Book Image

Mastering Web Application Development with Express

By : Alexandru Vladutu
Book Image

Mastering Web Application Development with Express

By: Alexandru Vladutu

Overview of this book

Related Content you might be interested in

Current Title:

Small book image
Mastering Web Application Development with Express
Alexandru Vladutu
Sep, 2014 | 358 pages
No titles found
Table of Contents (18 chapters)
Mastering Web Application Development with Express
Mastering Web Application Development with Express
Credits
Credits
About the Author
About the Author
About the Reviewers
About the Reviewers
www.PacktPub.com
www.PacktPub.com
Preface
Preface
Free Chapter
1
Diving into Express
Diving into Express
The best parts of Express
Comparing Express with other frameworks
Use cases
Express into the wild
The application structure
Summary
2
Component Modularity Using Middleware
Component Modularity Using Middleware
Connecting middleware
The functionality of middleware
Creating configurable middleware
Environment-based loading of middleware
Express routes
Ordering of middleware
Handling errors with middleware
Mounting subapplications
Replicating the middleware system
Summary
3
Creating RESTful APIs
Creating RESTful APIs
An overview of REST
SmartNotes application requirements
Creating RESTful URLs of the application
Implementing the SmartNotes application
API versioning
API rate limiting
Throttling
Facilitating caching
Content negotiation
Summary
4
Leveraging the Power of Template Engines
Leveraging the Power of Template Engines
The different types of template engines
View helpers and application-level data
Sharing code between templates with partial views
DRY templates with layouts
Template engine consolidation with consolidate.js
View caching in production
Integrating a template engine with Express
Choosing a template engine
Summary
5
Reusable Patterns for a DRY Code Base
Reusable Patterns for a DRY Code Base
Creating the MovieApp sample application
Error checks and callback functions
Tiny modules for better control flow
Ensuring a single callback execution
Extending objects in a reusable way
A simple way to create custom errors
Summary
6
Error Handling
Error Handling
Runtime (operational) errors and human errors
Ways of delivering errors in the Node applications
Strings instead of errors as an antipattern
Improving stack traces
Handling uncaught exceptions
Logging errors
Creating a custom Express error handler
Richer errors with VError
Error handling in a practical application
Summary
7
Improving the Application's Performance
Improving the Application's Performance
Serving static resources with Express
Backend improvements
Summary
8
Monitoring Live Applications
Monitoring Live Applications
Logging
Simple tips for improving the application monitoring
Collecting metrics
Useful existing monitoring tools
Ensuring the application uptime
Summary
9
Debugging
Debugging
A better error-handling middleware
Using a debug flag
Debugging routes and middleware
Using the V8 debugger
Debugging memory leaks
Adding a REPL to our Express application
Removing debugging commands
Summary
10
Application Security
Application Security
Running Express applications on privileged ports
Cross-site request forgery protection
Cross-site scripting
HTTP security headers with Helmet
Handling file uploads
Session middleware parameters
Reauthenticating the user for sensitive operations
Summary
11
Testing and Improving Code Quality
Testing and Improving Code Quality
The importance of having automated tests
Testing toolbox
Creating and testing an Express file-sharing application
Running tests before committing in Git
Code coverage
Complexity analysis of our code
Code linting
Load testing
Client-side testing
Continuous Integration
Summary
Index
Index

HTTP security headers with Helmet

We have previously discussed input validation and data sanitization for protection against XSS attacks, but there is another last line of defense we can employ, that is, using the content-security-policy header.

This header allows us to declare resources (such as JavaScript files, images, and stylesheets) that can be served from trusted domains only. The most common CSP directives are as follows:

  • connect-src: This specifies which origin the server is allowed to connect to (this applies to XHR requests, WebSockets, and EventSource)

  • font-src: This defines where the fonts can be loaded from

  • frame-src: This specifies which origins can be embedded as frames

  • img-src, media-src, object-src, and script-src: These define the origins from where images, media elements (audio and video), plugins (flash and others), stylesheets, and JavaScript files can be loaded

By default, the directives are open, which means the resources can be loaded from everywhere. This behavior...

Previous Section
End of Section 5
Next Section