Book Image

Mastering Web Application Development with Express

By : Alexandru Vladutu
Book Image

Mastering Web Application Development with Express

By: Alexandru Vladutu

Overview of this book

Related Content you might be interested in

Current Title:

Small book image
Mastering Web Application Development with Express
Alexandru Vladutu
Sep, 2014 | 358 pages
No titles found
Table of Contents (18 chapters)
Mastering Web Application Development with Express
Mastering Web Application Development with Express
Credits
Credits
About the Author
About the Author
About the Reviewers
About the Reviewers
www.PacktPub.com
www.PacktPub.com
Preface
Preface
Free Chapter
1
Diving into Express
Diving into Express
The best parts of Express
Comparing Express with other frameworks
Use cases
Express into the wild
The application structure
Summary
2
Component Modularity Using Middleware
Component Modularity Using Middleware
Connecting middleware
The functionality of middleware
Creating configurable middleware
Environment-based loading of middleware
Express routes
Ordering of middleware
Handling errors with middleware
Mounting subapplications
Replicating the middleware system
Summary
3
Creating RESTful APIs
Creating RESTful APIs
An overview of REST
SmartNotes application requirements
Creating RESTful URLs of the application
Implementing the SmartNotes application
API versioning
API rate limiting
Throttling
Facilitating caching
Content negotiation
Summary
4
Leveraging the Power of Template Engines
Leveraging the Power of Template Engines
The different types of template engines
View helpers and application-level data
Sharing code between templates with partial views
DRY templates with layouts
Template engine consolidation with consolidate.js
View caching in production
Integrating a template engine with Express
Choosing a template engine
Summary
5
Reusable Patterns for a DRY Code Base
Reusable Patterns for a DRY Code Base
Creating the MovieApp sample application
Error checks and callback functions
Tiny modules for better control flow
Ensuring a single callback execution
Extending objects in a reusable way
A simple way to create custom errors
Summary
6
Error Handling
Error Handling
Runtime (operational) errors and human errors
Ways of delivering errors in the Node applications
Strings instead of errors as an antipattern
Improving stack traces
Handling uncaught exceptions
Logging errors
Creating a custom Express error handler
Richer errors with VError
Error handling in a practical application
Summary
7
Improving the Application's Performance
Improving the Application's Performance
Serving static resources with Express
Backend improvements
Summary
8
Monitoring Live Applications
Monitoring Live Applications
Logging
Simple tips for improving the application monitoring
Collecting metrics
Useful existing monitoring tools
Ensuring the application uptime
Summary
9
Debugging
Debugging
A better error-handling middleware
Using a debug flag
Debugging routes and middleware
Using the V8 debugger
Debugging memory leaks
Adding a REPL to our Express application
Removing debugging commands
Summary
10
Application Security
Application Security
Running Express applications on privileged ports
Cross-site request forgery protection
Cross-site scripting
HTTP security headers with Helmet
Handling file uploads
Session middleware parameters
Reauthenticating the user for sensitive operations
Summary
11
Testing and Improving Code Quality
Testing and Improving Code Quality
The importance of having automated tests
Testing toolbox
Creating and testing an Express file-sharing application
Running tests before committing in Git
Code coverage
Complexity analysis of our code
Code linting
Load testing
Client-side testing
Continuous Integration
Summary
Index
Index

Cross-site request forgery protection

Cross-site request forgery (CSRF) is an attack that exploits the fact that a user is logged in to a site to make a malicious request to that website with the user's browser. For example, the user can be tricked into visiting a page that's making a background request to another website for which the user is authenticated.

Let's create a simple Express application that allows users to place orders. Since we're just trying to showcase how to be protected against CSRF attacks, we won't have a login system; just suppose that it's a single-user application this time. All the orders will be stored into memory.

This application will have two pages: the home page that allows the user to place an order, and the orders page that lists all the orders made by the user. Besides the two pages mentioned, there is another Express route to place an order.

Along with express, we will also need to install the body-parser and ejs modules for this example. The server.js file...

Previous Section
End of Section 3
Next Section