Book Image

Node Cookbook - Third Edition

By : David Mark Clements, Mathias Buus Madsen, Peter Elger, Matteo Collina
Book Image

Node Cookbook - Third Edition

By: David Mark Clements, Mathias Buus Madsen, Peter Elger, Matteo Collina

Overview of this book

Today's web demands efficient real-time applications and scalability. Asynchronous event-driven programming is ideal for this, and this is where Node.js comes in. Server-side JavaScript has been here since the 90s, but Node got it right. With Node for tooling and server-side logic, and a browser-based client-side UI, everything is JavaScript. This leads to rapid, fluid development cycles. The full-stack, single language experience means less context-switching between languages for developers, architects and whole teams. This book shows you how to build fast, efficient, and scalable client-server solutions using the latest versions of Node. The book begins with debugging tips and tricks of the trade, and how to write your own modules. Then you'll learn the fundamentals of streams in Node.js, discover I/O control, and how to implement the different web protocols. You'll find recipes for integrating databases such as MongoDB, MySQL/MariaDB, Postgres, Redis, and LevelDB. We also cover the options for building web application with Express, Hapi and Koa. You will then learn about security essentials in Node.js and advanced optimization tools and techniques. By the end of the book you will have acquired the level of expertise to build production-ready and scalable Node.js systems. The techniques and skills you will learn in this book are based on the best practices developed by nearForm, one of the leaders in Node implementations, who supported the work of the authors on this book.

Related Content you might be interested in

Current Title:

Small book image
Node Cookbook - Third Edition
David Mark Clements | Mathias Buus Madsen | Peter Elger | Matteo Collina
Jul, 2017 | 656 pages
Small book image
Node Cookbook
Bethany Griggs
Nov, 2020 | 512 pages
Small book image
Mastering Node.js
Kevin Faaborg | Sandro Pasquali
Dec, 2017 | 498 pages
Small book image
Server Side development with Node.js and Koa.js Quick Start Guide
Olayinka Omole
Nov, 2018 | 132 pages
Table of Contents (12 chapters)
Preface
Preface
What this book covers
What you need for this book
Who this book is for
Conventions
Reader feedback
Customer support
Free Chapter
1
Debugging process*
Debugging process*
Introduction
Debugging Node with Chrome Devtools
Enhancing stack trace output
Enabling debug logs
Enabling core debug logs
2
Writing Modules
Writing Modules
Introduction
Scaffolding a module
Installing dependencies
Writing module code
Publishing a module
Using a private repository
3
Coordinating I/O
Coordinating I/O
Introduction
Interfacing with standard I/O
Working with files
Fetching metadata
Watching files and directories
Communicating over sockets
4
Using Streams
Using Streams
Introduction
Processing Big Data
Using the pipe method
Piping streams in production
Creating transform streams
Creating readable and writable streams
Decoupling I/O
5
Wielding Web Protocols
Wielding Web Protocols
Introduction
Creating an HTTP server
Receiving POST data
Handling file uploads
Making an HTTP POST request
Communicating with WebSockets
Creating an SMTP server
6
Persisting to Databases
Persisting to Databases
Introduction
Connecting and sending SQL to a MySQL server
Connecting and sending SQL to a Postgres server
Storing and retrieving data with MongoDB
Storing and retrieving data with Redis
Embedded persistence with LevelDB
7
Working with Web Frameworks
Working with Web Frameworks
Introduction
Creating an express web app
Creating a Hapi web app
Creating a Koa web app
Adding a view layer
Adding logging
Implementing authentication
8
Dealing with Security
Dealing with Security
Introduction
Detecting dependency vulnerabilities
Hardening headers in web frameworks
Anticipating malicious input
Guarding against Cross Site Scripting (XSS)
Preventing Cross Site Request Forgery
9
Optimizing Performance
Optimizing Performance
Introduction
Benchmarking HTTP
Finding bottlenecks with flamegraphs
Optimizing a synchronous function call
Optimizing asynchronous callbacks
Profiling memory
10
Building Microservice Systems
Building Microservice Systems
Introduction
Consuming a service
Setting up a development environment
Standardizing service boilerplate
Using containerized infrastructure
Service discovery with DNS
Adding a Queue Based Service
11
Deploying Node.js
Deploying Node.js
Introduction
Building a container for a Node.js process
Running a Docker registry
Storing images on DockerHub
Deploying a container to Kubernetes
Creating a deployment pipeline
Deploying a full system
Deploying to the cloud

Preventing Cross Site Request Forgery

The browser security model, where a session cookie is valid globally among all windows/tabs, allows for a request to be made with the privileges of the logged in user.

Where Cross Site Scripting (XSS) is making code delivered through one place (be it a malicious site, email, text message, downloaded file, and so on), execute on another site, Cross Site Request Forgery is the act of making a request from one place (again either a malicious site or otherwise) to another site that a user is logged into - that is where they have an open HTTP Session.

In short, XSS is running malicious code on another site and CSRF is making a request to another site that executes an action on a logged in users behalf.

In this recipe, we're going to secure a server against CSRF attacks.

...
Previous Section
End of Chapter 8
Next Chapter