5. Serverside JS Scripting with Node.js Flashcards
Powerful runtime environment for executing JavaScript code outside of a web browser and it brings JavaScript laguage to the server-side - enabling developers to build scalable, high performance and event-driven applications.
Node.js
Eliminates the need for context switching and enables code reuse between the front-end and back-end resulting in improved productivity and reduced development time.
allows developers to use JS both on the client-side and server-side providing a unified language and ecosystem.
Node.js has a vast and active ecosystem of modules and libraries available through the
Node Package Manager (npm)
NodeJs is particularly well-suited for building
web apps
APIs
real-time apps requiring instant data updates
bidirectional communications like chat apps
multiplayer games
streaming applications like audio or video processing
real-time analytics
microservices
scalable APIs
single-page apps
Internet of Things deployments
Among other things Node.js is a
web server framework
function when called with either read and serve our index.html
generate a 200 success code
or if there is a problem
generate a 500 error code
server
listening port for app and can be any value between 1 and
65535
calls the server function and modifes port number and writes entry to console.log
listen
used within file system to initialize a new Jode.js project and create a package.json
npm init command
File that serves as the manifest for the project and contains metadata and configuration information about the project, its dependencies, scripts and other details
package.json
to add dependencies you can do it manually or use
npm install <package-name></package-name>
Automatically generated by npm when you install dependencies for your project and serves as a lockfile that ensures deterministic and reproducible builds of your project across different environments.
package-lock.json
The package-lock.json file should be included in version control systems so that other developers or deployment environments can reproduce the exact dependency tree and versions used in the project
version control
directory created by npm as a storage location for all the packages and modules our project relies on and it is where you install packages using npm install, the downloaded packages are placed here.
node_modules
creates hierarchical structure in the node_modules directory
reflects dependency tree of your project.
Lightweight and flexible web framework for Node.js for simplifying the development of web applications and APIs and allows developers to easily handle
routing
middleware
HTTP request/response handling
widely used for building scalable and efficient web applications offering a balance between simplicity and powerful functionality for server-side development
Express.js
File that serves as templates for generating dynamic HTML content and is a popular templating engine that allows you to embed JavaScript code within HTML markeup and each file is a “view” that defines the structure and layout of the rendered web pages.
separate the presentation logic from the application logic
EJS - Embedded JavaScript
Begins by loading al necessary modules, including Express itself, csv-parser for reading our CSV dat and fs to allow our app to work with the local filesystem
app.js
Module is middleware designed to handle different types of request data
JSON payloads
URL-encoded data
provides parsing functionality for these types of data and exposes them as properties of the req.body object.
body-parser module
Method sets EJS as templating engine we will be using and it points to the views/ directory as the location of our tempates files
app.set
Method defines the encoding bodyParser will use .
app .use
Method declares a variable that will be used to hold our CSV data
.let
Method begins by defining the route to be used for requests and responses
app.get
Tells us that we should look in the same local root directory where the app.js file lives
/ forward slash
Value here specifies that we want the options column from our data to act as the index column
row.option
Manages form submission and sends requests from the form page so that the page generated by the result template can be properly managed at the end
app.post
starts a loop using the forEach method to iterate over each element in the data array.
.<% data.forEach((item) => { %>:
generates an <option> element for each item in the data array and the value attribute of the option is set to the value of the item and the text content of the option is also set to the value of the item</option>
.<option><%= item %></option>:
Type of vulnerability where an attacker injects malicious scripts into a web app tht are then executed by unsuspecting users visiting the affected page. this can lead to unauthorized actions or data theft.
Cross-Site Scripting (XSS)
To prevent Cross-Site Scripting attacks - Express.js provides security measures like escaping user input, using secure templating engines and employing content security policies CSP
To restrict execution of scripts.
An attack where the attacker tricks the victim into performing uninted actions on a web application while authenticated
occurs if the app does not vailadate the origin of the request allowing unauthorized requests to be executed on behalf of the victim
Cross-Site Request Forgery (CSRF)
Express.js provides protection against CSRF through middleware - unique values included in forms or requests to verify their authenticity
Cross-Site Request Forgery tokens
The process of ensuring that the data submitted by users through forms or ither input mechanisms meets the expected criteria and is safe to use
User Input Validation
The real language of programmatic data management is
database
Meas the syntax you’ll use for interacting with sqlite database will closely parallel how you’d do it with MariaDB, Amazon Aurora, Oracle, or MS SQL Server
SQL
Structured Query Language
will create a new table and add a single entry
db.js
will add a second entry to the table
db_add.js
will change the details for on or two entries
db_modify.js
will remove an entry
db_delete.js
With this in place when this method is run itl automatically hand the escaping of the variable value, prventing SQL injection.
db.run()
used to UPDATE a record
updateQuery
