Book Image

Node.js Web Development - Fifth Edition

By : David Herron

Book Image

Node.js Web Development - Fifth Edition

By: David Herron

Overview of this book

Node.js is the leading choice of server-side web development platform, enabling developers to use the same tools and paradigms for both server-side and client-side software. This updated fifth edition of Node.js Web Development focuses on the new features of Node.js 14, Express 4.x, and ECMAScript, taking you through modern concepts, techniques, and best practices for using Node.js. The book starts by helping you get to grips with the concepts of building server-side web apps with Node.js. You’ll learn how to develop a complete Node.js web app, with a backend database tier to help you explore several databases. You'll deploy the app to real web servers, including a cloud hosting platform built on AWS EC2 using Terraform and Docker Swarm, while integrating other tools such as Redis and NGINX. As you advance, you'll learn about unit and functional testing, along with deploying test infrastructure using Docker. Finally, you'll discover how to harden Node.js app security, use Let's Encrypt to provision the HTTPS service, and implement several forms of app security with the help of expert practices. With each chapter, the book will help you put your knowledge into practice throughout the entire life cycle of developing a web app. By the end of this Node.js book, you’ll have gained practical Node.js web development knowledge and be able to build and deploy your own apps on a public web hosting solution.

Preface

Who this book is for

What this book covers

To get the most out of this book

Section 1: Introduction to Node.js

Section 1: Introduction to Node.js

Free Chapter

About Node.js

Overview of Node.js

The capabilities of Node.js

Why should you use Node.js?

The Node.js event-driven architecture

Embracing advances in the JavaScript language

Developing microservices or maxiservices with Node.js

Setting Up Node.js

Setting Up Node.js

System requirements

Installing Node.js using package managers

Installing from the source on POSIX-like systems

Installing multiple Node.js instances with nvm

Requirements for installing native code modules

Choosing Node.js versions to use and the version policy

Choosing editors and debuggers for Node.js

Running and testing commands

Advancing Node.js with ECMAScript 2015, 2016, 2017, and beyond

Exploring Node.js Modules

Exploring Node.js Modules

Defining a Node.js module

Finding and loading modules using require and import

Using npm – the Node.js package management system

The Yarn package management system

HTTP Servers and Clients

HTTP Servers and Clients

Sending and receiving events with EventEmitter

Understanding HTTP server applications

HTTP Sniffer – listening to the HTTP conversation

Web application frameworks

Getting started with Express

Creating an Express application to compute Fibonacci numbers

Making HTTPClient requests

Calling a REST backend service from an Express application

Section 2: Developing the Express Application

Section 2: Developing the Express Application

Your First Express Application

Your First Express Application

Exploring Promises and async functions in Express router functions

Architecting an Express application in the MVC paradigm

Creating the Notes application

Theming your Express application

Scaling up – running multiple Notes instances

Implementing the Mobile-First Paradigm

Implementing the Mobile-First Paradigm

Understanding the problem – the Notes app isn't mobile-friendly

Learning the mobile-first paradigm theory

Using Twitter Bootstrap on the Notes application

Flexbox and CSS Grids

Mobile-first design for the Notes application

Customizing a Bootstrap build

Data Storage and Retrieval

Data Storage and Retrieval

Remembering that data storage requires asynchronous code

Logging and capturing uncaught errors

Storing notes in a filesystem

Storing notes with the LevelDB datastore

Storing notes in SQL with SQLite3

Storing notes the ORM way with Sequelize

Storing notes in MongoDB

Authenticating Users with a Microservice

Authenticating Users with a Microservice

Creating a user information microservice

Providing login support for the Notes application

Providing Twitter login support for the Notes application

Keeping secrets and passwords secure

Running the Notes application stack

Dynamic Client/Server Interaction with Socket.IO

Dynamic Client/Server Interaction with Socket.IO

Introducing Socket.IO

Initializing Socket.IO with Express

Real-time updates on the Notes homepage

Inter-user chat and commenting for Notes

Section 3: Deployment

Section 3: Deployment

Deploying Node.js Applications to Linux Servers

Deploying Node.js Applications to Linux Servers

Notes application architecture and deployment considerations

Traditional Linux deployment for Node.js services

Adjusting Twitter authentication to work on the server

Setting up PM2 to manage Node.js processes

Deploying Node.js Microservices with Docker

Deploying Node.js Microservices with Docker

Setting up Docker on your laptop or computer

Setting up the user authentication service in Docker

Creating FrontNet for the Notes application

Managing multiple containers with Docker Compose

Using Redis for scaling the Notes application stack

Deploying a Docker Swarm to AWS EC2 with Terraform

Deploying a Docker Swarm to AWS EC2 with Terraform

Signing up with AWS and configuring the AWS CLI

An overview of the AWS infrastructure to be deployed

Using Terraform to create an AWS infrastructure

Setting up a Docker Swarm cluster on AWS EC2

Setting up ECR repositories for Notes Docker images

Creating a Docker stack file for deployment to Docker Swarm

Provisioning EC2 instances for a full Docker swarm

Deploying the Notes stack file to the swarm

Unit Testing and Functional Testing

Unit Testing and Functional Testing

Assert <span>–</span> the basis of testing methodologies

Testing a Notes model

Using Docker Swarm to manage test infrastructure

Testing REST backend services

Automating test results reporting

<span>Frontend headless browser testing with Puppeteer</span>

Security in Node.js Applications

Security in Node.js Applications

Implementing HTTPS in Docker for deployed Node.js applications

Using Helmet for across-the-board security in Express applications

Addressing Cross-Site Request Forgery (CSRF) attacks

Denying SQL injection attacks

Scanning for known vulnerabilities in Node.js packages

Using good cookie practices

Hardening the AWS EC2 deployment

AWS EC2 security best practices

Other Books You May Enjoy

Other Books You May Enjoy

Leave a review - let other readers know what you think

Customer Reviews

5 star

0

4 star

0

3 star

0

2 star

0

1 star

0

Keeping secrets and passwords secure

We've cautioned several times about the importance of safely handling user identification information. The intention to handle that data safely is one thing, but it is important to follow through and actually do so. While we're using a few good practices so far, as it stands, the Notes application would not withstand any kind of security audit for the following reasons:

User passwords are kept in clear text in the database.
The authentication tokens for Twitter et al. are in clear text.
The authentication service API key is not a cryptographically secure anything; it's just a clear text universally unique identifier (UUID).

If you don't recognize the phrase clear text, it simply means unencrypted. Anyone could read the text of user passwords or the authentication tokens. It's best to keep both encrypted to avoid information leakage.

Keep this issue in the back of your mind because we'll revisit these—and other...