Book Image

Advanced Express Web Application Development

By : Andrew Keig
Book Image

Advanced Express Web Application Development

By: Andrew Keig

Overview of this book

Building an Express application that is reliable, robust, maintainable, testable, and can scale beyond a single server requires a bit of extra thought and effort. Express applications that need to survive in a production environment will need to reach out to the Node ecosystem and beyond, for support.You will start by laying the foundations of your software development journey, as you drive-out features under test. You will move on quickly to expand on your existing knowledge, learning how to create a web API and a consuming client. You will then introduce a real-time element in your application.Following on from this, you will begin a process of incrementally improving your application as you tackle security, introduce SSL support, and how to handle security vulnerabilities. Next, the book will take you through the process of scaling and then decoupling your application. Finally, you will take a look at various ways you can improve your application's performance and reliability.

Related Content you might be interested in

Current Title:

Small book image
Advanced Express Web Application Development
Andrew Keig
Nov, 2013 | 148 pages
No titles found
Table of Contents (14 chapters)
Advanced Express Web Application Development
Advanced Express Web Application Development
Credits
Credits
About the Author
About the Author
About the Reviewers
About the Reviewers
www.PacktPub.com
www.PacktPub.com
Preface
Preface
Free Chapter
1
Foundations
Foundations
Feature set
Installation
package.json
Testing Express with Mocha and SuperTest
Feature: Heartbeat
Continuous testing with Mocha
Code coverage with Mocha and JSCoverage
Configuring Express with Nconf
Extracting routes
404 handling middleware
Logging middleware
Logging with Winston
Task automation with Grunt
Summary
2
Building a Web API
Building a Web API
Persisting data with MongoDB and Mongoose
GitHub tokens
Feature: Create a project
Feature: Get a project
Feature: Edit a project
Feature: Delete a project
Feature: List projects
GitHub API
Feature: List repositories
Feature: List commits
Feature: List issues
Validating parameters with param middleware
Route improvements
Summary
3
Templating
Templating
Server-side templating
Feature: Master Page
Package management with Bower
Templates
Client-side development with Backbone.js
Feature: List projects
Feature: List repositories
Feature: Create a project
Feature: Edit a project
Feature: Delete a project
Feature: List commits
Feature: List issues
Summary
4
Real-time Communication
Real-time Communication
Caching data with Redis
Populating Redis
Socket.IO
Socket.IO on the client
Scheduling Redis population
Summary
5
Security
Security
Setting up Passport
Acceptance testing with Cucumber and Zombie.js
Feature: Authentication
Securing our site with HTTPS
Sharing Express sessions with Socket.IO
Cross-site request forgery
Improving security with HTTP headers and helmet
Summary
6
Scaling
Scaling
Scaling Express sessions with Redis
Scaling Socket.IO with Redis
Scaling Express horizontally
Vertical scale with Cluster
Balancing load with Hipache
Summary
7
Production
Production
Error handling, domains, and crash-only design
Redis sessions
SSL termination
Caching
Favicon
Compression
Logging
Summary
Index
Index

Cross-site request forgery

Cross-site request forgery (CRSF) is an attack that tricks the victim into executing malicious actions on a web application in which they are authenticated. Connect/Express comes packaged with a Cross-site request forgery protection middleware. This middleware allows us to ensure that a request to a mutate state is from a valid source. The CRSF middleware creates a token that is stored in the requests session as _csrf. A request to our Express server will then need to pass the token in the header field X-CSRF-Token.

Let's create a security ./lib/security/index.js module that adds the csrf middleware to our application. We define a function, Security, that takes an Express app as an argument and removes the middleware when in TEST or COVERAGE mode.

var express = require('express');

function Security(app) {
  if (process.env['NODE_ENV'] === "TEST"  ||process.env['NODE_ENV'] === "COVERAGE") return;

  app.use(express.csrf());
};

module.exports = Security;

Let's make...

Previous Section
End of Section 7
Next Section