Node.js – tools/packages/practices for building a secure,high performance API with quality code

Contents >Code standard and styling >Security >Performance         In this article, we will take a look at some important aspects to be considered while developing Node.js applications and the tools/packages/practices that can be used to achieve them. Understanding and using these will help you in building a secure web application that is well structured and well documented and has a very high performance. Code standard and styling Tool – Linters(ESLint/JSLint/TSLint) Linters are static code analyzing tools that check for static code issues like styling errors, poorly structured code and unsafe code. Linters help in implementing a certain set of coding rules and helps in avoiding static errors like an absence of strict type checking, mismatched import or undefined variable usage .Static code analysis is analyzing the code for errors/faults in coding rule implementation before running the code. Dynamic code analysis is performed after the running. The most commonly used styling modules are Airbnb/JavaScript and Github/JavaScript.You have to integrate the linting plugin to the editor you are using(eg – Visual Studio Code/Sublime text). The linter will show linting errors like the following.   ESLint and JSLint are used along with JavaScript. TSLint is used with TypeScript. An example…

Guidelines for building a secure Web application/Mobile application – Part 1 Front-end

Security is the biggest concern while building web applications. Most of the web applications handle a lot of sensitive data and it is necessary to provide adequate security to protect this data from perpetrators. This series of articles discuss various security issues, types of attacks and guidelines to be followed for building a  secure application. Front-end    The basic security features that should be implemented in every web application front-end are as follows. Request Method – All sensitive data should be sent to the server via a POST request only. All form submissions should be via POST method. GET method sends the data to the server in the URL whereas the POST method sends the data in the body of the request. Thus sending the form submission data via the POST method makes the data less exposed.GET method should be used to fetch data only. While doing data pagination, the page number or limit can be sent to the server via GET request. Sensitive data should only be sent via a POST request. Examples for sensitive data are passwords, usernames, customer details, OTP, Bank account numbers, etc. Validations must be performed on every input Validations – Validations should be ensured on all inputs…

Set and Get Custom Response Header values using Angular 5 and Express.js – Node.JS

While working with Node.js and Angular, sometimes you might need to set some custom values in Response Header from the server-side and get these values in your Angular application. These values can be some tokens, keys or anything. This article is about completing this requirement. Server-side using Express.js and Node.js To set a custom value in the response header, you have to write the following code in your Express.JS server

Even if you set this token in the response header, to get this in your Angular application you need to allow these header values. The allowed default header values are Cache-Control Content-Language Content-Type Expires Last-Modified Pragma To allow your custom header value, you need to use the Cors module of Node.JS. To install the Cors module, use the following command.

Now the code to allow the customer header values with Cors module use the following code

Accessing the header values in your Angular 5 application   To get the header value in the application, you need to access the whole response object. For this, you need to add on observe: “response”  to the request options in the following way

When subscribing to the observable, you can get the…

Write Cloud Functions on Cloud Firestore and deploy – Introduction
databases , firestore , Node.js / May 16, 2019

Contents > What is Cloud Firestore >What are Cloud functions >Writing and Deploying Cloud Functions to write data to Cloud Firestore Collection What is Cloud Firestore It’s a NoSQL document database that lets you store data for your Mobile Application, web Application, APIs… It is Cloud-based, highly scalable and flexible. To see your Firestore database dashboard visit the below URL https://console.firebase.google.com/project/YOURPROJECTNAME/overview Firestore has the following Datatypes string number boolean map array null timestamp geopoint reference Firestore is a Document database.We can save data as collections -> documents  ->  subcollections in a nested structure. Here we can see that the created date is a timestamp ,reciever_data is a map and reciever_id is a string data. What are Cloud functions Cloud Functions help to achieve serverless execution by providing access to Firebase and Cloud events .Operations can be done in response to these events. For example, you can do CRUD operations on the Firestore / Realtime database using Cloud Functions. You can deploy the Cloud function and hit them to perform these CRUD operations. The event handler for an HTTP request to the Cloud Functions listens for the onRequest event Writing and Deploying Cloud Functions to add data to Cloud Firestore Collection step 1…

Redis Tutorial Part 2 – Redis Sentinel and master/slave usage with Node.js ioredis

Redis Sentinel  System designed to help manage Redis instances. As we discussed earlier, one Redis instance can be master and other instances can be slaves. The slaves can have exact data copies of the master server. The master will have replication ID. The biggest advantage of this architecture is that the slave can act as a master if the master fails. Redis Sentinel is the system that helps to make Redis instances with High Availability (HA) by managing failovers. Redis Sentinel Does the following jobs Monitoring – Checking if your master and slave instances are working as expected. Notification – Notifying something went wrong. May be via an API. Automatic failover – If a master is not working as expected, Sentinel can start a failover process where a slave is promoted to master     The configuration file for sentinel is sentinel.conf  redis-server /path/to/sentinel.conf –sentinel   In the sentinel.conf file, there is a line like sentinel monitor mymaster 127.0.0.1 6379 2 quorum – 2 This line determines which master the sentinel is going to monitor. The number 2 is called quorum. The number determines how many sentinels need to agree that the master is having a Failover so that the slave…

Redis Tutorial Part 1 – Introduction

Redis – Remote Dictionary Server Redis (Remote Dictionary Server) is an opensource key-value store. It can be used as a database, cache and message broker. Redis is an in-memory store which means that it primarily relies on main memory/primary memory for data storage in comparison to other database storages like Mysql that relies on disk storage.   Redis is written in C language and it supports cross-platform. In-memory databases like Redis are faster compared to disk storage databases like Mysql. Redis is a key-value store. Which means that data is stored like name=’John’ The value john an be accessed using the key name. Key value is a string. Redis is single-threaded(One operation at a time) fast and scalable. The speed allows redis to be used as cache memory. Install Redis on Linux sudo apt-get update sudo apt-get install redis-server For Redis server redis-server For Redis Command Line Interface redis-cli To get configuration for redis goto redis-cli.type CONFIG type of configuration to get configuration values in redis.conf.   There are two processes in Redis architecture. REDIS-CLIENT – Manages client interaction REDIS-SERVER – Manages data storage in the memory and forms the major part of the Redis architecture. Single Redis instance can manage multiple redis…

Batch add to Google Cloud Firestore database collection : Node.js and Express
databases , Express.js , Node.js / March 17, 2019

STEP 1 – InitializeFirestore App To initializeFirestore, get the key file from your Google cloud console and save it in a folder. Install the Firebase admin module

Now to initialize app, use the following code

STEP 2 Create the  reference to the collection in which you are going to add the batch data

STEP 3 Post batch data as an array to the Express server you have created.

STEP 4 Loop over the req.body using forEach and set each data to be added into the collection using the set method

Commit the data and save the data to the collection using the commit method and on success, send a success response. The full code is as follows

 

How to add namespace to SOAP request using soap-node – Node.JS
Node.js , Requests / February 24, 2019

Q  I have XML request in the following format. How to add the XML NAMESPACE to the request JSON I’m going to send to SOAP server?

A: There are three namespaces defined in the XML. When adding them to JSON you can add them to the attributes key in the following way

   

logging in Node.JS – Express Application using Winston logger
Express.js , Javascript , Node.js , Typescript / February 20, 2019

Logging is keeping a record of all data input, errors, data output, and final results in a program. While developing an application, keeping track of responses, requests, errors, etc makes the development process more efficient. Keeping logs is also a part of code standardization. Logs can be displayed on the console and written to a file while working with Node.js.Here in this tutorial, we will learn how to create create a logger which keeps track of Request, Response, Errors and Time while building an ExpressJS application in Javascript/Typescript   Step 1 Install the Winston node package with the Node package manager

  Step 2 Create a logger.ts (.js file if you are working with  Javascript) preferably in a common folder outside, and add the following code to it  

In the above code, createLogger creates a new logger    

Adds Timestamp to your log. It defines formatting options  

Displays the log in console.  

Writes your error file to error.log and info to info.log    

If false, handled exceptions will not cause process.exit   Step 3 In your controller or where ever you want to create the log, import the logger file

Step 4…

Share this page in social media platforms