Book Image

Node.js Web Development - Fifth Edition

By : David Herron
Book Image

Node.js Web Development - Fifth Edition

By: David Herron

Overview of this book

Node.js is the leading choice of server-side web development platform, enabling developers to use the same tools and paradigms for both server-side and client-side software. This updated fifth edition of Node.js Web Development focuses on the new features of Node.js 14, Express 4.x, and ECMAScript, taking you through modern concepts, techniques, and best practices for using Node.js. The book starts by helping you get to grips with the concepts of building server-side web apps with Node.js. You’ll learn how to develop a complete Node.js web app, with a backend database tier to help you explore several databases. You'll deploy the app to real web servers, including a cloud hosting platform built on AWS EC2 using Terraform and Docker Swarm, while integrating other tools such as Redis and NGINX. As you advance, you'll learn about unit and functional testing, along with deploying test infrastructure using Docker. Finally, you'll discover how to harden Node.js app security, use Let's Encrypt to provision the HTTPS service, and implement several forms of app security with the help of expert practices. With each chapter, the book will help you put your knowledge into practice throughout the entire life cycle of developing a web app. By the end of this Node.js book, you’ll have gained practical Node.js web development knowledge and be able to build and deploy your own apps on a public web hosting solution.

Related Content you might be interested in

Current Title:

Small book image
Node.js Web Development - Fifth Edition
David Herron
Jul, 2020 | 760 pages
Small book image
Node Cookbook
Bethany Griggs
Nov, 2020 | 512 pages
Table of Contents (19 chapters)
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Get in touch
1
Section 1: Introduction to Node.js
Section 1: Introduction to Node.js
Free Chapter
2
About Node.js
About Node.js
Overview of Node.js
The capabilities of Node.js
Why should you use Node.js?
The Node.js event-driven architecture
Embracing advances in the JavaScript language
Developing microservices or maxiservices with Node.js
Summary
3
Setting Up Node.js
Setting Up Node.js
System requirements
Installing Node.js using package managers
Installing from the source on POSIX-like systems
Installing multiple Node.js instances with nvm
Requirements for installing native code modules
Choosing Node.js versions to use and the version policy
Choosing editors and debuggers for Node.js
Running and testing commands
Advancing Node.js with ECMAScript 2015, 2016, 2017, and beyond
Summary
4
Exploring Node.js Modules
Exploring Node.js Modules
Defining a Node.js module
Finding and loading modules using require and import
Using npm – the Node.js package management system
The Yarn package management system
Summary
5
HTTP Servers and Clients
HTTP Servers and Clients
Sending and receiving events with EventEmitter
Understanding HTTP server applications
HTTP Sniffer – listening to the HTTP conversation
Web application frameworks
Getting started with Express
Creating an Express application to compute Fibonacci numbers
Making HTTPClient requests
Calling a REST backend service from an Express application
Summary
6
Section 2: Developing the Express Application
Section 2: Developing the Express Application
7
Your First Express Application
Your First Express Application
Exploring Promises and async functions in Express router functions
Architecting an Express application in the MVC paradigm
Creating the Notes application
Theming your Express application
Scaling up – running multiple Notes instances
Summary
8
Implementing the Mobile-First Paradigm
Implementing the Mobile-First Paradigm
Understanding the problem – the Notes app isn't mobile-friendly
Learning the mobile-first paradigm theory
Using Twitter Bootstrap on the Notes application
Flexbox and CSS Grids
Mobile-first design for the Notes application
Customizing a Bootstrap build
Summary
9
Data Storage and Retrieval
Data Storage and Retrieval
Remembering that data storage requires asynchronous code
Logging and capturing uncaught errors
Storing notes in a filesystem
Storing notes with the LevelDB datastore
Storing notes in SQL with SQLite3
Storing notes the ORM way with Sequelize
Storing notes in MongoDB
Summary
10
Authenticating Users with a Microservice
Authenticating Users with a Microservice
Creating a user information microservice
Providing login support for the Notes application
Providing Twitter login support for the Notes application
Keeping secrets and passwords secure
Running the Notes application stack
Summary
11
Dynamic Client/Server Interaction with Socket.IO
Dynamic Client/Server Interaction with Socket.IO
Introducing Socket.IO
Initializing Socket.IO with Express
Real-time updates on the Notes homepage
Inter-user chat and commenting for Notes
Summary
12
Section 3: Deployment
Section 3: Deployment
13
Deploying Node.js Applications to Linux Servers
Deploying Node.js Applications to Linux Servers
Notes application architecture and deployment considerations
Traditional Linux deployment for Node.js services
Adjusting Twitter authentication to work on the server
Setting up PM2 to manage Node.js processes
Summary
14
Deploying Node.js Microservices with Docker
Deploying Node.js Microservices with Docker
Setting up Docker on your laptop or computer
Setting up the user authentication service in Docker
Creating FrontNet for the Notes application
Managing multiple containers with Docker Compose
Using Redis for scaling the Notes application stack
Summary
15
Deploying a Docker Swarm to AWS EC2 with Terraform
Deploying a Docker Swarm to AWS EC2 with Terraform
Signing up with AWS and configuring the AWS CLI
An overview of the AWS infrastructure to be deployed
Using Terraform to create an AWS infrastructure
Setting up a Docker Swarm cluster on AWS EC2
Setting up ECR repositories for Notes Docker images
Creating a Docker stack file for deployment to Docker Swarm
Provisioning EC2 instances for a full Docker swarm
Deploying the Notes stack file to the swarm
Summary
16
Unit Testing and Functional Testing
Unit Testing and Functional Testing
Assert <span>–</span> the basis of testing methodologies
Testing a Notes model
Using Docker Swarm to manage test infrastructure
Testing REST backend services
Automating test results reporting
<span>Frontend headless browser testing with Puppeteer</span>
Summary
17
Security in Node.js Applications
Security in Node.js Applications
Implementing HTTPS in Docker for deployed Node.js applications
Using Helmet for across-the-board security in Express applications
Addressing Cross-Site Request Forgery (CSRF) attacks
Denying SQL injection attacks
Scanning for known vulnerabilities in Node.js packages
Using good cookie practices
Hardening the AWS EC2 deployment
AWS EC2 security best practices
Summary
18
Other Books You May Enjoy
Other Books You May Enjoy
Leave a review - let other readers know what you think

Addressing Cross-Site Request Forgery (CSRF) attacks

CSRF attacks are similar to XSS attacks in that both occur across multiple sites. In a CSRF attack, malicious software forges a bogus request on another site. To prevent such an attack, CSRF tokens are generated for each page view. The tokens are to be included as hidden values in HTML FORMs and then checked when the FORM is submitted. A mismatch on the tokens causes the request to be denied.

The csurf package is designed to be used with Express https://www.npmjs.com/package/csurf . In the notes directory, run this:

$ npm install csurf --save

This installs the csurf package, recording the dependency in package.json.

Then install the middleware like so:

import csrf from 'csurf';
...
app.use(cookieParser());
app.use(csrf({ cookie: true }));

The csurf middleware must be installed following the cookieParser middleware.

Next, for every page that includes a FORM, we must generate and send a token with the page. That requires two things...

Previous Section
End of Section 4
Next Section