Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying Node.js Web Development
  • Table Of Contents Toc
Node.js Web Development

Node.js Web Development - Fourth Edition

By : David Herron
3.8 (9)
Buy this Book
close
close
Node.js Web Development

Node.js Web Development

3.8 (9)
By: David Herron
Buy this Book

Overview of this book

Node.js is a server-side JavaScript platform using an event-driven, non-blocking I/O model allowing users to build fast and scalable data-intensive applications running in real time. This book gives you an excellent starting point, bringing you straight to the heart of developing web applications with Node.js. You will progress from a rudimentary knowledge of JavaScript and server-side development to being able to create, maintain, deploy and test your own Node.js application.You will understand the importance of transitioning to functions that return Promise objects, and the difference between fs, fs/promises and fs-extra. With this book you'll learn how to use the HTTP Server and Client objects, data storage with both SQL and MongoDB databases, real-time applications with Socket.IO, mobile-first theming with Bootstrap, microservice deployment with Docker, authenticating against third-party services using OAuth, and use some well known tools to beef up security of Express 4.16 applications.
Table of Contents (14 chapters)
close
close
close
Preface
Icon
Preface
Icon
Who this book is for
Icon
What this book covers
Icon
To get the most out of this book
Icon
Get in touch
Lock Free Chapter
1
About Node.js
Icon
About Node.js
Icon
The capabilities of Node.js
Icon
Why should you use Node.js?
Icon
Threaded versus event-driven architecture
Icon
Embracing advances in the JavaScript language
Icon
Node.js, the microservice architecture, and easily testable systems
Icon
Node.js and the Twelve-Factor app model
Icon
Summary
2
Setting up Node.js
Icon
Setting up Node.js
Icon
System requirements
Icon
Installing Node.js using package managers
Icon
Installing from source on POSIX-like systems
Icon
Installing multiple Node.js instances with nvm
Icon
Native code modules and node-gyp
Icon
Node.js versions policy and what to use
Icon
Editors and debuggers
Icon
Running and testing commands
Icon
NPM – the Node.js package manager
Icon
Node.js, ECMAScript 2015/2016/2017, and beyond 
Icon
Summary
3
Node.js Modules
Icon
Node.js Modules
Icon
Defining a module
Icon
Finding and loading CommonJS and JSON modules using require
Icon
Finding and loading ES6 modules using import
Icon
Hybrid CommonJS/Node.js/ES6 module scenarios
Icon
npm - the Node.js package management system
Icon
The Yarn package management system
Icon
Summary
4
HTTP Servers and Clients
Icon
HTTP Servers and Clients
Icon
Sending and receiving events with EventEmitters
Icon
HTTP server applications
Icon
ES2015 multiline and template strings
Icon
HTTP Sniffer – listening to the HTTP conversation
Icon
Web application frameworks
Icon
Getting started with Express
Icon
Calculating the Fibonacci sequence with an Express application
Icon
Making HTTP Client requests
Icon
Calling a REST backend service from an Express application
Icon
Summary
5
Your First Express Application
Icon
Your First Express Application
Icon
Promises, async functions, and Express router functions
Icon
Express and the MVC paradigm
Icon
Creating the Notes application
Icon
Theming your Express application
Icon
Scaling up – running multiple Notes instances
Icon
Summary
6
Implementing the Mobile-First Paradigm
Icon
Implementing the Mobile-First Paradigm
Icon
Problem – the Notes app isn't mobile friendly
Icon
Mobile-first paradigm
Icon
Using Twitter Bootstrap on the Notes application
Icon
Flexbox and CSS Grids
Icon
Mobile-first design for the Notes application
Icon
Building a customized Bootstrap
Icon
Summary
7
Data Storage and Retrieval
Icon
Data Storage and Retrieval
Icon
Data storage and asynchronous code
Icon
Logging
Icon
Using the ES6 module format
Icon
Storing notes in the filesystem
Icon
Storing notes with the LevelUP data store
Icon
Storing notes in SQL with SQLite3
Icon
Storing notes the ORM way with Sequelize
Icon
Storing notes in MongoDB
Icon
Summary
8
Multiuser Authentication the Microservice Way
chevron up
Icon
Multiuser Authentication the Microservice Way
Icon
Creating a user information microservice
Icon
Securely keeping secrets and passwords
Icon
The Notes application stack
Icon
Summary
9
Dynamic Client/Server Interaction with Socket.IO
Icon
Dynamic Client/Server Interaction with Socket.IO
Icon
Introducing Socket.IO
Icon
Initializing Socket.IO with Express
Icon
Real-time updates on the Notes homepage
Icon
Inter-user chat and commenting for Notes
Icon
Summary
10
Deploying Node.js Applications
Icon
Deploying Node.js Applications
Icon
Notes application architecture and deployment considerations
Icon
Traditional Linux Node.js service deployment
Icon
Node.js microservice deployment with Docker
Icon
Summary
11
Unit Testing and Functional Testing
Icon
Unit Testing and Functional Testing
Icon
Assert – the basis of testing methodologies
Icon
Testing a Notes model
Icon
Using Docker to manage test infrastructure
Icon
Testing REST backend services
Icon
Automating test results reporting
Icon
Frontend headless browser testing with Puppeteer
Icon
Summary
12
Security
Icon
Security
Icon
HTTPS/TLS/SSL using Let's Encrypt
Icon
Put on your Helmet for across-the-board security
Icon
Addressing Cross-Site Request Forgery (CSRF) attacks
Icon
Denying SQL injection attacks
Icon
Scanning for known vulnerabilities
Icon
Using good cookie practices
Icon
Summary
13
Other Books You May Enjoy
Icon
Other Books You May Enjoy
Icon
Leave a review - let other readers know what you think

Securely keeping secrets and passwords

We've cautioned several times about the importance of safely handling user identification information. The intention to safely handle that data is one thing, but it is important to follow through and actually do so. While we're using a few good practices so far, as it stands, the Notes application would not withstand any kind of security audit:

  • User passwords are kept in clear text in the database
  • The authentication tokens for Twitter et al, are in the source code in clear text
  • The authentication service API key is not a cryptographically secure anything, it's just a cleartext UUID

If you don't recognize the phrase clear text, it simply means unencrypted. Anyone could read the text of user passwords or the authentication tokens. It's best to keep both encrypted to avoid information leakage.

Keep this issue in the back of your mind because we'll revisit these and other security issues in Chapter 12Security.

CONTINUE READING
83
Tech Concepts
36
Programming languages
73
Tech Tools
Icon Unlimited access to the largest independent learning library in tech of over 8,000 expert-authored tech books and videos.
Icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Icon 50+ new titles added per month and exclusive early access to books as they are being written.
Node.js Web Development
End of Section 8
Next Section
notes
bookmark Notes and Bookmarks search Search in title playlist Add to playlist download Download options
font-size Font size

Change the font size

margin-width Margin width

Change margin width

day-mode Day/Sepia/Night Modes

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Confirmation

Modal Close icon
claim successful
Order Page Read Now

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY

Submit Your Feedback

Modal Close icon
Modal Close icon
Modal Close icon