Advanced interview questions for web application server-side/ back-end developers, Node.js – Part1

Here are some interview questions that Lead backend developers, with experience of  3+ years, usually face during interviews. QUESTIONS What are authentication and authorization? What is OAuth? What are API gateways and advantages of using them? Which is the best place to store session_ids or access_tokens. What are the different types of client-side storages and their differences?  What are middlewares? What is CORS(Cross-origin resource sharing), what is the importance and how to handle CORS? Describe microservices, web services, and APIs? How to validate requests while building REST APIs and why it is important? Explain the difference between SQL databases and NoSQL databases? Explain callbacks We have foreach loop and in each, we will have asynchronous operations. How to handle this case? ANSWERS Authentication is about verifying user identity and authorization is about checking whether a resource can be accessed. Authorization is not about user identity, it is about whether a requester can be granted permission to access a resource. Authentication is about verifying a user’s identity. Authentication and authorization are used together for providing security to a system. Here is a very useful article to learn the differences between authentication and authorization. This article also explains how these two are…

Understanding Map object in JavaScript

Map Hold key-value pairs Remember the order of insertion. Can have objects or primitive values as key or value. Map is a JavaScript object which can hold key-value pairs  and remember the order of insertion. Maps inherit from  Map.prototype. Map.prototype.constructor returns the constructor function that created an instance’s prototype. A new Map is created using the map constructor in the following way.

We can set key-value pairs using the set method

You can see here that  Map remembers the order of insertion.  Maps can have objects or primitive values as key or value. For example, see the following map which has an object as key and object value. Here we set object key-value pairs using the set method and retrieve it using the get method.

  Now get the object value belonging to object key using get method

  Read more on Map.prototype hereMap

Q: Handling errors while using Async/Await (JavaScript ES8)

This article aims at providing an insight into handling errors while using async-await. In the below example, a  function TestPromise will return a promise.The promise will give an error and get rejected if the value of the variable budget is less than 20000. The promise will always get rejected as we initialize the value of  budget to be 10000. A function calltestAPromise calls the function TestPromise.  

As shown above function calltestAPromise will call TestPromise and handle the promise it returns with .then  and .catch, an error will get caught in the .catch which will handle the rejected case. The above promise will get rejected with an error.   Now change the function calltestAPromise to be an async function which will await for the promise to get resolved or rejected.

Now, the promise returned by TestPromise will get rejected with an error. The error won’t be handled and the promise rejection will be left unhandled. If the promise gets rejected, the code will never reach the console.log. Handling the error on a promise can be achieved by wrapping the block of code inside a try-catch. The rejected error on promise will be caught by the catch.

The catch of try/catch will catch the error of the promise rejection and the error will be handled in…

Promise.prototype.then() : JavaScript then() method and how to use it
Javascript , Requests , Uncategorized / September 25, 2019

Q:  How to use then() and how to return a promise from a function and use then() ?   A: then() is a method in the Promise prototype that returns a promise and accepts two callback functions. One function is for the success and the other is for the failure case of the promise. If both arguments are not given or are not callback functions, still then the method would not generate any errors. For example, here we create a new promise.

promise .then() exists hence it is a promise. .then() allows method chaining.   Now we will see how to use then to return a promise It is incorrect to use then() this way as it should return inside the then also. Otherwise resolving the promise returned by then will give undefined.

    It is incorrect to use the function without returning the promise returned  by then()

    Returning the promise returned by then is the correct way of returning a promise from a function

    If there is some kind of logic to be applied, this is the correct way of using then()

 

Node.js – tools/packages/practices for building a secure,high performance API with quality code

Contents >Code standard and styling >Security >Performance         In this article, we will take a look at some important aspects to be considered while developing Node.js applications and the tools/packages/practices that can be used to achieve them. Understanding and using these will help you in building a secure web application that is well structured and well documented and has a very high performance. Code standard and styling Tool – Linters(ESLint/JSLint/TSLint) Linters are static code analyzing tools that check for static code issues like styling errors, poorly structured code and unsafe code. Linters help in implementing a certain set of coding rules and helps in avoiding static errors like an absence of strict type checking, mismatched import or undefined variable usage .Static code analysis is analyzing the code for errors/faults in coding rule implementation before running the code. Dynamic code analysis is performed after the running. The most commonly used styling modules are Airbnb/JavaScript and Github/JavaScript.You have to integrate the linting plugin to the editor you are using(eg – Visual Studio Code/Sublime text). The linter will show linting errors like the following.   ESLint and JSLint are used along with JavaScript. TSLint is used with TypeScript. An example…

Guidelines for building a secure Web application/Mobile application – Part 1 Front-end

Security is the biggest concern while building web applications. Most of the web applications handle a lot of sensitive data and it is necessary to provide adequate security to protect this data from perpetrators. This series of articles discuss various security issues, types of attacks and guidelines to be followed for building a  secure application. Front-end    The basic security features that should be implemented in every web application front-end are as follows. Request Method – All sensitive data should be sent to the server via a POST request only. All form submissions should be via POST method. GET method sends the data to the server in the URL whereas the POST method sends the data in the body of the request. Thus sending the form submission data via the POST method makes the data less exposed.GET method should be used to fetch data only. While doing data pagination, the page number or limit can be sent to the server via GET request. Sensitive data should only be sent via a POST request. Examples for sensitive data are passwords, usernames, customer details, OTP, Bank account numbers, etc. Validations must be performed on every input Validations – Validations should be ensured on all inputs…

Check for duplicates in JavaScript Array of Objects
Javascript , Express.js , Uncategorized / July 28, 2019

How to check whether an Array of Objects contain duplicates by key Consider an Array of student Objects with each object having a key id. We have to perform a validation whether multiple objects with the same Id is present in the Array or not.

The above are Arrays of student Objects, one with duplicate id value and one without duplicate id value. To get the  Ids present in the Arrays we need to use the map() Method

  Now we have two Arrays containing all the Id values of Objects.  The first one has unique Ids  and the second one has duplicate Id 42342.   To check for duplicates in Arrays, we can create a set from the array. Sets will only have the unique items in the array

  The second set only has 2 values as one of the values in the Array had a duplicate. So, on comparing the length of the Array and size of the Set  we can determine id  Array has duplicates or not  

  The whole code to check whether an Array of objects contain key-value duplicates will look like this. We can use this logic…

Web Storage – A comparative study of Local Storage,Session Storage,Cookies,IndexedDB and WebSQL
Javascript , databases , Uncategorized / July 10, 2019

Storages in browsers – Web Storage Web Storage is the storage mechanism that allows Web applications to store data in Web Browsers. The various storage types include Local Storage, Session Storage, Cookies, IndexedDB, Web SQL. These storages are supported by most of the modern-day web browsers and are standardized by the World Wide Web Consortium. Web Storage lets a web application to store data which in turn helps in the effective end to end functionality of the application. Upon inspecting and navigating to the storage in the browser console, we can see what are the various storage mechanisms supported by the browser and data stored in them. FireFox       Chrome Local Storage Local storage is a key-value store that stores values as string. The data stored in local storage does not have an Expiration date and will stay in the browser forever until we clear the browser data using settings or using Javascript. Up to 10MB of data can be stored in most of the browsers and it is 10MB for Local Storage and Session Storage combined in chrome.IE has 10 MB each. Local Storage follows the same-origin policy. The same-origin means that the Protocol(Http/Https), port and the host…

Set and Get Custom Response Header values using Angular 5 and Express.js – Node.JS

While working with Node.js and Angular, sometimes you might need to set some custom values in Response Header from the server-side and get these values in your Angular application. These values can be some tokens, keys or anything. This article is about completing this requirement. Server-side using Express.js and Node.js To set a custom value in the response header, you have to write the following code in your Express.JS server

Even if you set this token in the response header, to get this in your Angular application you need to allow these header values. The allowed default header values are Cache-Control Content-Language Content-Type Expires Last-Modified Pragma To allow your custom header value, you need to use the Cors module of Node.JS. To install the Cors module, use the following command.

Now the code to allow the customer header values with Cors module use the following code

Accessing the header values in your Angular 5 application   To get the header value in the application, you need to access the whole response object. For this, you need to add on observe: “response”  to the request options in the following way

When subscribing to the observable, you can get the…

Write Cloud Functions on Cloud Firestore and deploy – Introduction
Node.js , databases , firestore / May 16, 2019

Contents > What is Cloud Firestore >What are Cloud functions >Writing and Deploying Cloud Functions to write data to Cloud Firestore Collection What is Cloud Firestore It’s a NoSQL document database that lets you store data for your Mobile Application, web Application, APIs… It is Cloud-based, highly scalable and flexible. To see your Firestore database dashboard visit the below URL https://console.firebase.google.com/project/YOURPROJECTNAME/overview Firestore has the following Datatypes string number boolean map array null timestamp geopoint reference Firestore is a Document database.We can save data as collections -> documents  ->  subcollections in a nested structure. Here we can see that the created date is a timestamp ,reciever_data is a map and reciever_id is a string data. What are Cloud functions Cloud Functions help to achieve serverless execution by providing access to Firebase and Cloud events .Operations can be done in response to these events. For example, you can do CRUD operations on the Firestore / Realtime database using Cloud Functions. You can deploy the Cloud function and hit them to perform these CRUD operations. The event handler for an HTTP request to the Cloud Functions listens for the onRequest event Writing and Deploying Cloud Functions to add data to Cloud Firestore Collection step 1…

Share this page in social media platforms