book

Your First Week With Node.js, 2nd Edition

by James Hibbard, Craig Buckler, Mark Brown, Nilson Jacques, James Kolce, Paul Orac, M. David Green, Florian Rappl

April 2020

Beginner

192 pages

3h 15m

English

SitePoint

Read now

Unlock full access

Notice of RightsNotice of LiabilityTrademark NoticeAbout SitePointAbout Craig Buckler
Who Should Read This Book?Conventions UsedCode SamplesTips, Notes, and WarningsSupplementary Materials
by James HibbardWhat Is Node.js?Node Is Built on Google Chrome’s V8 JavaScript EngineHow Do I Install Node.js?Node Binaries vs Version Manager“Hello, World!” the Node.js WayNode.js Has Excellent Support for Modern JavaScriptIntroducing npm, the JavaScript Package ManagerInstalling a Package GloballyInstalling a Package LocallyWorking with the package.json FileWhat Is Node.js Used For?Node.js Lets Us Run JavaScript on the ServerThe Node.js Execution ModelAre There Any Downsides?“Hello, World!”—Server VersionWhat Kind of Apps Is Node.js Suited To?What Are the Advantages of Node.js?Other Uses of NodeConclusion
by Craig BucklerPrerequisitesProject OverviewPage Hit v1.0: In-memory StorageStep 0 (optional): Source ControlStep 1: InitializationStep 2: Main File (index.js)Step 3: Additional ModulesStep 4: Test PagePage Hit v2.0: File StorageNode.js File System APIStep 1: File UtilitiesStep 2: Modify lib/pagehit.jsStep 3: TestJob Done?
by James HibbardDifferent Module FormatsRequiring a ModuleCreating and Exporting a ModuleExporting Multiple Methods and ValuesVariations in SyntaxExporting a Default ValueWhat’s the Difference Between module.exports and exports?So Which One Should I use?Conclusion
by Mark Brown and James HibbardSetupDisplaying the FormForm SubmissionValidation and SanitizationValidationSanitizationThe Valid FormSending Email with NodeSecurity considerationsTLS over HTTPSWear Your HelmetCross-site Request Forgery (CSRF)Cross-site Scripting (XSS)File UploadsPopulating File InputsUploading Files with NodeThanks for Reading
by Craig BucklerEvaluate CMS Templates and PluginsReduce Client-side CodeOptimize JavaScript CodeUse JavaScript SparinglyAvoid Long-running TasksBind Events SparinglyAnalyze Modified CodeModify the DOM EffectivelyCache Regularly Used NodesMinimize ReflowsBatch-update StylesBatch-update ElementsUse requestAnimationFrameConsider Progressive RenderingUse Server-side RenderingDo You Need a JavaScript or CSS Framework?Use a Static Site GeneratorUse a Build SystemUse Progressive EnhancementAdopt a Performance BudgetCreate a Style GuideSimplify and StreamlineLearn to Love the Web
by Nilson Jacques and James KolceWhat is MVC?Laying out the FoundationStoring Our SettingsDefining the RoutesBuilding the ModelsSetting up the DatabaseCreating Our Note ModelSynchronizing the DatabaseBuilding the ControllersThe Home ControllerBoilerplate of the Note ControllerThe create FunctionThe read FunctionThe update FunctionThe delete FunctionUsing the Note Controller in Our RoutesBuilding the ViewsThe Note ComponentThe Base LayoutThe Home ViewThe Note ViewThe JavaScript on the ClientAdding Support for Views on the ServerSetting the Home ViewSetting the Note View: create FunctionSetting the Note View: read FunctionSetting the Note View: update FunctionServing Static FilesConclusion
by Paul OracPrerequisitesAuthentication Strategies: Session vs JWTCreating the ProjectSetting up ExpressSetting up PassportCreating a MongoDB Data StoreConnecting Mongo to Node with MongooseImplementing Local AuthenticationRoutesThe ClientNext StepsConclusion
by Craig BucklerWhat is Debugging?TerminologyHow to Avoid BugsUse a Good Code EditorUse a Code LinterUse Source ControlAdopt an Issue-tracking SystemUse Test-driven DevelopmentStep AwayNode.js Debugging: Environment VariablesNode.js Debugging: Command Line OptionsConsole DebuggingNode.js util.debuglogDebugging with Log ModulesNode.js V8 InspectorNode.js Debugging with ChromeNode.js Debugging with VS CodeAdvanced Debugging ConfigurationOther Node.js Debugging ToolsGet Debugging!

by M. David GreenWhat Testing IsBasic Assertion Testing Built InThe Existential AssertionAsserting EqualityTesting Edge CasesStructuring Your TestsTest CasesTest SuitesTest HarnessesFixturesTest DoublesFrameworks for Automated TestingJasmine is the OldestJest is the Most PopularMocha/Chai is the Most ComprehensiveCypress is the NewestGet Started Now
by Florian Rappl and Almir BijedicHTTPS EverywhereBasic CommunicationHTTPSGenerating CertificatesCertbotTighetning It UpHTTP Strict Transport SecurityDiffie–Hellman Strong(er) ParametersConclusion
by Nilson JacquesInstalling NGINXInstallation on LinuxInstallation on macOSInstallation on WindowsSetting Up a Node.js ServerConfiguring NGINXSetting Up SSLBonus: Serving Static AssetsConclusion
by Craig Buckler“But it Works on My Machine!”Virtual MachinesDocker OverviewDocker Concepts and TerminologyImagesContainersVolumesNetworksDocker ComposeDevelopment and Production EnvironmentsHow to Install DockerPermission ErrorsHow to Launch a Database ContainerHow to Launch a Node.js ContainerUsing Docker Compose During DevelopmentUsing Docker Compose in ProductionCleaning UpNext Steps

Content preview from Your First Week With Node.js, 2nd Edition

Chapter 4: Forms, File Uploads and Security with Node.js and Express

by Mark Brown and James Hibbard

If you’re building a web application, you’re likely to encounter the need to build HTML forms on day one. They’re a big part of the web experience, and they can be complicated.

Typically the form-handling process involves:

displaying an empty HTML form in response to an initial GET request
user submitting the form with data in a POST request
validation on both the client and the server
re-displaying the form populated with escaped data and error messages if invalid
doing something with the sanitized data on the server if it’s all valid
redirecting the user or showing a success message after data is processed

Handling form data also comes with ...