Node.js Web Development

Node.js Web Development

by David Herron
Released July 2020
Publisher(s): Packt Publishing
ISBN: 9781838987572

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Book description

Build scalable web applications using Node.js, Express.js, and the latest ECMAScript techniques, along with deploying applications with AWS and Docker with this updated fifth edition

Key Features

  • Learn backend web programming with the JavaScript stack
  • Explore best practices, right from configuring and building web servers to deploying them on a production cloud hosting system: AWS using Docker and Terraform
  • Work through the different stages of developing robust and scalable apps using Node.js 14

Book Description

Node.js is the leading choice of server-side web development platform, enabling developers to use the same tools and paradigms for both server-side and client-side software. This updated fifth edition of Node.js Web Development focuses on the new features of Node.js 14, Express 4.x, and ECMAScript, taking you through modern concepts, techniques, and best practices for using Node.js.

The book starts by helping you get to grips with the concepts of building server-side web apps with Node.js. You'll learn how to develop a complete Node.js web app, with a backend database tier to help you explore several databases. You'll deploy the app to real web servers, including a cloud hosting platform built on AWS EC2 using Terraform and Docker Swarm, while integrating other tools such as Redis and NGINX. As you advance, you'll learn about unit and functional testing, along with deploying test infrastructure using Docker. Finally, you'll discover how to harden Node.js app security, use Let's Encrypt to provision the HTTPS service, and implement several forms of app security with the help of expert practices. With each chapter, the book will help you put your knowledge into practice throughout the entire life cycle of developing a web app.

By the end of this Node.js book, you'll have gained practical Node.js web development knowledge and be able to build and deploy your own apps on a public web hosting solution.

What you will learn

  • Install and use Node.js 14 and Express 4.17 for both web development and deployment
  • Implement RESTful web services using the Restify framework
  • Develop, test, and deploy microservices using Docker, Docker Swarm, and Node.js, on AWS EC2 using Terraform
  • Get up to speed with using data storage engines such as MySQL, SQLite3, and MongoDB
  • Test your web applications using unit testing with Mocha, and headless browser testing with Puppeteer
  • Implement HTTPS using Let's Encrypt and enhance application security with Helmet

Who this book is for

If you're looking for an alternative to the 'P' languages (Perl, PHP, and Python), or if you want to get started with server-side web development with JavaScript programming, or if you want a deep dive into deploying services to cloud hosting, this Node.js book is for you. A rudimentary understanding of JavaScript and web application development is a must before you get started with this book.

Publisher resources

Download Example Code

Table of contents

  1. Title Page
  2. Copyright and Credits
    1. Node.js Web Development<br /> <em>Fifth Edition</em>
  3. Dedication
  4. About Packt
    1. Why subscribe?
  5. Contributors
    1. About the author
    2. About the reviewers
    3. Packt is searching for authors like you
  6. Preface
    1. Who this book is for
    2. What this book covers
    3. To get the most out of this book
      1. Download the example code files
      2. Conventions used
    4. Get in touch
      1. Reviews
  7. Section 1: Introduction to Node.js
  8. About Node.js
    1. Overview of Node.js
    2. The capabilities of Node.js
      1. What are folks doing with Node.js?
      2. Server-side JavaScript
    3. Why should you use Node.js?
      1. Popularity
      2. JavaScript everywhere
      3. Leveraging Google's investment in V8
      4. Leaner, asynchronous, event-driven model
      5. Microservice architecture
      6. Node.js is stronger after a major schism and hostile fork
    4. The Node.js event-driven architecture
      1. The Node.js answer to complexity
      2. Asynchronous requests in Node.js
      3. Performance and utilization
        1. Is Node.js a cancerous scalability disaster?
      4. Server utilization, overhead costs, and environmental impact
    5. Embracing advances in the JavaScript language
      1. Deploying ES2015/2016/2017/2018 JavaScript code
      2. TypeScript and Node.js
    6. Developing microservices or maxiservices with Node.js
    7. Summary
  9. Setting Up Node.js
    1. System requirements
    2. Installing Node.js using package managers
      1. Installing Node.js on macOS with MacPorts
      2. Installing Node.js on macOS with Homebrew
      3. Installing Node.js on Linux, *BSD, or Windows from package management systems
        1. Installing Node.js in WSL
        2. Opening an administrator-privileged PowerShell on Windows
      4. Installing the Node.js distribution from nodejs.org
    3. Installing from the source on POSIX-like systems
      1. Installing prerequisites
      2. Installing developer tools on macOS
      3. Installing from the source for all POSIX-like systems
      4. Installing from the source on Windows
    4. Installing multiple Node.js instances with nvm
      1. Installing nvm on Windows
    5. Requirements for installing native code modules
    6. Choosing Node.js versions to use and the version policy
    7. Choosing editors and debuggers for Node.js
    8. Running and testing commands
      1. Using Node.js's command-line tools
      2. Running a simple script with Node.js
        1. Writing inline async arrow functions
      3. Converting to async functions and the Promise paradigm
      4. Launching a server with Node.js
      5. Using npm, the Node.js package manager
      6. Using npx to execute Node.js packaged binaries
    9. Advancing Node.js with ECMAScript 2015, 2016, 2017, and beyond
      1. Using Babel to use experimental JavaScript features
    10. Summary
  10. Exploring Node.js Modules
    1. Defining a Node.js module
      1. Examining the traditional Node.js module format
      2. Examining the ES6/ES2015 module format
        1. Injected objects in ES6 modules
        2. Computing the missing<span> </span>__dirname<span> </span>variable in ES6 modules
      3. Using CommonJS and ES6 modules together
        1. Using ES6 modules from CommonJS using import()
      4. Hiding implementation details with encapsulation in CommonJS and ES6 modules
      5. <span>Using JSON modules</span>
      6. Supporting ES6 modules on older Node.js versions
    2. Finding and loading modules using require and import
      1. Understanding File modules
        1. The ES6 import statement takes a URL
      2. Understanding the Node.js core modules
      3. Using a directory as a module
      4. Comparing installed packages and modules
      5. Finding the installed package in the file system
        1. Handling multiple versions of the same installed package
      6. Searching for globally installed packages
      7. Reviewing module identifiers and pathnames
      8. Using deep import module specifiers
        1. Overriding a deep import module identifier
      9. Studying an example project directory structure
      10. Loading modules using require, import, and import()
    3. Using npm – the Node.js package management system
      1. The npm package format
      2. Accessing npm helpful documentation
      3. Initializing a Node.js package or project with npm init
      4. Finding npm packages
        1. The package.json fields that help finding packages
      5. Installing an npm package
      6. Installing a package by version number
      7. Installing packages from outside the npm repository
      8. Global package installs
        1. Avoiding global module installation
      9. <span>Maintaining package dependencies with npm</span>
        1. Automatically updating package.json dependencies
        2. Fixing bugs by updating package dependencies
      10. Explicitly specifying package dependency version numbers
      11. Packages that install commands
        1. Configuring the PATH variable to handle locally installed commands
        2. Configuring the PATH variable on Windows
        3. Avoiding modifications to the PATH variable
      12. <span>Updating packages you've installed when they're outdated</span>
      13. Automating tasks with scripts in package.json
      14. Declaring Node.js version compatibility
      15. Publishing an npm package
    4. The Yarn package management system
    5. Summary
  11. HTTP Servers and Clients
    1. Sending and receiving events with EventEmitter
      1. JavaScript classes and class <span><span>i</span></span>nheritance
      2. The EventEmitter class
      3. The EventEmitter theory
    2. Understanding HTTP server applications
      1. ES2015 multiline and template strings
    3. HTTP Sniffer – listening to the HTTP conversation
    4. Web application frameworks
    5. Getting started with Express
      1. <span>Setting environment variables in the Windows cmd.exe command line</span>
      2. Walking through the default Express application
      3. Understanding Express middleware
      4. Contrasting middleware and request handlers
      5. Error handling
    6. Creating an Express application to compute Fibonacci numbers
      1. Computationally intensive code and the Node.js event loop
        1. Algorithmic refactoring
    7. Making HTTPClient requests
    8. Calling a REST backend service from an Express application
      1. Implementing a simple REST server with Express
      2. Refactoring the Fibonacci application to call the REST service
      3. Some RESTful modules and frameworks
    9. Summary
  12. Section 2: Developing the Express Application
  13. Your First Express Application
    1. Exploring Promises and async functions in Express router functions
      1. Promises and error handling in Express router functions
      2. Integrating async functions with Express router functions
    2. Architecting an Express application in the MVC paradigm
    3. Creating the Notes application
      1. Rewriting the generated router module as an ES6 module
      2. Creating the Notes application wiring – app.mjs
      3. Implementing the Notes data storage model
        1. Data hiding in ES-2015 class definitions
      4. Implementing an in-memory Notes datastore
      5. The Notes home page
      6. Adding a new note – create
      7. Viewing notes – read
      8. Editing an existing note – update
      9. Deleting notes – destroy
    4. Theming your Express application
    5. Scaling up – running multiple Notes instances
    6. Summary
  14. Implementing the Mobile-First Paradigm
    1. Understanding the problem – the Notes app isn't mobile-friendly
    2. Learning the mobile-first paradigm theory
    3. Using Twitter Bootstrap on the Notes application
      1. Setting up Bootstrap
      2. Adding Bootstrap to the Notes application
      3. Alternative layout frameworks
    4. Flexbox and CSS Grids
    5. Mobile-first design for the Notes application
      1. Laying the Bootstrap grid foundation
      2. Responsive page structure for the Notes application
      3. Using icon libraries and improving visual appeal
      4. Responsive page header navigation bar
      5. Improving the Notes list on the front page
      6. Cleaning up the note viewing experience
      7. Cleaning up the add/edit note form
      8. Cleaning up the delete-note window
    6. Customizing a Bootstrap build
      1. Using third-party custom Bootstrap themes
    7. Summary
  15. Data Storage and Retrieval
    1. Remembering that data storage requires asynchronous code
    2. Logging and capturing uncaught errors
      1. Request logging with morgan
      2. Debugging messages
      3. Capturing stdout and stderr
      4. Capturing uncaught exceptions and unhandled rejected Promises
    3. Storing notes in a filesystem
      1. Dynamically importing ES6 modules
      2. Running the Notes application with filesystem storage
    4. Storing notes with the LevelDB datastore
      1. Closing database connections when closing the process
    5. Storing notes in SQL with SQLite3
      1. The SQLite3 database schema
      2. The SQLite3 model code
      3. Running Notes with SQLite3
    6. Storing notes the ORM way with Sequelize
      1. Configuring Sequelize and connecting to a database
      2. Creating a Sequelize model for the Notes application
      3. Running the Notes application with Sequelize
    7. Storing notes in MongoDB
      1. A MongoDB model for the Notes application
      2. Running the Notes application with MongoDB
    8. Summary
  16. Authenticating Users with a Microservice
    1. Creating a user information microservice
      1. Developing the user information model
      2. Creating a REST server for user information
        1. Creating a command-line tool to test and administer the user authentication server
        2. Creating a user in the user information database
        3. Reading user data from the user information service
        4. Updating user information in the user information service
        5. Deleting a user record from the user information service
        6. Checking the user's password in the user information service
    2. Providing login support for the Notes application
      1. Accessing the user authentication REST API
      2. Incorporating login and logout routing functions in the Notes application
        1. Login/logout changes to app.mjs
        2. Login/logout changes in routes/index.mjs
        3. Login/logout changes required in routes/notes.mjs
        4. Viewing template changes supporting login/logout
      3. Running the Notes application with user authentication
    3. Providing Twitter login support for the Notes application
      1. Registering an application with Twitter
        1. Storing authentication tokens
      2. Implementing TwitterStrategy
    4. Keeping secrets and passwords secure
      1. Adding password encryption to the user information service
      2. Implementing encrypted password support in the Notes application
    5. Running the Notes application stack
    6. Summary
  17. Dynamic Client/Server Interaction with Socket.IO
    1. Introducing Socket.IO
    2. Initializing Socket.IO with Express
    3. Real-time updates on the Notes homepage
      1. Refactoring the NotesStore classes to emit events
      2. Real-time changes in the Notes home page
        1. Changing the home page and layout templates
        2. Adding a Socket.IO client to the Notes home page
        3. Running Notes with real-time home page updates
      3. A word on enabling debug tracing in Socket.IO code
      4. Real-time action while viewing notes
        1. Changing the note view template for real-time action
        2. Running Notes with pseudo-real-time updates while viewing a note
    4. Inter-user chat and commenting for Notes
      1. Data model for storing messages
      2. Adding support for messages to the Notes router
      3. Changing the note view template for messages
        1. Composing messages on the Note view page
        2. Showing any existing messages on the Note view page
        3. Deleting messages on the Notes view page
        4. Running Notes and passing messages
    5. Summary
  18. Section 3: Deployment
  19. Deploying Node.js Applications to Linux Servers
    1. Notes application architecture and deployment considerations
    2. Traditional Linux deployment for Node.js services
      1. Installing Multipass
        1. Handling a failure to launch Multipass instances on Windows
      2. Provisioning a server for the user authentication service
        1. Testing the deployed user authentication service
      3. Script execution in PowerShell on Windows
      4. Provisioning a server for the Notes service
    3. Adjusting Twitter authentication to work on the server
    4. Setting up PM2 to manage Node.js processes
      1. Familiarizing ourselves with PM2
      2. Scripting the PM2 setup on Multipass
      3. Integrating the PM2 setup as persistent background processes
    5. Summary
  20. Deploying Node.js Microservices with Docker
    1. Setting up Docker on your laptop or computer
      1. Installing and starting Docker with Docker for Windows or macOS
      2. Familiarizing ourselves with Docker
    2. Setting up the user authentication service in Docker
      1. Launching a MySQL container in Docker
      2. The ephemeral nature of Docker containers
      3. Defining the Docker architecture for the authentication service
      4. Creating the MySQL container for the authentication service
        1. Security in the database container
      5. Dockerizing the authentication service
        1. Creating the authentication service Dockerfile
        2. Building and running the authentication service Docker container
      6. Exploring<span> </span>AuthNet
    3. Creating FrontNet for the Notes application
      1. MySQL container for the<span> </span>Notes application
      2. Dockerizing the Notes application
    4. Managing multiple containers with Docker Compose
      1. Docker Compose file for the Notes stack
      2. Building and running the Notes application with Docker Compose
    5. Using Redis for scaling the Notes application stack
      1. Testing session management with multiple Notes service instances
      2. Storing Express/Passport<span> </span>session data in a Redis server
      3. Distributing Socket.IO messages using Redis
    6. Summary
  21. Deploying a Docker Swarm to AWS EC2 with Terraform
    1. Signing up with AWS and configuring the AWS CLI
      1. Finding your way around the AWS account
      2. Setting up the AWS CLI using<span> </span>AWS authentication credentials
      3. Creating an IAM user account, groups, and roles
        1. Creating an EC2 key pair
    2. An overview of the AWS infrastructure to be deployed
    3. Using Terraform to create an AWS infrastructure
      1. Configuring an AWS VPC with Terraform
        1. Configuring the AWS gateway and subnet resources
      2. Deploying the infrastructure to AWS using Terraform
    4. Setting up a Docker Swarm cluster on AWS EC2
      1. Deploying a single-node Docker Swarm on a single EC2 instance
        1. Adding an EC2 instance and configuring Docker
        2. Launching the EC2 instance on AWS
        3. Handling the AWS EC2 key-pair file
        4. Testing the initial Docker Swarm
      2. Setting up remote control access to a Docker Swarm hosted on EC2
    5. Setting up ECR repositories for Notes Docker images
      1. Using environment variables for AWS CLI commands
      2. Defining a process to build Docker images and push them to the AWS ECR
    6. Creating a Docker stack file for deployment to Docker Swarm
      1. Creating a Docker stack file from the Notes Docker compose file
        1. Placing containers across the swarm
        2. Configuring secrets in Docker Swarm
        3. Persisting data in a Docker swarm
    7. Provisioning EC2 instances for a full Docker swarm
      1. Configuring EC2 instances and connecting to the swarm
      2. Implementing semi-automatic initialization of the Docker Swarm
      3. Preparing the Docker Swarm before deploying the Notes stack
    8. Deploying the Notes stack file to the swarm
      1. Preparing to deploy the Notes stack to the swarm
      2. Deploying the Notes stack to the swarm
        1. Verifying the correct launch of the Notes application stack
        2. Diagnosing a failure to launch the database services
      3. Testing the deployed Notes application
        1. Logging in with a regular account on Notes
        2. Diagnosing an inability to log in with Twitter credentials
      4. Scaling the Notes instances
    9. Summary
  22. Unit Testing and Functional Testing
    1. Assert <span>–</span> the basis of testing methodologies
    2. Testing a Notes model
      1. Mocha and Chai­ <span>–</span> the chosen test tools
      2. Notes model test suite
        1. Creating the initial Notes model test case
        2. Running the first test case
        3. Adding some tests
        4. More tests for the Notes model
        5. Diagnosing test failures
        6. Testing against databases that require server setup <span>–</span> MySQL and MongoDB
    3. Using Docker Swarm to manage test infrastructure
      1. Using Docker Swarm to deploy test infrastructure
      2. Executing tests under Docker Swarm
        1. MongoDB setup under Docker and testing Notes against MongoDB
    4. Testing REST backend services
    5. Automating test results reporting
    6. <span>Frontend headless browser testing with Puppeteer</span>
      1. Setting up a Puppeteer-based testing project directory
      2. Creating an initial Puppeteer test for the Notes application stack
        1. Executing the initial Puppeteer test
      3. Testing login/logout functionality in Notes
      4. Testing the ability to add Notes
      5. Implementing negative tests with Puppeteer
        1. Testing login with a bad user ID
        2. Testing a response to a bad URL
      6. Improving testability in the Notes UI
    7. Summary
  23. Security in Node.js Applications
    1. Implementing HTTPS in Docker for deployed Node.js applications
      1. Assigning a domain name for an application deployed on AWS EC2
      2. Updating the Twitter application
      3. Planning how to use Let's Encrypt
      4. Using NGINX and Let's Encrypt in Docker to implement HTTPS for Notes
        1. Adding the Cronginx container to support HTTPS on Notes
        2. Creating an NGINX configuration to support registering domains with Let's Encrypt
        3. Adding the required directories on the EC2 host
        4. Deploying the EC2 cluster and Docker swarm
        5. Registering a domain with Let's Encrypt
      5. Implementing an NGINX HTTPS configuration using Let's Encrypt certificates
      6. Testing HTTPS support for the Notes application
    2. Using Helmet for across-the-board security in Express applications
      1. Using Helmet to set the Content-Security-Policy header
        1. Making the ContentSecurityPolicy configurable
      2. Using Helmet to set the X-DNS-Prefetch-Control header
      3. Using Helmet to control enabled browser features using the Feature-Policy header
      4. Using Helmet to set the X-Frame-Options header
      5. Using Helmet to remove the X-Powered-By header
      6. Improving HTTPS with Strict Transport Security
      7. Mitigating XSS attacks with Helmet
    3. Addressing Cross-Site Request Forgery (CSRF) attacks
    4. Denying SQL injection attacks
    5. Scanning for known vulnerabilities in Node.js packages
    6. Using good cookie practices
    7. Hardening the AWS EC2 deployment
    8. AWS EC2 security best practices
    9. Summary
  24. Other Books You May Enjoy
    1. Leave a review - let other readers know what you think

Product information

  • Title: Node.js Web Development
  • Author(s): David Herron
  • Release date: July 2020
  • Publisher(s): Packt Publishing
  • ISBN: 9781838987572