The latest articles on Forem by Pranav (@pranavbobde). https://forem.com/pranavbobde https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F722023%2F0743e71f-6a8d-4417-ac92-b32b6caa9faa.png https://forem.com/pranavbobde en Pranav Sat, 20 May 2023 08:51:29 +0000 https://forem.com/pranavbobde/hoisting-isnt-even-real-1obb https://forem.com/pranavbobde/hoisting-isnt-even-real-1obb <p>One of the most famous interview topics - HOISTING, isn't even real.</p> <p>Yes, you heard that right.</p> <p>The word '<strong>hoist</strong>' wasn't even used in the official ECMAScript specifications until the year <strong><em>2015</em></strong>. It was first mentioned in the <strong>ECMAScript 6</strong> specification, which was published in June of that year.</p> <h2> DEFINITION </h2> <p>If you search on Google, this is what you get</p> <p><code>JavaScript Hoisting refers to the process whereby the interpreter appears to move the declaration of functions, variables or classes to the top of their scope, before the execution of the code. Hoisting is not a term normatively defined in the ECMAScript specification.</code></p> <p>Please refer to it <a href="https://developer.mozilla.org/en-US/docs/Glossary/Hoisting#:~:text=JavaScript%20Hoisting%20refers%20to%20the,defined%20in%20the%20ECMAScript%20specification">here</a>.</p> <p>And even there they've correctly mentioned that <code>Hoisting is not a term normatively defined in the ECMAScript specification.</code></p> <h2> MISINFORMATION </h2> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nx">shinobi</span><span class="p">;</span> <span class="nx">sensei</span><span class="p">;</span> <span class="kd">var</span> <span class="nx">shinobi</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">naruto</span><span class="dl">'</span><span class="p">;</span> <span class="c1">// line 3</span> <span class="kd">var</span> <span class="nx">sensei</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">kakashi</span><span class="dl">'</span><span class="p">;</span> <span class="c1">// line 4</span> </code></pre> </div> <p>So, based on the definition of hoisting, JS should be able to anticipate all variable declarations, as seen in lines 3 and 4, regardless of their position within the scope and move them to the top of the scope before the code execution begins.</p> <p>Something like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// before execution</span> <span class="kd">var</span> <span class="nx">shinobi</span><span class="p">;</span> <span class="kd">var</span> <span class="nx">sensei</span><span class="p">;</span> <span class="nx">shinobi</span><span class="p">;</span> <span class="nx">sensei</span><span class="p">;</span> <span class="nx">shinobi</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">naruto</span><span class="dl">'</span><span class="p">;</span> <span class="nx">sensei</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">kakashi</span><span class="dl">'</span><span class="p">;</span> </code></pre> </div> <p>Which is not what happens.</p> <p>JavaScript doesn't move things around the way we might expect it to. Because how would it magically be able to look ahead &amp; find only the declarations in the very first pass?</p> <p>To be able to do that, you would need to perform complex processing on later tokens in the code block until reaching its end. And theoretically extract any declarations if any are encountered and move them to the top. And guess what that magical processing's called - <strong>PARSING!</strong></p> <p>So, Hoisting is just a shorthand, a convenient explanation to describe this magical behavior without getting into the nitty-gritty details.</p> <h2> REASON </h2> <p>All this misunderstanding occurs because JS execution is a 2-pass process i.e. parsing/compilation &amp; execution. But people tend to think of JS execution as one pass process rather than two.</p> <p>If you think of it as 2 passes. You can easily explain this magical behavior with the help of <strong><em>Lexical Scope.</em></strong></p> <p>Unfortunately, I can't cover it now because of the vastness of the topic but you may refer <a href="https://github.com/getify/You-Dont-Know-JS/blob/2nd-ed/scope-closures/ch2.md">this</a> as the best resource.</p> javascript webdev programming Pranav Tue, 09 May 2023 19:20:19 +0000 https://forem.com/pranavbobde/function-scopes-and-iife-pattern-6p7 https://forem.com/pranavbobde/function-scopes-and-iife-pattern-6p7 <h3> WHY </h3> <p>Consider you've written code like the below at some point. We've declared a var and hope that it still has the same value. Well, right now it looks good.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">var</span> <span class="nx">ninja</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">Naruto</span><span class="dl">'</span><span class="p">;</span> <span class="c1">// ...</span> <span class="nx">console</span><span class="p">.</span><span class="nx">log</span><span class="p">(</span><span class="nx">ninja</span><span class="p">);</span> <span class="c1">// Naruto</span> </code></pre> </div> <p>But say after a few months a jr. dev comes along and unknowing try to make a change like this.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">var</span> <span class="nx">ninja</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">Naruto</span><span class="dl">'</span><span class="p">;</span> <span class="c1">// ...</span> <span class="kd">var</span> <span class="nx">ninja</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">Sasuke</span><span class="dl">'</span><span class="p">;</span> <span class="nx">console</span><span class="p">.</span><span class="nx">log</span><span class="p">(</span><span class="nx">ninja</span><span class="p">);</span> <span class="c1">// Sasuke</span> <span class="nx">console</span><span class="p">.</span><span class="nx">log</span><span class="p">(</span><span class="nx">ninja</span><span class="p">);</span> <span class="c1">// Sasuke -- oops!</span> </code></pre> </div> <p>So, you can easily see the issue here.<br> We have a naming collision problem.</p> <p>You may think, we should just use const there. But the problem is not if the variable can be reassigned (because the developer if not aware could just modify your const to var anyways) but we have a naming collision problem.</p> <p>So, the problem is: We have a problem where 2 different people wanna use the same semantic name for their purposes.</p> <h3> PSEUDO FIX </h3> <p>Since the problem could be thought of as mainly arising due to the declaration of the variable in the same scope. So, the natural fix coming to mind would be, to make use of different scopes, and one simple way to do so could be by wrapping a function around it.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">var</span> <span class="nx">ninja</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">Naruto</span><span class="dl">'</span><span class="p">;</span> <span class="kd">function</span> <span class="nx">anotherNinja</span><span class="p">()</span> <span class="p">{</span> <span class="kd">var</span> <span class="nx">ninja</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">Sasuke</span><span class="dl">'</span><span class="p">;</span> <span class="nx">console</span><span class="p">.</span><span class="nx">log</span><span class="p">(</span><span class="nx">ninja</span><span class="p">);</span> <span class="c1">// Sasuke</span> <span class="p">}</span> <span class="nx">anotherNinja</span><span class="p">();</span> <span class="nx">console</span><span class="p">.</span><span class="nx">log</span><span class="p">(</span><span class="nx">ninja</span><span class="p">);</span> <span class="c1">// Naruto</span> </code></pre> </div> <p>So, now those vars don't seem to collide anymore and the code seems to work well. But now the problem is, we have a named function in the same scope.</p> <p>So it seems, we didn't solve the name collision problem, we just shifted it to a different variable name.</p> <h3> REAL FIX - IIFE </h3> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">var</span> <span class="nx">ninja</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">Naruto</span><span class="dl">'</span><span class="p">;</span> <span class="p">(</span><span class="kd">function</span> <span class="nx">anotherNinja</span><span class="p">()</span> <span class="p">{</span> <span class="kd">var</span> <span class="nx">ninja</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">Sasuke</span><span class="dl">'</span><span class="p">;</span> <span class="nx">console</span><span class="p">.</span><span class="nx">log</span><span class="p">(</span><span class="nx">ninja</span><span class="p">);</span> <span class="c1">// Sasuke</span> <span class="p">})();</span> <span class="nx">console</span><span class="p">.</span><span class="nx">log</span><span class="p">(</span><span class="nx">ninja</span><span class="p">);</span> <span class="c1">// Naruto</span> </code></pre> </div> <p>So, this code pattern you see is called an IIFE pattern i.e. Immediately Invoking Function Expression, which does exactly what it sounds like.</p> <p>Using IIFE, we're creating a new scope and immediately invoking it.</p> <p>Another use case: when you want to turn statements into expressions</p> <p>Consider below example:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">var</span> <span class="nx">ninja</span><span class="p">;</span> <span class="k">try</span> <span class="p">{</span> <span class="nx">ninja</span> <span class="o">=</span> <span class="nx">fetchNinja</span><span class="p">();</span> <span class="p">}</span> <span class="k">catch</span> <span class="p">(</span><span class="nx">err</span><span class="p">)</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nx">log</span><span class="p">(</span><span class="nx">err</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p>If you wanna do something like this, since <code>try-catch</code> is a statement it doesn't work in an expression position.<br> You can do something like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">var</span> <span class="nx">ninja</span> <span class="o">=</span> <span class="p">(</span><span class="k">try</span> <span class="p">{</span> <span class="nx">ninja</span> <span class="o">=</span> <span class="nx">fetchNinja</span><span class="p">();</span> <span class="p">}</span> <span class="k">catch</span> <span class="p">(</span><span class="nx">err</span><span class="p">)</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nx">log</span><span class="p">(</span><span class="nx">err</span><span class="p">);</span> <span class="p">})();</span> </code></pre> </div> <h3> Summary </h3> <p>Try to follow "<strong>The principle of least privilege</strong>" whenever possible.</p> <blockquote> <p>The principle of least privilege is the idea that any user, program, or process should have only the bare minimum privileges necessary to perform its function.</p> </blockquote> <p>Leverage the power of function scopes and IIFE patterns to enjoy the benefits of the principle like:</p> <ol> <li>Avoid naming collisions</li> <li>Restrict code access</li> <li>Ability to freely refactor code</li> </ol> javascript webdev functional programming Pranav Thu, 04 May 2023 01:44:39 +0000 https://forem.com/pranavbobde/api-gateway-responses-and-handling-authorizer-responses-2bkg https://forem.com/pranavbobde/api-gateway-responses-and-handling-authorizer-responses-2bkg <h2> Intro </h2> <p>I have added a <strong>token-based Lambda Authorizer</strong> for all my backend services deployed on API Gateway. I wanted the user to be signed out if the authorizer responds with a <strong>401</strong> (Unauthorized) or <strong>403</strong> (Access Denied) error.</p> <p>This is how my code looked like for the authorizer lambda:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">jwt</span> <span class="o">=</span> <span class="nx">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">jsonwebtoken</span><span class="dl">'</span><span class="p">);</span> <span class="nx">exports</span><span class="p">.</span><span class="nx">handler</span> <span class="o">=</span> <span class="kd">function</span> <span class="p">(</span><span class="nx">event</span><span class="p">,</span> <span class="nx">context</span><span class="p">,</span> <span class="nx">callback</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">token</span> <span class="o">=</span> <span class="nx">event</span><span class="p">.</span><span class="nx">authorizationToken</span><span class="p">?.</span><span class="nx">split</span><span class="p">(</span><span class="dl">'</span><span class="s1"> </span><span class="dl">'</span><span class="p">)[</span><span class="mi">1</span><span class="p">];</span> <span class="k">if</span> <span class="p">(</span><span class="o">!</span><span class="nx">token</span><span class="p">)</span> <span class="p">{</span> <span class="nx">callback</span><span class="p">(</span><span class="dl">'</span><span class="s1">Unauthorized</span><span class="dl">'</span><span class="p">);</span> <span class="c1">// Return a 401 Unauthorized response</span> <span class="p">}</span> <span class="kd">const</span> <span class="nx">data</span> <span class="o">=</span> <span class="nx">jwt</span><span class="p">.</span><span class="nx">verify</span><span class="p">(</span><span class="nx">token</span><span class="p">,</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">SECRET</span><span class="p">,</span> <span class="p">(</span><span class="nx">err</span><span class="p">,</span> <span class="nx">data</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">if</span> <span class="p">(</span><span class="nx">err</span><span class="p">)</span> <span class="p">{</span> <span class="c1">// Return a 403 Access Denied response</span> <span class="nx">callback</span><span class="p">(</span><span class="kc">null</span><span class="p">,</span> <span class="nx">generatePolicy</span><span class="p">(</span><span class="dl">'</span><span class="s1">user</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">Deny</span><span class="dl">'</span><span class="p">,</span> <span class="nx">event</span><span class="p">.</span><span class="nx">methodArn</span><span class="p">,</span> <span class="p">{</span><span class="dl">"</span><span class="s2">messageString</span><span class="dl">"</span><span class="p">:</span><span class="dl">"</span><span class="s2">Invalid token</span><span class="dl">"</span><span class="p">}));</span> <span class="p">}</span> <span class="k">return</span> <span class="nx">data</span><span class="p">;</span> <span class="p">});</span> <span class="nx">callback</span><span class="p">(</span><span class="kc">null</span><span class="p">,</span> <span class="nx">generatePolicy</span><span class="p">(</span><span class="dl">'</span><span class="s1">user</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">Allow</span><span class="dl">'</span><span class="p">,</span> <span class="nx">event</span><span class="p">.</span><span class="nx">methodArn</span><span class="p">,</span> <span class="nx">data</span><span class="p">));</span> <span class="p">};</span> <span class="c1">// Help function to generate an IAM policy</span> <span class="kd">const</span> <span class="nx">generatePolicy</span> <span class="o">=</span> <span class="kd">function</span> <span class="p">(</span><span class="nx">principalId</span><span class="p">,</span> <span class="nx">effect</span><span class="p">,</span> <span class="nx">resource</span><span class="p">,</span> <span class="nx">data</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">authResponse</span> <span class="o">=</span> <span class="p">{};</span> <span class="nx">authResponse</span><span class="p">.</span><span class="nx">principalId</span> <span class="o">=</span> <span class="nx">principalId</span><span class="p">;</span> <span class="k">if</span> <span class="p">(</span><span class="nx">effect</span> <span class="o">&amp;&amp;</span> <span class="nx">resource</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">policyDocument</span> <span class="o">=</span> <span class="p">{};</span> <span class="nx">policyDocument</span><span class="p">.</span><span class="nx">Version</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">2012-10-17</span><span class="dl">'</span><span class="p">;</span> <span class="nx">policyDocument</span><span class="p">.</span><span class="nx">Statement</span> <span class="o">=</span> <span class="p">[];</span> <span class="kd">const</span> <span class="nx">statementOne</span> <span class="o">=</span> <span class="p">{};</span> <span class="nx">statementOne</span><span class="p">.</span><span class="nx">Action</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">execute-api:Invoke</span><span class="dl">'</span><span class="p">;</span> <span class="nx">statementOne</span><span class="p">.</span><span class="nx">Effect</span> <span class="o">=</span> <span class="nx">effect</span><span class="p">;</span> <span class="nx">statementOne</span><span class="p">.</span><span class="nx">Resource</span> <span class="o">=</span> <span class="nx">resource</span><span class="p">;</span> <span class="nx">policyDocument</span><span class="p">.</span><span class="nx">Statement</span><span class="p">[</span><span class="mi">0</span><span class="p">]</span> <span class="o">=</span> <span class="nx">statementOne</span><span class="p">;</span> <span class="nx">authResponse</span><span class="p">.</span><span class="nx">policyDocument</span> <span class="o">=</span> <span class="nx">policyDocument</span><span class="p">;</span> <span class="p">}</span> <span class="c1">// Optional output with custom properties of the String, Number or Boolean type.</span> <span class="nx">authResponse</span><span class="p">.</span><span class="nx">context</span> <span class="o">=</span> <span class="p">{</span> <span class="p">...</span><span class="nx">data</span><span class="p">,</span> <span class="p">};</span> <span class="k">return</span> <span class="nx">authResponse</span><span class="p">;</span> <span class="p">};</span> </code></pre> </div> <p>After this, I used to get error logs on my client apps, but I could not access the response object to check the response's status code. </p> <p>I needed to determine if an error was caused by my authorizer (resulting in a 401 or 403 status code) or by my API endpoint lambdas. The issue was that the response was being caught as a <u>fetch error</u> in the <u>catch block</u> instead of returning a response with the expected status code and message that I could handle properly.</p> <p>Additionally, I guess it was even giving me a <strong>CORS</strong> error, which I wasn't able to understand why.</p> <h2> Solution </h2> <p>After quite a bit of searching, I found out that to receive proper handleable responses, I would need to configure the <u><strong>API Gateway Responses</strong></u> section in the API Gateway.</p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--oXHYOfmA--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/a7ewvcm4heharyrhnwkm.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--oXHYOfmA--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/a7ewvcm4heharyrhnwkm.png" alt="gateway responses" width="800" height="346"></a></p> <p>Here, you can see all of the responses the API Gateway is capable of handling.</p> <p>Add the <strong>CORS headers</strong> in the response header to receive proper handleable responses and configure the response templates as you need.</p> <p>In my case, this is how I configured my Access Denied:</p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--vsdx4ik1--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/5xiyz1dgfh2eirgvpynr.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--vsdx4ik1--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/5xiyz1dgfh2eirgvpynr.png" alt="access_denied api gateway response config" width="800" height="495"></a></p> <p><strong>#Note</strong>: Here, the <code>messageString</code> comes from the context data that we are sending from our <strong>Authorizer function</strong> that we defined previously.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="p">.</span> <span class="p">.</span> <span class="p">.</span> <span class="k">if</span> <span class="p">(</span><span class="nx">err</span><span class="p">)</span> <span class="p">{</span> <span class="c1">// Return a 403 Access Denied response</span> <span class="nx">callback</span><span class="p">(</span><span class="kc">null</span><span class="p">,</span> <span class="nx">generatePolicy</span><span class="p">(</span><span class="dl">'</span><span class="s1">user</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">Deny</span><span class="dl">'</span><span class="p">,</span> <span class="nx">event</span><span class="p">.</span><span class="nx">methodArn</span><span class="p">,</span> <span class="p">{</span><span class="dl">"</span><span class="s2">messageString</span><span class="dl">"</span><span class="p">:</span><span class="dl">"</span><span class="s2">Invalid token</span><span class="dl">"</span><span class="p">}));</span> <span class="p">}</span> <span class="p">.</span> <span class="p">.</span> <span class="p">.</span> <span class="nx">authResponse</span><span class="p">.</span><span class="nx">context</span> <span class="o">=</span> <span class="p">{</span> <span class="p">...</span><span class="nx">data</span><span class="p">,</span> <span class="p">};</span> <span class="p">}</span> </code></pre> </div> <h3> For more info: </h3> <p><a href="https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-gatewayResponse-definition.html#api-gateway-gatewayResponse-definition">https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-gatewayResponse-definition.html#api-gateway-gatewayResponse-definition</a></p> aws apigateway help node