Table of Contents for
Node.js Complete Reference Guide

Version ebook / Retour

Cover image for bash Cookbook, 2nd Edition Node.js Complete Reference Guide by Diogo Resende Published by Packt Publishing, 2018
  1. Node.js Complete Reference Guide
  2. Title Page
  3. Copyright and Credits
  4. Node.js Complete Reference Guide
  5. About Packt
  6. Why subscribe?
  7. Packt.com
  8. Contributors
  9. About the authors
  10. Packt is searching for authors like you
  11. Table of Contents
  12. Preface
  13. Who this book is for
  14. What this book covers
  15. To get the most out of this book
  16. Download the example code files
  17. Conventions used
  18. Get in touch
  19. Reviews
  20. About Node.js
  21. The capabilities of Node.js
  22. Server-side JavaScript
  23. Why should you use Node.js?
  24. Popularity
  25. JavaScript at all levels of the stack
  26. Leveraging Google's investment in V8
  27. Leaner, asynchronous, event-driven model
  28. Microservice architecture
  29. Node.js is stronger for having survived a major schism and hostile fork
  30. Threaded versus event-driven architecture
  31. Performance and utilization
  32. Is Node.js a cancerous scalability disaster?
  33. Server utilization, the business bottom line, and green web hosting
  34. Embracing advances in the JavaScript language
  35. Deploying ES2015/2016/2017/2018 JavaScript code
  36. Node.js, the microservice architecture, and easily testable systems
  37. Node.js and the Twelve-Factor app model
  38. Summary
  39. Setting up Node.js
  40. System requirements
  41. Installing Node.js using package managers
  42. Installing on macOS with MacPorts
  43. Installing on macOS with Homebrew
  44. Installing on Linux, *BSD, or Windows from package management systems
  45. Installing Node.js in the Windows Subsystem for Linux (WSL)
  46. Opening an administrator-privileged PowerShell on Windows
  47. Installing the Node.js distribution from nodejs.org
  48. Installing from source on POSIX-like systems
  49. Installing prerequisites
  50. Installing developer tools on macOS
  51. Installing from source for all POSIX-like systems
  52. Installing from source on Windows
  53. Installing multiple Node.js instances with nvm
  54. Installing nvm on Windows
  55. Native code modules and node-gyp
  56. Node.js versions policy and what to use
  57. Editors and debuggers
  58. Running and testing commands
  59. Node.js's command-line tools
  60. Running a simple script with Node.js
  61. Conversion to async functions and the Promise paradigm
  62. Launching a server with Node.js
  63. NPM – the Node.js package manager
  64. Node.js, ECMAScript 2015/2016/2017, and beyond 
  65. Using Babel to use experimental JavaScript features
  66. Summary
  67. Node.js Modules
  68. Defining a module
  69. CommonJS and ES2015 module formats
  70. CommonJS/Node.js module format
  71. ES6 module format
  72. JSON modules
  73. Supporting ES6 modules on older Node.js versions
  74. Demonstrating module-level encapsulation
  75. Finding and loading CommonJS and JSON modules using require
  76. File modules
  77. Modules baked into Node.js binary
  78. Directories as modules
  79. Module identifiers and pathnames
  80. An example of application directory structure
  81. Finding and loading ES6 modules using import
  82. Hybrid CommonJS/Node.js/ES6 module scenarios
  83. Dynamic imports with import()
  84. The import.meta feature
  85. npm - the Node.js package management system
  86. The npm package format
  87. Finding npm packages
  88. Other npm commands
  89. Installing an npm package
  90. Installing a package by version number
  91. Global package installs
  92. Avoiding global module installation
  93. Maintaining package dependencies with npm
  94. Automatically updating package.json dependencies
  95. Fixing bugs by updating package dependencies
  96. Packages that install commands
  97. Configuring the PATH variable to handle commands installed by modules
  98. Configuring the PATH variable on Windows
  99. Avoiding modifications to the PATH variable
  100. Updating outdated packages you've installed
  101. Installing packages from outside the npm repository
  102. Initializing a new npm package
  103. Declaring Node.js version compatibility
  104. Publishing an npm package
  105. Explicitly specifying package dependency version numbers
  106. The Yarn package management system
  107. Summary
  108. HTTP Servers and Clients
  109. Sending and receiving events with EventEmitters
  110. JavaScript classes and class inheritance
  111. The EventEmitter Class
  112. The EventEmitter theory
  113. HTTP server applications
  114. ES2015 multiline and template strings
  115. HTTP Sniffer – listening to the HTTP conversation
  116. Web application frameworks
  117. Getting started with Express
  118. Setting environment variables in Windows cmd.exe command line
  119. Walking through the default Express application
  120. The Express middleware
  121. Middleware and request paths
  122. Error handling
  123. Calculating the Fibonacci sequence with an Express application
  124. Computationally intensive code and the Node.js event loop
  125. Algorithmic refactoring
  126. Making HTTP Client requests
  127. Calling a REST backend service from an Express application
  128. Implementing a simple REST server with Express
  129. Refactoring the Fibonacci application for REST
  130. Some RESTful modules and frameworks
  131. Summary
  132. Your First Express Application
  133. Promises, async functions, and Express router functions
  134. Promises and error handling
  135. Flattening our asynchronous code
  136. Promises and generators birthed async functions
  137. Express and the MVC paradigm
  138. Creating the Notes application
  139. Your first Notes model
  140. Understanding ES-2015 class definitions
  141. Filling out the in-memory Notes model
  142. The Notes home page
  143. Adding a new note – create
  144. Viewing notes – read
  145. Editing an existing note – update
  146. Deleting notes – destroy
  147. Theming your Express application
  148. Scaling up – running multiple Notes instances
  149. Summary
  150. Implementing the Mobile-First Paradigm
  151. Problem – the Notes app isn't mobile friendly
  152. Mobile-first paradigm
  153. Using Twitter Bootstrap on the Notes application
  154. Setting it up
  155. Adding Bootstrap to application templates
  156. Alternative layout frameworks
  157. Flexbox and CSS Grids
  158. Mobile-first design for the Notes application
  159. Laying the Bootstrap grid foundation
  160. Responsive page structure for the Notes application
  161. Using icon libraries and improving visual appeal
  162. Responsive page header navigation bar
  163. Improving the Notes list on the front page
  164. Cleaning up the Note viewing experience
  165. Cleaning up the add/edit note form
  166. Cleaning up the delete-note window
  167. Building a customized Bootstrap
  168. Pre-built custom Bootstrap themes
  169. Summary
  170. Data Storage and Retrieval
  171. Data storage and asynchronous code
  172. Logging
  173. Request logging with Morgan
  174. Debugging messages
  175. Capturing stdout and stderr
  176. Uncaught exceptions
  177. Unhandled Promise rejections
  178. Using the ES6 module format
  179. Rewriting app.js as an ES6 module
  180. Rewriting bin/www as an ES6 module
  181. Rewriting models code as ES6 modules
  182. Rewriting router modules as ES6 modules
  183. Storing notes in the filesystem
  184. Dynamic import of ES6 modules
  185. Running the Notes application with filesystem storage
  186. Storing notes with the LevelUP data store
  187. Storing notes in SQL with SQLite3
  188. SQLite3 database schema
  189. SQLite3 model code
  190. Running Notes with SQLite3
  191. Storing notes the ORM way with Sequelize
  192. Sequelize model for the Notes application
  193. Configuring a Sequelize database connection
  194. Running the Notes application with Sequelize
  195. Storing notes in MongoDB
  196. MongoDB model for the Notes application
  197. Running the Notes application with MongoDB
  198. Summary
  199. Multiuser Authentication the Microservice Way
  200. Creating a user information microservice
  201. User information model
  202. A REST server for user information
  203. Scripts to test and administer the user authentication server
  204. Login support for the Notes application
  205. Accessing the user authentication REST API
  206. Login and logout routing functions
  207. Login/logout changes to app.js
  208. Login/logout changes in routes/index.mjs
  209. Login/logout changes required in routes/notes.mjs
  210. View template changes supporting login/logout
  211. Running the Notes application with user authentication
  212. Twitter login support for the Notes application
  213. Registering an application with Twitter
  214. Implementing TwitterStrategy
  215. Securely keeping secrets and passwords
  216. The Notes application stack
  217. Summary
  218. Dynamic Client/Server Interaction with Socket.IO
  219. Introducing Socket.IO
  220. Initializing Socket.IO with Express
  221. Real-time updates on the Notes homepage
  222. The Notes model as an EventEmitter class
  223. Real-time changes in the Notes home page
  224. Changing the homepage and layout templates
  225. Running Notes with real-time homepage updates
  226. Real-time action while viewing notes
  227. Changing the note view template for real-time action
  228. Running Notes with real-time updates while viewing a note
  229. Inter-user chat and commenting for Notes
  230. Data model for storing messages
  231. Adding messages to the Notes router
  232. Changing the note view template for messages
  233. Using a Modal window to compose messages
  234. Sending, displaying, and deleting messages
  235. Running Notes and passing messages
  236. Other applications of Modal windows
  237. Summary
  238. Deploying Node.js Applications
  239. Notes application architecture and deployment considerations
  240. Traditional Linux Node.js service deployment
  241. Prerequisite – provisioning the databases
  242. Installing Node.js on Ubuntu
  243. Setting up Notes and user authentication on the server
  244. Adjusting Twitter authentication to work on the server
  245. Setting up PM2 to manage Node.js processes
  246. Node.js microservice deployment with Docker
  247. Installing Docker on your laptop
  248. Starting Docker with Docker for Windows/macOS
  249. Kicking the tires of Docker
  250. Creating the AuthNet for the user authentication service
  251. MySQL container for Docker
  252. Initializing AuthNet
  253. Script execution on Windows
  254. Linking Docker containers
  255. The db-userauth container
  256. Dockerfile for the authentication service
  257. Configuring the authentication service for Docker
  258. Building and running the authentication service Docker container
  259. Exploring Authnet
  260. Creating FrontNet for the Notes application
  261. MySQL container for the Notes application
  262. Dockerizing the Notes application
  263. Controlling the location of MySQL data volumes
  264. Docker deployment of background services
  265. Deploying to the cloud with Docker compose
  266. Docker compose files
  267. Running the Notes application with Docker compose
  268. Deploying to cloud hosting with Docker compose
  269. Summary
  270. Unit Testing and Functional Testing
  271. Assert – the basis of testing methodologies
  272. Testing a Notes model
  273. Mocha and Chai­ – the chosen test tools
  274. Notes model test suite
  275. Configuring and running tests
  276. More tests for the Notes model
  277. Testing database models
  278. Using Docker to manage test infrastructure
  279. Docker Compose to orchestrate test infrastructure
  280. Executing tests under Docker Compose
  281. MongoDB setup under Docker and testing Notes against MongoDB
  282. Testing REST backend services
  283. Automating test results reporting
  284. Frontend headless browser testing with Puppeteer
  285. Setting up Puppeteer
  286. Improving testability in the Notes UI
  287. Puppeteer test script for Notes
  288. Running the login scenario
  289. The Add Note scenario
  290. Mitigating/preventing spurious test errors in Puppeteer scripts
  291. Configuring timeouts
  292. Tracing events on the Page and the Puppeteer instance
  293. Inserting pauses
  294. Avoiding WebSockets conflicts
  295. Taking screenshots
  296. Summary
  297. REST – What You Did Not Know
  298. REST fundamentals
  299. Principle 1 – Everything is a resource
  300. Principle 2 – Each resource is identifiable by a unique identifier
  301. Principle 3 – Manipulate resources via standard HTTP methods
  302. Principle 4 – Resources can have multiple representations
  303. Principle 5 – Communicate with resources in a stateless manner
  304. The REST goals
  305. Separation of the representation and the resource
  306. Visibility
  307. Reliability
  308. Scalability and performance
  309. Working with WADL
  310. Documenting RESTful APIs with Swagger
  311. Taking advantage of the existing infrastructure
  312. Summary
  313. Building a Typical Web API
  314. Specifying the API
  315. Implementing routes
  316. Querying the API using test data
  317. Content negotiation
  318. API versioning
  319. Self-test questions
  320. Summary
  321. Using NoSQL Databases
  322. MongoDB – a document store database
  323. Database modeling with Mongoose
  324. Testing a Mongoose model with Mocha
  325. Creating a user-defined model around a Mongoose model
  326. Wiring up a NoSQL database module to Express
  327. Self-test questions
  328. Summary
  329. Restful API Design Guidelines
  330. Endpoint URLs and HTTP status codes best practices
  331. Extensibility and versioning
  332. Linked data
  333. Summary
  334. Implementing a Full Fledged RESTful Service
  335. Working with arbitrary data
  336. Linking
  337. Implementing paging and filtering
  338. Caching
  339. Supplying the Cache-Control header in Express applications
  340. Discovering and exploring RESTful services
  341. Summary
  342. Consuming a RESTful API
  343. Consuming RESTful services with jQuery
  344. Troubleshooting and identifying problems on the wire
  345. Cross Origin Resource Sharing
  346. Content Delivery Networks
  347. Handling HTTP status codes on the client side
  348. Summary
  349. Securing the Application
  350. Authentication
  351. Basic authentication
  352. Passport
  353. Passport's basic authentication strategy
  354. Passport's OAuth Strategy
  355. Passport's third-party authentication strategies
  356. Authorization
  357. Transport layer security
  358. Self-test questions
  359. Summary
  360. The Age of Microservices
  361. From monolith to microservices
  362. Patterns of microservices
  363. Decomposable
  364. Autonomous
  365. Scalable
  366. Communicable
  367. Summary
  368. Modules and Toolkits
  369. Seneca
  370. Hydra
  371. Summary
  372. Building a Microservice
  373. Using Hydra
  374. Using Seneca
  375. Plugins
  376. Summary
  377. State
  378. State
  379. Storing state
  380. MySQL
  381. RethinkDB
  382. Redis
  383. Conclusion
  384. Security
  385. Summary
  386. Testing
  387. Integrating tests
  388. Using chai
  389. Adding code coverage
  390. Covering all code
  391. Mocking our services
  392. Summary
  393. Design Patterns
  394. Choosing patterns
  395. Architectural patterns
  396. Front Controller
  397. Layered
  398. Service Locator
  399. Observer
  400. Publish-Subscribe
  401. Using patterns
  402. Planning your microservice
  403. Obstacles when developing
  404. Summary
  405. Other Books You May Enjoy
  406. Leave a review - let other readers know what you think

A REST server for user information

We are building our way towards integrating user information and authentication into the Notes application. The next step is to wrap the user data model we just created into a REST server. After that, we'll create a couple of scripts so that we can add some users, perform other administrative tasks, and generally verify that the service works. Finally, we'll extend the Notes application with login and logout support.

In the package.json file, change the main tag to the following line of code:

 "main": "user-server.mjs",

Then create a file named user-server.mjs, containing the following code:

import restify from 'restify';
import util from 'util';

import DBG from 'debug';
const log = DBG('users:service'); 
const error = DBG('users:error'); 

import * as usersModel from './users-sequelize';

var server = restify.createServer({
    name: "User-Auth-Service",
    version: "0.0.1"
});

server.use(restify.plugins.authorizationParser());
server.use(check);
server.use(restify.plugins.queryParser());
server.use(restify.plugins.bodyParser({
    mapParams: true
}));

The createServer method can take a long list of configuration options. These two may be useful for identifying information.

As with Express applications, the server.use calls initialize what Express would call middleware functions, but which Restify calls handler functions. These are callback functions whose API is function (req, res, next). As with Express, these are the request and response objects, and next is a function which, when called, carries execution to the next handler function.

Unlike Express, every handler function must call the next function. In order to tell Restify to stop processing through handlers, the next function must be called as next(false). Calling next with an error object also causes the execution to end, and the error is sent back to the requestor.

The handler functions listed here do two things: authorize requests and handle parsing parameters from both the URL and the post request body. The authorizationParser function looks for HTTP basic auth headers. The check function is shown later and emulates the idea of an API token to control access.

Refer to http://restify.com/docs/plugins-api/ for more information on the built-in handlers available in Restify.

Add this to user-server.mjs:

// Create a user record
server.post('/create-user', async (req, res, next) => {
    try {
        var result = await usersModel.create(
                 req.params.username, req.params.password, 
        req.params.provider,
                 req.params.familyName, req.params.givenName, 
        req.params.middleName,
                 req.params.emails, req.params.photos);
        res.send(result);
        next(false);
    } catch(err) { res.send(500, err); next(false); }
});

As for Express, the server.VERB functions let us define the handlers for specific HTTP actions. This route handles a POST on /create-user, and, as the name implies, this will create a user by calling the usersModel.create function.

As a POST request, the parameters arrive in the body of the request rather than as URL parameters. Because of the mapParams flag on the bodyParams handler, the arguments passed in the HTTP body are added to req.params.

We simply call usersModel.create with the parameters sent to us. When completed, the result object should be a user object, which we send back to the requestor using res.send:

// Update an existing user record
server.post('/update-user/:username', async (req, res, next) => {
    try {
        var result = await usersModel.update(
              req.params.username, req.params.password, 
        req.params.provider,
              req.params.familyName, req.params.givenName,  
        req.params.middleName,
              req.params.emails, req.params.photos);
        res.send(usersModel.sanitizedUser(result));
        next(false);
    } catch(err) { res.send(500, err); next(false); }
});

The /update-user route is handled in a similar way. However, we have put the username parameter on the URL. Like Express, Restify lets you put named parameters in the URL like as follows. Such named parameters are also added to req.params.

We simply call usersModel.update with the parameters sent to us. That, too, returns an object we send back to the caller with res.send:

// Find a user, if not found create one given profile information
server.post('/find-or-create', async (req, res, next) => {
    log('find-or-create '+ util.inspect(req.params));
    try {
        var result = await usersModel.findOrCreate({
            id: req.params.username, username: req.params.username,
            password: req.params.password, provider:  
            req.params.provider,
            familyName: req.params.familyName, givenName: 
            req.params.givenName,
            middleName: req.params.middleName,
            emails: req.params.emails, photos: req.params.photos
        });
        res.send(result);
        next(false);
    } catch(err) { res.send(500, err); next(false); }
});

This handles our findOrCreate operation. We simply delegate this to the model code, as done previously.

As the name implies, we'll look to see whether the named user already exists and, if so, simply return that user, otherwise it will be created:

// Find the user data (does not return password)
server.get('/find/:username', async (req, res, next) => {
    try {
        var user = await usersModel.find(req.params.username);
        if (!user) {
            res.send(404, new Error("Did not find "+ 
            req.params.username));
        } else {
            res.send(user);
        }
        next(false);
    } catch(err) { res.send(500, err); next(false); }
});

Here, we support looking up the user object for the provided username.

If the user was not found, then we return a 404 status code because it indicates a resource that does not exist. Otherwise, we send the object that was retrieved:

// Delete/destroy a user record
server.del('/destroy/:username', async (req, res, next) => {
    try {
        await usersModel.destroy(req.params.username);
        res.send({}); 
        next(false); 
    } catch(err) { res.send(500, err); next(false); }
});

This is how we delete a user from the Notes application. The DEL HTTP verb is meant to be used to delete things on a server, making it the natural choice for this functionality:

// Check password
server.post('/passwordCheck', async (req, res, next) => {
    try {
        await usersModel.userPasswordCheck(
                        req.params.username, req.params.password);
        res.send(check);
        next(false); 
    } catch(err) { res.send(500, err); next(false); }
});

This is another aspect of keeping the password solely within this server. The password check is performed by this server, rather than in the Notes application. We simply call the usersModel.userPasswordCheck function shown earlier and send back the object it returns:

// List users
server.get('/list', async (req, res, next) => {
    try {
        var userlist = await usersModel.listUsers();
        if (!userlist) userlist = [];
        res.send(userlist);
        next(false);
    } catch(err) { res.send(500, err); next(false); }
});

Then, finally, if required, we send a list of Notes application users back to the requestor. In case no list of users is available, we at least send an empty array:

server.listen(process.env.PORT, "localhost", function() { 
  log(server.name +' listening at '+ server.url); 
}); 
 
// Mimic API Key authentication. 
 
var apiKeys = [ { 
    user: 'them', 
    key: 'D4ED43C0-8BD6-4FE2-B358-7C0E230D11EF' 
} ]; 
 
function check(req, res, next) { 
    if (req.authorization) { 
        var found = false; 
        for (let auth of apiKeys) { 
            if (auth.key  === req.authorization.basic.password 
             && auth.user === req.authorization.basic.username) { 
                found = true; 
                break; 
            } 
        } 
        if (found) next(); 
        else { 
            res.send(401, new Error("Not authenticated")); 
            next(false); 
        } 
    } else { 
        res.send(500, new Error('No Authorization Key'));
        next(false); 
    } 
}

As with the Notes application, we listen to the port named in the PORT environment variable. By explicitly listening only on localhost, we'll limit the scope of systems that can access the user authentication server. In a real deployment, we might have this server behind a firewall with a tight list of host systems allowed to have access.

This last function, check, implements authentication for the REST API itself. This is the handler function we added earlier.

It requires the caller to provide credentials on the HTTP request using the basic auth headers. The authorizationParser handler looks for this and gives it to us on the req.authorization.basic object. The check function simply verifies that the named user and password combination exists in the local array.

This is meant to mimic assigning an API key to an application. There are several ways of doing so; this is just one.

This approach is not limited to just authenticating using HTTP basic auth. The Restify API lets us look at any header in the HTTP request, meaning we could implement any kind of security mechanism we like. The check function could implement some other security method, with the right code.

Because we added check with the initial set of server.use handlers, it is called on every request. Therefore, every request to this server must provide the HTTP basic auth credentials required by this check.

This strategy is good if you want to control access to every single function in your API. For the user authentication service, that's probably a good idea. Some REST services in the world have certain API functions that are open to the world and others protected by an API token. To implement that, the check function should not be configured among the server.use handlers. Instead, it should be added to the appropriate route handlers as follows:

server.get('/request/url', authHandler, (req, res, next) => { 
  .. 
});

Such an authHandler would be coded similarly to our check function. A failure to authenticate is indicated by sending an error code and using next(false) to end the routing function chain.

We now have the complete code for the user authentication server. It defines several request URLs, and for each, the corresponding function in the user model is called.

Now we need a YAML file to hold the database credentials, so create sequelize-sqlite.yaml, containing the following code:

dbname: users 
username: 
password: 
params: 
    dialect: sqlite 
    storage: users-sequelize.sqlite3

Since this is Sequelize, it's easy to switch to other database engines simply by supplying a different configuration file. Remember that the filename of this configuration file must appear in the SEQUELIZE_CONNECT environment variable.

Finally, package.json should look as follows:

{
  "name": "user-auth-server",
  "version": "0.0.1",
  "description": "",
  "main": "user-server.js",
  "scripts": {
    "start": "DEBUG=users:* PORT=3333 SEQUELIZE_CONNECT=sequelize-sqlite.yaml node --experimental-modules user-server"
  },
  "author": "",
  "license": "ISC",
  "engines": {
    "node": ">=8.9"
  },
  "dependencies": {
    "debug": "^2.6.9",
    "fs-extra": "^5.x",
    "js-yaml": "^3.10.x",
    "mysql": "^2.15.x",
    "restify": "^6.3.x",
    "restify-clients": "^1.5.x",
    "sqlite3": "^3.1.x",
    "sequelize": "^4.31.x"
  }
}

We configure this server to listen on port 3333 using the database credentials we just gave and with debugging output for the server code.

You can now start the user authentication server:

$ npm start
    
> user-auth-server@0.0.1 start /Users/david/chap08/users
> DEBUG=users:* PORT=3333 SEQUELIZE_CONNECT=sequelize-mysql.yaml node user-server
    
  users:server User-Auth-Service listening at http://127.0.0.1:3333 +0ms

But we don't have any way to interact with this server, yet.