn’t what the other side is talking about

I’m talking about poo poo like getting a 200 if you provide incorrect credentials, which is a textbook loving 401. I’d also accept 403. not 200. and the server still claims it sent you application/json even though the content is the bare text “invalid credentials”

Chalks
Sep 30, 2009

Soricidus posted:

yes, but that kind of case isn’t what the other side is talking about

I’m talking about poo poo like getting a 200 if you provide incorrect credentials, which is a textbook loving 401. I’d also accept 403. not 200. and the server still claims it sent you application/json even though the content is the bare text “invalid credentials”

Yeah, sorry, not trying to strawman - 401 for invalid credentials is correct, especially when most API interactions are done via tokens and invalid tokens are a programming issue not a user issue.

MononcQc
May 29, 2007

redleader posted:

so what do you return if the request is well formed but invalid (because of rules like, i dunno, the caller passes an email address without an @)? i tend to use 400, but that diagram seems to reserve 400 for malformed requests and doesn't seem to offer any advice for this situation

imo http response codes often feel juuust not quite right for rest apis

400 is the general catch-all if nothing else fits. Like some folks would say "what your content-type is isn't application/json, it's application/my-custom-format+json and if the e-mail is invalid, that's a breakage of the expected document type so you get a 400 and it's fair since you didn't submit the right content-type". I tend to think that this is kind of acceptable as an interpretation, like there's a difference between content-encoding and the expected content itself, but you can take that leeway to force 400s onto people submitting "syntactically valid but semantically invalid" requests.

In that chart you have a bit of an annoyance because the 400 check becomes before the content-length checks, which isn't great since you may need the body to be parsed in order to return the 400. I think the first few ones could have their orders switched to reflect that at no cost. If you look at other frameworks, they tend to be more liberal with 400s while keeping the same workflow overall. https://ninenines.eu/docs/en/cowboy/2.4/guide/rest_flowcharts/ is an alternative flowchart representation for a similar framework but works more tightly from the HTTP Verbs. You'll find that any unsuccessful callback applying a PUT or POST change (AcceptCallback in the chart) will return a 400. If the code crashes, then it generates a 5xx from it.

anatoliy pltkrvkay posted:

can we talk about how wonderful the 506 word salad is

quote:

The 506 status code indicates that the server has an internal
configuration error: the chosen variant resource is configured to
engage in transparent content negotiation itself, and is therefore
not a proper end point in the negotiation process

explain what the gently caress that means without context

The 'variants' here refer to either different content-type (i.e. a text could be served as text, HTML, or PDF) or language (French, English, Spanish). This was a really big hopeful spot around the semantic web where browsers and servers could negotiate the best and most appropriate content for everyone based on their local preferences and capabilities.

It would be returned in alternate headers through a 300 multiple choices when various acceptable representations are in place. It could also be a thing they planned could be facilitated by 'smart caching proxies' that could do all that clever negotiation on-behalf of dumber backend servers. This is kind of critical because it can yield a scenario where a 'variant resource' itself re-forwards to one of the proxies or other variant resources. When that happens, you have a circular dependency that can never resolve.

That is when 506 is in theory supposed to be used.

Nobody uses it because the semantic web is mostly dead, and when multiple variants exist servers just pick the top one according to accept headers as the one result to return.

Plus HTTPS/TLS everywhere drastically reduces the number of fancy proxies people get aside from within a larger org where certs may be shared on one front-end more or less safely, and HTTP2 requiring TLS+ALPN almost end-to-end makes it even harder (few servers seem to support HTTP/1.1 -> HTTP/2 upgrade paths without ALPN negotiation it seems), so it's not really poised to make a comeback either.

MononcQc fucked around with this message at 14:21 on Sep 21, 2018

MononcQc
May 29, 2007

the talent deficit posted:

basically mean you did something wrong and trying again won't work (unless it's a 429 Too Many Requests, which should really be a 5xx error) so go figure your poo poo out.
Heh that one is tricky. It was intended for rate-limiting which could be based on per-customer setting or account. The RFCs recommend setting a 'Retry-After: <seconds>' header to the response, which would mean "uh you have breached your end of the contract, take some time off". Under that interpretation I guess it makes sense to make it go 429 rather than 5xx, since the blame lies with the client.

The equivalent for a server-side overload would be 503 (Service unavailable), which can also specify a retry-after header for the client. The distinction lets you know who's to blame for the overload, basically.

429 is a good way to show that the status codes don't necessarily point at "can or can't retry", but rather "who's to blame for a query that failed". It just happens that often, if the client is to blame, they can't safely retry. 404 is kind of funnier there because it blames the client for asking for an unknown resource, but maybe the server should be to blame for not having it?

Shaggar
Apr 26, 2006

Chalks posted:

But then you have errors like "there's already a user registered with this email address" and things like that. 400 error codes for "you're using the API wrong" are fine, but 400 codes as standard application flow seem wrong to me.

If an application is expected to encounter the problem during normal usage I'd use a 200 response. Everything is fine, tell your user that the thing they wanted didn't happen for reasons.


Soricidus posted:

yes, but that kind of case isn’t what the other side is talking about

I’m talking about poo poo like getting a 200 if you provide incorrect credentials, which is a textbook loving 401. I’d also accept 403. not 200. and the server still claims it sent you application/json even though the content is the bare text “invalid credentials”


invalid credentials is always 401. 403 is valid creds but unauthorized action (i.e. the user doesn't have permission to do the thing).

for something like invalid data (email already in use, password criteria not met, phone format invalid, etc...) you throw back some kind of 400 cause the request is invalid. its up to the client to handle it properly. for trash like javascript http codes don't really mean anything because you cant automate how the user deals with the response. if its a 200 with a body that says error or a 400 with a message that says error, you handle it the same and display it to the user and they decide what to do.

Where http codes do matter is automation. Then something like a 400 always indicates a failure since theres no human to correct the input, so the client can act based on error codes.

Since the api will be used by both humans and computers, you design it for the computer first since the human doesn't or cant care about the technical details.

AggressivelyStupid
Jan 9, 2012

folks,

is it good or bad to have a, say 12 case long switch statement wherein each case calls a function

however, whether or not this function does something or instead has the helpful comment "not implemented!" is seemingly at random

i want to say bad

MononcQc
May 29, 2007

turn it into a hashmap of functions and do a dispatch based on that (if it finds the function)

FlapYoJacks
Feb 12, 2009

AggressivelyStupid posted:

It's a bunch of EEs and poo poo and like they can do C and know how to design and build hardware and whatnot but uh


There's no testing for software, unless it manually done, there's the aforementioned PLM abuse, they barely use an issue tracker. There will be references to tickets in the SCM and PLM software but clearly they're not linked in any capacity. Builds are done manually, using black magic some batch scripts and a really old version of CodeWarrior to produce SREC files.

I want to unfuck all this but I'm an intern so I'll just take this as a very valuable lesson about asking about their Process in an interview and suffer for the next 4-5 months

e: actually not sure how much CodeWarrior is needed since you apparently use .exes to build???

Depending on how "new" it is, it might be based off of Eclipse, at which point you can just download Eclipse and use CW's compilers. It's a MUCH nicer upgrade.

Shaggar
Apr 26, 2006
also when I say 200 or 400 I really mean the appropriate 2xx or 4xx code.

AggressivelyStupid
Jan 9, 2012

My thought was just cluster the actually useful functions (there are two, I think) and have the rest just fall through

It's all related to NMEA sentences, I want to say we're primarily interested in the GSV and GGA sentences, but I'm still scanning through this abomination

its all plain old c

ratbert90 posted:

Depending on how "new" it is, it might be based off of Eclipse, at which point you can just download Eclipse and use CW's compilers. It's a MUCH nicer upgrade.

5.9.0 classic IDE

AggressivelyStupid fucked around with this message at 14:57 on Sep 21, 2018

necrotic
Aug 2, 2005
I owe my brother big time for this!

redleader posted:

so what do you return if the request is well formed but invalid (because of rules like, i dunno, the caller passes an email address without an @)? i tend to use 400, but that diagram seems to reserve 400 for malformed requests and doesn't seem to offer any advice for this situation

imo http response codes often feel juuust not quite right for rest apis

use 422 Unprocessable Entity

https://tools.ietf.org/html/rfc4918#section-11.2

MononcQc
May 29, 2007


This is a WEBDAV extension, which has kind of been obsoleted by the latest HTTP RFC 7231 (https://tools.ietf.org/html/rfc7231#section-6.5.1).

Basically the order goes:

RFC 2068 (HTTP/1.1 v1):
The request could not be understood by the server due to malformed
syntax. The client SHOULD NOT repeat the request without
modifications.

RFC 2616 (HTTP/1.1 v2, unchanged here):
The request could not be understood by the server due to malformed
syntax. The client SHOULD NOT repeat the request without
modifications.

RFC 4918 (HTTP/1.1 // WEBDAV):
The 422 (Unprocessable Entity) status code means the server
understands the content type of the request entity (hence a
415(Unsupported Media Type) status code is inappropriate), and the
syntax of the request entity is correct (thus a 400 (Bad Request)
status code is inappropriate) but was unable to process the contained
instructions. For example, this error condition may occur if an XML
request body contains well-formed (i.e., syntactically correct), but
semantically erroneous, XML instructions.


RFC 7231 (HTTP/1.1 v3, final form evolved from HTTPBis efforts):
The 400 (Bad Request) status code indicates that the server cannot or
will not process the request due to something that is perceived to be
a client error (e.g., malformed request syntax, invalid request
message framing, or deceptive request routing).

WEBDAV worked around the restrictive nature of previous RFCs that really focused on 'syntax' wholesale. But the latest spec relaxed what 400 allowed so that you should feel alright using it now, since it is really redefined as "the server thinks the client is to blame therefore 400". In spirit, that was the reason WEBDAV defined a new status. It is still valid to use, but its rationale (400 is too strict) no longer really applies.

HTTP revisions are kind of poo poo, 4 of them all use 1.1 as a version but coexist in at least 4 distinct standards.

FlapYoJacks
Feb 12, 2009

AggressivelyStupid posted:

My thought was just cluster the actually useful functions (there are two, I think) and have the rest just fall through

It's all related to NMEA sentences, I want to say we're primarily interested in the GSV and GGA sentences, but I'm still scanning through this abomination

its all plain old c


5.9.0 classic IDE

Jesus christ. :gonk:

mystes
May 31, 2006

They should add status code 420 (Bad Decision by CEO)

AggressivelyStupid
Jan 9, 2012

digging through this we're doing some weird homegrown string splitting for the NMEA sentences and I'm pretty sure we could just make a copy of the string and use strtok and clean up a few hundred lines in this 4600 line file

Powerful Two-Hander
Mar 10, 2004

Mods please change my name to "Tooter Skeleton" TIA.


mystes posted:

They should add status code 420 (Bad Decision by CEO)

Http 69: nice

Finster Dexter
Oct 20, 2014

Beyond is Finster's mad vision of Earth transformed.
yeah wow this http status code discussion sure is riveting



What are you guys using for Rust IDE? I've just been using vscode, but sounds like some of you were using a jetbrains IDE, but which one??

akadajet
Sep 14, 2003

Finster Dexter posted:

yeah wow this http status code discussion sure is riveting



What are you guys using for Rust IDE?

nothing. I'm not using Rust.

Finster Dexter
Oct 20, 2014

Beyond is Finster's mad vision of Earth transformed.

akadajet posted:

nothing. I'm not using Rust.

why not

akadajet
Sep 14, 2003


c# and javascript both exist

Symbolic Butt
Mar 22, 2009

(_!_)
Buglord

Finster Dexter posted:

yeah wow this http status code discussion sure is riveting

please don't httpshame in the terrible programming thread

Chamook
Nov 17, 2006

wheeeeeeeeeeeeee

mystes posted:

They should add status code 420 (Bad Decision by CEO)

Twitter beat you to it

gonadic io
Feb 16, 2011

>>=
Sbt plugin authorship status : god I hate sbt

Finster Dexter posted:

yeah wow this http status code discussion sure is riveting



What are you guys using for Rust IDE? I've just been using vscode, but sounds like some of you were using a jetbrains IDE, but which one??

Intellij. If you have clion you get lldb debugging but otherwise the two are the same. I much prefer intellij to vscode.

CRIP EATIN BREAD
Jun 24, 2002

Hey stop worrying bout my acting bitch, and worry about your WACK ass music. In the mean time... Eat a hot bowl of Dicks! Ice T



Soiled Meat
vscode is a childs toy for idiots and javascript programmers (same thing)

Nomnom Cookie
Aug 30, 2009




rust is for brain damaged c++ people whove gotten indoctrinated that their #1 job is making the compiler happy. then "wow memory safety, amazing". meanwhile everyone else is :rolleyes:

Finster Dexter
Oct 20, 2014

Beyond is Finster's mad vision of Earth transformed.

gonadic io posted:

Intellij. If you have clion you get lldb debugging but otherwise the two are the same. I much prefer intellij to vscode.

the java IDE?

gonadic io
Feb 16, 2011

>>=

Finster Dexter posted:

the java IDE?

Yeah. V good rust support.

CRIP EATIN BREAD
Jun 24, 2002

Hey stop worrying bout my acting bitch, and worry about your WACK ass music. In the mean time... Eat a hot bowl of Dicks! Ice T



Soiled Meat
yeah intellij does a good job in most languages.

it's go support and rust support are great. even supports terraform (with jumping to definitions) and all sorts of other poo poo you wouldn't expect.

plus its a real ide, and not some electron-based text editor nightmare

redleader
Aug 18, 2005

Engage according to operational parameters
yeah wow this ide discussion sure is riveting

so do you prefer tabs or spaces

Main Paineframe
Oct 27, 2010
terrible programmer status: writing code to scan dynamically-loaded javascript files for their function names at load time and recording them, so that I can get rid of them later by overwriting them all with undefined

akadajet
Sep 14, 2003

redleader posted:

yeah wow this ide discussion sure is riveting

so do you prefer tabs or spaces

spaces, which isn't even up for debate

eschaton
Mar 7, 2007

Don't you just hate when you wind up in a store with people who are in a socioeconomic class that is pretty obviously about two levels lower than your own?

AggressivelyStupid posted:

folks,

is it good or bad to have a, say 12 case long switch statement wherein each case calls a function

however, whether or not this function does something or instead has the helpful comment "not implemented!" is seemingly at random

i want to say bad

make a class and a bunch of subclasses

eschaton
Mar 7, 2007

Don't you just hate when you wind up in a store with people who are in a socioeconomic class that is pretty obviously about two levels lower than your own?

mystes posted:

They should add status code 420 (Bad Decision by CEO)

akadajet
Sep 14, 2003

eschaton posted:

make a class and a bunch of subclasses

no, this is how you get oop!

AggressivelyStupid
Jan 9, 2012

eschaton posted:

make a class and a bunch of subclasses

this will be hard to do in c

Main Paineframe posted:

terrible programmer status: writing code to scan dynamically-loaded javascript files for their function names at load time and recording them, so that I can get rid of them later by overwriting them all with undefined

this is good, actually

FlapYoJacks
Feb 12, 2009

AggressivelyStupid posted:

this will be hard to do in c

why?

Adbot
ADBOT LOVES YOU

eschaton
Mar 7, 2007

Don't you just hate when you wind up in a store with people who are in a socioeconomic class that is pretty obviously about two levels lower than your own?

AggressivelyStupid posted:

this will be hard to do in c

nah, it’ll be simple and a good exercise

especially when you have to choose between static and dynamic dispatch, and implement inheritance

  • 1
  • 2
  • 3
  • 4
  • 5
  • Post
  • Reply