Web Development with Node and Express

Node.js uses CommonJS module system.

Import modules: const module = require('module-name')

Export modules: module.exports = something

Node.js provides a set of core modules like fs, http, and path.

Create a module in a separate file and use require to import it.

Read a file: fs.readFile('file.txt', 'utf8', (err, data) ⇒ { /* …​ */ });

Write to a file: fs.writeFile('file.txt', 'data', (err) ⇒ { /* …​ */ });

Handle file and directory paths: const path = require('path');

Use callbacks to handle asynchronous operations.

Promises provide a cleaner way to handle async operations.

Create a Promise with new Promise((resolve, reject) ⇒ { /* …​ */ });

Modern way to handle async operations using async and await keywords.

Core module for handling events in Node.js.

Create and emit custom events using EventEmitter.

Create HTTP servers and clients.

Make HTTP requests using http.get() or http.request().

Popular web framework for building web applications and APIs.

Parse JSON: JSON.parse(jsonString)

Convert an object to JSON: JSON.stringify(jsonObject)

Print messages to the console for debugging.

Debug Node.js applications using the built-in debugger.

Efficiently process data in chunks, such as files or network data.

Read data from a source.

Write data to a destination.

Handle requests with app.get(), app.post(), etc.

Define route parameters with :param.

Access route parameters using req.params.

Define route-specific middleware using app.use().

Middleware functions have access to req (request) and res (response) objects.

Handle errors with app.use() middleware functions with four parameters (error handling middleware).

Redirect requests using res.redirect().

Contains information about the incoming request (e.g., req.params, req.query).

Used to send responses to the client.

res.send(): Send a response.

res.json(): Send JSON response.

res.status(): Set the HTTP status code.

res.render(): Render HTML templates.

Create custom middleware functions using app.use().

Use third-party middleware for tasks like body parsing (body-parser) and authentication (passport).

Integrate templating engines like EJS or Pug using app.set('view engine', 'engine-name').

Render views using res.render().

Design routes following RESTful principles (e.g., /api/users, GET /api/users/:id).

Implement CRUD (Create, Read, Update, Delete) operations for resources.

Serve and consume JSON data for RESTful APIs.

Implement user authentication using middleware (e.g., Passport.js).

Control access to routes using authorization middleware.

Create a global error handler to catch and handle errors.

Use appropriate HTTP status codes (e.g., 404 for not found, 500 for server errors).

Log errors for debugging and monitoring.

Authenticate users with a username and password.

Install passport-local strategy: npm install passport-local

Configure Passport to use the Local Strategy:

Serialize user to the session and deserialize user from the session:

Create routes for login, registration, and logout.

Protect routes by adding passport.authenticate() as middleware.

Implement OAuth authentication with strategies like Google, Facebook, Twitter, etc.

Install passport-oauth strategy: npm install passport-oauth

Configure Passport to use an OAuth strategy:

Handle OAuth callback and redirect URLs.

Protect routes with passport.authenticate() for OAuth authentication.

Implement custom authentication strategies by extending passport.Strategy.

Configure and use custom strategies with Passport.js.

Passport.js manages user sessions.

Serialize and deserialize user objects to/from sessions.

Passport.js uses cookies to store session data.

Implement user roles and permissions to control access to resources.

Create custom authorization middleware functions.

The client initiates the flow by redirecting the user to the authorization server’s authorization endpoint.

Includes client ID, redirect URI, and scope.

The user authenticates with the authorization server.

After successful authentication, the authorization server redirects the user back to the client’s redirect URI with an authorization code.

The client exchanges the authorization code for an access token by making a POST request to the token endpoint.

Includes client credentials, authorization code, and redirect URI.

The authorization server responds with an access token and, optionally, a refresh token.

The client uses the access token to request and access protected resources from the resource server.

Similar to the Authorization Code Flow but returns the access token directly in the URL fragment.

The user authenticates with the authorization server.

The authorization server sends the access token as a URL fragment to the client’s redirect URI.

The client can immediately access protected resources using the access token.

The client directly requests an access token from the authorization server by sending its client credentials (client ID and client secret).

The authorization server responds with an access token.

The client uses the access token to access protected resources from the resource server.

The client requests an access token by sending the user’s credentials (username and password) to the authorization server.

The authorization server responds with an access token.

The client uses the access token to access protected resources from the resource server.

Always use HTTPS to secure communication between the client and the authorization server.

Protect client credentials, and consider using client authentication for all flows.

Implement token expiration and refresh mechanisms to enhance security.

Limit the scope of access requested by the client to the minimum required for its functionality.

Ensure users provide informed consent before granting access to their data.

Implement token revocation to allow users to revoke access.

Safely store tokens on the client-side, using best practices for securing tokens.