book

Web Development with Node and Express, 2nd Edition

Name: Web Development with Node and Express, 2nd Edition
Author: Ethan Brown
ISBN: 9781492053514

by Ethan Brown

November 2019

Intermediate to advanced

343 pages

8h 59m

English

O'Reilly Media, Inc.

Read now

Unlock full access

Preface
Who This Book Is ForNotes on the Second EditionHow This Book Is OrganizedExample WebsiteConventions Used in This BookUsing Code ExamplesO’Reilly Online LearningHow to Contact UsAcknowledgments
1. Introducing Express
The JavaScript RevolutionIntroducing ExpressServer-Side and Client-Side ApplicationsA Brief History of ExpressNode: A New Kind of Web ServerThe Node EcosystemLicensingConclusion
2. Getting Started with Node
Getting NodeUsing the TerminalEditorsnpmA Simple Web Server with NodeHello WorldEvent-Driven ProgrammingRoutingServing Static ResourcesOnward to Express
3. Saving Time with Express
ScaffoldingThe Meadowlark Travel WebsiteInitial StepsViews and LayoutsStatic Files and ViewsDynamic Content in ViewsConclusion
4. Tidying Up
File and Directory StructureBest PracticesVersion ControlHow to Use Git with This BookIf You’re Following Along by Doing It YourselfIf You’re Following Along by Using the Official Repositorynpm PackagesProject MetadataNode ModulesConclusion
5. Quality Assurance
The QA PlanQA: Is It Worth It?Logic Versus PresentationThe Types of TestsOverview of QA TechniquesInstalling and Configuring JestUnit TestingMockingRefactoring the Application for TestabilityWriting Our First TestTest MaintenanceCode CoverageIntegration TestingLintingContinuous IntegrationConclusion
6. The Request and Response Objects
The Parts of a URLHTTP Request MethodsRequest HeadersResponse HeadersInternet Media TypesRequest BodyThe Request ObjectThe Response ObjectGetting More InformationBoiling It DownRendering ContentProcessing FormsProviding an APIConclusion
7. Templating with Handlebars
There Are No Absolute Rules Except This OneChoosing a Template EnginePug: A Different ApproachHandlebars BasicsCommentsBlocksServer-Side TemplatesViews and LayoutsUsing Layouts (or Not) in ExpressSectionsPartialsPerfecting Your TemplatesConclusion
8. Form Handling
Sending Client Data to the ServerHTML FormsEncodingDifferent Approaches to Form HandlingForm Handling with ExpressUsing Fetch to Send Form DataFile UploadsFile Uploads with FetchImproving File Upload UIConclusion
9. Cookies and Sessions
Externalizing CredentialsCookies in ExpressExamining CookiesSessionsMemory StoresUsing SessionsUsing Sessions to Implement Flash MessagesWhat to Use Sessions ForConclusion

10. Middleware
Middleware PrinciplesMiddleware ExamplesCommon MiddlewareThird-Party MiddlewareConclusion
11. Sending Email
SMTP, MSAs, and MTAsReceiving EmailEmail HeadersEmail FormatsHTML EmailNodemailerSending MailSending Mail to Multiple RecipientsBetter Options for Bulk EmailSending HTML EmailImages in HTML EmailUsing Views to Send HTML EmailEncapsulating Email FunctionalityConclusion
12. Production Concerns
Execution EnvironmentsEnvironment-Specific ConfigurationRunning Your Node ProcessScaling Your WebsiteScaling Out with App ClustersHandling Uncaught ExceptionsScaling Out with Multiple ServersMonitoring Your WebsiteThird-Party Uptime MonitorsStress TestingConclusion
13. Persistence
Filesystem PersistenceCloud PersistenceDatabase PersistenceA Note on PerformanceAbstracting the Database LayerSetting Up MongoDBMongooseDatabase Connections with MongooseCreating Schemas and ModelsSeeding Initial DataRetrieving DataAdding DataPostgreSQLAdding DataUsing a Database for Session StorageConclusion
14. Routing
Routes and SEOSubdomainsRoute Handlers Are MiddlewareRoute Paths and Regular ExpressionsRoute ParametersOrganizing RoutesDeclaring Routes in a ModuleGrouping Handlers LogicallyAutomatically Rendering ViewsConclusion
15. REST APIs and JSON
JSON and XMLOur APIAPI Error ReportingCross-Origin Resource SharingOur TestsUsing Express to Provide an APIConclusion
16. Single-Page Applications
A Short History of Web Application DevelopmentSPA TechnologiesCreating a React AppReact BasicsThe Home PageRoutingVacations Page—Visual DesignVacations Page—Server IntegrationSending Information to the ServerState ManagementDeployment OptionsConclusion
17. Static Content
Performance ConsiderationsContent Delivery NetworksDesigning for CDNsServer-Rendered WebsiteSingle-Page ApplicationsCaching Static AssetsChanging Your Static ContentConclusion
18. Security
HTTPSGenerating Your Own CertificateUsing a Free Certificate AuthorityPurchasing a CertificateEnabling HTTPS for Your Express AppA Note on PortsHTTPS and ProxiesCross-Site Request ForgeryAuthenticationAuthentication Versus AuthorizationThe Problem with PasswordsThird-Party AuthenticationStoring Users in Your DatabaseAuthentication Versus Registration and the User ExperiencePassportRole-Based AuthorizationAdding Authentication ProvidersConclusion
19. Integrating with Third-Party APIs
Social MediaSocial Media Plugins and Site PerformanceSearching for TweetsRendering TweetsGeocodingGeocoding with GoogleGeocoding Your DataDisplaying a MapWeather DataConclusion
20. Debugging
The First Principle of DebuggingTake Advantage of REPL and the ConsoleUsing Node’s Built-in DebuggerNode Inspector ClientsDebugging Asynchronous FunctionsDebugging ExpressConclusion
21. Going Live
Domain Registration and HostingDomain Name SystemSecurityTop-Level DomainsSubdomainsNameserversHostingDeploymentConclusion
22. Maintenance
The Principles of MaintenanceHave a Longevity PlanUse Source ControlUse an Issue TrackerExercise Good HygieneDon’t ProcrastinateDo Routine QA ChecksMonitor AnalyticsOptimize PerformancePrioritize Lead TrackingPrevent “Invisible” FailuresCode Reuse and RefactoringPrivate npm RegistryMiddlewareConclusion
23. Additional Resources
Online DocumentationPeriodicalsStack OverflowContributing to ExpressConclusion
Index

Content preview from Web Development with Node and Express, 2nd Edition

Chapter 8. Form Handling

The usual way you collect information from your users is to use HTML forms. Whether you let the browser submit the form normally, use Ajax, or employ fancy frontend controls, the underlying mechanism is generally still an HTML form. In this chapter, we’ll discuss the different methods for handling forms, form validation, and file uploads.

Sending Client Data to the Server

Broadly speaking, your two options for sending client data to the server are the querystring and the request body. Normally, if you’re using the querystring, you’re making a GET request, and if you’re using the request body, you’re using a POST request. (The HTTP protocol doesn’t prevent you from doing it the other way around, but there’s no point to it: best to stick to standard practice here.)

It is a common misperception that POST is secure and GET is not: in reality, both are secure if you use HTTPS, and neither is secure if you don’t. If you’re not using HTTPS, an intruder can look at the body data for a POST just as easily as the querystring of a GET request. However, if you’re using GET requests, your users will see all of their input (including hidden fields) in the querystring, which is ugly and messy. Also, browsers often place limits on querystring length (there is no such restriction for body length). For these reasons, I generally recommend using POST for form submission.

HTML Forms

This book is focusing on the server side, but it’s important to understand some basics ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Publisher Resources

ISBN: 9781492053507Errata Page

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design