Forem: Sam The latest articles on Forem by Sam (@santypk4). https://forem.com/santypk4 https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F158113%2Fa620d8e0-b050-4601-876b-2ae94d2a9470.jpg Forem: Sam https://forem.com/santypk4 en Introducing the Best 10 Node.js Frameworks for 2019 and 2020 Sam Tue, 30 Jul 2019 13:00:00 +0000 https://forem.com/santypk4/introducing-the-best-10-node-js-frameworks-for-2019-and-2020-mcm https://forem.com/santypk4/introducing-the-best-10-node-js-frameworks-for-2019-and-2020-mcm <p><strong>Originally published at <a href="https://softwareontheroad.com/nodejs-frameworks/" rel="noopener noreferrer">softwareontheroad.com</a></strong></p> <p>I’m so tired of reading articles claiming what is the best node.js framework based on biased opinions or sponsorships <em>(yes, that’s a thing)</em></p> <p>So here are the top node.js frameworks ranked by daily downloads, the data was taken from npmjs.com itself <em>(sorry yarn)</em>.</p> <p><iframe width="710" height="399" src="https://www.youtube.com/embed/P0Xk8UhawEQ"> </iframe> </p> <h1> What is a node.js framework? </h1> <h1> How to choose a node.js framework for my application? </h1> <p>You have to consider mainly 2 things:</p> <ol> <li><p>The scalability and robustness of the framework</p></li> <li><p>If the development process is something you feel comfortable working with.</p></li> </ol> <p>Regardless of scalability and robustness, every node.js web framework is built on top of the <code>http</code> module.</p> <p>Some of these frameworks add too much … and that makes a huge impact on the server’s throughput.</p> <p>In my opinion, working with a barebone framework like Express.js or Fastify.js is the best when the service you are developing is small in business logic but need to be highly scalable.</p> <p>By the other hand, if you are developing a medium size application, it’s better to go with a framework that helps you have a clear structure like next.js or loopback.</p> <p>There is no simple answer to the question, you better have a peek on how to declare API routes on every framework on this list and decide for yourself.</p> <h1> 10. Adonis </h1> <p><a href="https://adonisjs.com/" rel="noopener noreferrer"><em>Adonis.js</em></a> is an MVC (Model-View-Controller) node.js framework capable of building an API Rest with JWT authentication and database access.</p> <h2> What’s is this framework about? </h2> <p>The good thing is that Adonis.js framework comes with a CLI to create the bootstrap for applications.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>npm i <span class="nt">-g</span> @adonisjs/cli <span class="nv">$ </span>adonis new adonis-tasks <span class="nv">$ </span>adonis serve <span class="nt">--dev</span> </code></pre> </div> <p>The typical Adonis app has an MVC structure, that way you don’t waste time figuring out how you should structure your web server.</p> <p>Some apps built with adonis can <a href="https://madewithadonisjs.com/" rel="noopener noreferrer">be found here.</a></p> <h1> 👉 GET MORE ADVANCED NODE.JS DEVELOPMENT ARTICLES </h1> <p>Join the other 2,000+ savvy node.js developers who get article updates.</p> <p><a href="https://softwareontheroad.us20.list-manage.com/subscribe/post?u=337d8675485234c707e63777d&amp;id=14f1331817" rel="noopener noreferrer"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fthepracticaldev.s3.amazonaws.com%2Fi%2Fz35fnxzuzl8h3b87xvud.png" alt="Email List Form"></a></p> <h1> 9. Feathers </h1> <p><a href="https://feathersjs.com/" rel="noopener noreferrer"><em>Feather.js</em></a> is a node.js framework promise to be a REST and realtime API layer for modern applications.</p> <h2> See what’s capable of!! </h2> <p>This is all the code you need to set-up your API REST + realtime WebSockets connection thanks to the socket.io plugin<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">const</span> <span class="nx">feathers</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">@feathersjs/feathers</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">express</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">@feathersjs/express</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">socketio</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">@feathersjs/socketio</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">memory</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">feathers-memory</span><span class="dl">'</span><span class="p">);</span> <span class="c1">// Creates an Express compatible Feathers application</span> <span class="kd">const</span> <span class="nx">app</span> <span class="o">=</span> <span class="nf">express</span><span class="p">(</span><span class="nf">feathers</span><span class="p">());</span> <span class="c1">// Parse HTTP JSON bodies</span> <span class="nx">app</span><span class="p">.</span><span class="nf">use</span><span class="p">(</span><span class="nx">express</span><span class="p">.</span><span class="nf">json</span><span class="p">());</span> <span class="c1">// Parse URL-encoded params</span> <span class="nx">app</span><span class="p">.</span><span class="nf">use</span><span class="p">(</span><span class="nx">express</span><span class="p">.</span><span class="nf">urlencoded</span><span class="p">({</span> <span class="na">extended</span><span class="p">:</span> <span class="kc">true</span> <span class="p">}));</span> <span class="c1">// Add REST API support</span> <span class="nx">app</span><span class="p">.</span><span class="nf">configure</span><span class="p">(</span><span class="nx">express</span><span class="p">.</span><span class="nf">rest</span><span class="p">());</span> <span class="c1">// Configure Socket.io real-time APIs</span> <span class="nx">app</span><span class="p">.</span><span class="nf">configure</span><span class="p">(</span><span class="nf">socketio</span><span class="p">());</span> <span class="c1">// Register a messages service with pagination</span> <span class="nx">app</span><span class="p">.</span><span class="nf">use</span><span class="p">(</span><span class="dl">'</span><span class="s1">/messages</span><span class="dl">'</span><span class="p">,</span> <span class="nf">memory</span><span class="p">({</span> <span class="na">paginate</span><span class="p">:</span> <span class="p">{</span> <span class="na">default</span><span class="p">:</span> <span class="mi">10</span><span class="p">,</span> <span class="na">max</span><span class="p">:</span> <span class="mi">25</span> <span class="p">}</span> <span class="p">}));</span> <span class="c1">// Register a nicer error handler than the default Express one</span> <span class="nx">app</span><span class="p">.</span><span class="nf">use</span><span class="p">(</span><span class="nx">express</span><span class="p">.</span><span class="nf">errorHandler</span><span class="p">());</span> <span class="c1">// Add any new real-time connection to the `everybody` channel</span> <span class="nx">app</span><span class="p">.</span><span class="nf">on</span><span class="p">(</span><span class="dl">'</span><span class="s1">connection</span><span class="dl">'</span><span class="p">,</span> <span class="nx">connection</span> <span class="o">=&gt;</span> <span class="nx">app</span><span class="p">.</span><span class="nf">channel</span><span class="p">(</span><span class="dl">'</span><span class="s1">everybody</span><span class="dl">'</span><span class="p">).</span><span class="nf">join</span><span class="p">(</span><span class="nx">connection</span><span class="p">));</span> <span class="c1">// Publish all events to the `everybody` channel</span> <span class="nx">app</span><span class="p">.</span><span class="nf">publish</span><span class="p">(</span><span class="nx">data</span> <span class="o">=&gt;</span> <span class="nx">app</span><span class="p">.</span><span class="nf">channel</span><span class="p">(</span><span class="dl">'</span><span class="s1">everybody</span><span class="dl">'</span><span class="p">));</span> <span class="c1">// Start the server</span> <span class="nx">app</span><span class="p">.</span><span class="nf">listen</span><span class="p">(</span><span class="mi">3030</span><span class="p">).</span><span class="nf">on</span><span class="p">(</span><span class="dl">'</span><span class="s1">listening</span><span class="dl">'</span><span class="p">,</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="dl">'</span><span class="s1">Feathers server listening on localhost:3030</span><span class="dl">'</span><span class="p">)</span> <span class="p">);</span> </code></pre> </div> <p>Pretty sweet right?</p> <p>Here are some apps <a href="https://github.com/feathersjs/awesome-feathersjs#projects-using-feathers" rel="noopener noreferrer">built with feathers.js.</a></p> <h1> 8. Sails </h1> <p><em><a href="https://sailsjs.com/" rel="noopener noreferrer">Sails.js</a> Ye’ olde node.js framework</em></p> <p>With 7 years of maturity, this is a battle-tested node.js web framework that you should definitively check out!</p> <h2> See it in action </h2> <p>Sails.js comes with a CLI tool to help you get started in just 4 steps<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>npm <span class="nb">install </span>sails <span class="nt">-g</span> <span class="nv">$ </span>sails new test-project <span class="nv">$ </span><span class="nb">cd </span>test-project <span class="nv">$ </span>sails lift </code></pre> </div> <h1> 7. Loopback </h1> <p>Backed by IBM, <a href="https://loopback.io" rel="noopener noreferrer">Loopback.io</a> is an enterprise-grade node.js framework, used by companies such as GoDaddy, Symantec, IBM itself. </p> <p>They even offer Long-Term Support (LTS) for 18 months! </p> <p>This framework comes with a CLI tool to scaffold your node.js server<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>npm i <span class="nt">-g</span> @loopback/cli </code></pre> </div> <p>Then to create a project<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>lb4 app </code></pre> </div> <p>Here is what an API route and controller looks like:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="k">import</span> <span class="p">{</span><span class="kd">get</span><span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@loopback/rest</span><span class="dl">'</span><span class="p">;</span> <span class="k">export</span> <span class="kd">class</span> <span class="nc">HelloController</span> <span class="p">{</span> <span class="p">@</span><span class="nd">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">/hello</span><span class="dl">'</span><span class="p">)</span> <span class="nf">hello</span><span class="p">():</span> <span class="nx">string</span> <span class="p">{</span> <span class="k">return</span> <span class="dl">'</span><span class="s1">Hello world!</span><span class="dl">'</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h1> 6. Fastify </h1> <p><a href="https://www.fastify.io" rel="noopener noreferrer">Fastify.io</a> is a node.js framework that is designed to be the replacement of express.js <a href="https://www.fastify.io/benchmarks/" rel="noopener noreferrer">with a 65% better performance</a>.</p> <h2> Show me the code </h2> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// Require the framework and instantiate it</span> <span class="kd">const</span> <span class="nx">fastify</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">fastify</span><span class="dl">'</span><span class="p">)({</span> <span class="na">logger</span><span class="p">:</span> <span class="kc">true</span> <span class="p">})</span> <span class="c1">// Declare a route</span> <span class="nx">fastify</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">/</span><span class="dl">'</span><span class="p">,</span> <span class="p">(</span><span class="nx">request</span><span class="p">,</span> <span class="nx">reply</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">reply</span><span class="p">.</span><span class="nf">send</span><span class="p">({</span> <span class="na">hello</span><span class="p">:</span> <span class="dl">'</span><span class="s1">world</span><span class="dl">'</span> <span class="p">})</span> <span class="p">})</span> <span class="c1">// Run the server!</span> <span class="nx">fastify</span><span class="p">.</span><span class="nf">listen</span><span class="p">(</span><span class="mi">3000</span><span class="p">,</span> <span class="p">(</span><span class="nx">err</span><span class="p">,</span> <span class="nx">address</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">err</span><span class="p">)</span> <span class="k">throw</span> <span class="nx">err</span> <span class="nx">fastify</span><span class="p">.</span><span class="nx">log</span><span class="p">.</span><span class="nf">info</span><span class="p">(</span><span class="s2">`server listening on </span><span class="p">${</span><span class="nx">address</span><span class="p">}</span><span class="s2">`</span><span class="p">)</span> <span class="p">})</span> </code></pre> </div> <p>And that’s it!</p> <p>I love the simplicity and reminiscence to Express.js of Fastify.js, definitively is the framework to go if performance is an issue in your server.</p> <h1> 5. Restify </h1> <p><a href="http://restify.com/" rel="noopener noreferrer">Restify</a> claims to be the future of Node.js Web Frameworks.</p> <p>This framework is used in production by NPM, Netflix, Pinterest and Napster.</p> <h2> Code example </h2> <p>Setting up a Restify.js server is just as simple as this<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">const</span> <span class="nx">restify</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">restify</span><span class="dl">'</span><span class="p">);</span> <span class="kd">function</span> <span class="nf">respond</span><span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">,</span> <span class="nx">next</span><span class="p">)</span> <span class="p">{</span> <span class="nx">res</span><span class="p">.</span><span class="nf">send</span><span class="p">(</span><span class="dl">'</span><span class="s1">hello </span><span class="dl">'</span> <span class="o">+</span> <span class="nx">req</span><span class="p">.</span><span class="nx">params</span><span class="p">.</span><span class="nx">name</span><span class="p">);</span> <span class="nf">next</span><span class="p">();</span> <span class="p">}</span> <span class="kd">const</span> <span class="nx">server</span> <span class="o">=</span> <span class="nx">restify</span><span class="p">.</span><span class="nf">createServer</span><span class="p">();</span> <span class="nx">server</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">/hello/:name</span><span class="dl">'</span><span class="p">,</span> <span class="nx">respond</span><span class="p">);</span> <span class="nx">server</span><span class="p">.</span><span class="nf">head</span><span class="p">(</span><span class="dl">'</span><span class="s1">/hello/:name</span><span class="dl">'</span><span class="p">,</span> <span class="nx">respond</span><span class="p">);</span> <span class="nx">server</span><span class="p">.</span><span class="nf">listen</span><span class="p">(</span><span class="mi">8080</span><span class="p">,</span> <span class="kd">function</span><span class="p">()</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="dl">'</span><span class="s1">%s listening at %s</span><span class="dl">'</span><span class="p">,</span> <span class="nx">server</span><span class="p">.</span><span class="nx">name</span><span class="p">,</span> <span class="nx">server</span><span class="p">.</span><span class="nx">url</span><span class="p">);</span> <span class="p">});</span> </code></pre> </div> <h1> 👉 GET MORE ADVANCED NODE.JS DEVELOPMENT ARTICLES </h1> <p>Join the other 2,000+ savvy node.js developers who get article updates.</p> <p><a href="https://softwareontheroad.us20.list-manage.com/subscribe/post?u=337d8675485234c707e63777d&amp;id=14f1331817" rel="noopener noreferrer"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fthepracticaldev.s3.amazonaws.com%2Fi%2Fz35fnxzuzl8h3b87xvud.png" alt="Email List Form"></a></p> <h1> 4. Nest.js </h1> <p>A relatively new node.js framework, <a href="https://nestjs.com" rel="noopener noreferrer">Nest.js</a> has a similar architecture to Angular.io, so if you are familiar with that frontend framework, you'll find this one pretty easy to develop as well.</p> <h2> Example </h2> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">NestFactory</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@nestjs/core</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">AppModule</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">./app.module</span><span class="dl">'</span><span class="p">;</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">bootstrap</span><span class="p">()</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">app</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">NestFactory</span><span class="p">.</span><span class="nf">create</span><span class="p">(</span><span class="nx">AppModule</span><span class="p">);</span> <span class="nx">app</span><span class="p">.</span><span class="nf">setViewEngine</span><span class="p">(</span><span class="dl">'</span><span class="s1">hbs</span><span class="dl">'</span><span class="p">);</span> <span class="k">await</span> <span class="nx">app</span><span class="p">.</span><span class="nf">listen</span><span class="p">(</span><span class="mi">3000</span><span class="p">);</span> <span class="p">}</span> <span class="nf">bootstrap</span><span class="p">();</span> </code></pre> </div> <h1> 3. Hapi </h1> <p>One of the big 3 node.js frameworks, <a href="https://hapi.dev" rel="noopener noreferrer">hapi.js</a> has an ecosystem of libraries and plugins that makes the framework highly customizable.</p> <p>Although I never used hapi.js on production, I’ve been using its validation library Joi.js for years.</p> <h2> Creating a server </h2> <p>A hapi.js webserver looks like this<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">const</span> <span class="nx">Hapi</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">@hapi/hapi</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">init</span> <span class="o">=</span> <span class="k">async </span><span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">server</span> <span class="o">=</span> <span class="nx">Hapi</span><span class="p">.</span><span class="nf">server</span><span class="p">({</span> <span class="na">port</span><span class="p">:</span> <span class="mi">3000</span><span class="p">,</span> <span class="na">host</span><span class="p">:</span> <span class="dl">'</span><span class="s1">localhost</span><span class="dl">'</span> <span class="p">});</span> <span class="k">await</span> <span class="nx">server</span><span class="p">.</span><span class="nf">start</span><span class="p">();</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="dl">'</span><span class="s1">Server running on %s</span><span class="dl">'</span><span class="p">,</span> <span class="nx">server</span><span class="p">.</span><span class="nx">info</span><span class="p">.</span><span class="nx">uri</span><span class="p">);</span> <span class="p">};</span> <span class="nf">init</span><span class="p">();</span> </code></pre> </div> <h1> 2. Koa </h1> <p><a href="https://koajs.com" rel="noopener noreferrer">Koa</a> is a web framework designed by the team behind Express.js the most famous and used node.js framework.</p> <p>Koa aims to be a smaller, more expressive, and more robust foundation for web applications and APIs than express.js.</p> <p>Through leveraging generators Koa allows you to ditch callbacks and greatly increase error-handling.</p> <p>Koa does not bundle any middleware within the core and provides an elegant suite of methods that make writing servers fast and enjoyable.</p> <h2> Example </h2> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">const</span> <span class="nx">Koa</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">koa</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">app</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Koa</span><span class="p">();</span> <span class="nx">app</span><span class="p">.</span><span class="nf">use</span><span class="p">(</span><span class="k">async</span> <span class="nx">ctx</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">ctx</span><span class="p">.</span><span class="nx">body</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">Hello World</span><span class="dl">'</span><span class="p">;</span> <span class="p">});</span> <span class="nx">app</span><span class="p">.</span><span class="nf">listen</span><span class="p">(</span><span class="mi">3000</span><span class="p">);</span> </code></pre> </div> <h1> 1. Express </h1> <p><a href="https://expressjs.com" rel="noopener noreferrer">Express.js</a> is definitively the king of node.js frameworks, will reach the incredible mark of 2 million daily downloads by the end of 2019.</p> <p>Despite being such an old framework, Express.js is actively maintained by the community and is used by big companies such as User, Mulesoft, IBM, and so on.</p> <h2> Example </h2> <p>Just add it to your node.js project</p> <p><code>$ npm install express</code></p> <p>Then declare some API routes<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">const</span> <span class="nx">express</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">express</span><span class="dl">'</span><span class="p">)</span> <span class="kd">const</span> <span class="nx">app</span> <span class="o">=</span> <span class="nf">express</span><span class="p">()</span> <span class="kd">const</span> <span class="nx">port</span> <span class="o">=</span> <span class="mi">3000</span> <span class="nx">app</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">/</span><span class="dl">'</span><span class="p">,</span> <span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="nx">res</span><span class="p">.</span><span class="nf">send</span><span class="p">(</span><span class="dl">'</span><span class="s1">Hello World!</span><span class="dl">'</span><span class="p">))</span> <span class="nx">app</span><span class="p">.</span><span class="nf">listen</span><span class="p">(</span><span class="nx">port</span><span class="p">,</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="s2">`Example app listening on port </span><span class="p">${</span><span class="nx">port</span><span class="p">}</span><span class="s2">!`</span><span class="p">))</span> </code></pre> </div> <p>And that’s all you need to start using it!</p> <h1> Conclusion </h1> <p>There are tons of node.js frameworks out there, the best you can do is go and try them all ‘til you find the ones that suit your needs.</p> <p>Personally, I prefer Express.js because, through these 6 years of node.js development, I build a strong knowledge of good architectural patterns, all based on trial and error.</p> <p>But that doesn’t mean you have to do the same, here is all the secrets of a good express.js framework project.</p> <div class="ltag__link"> <a href="/santypk4" class="ltag__link__link"> <div class="ltag__link__pic"> <img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F158113%2Fa620d8e0-b050-4601-876b-2ae94d2a9470.jpg" alt="santypk4"> </div> </a> <a href="/santypk4/bulletproof-node-js-project-architecture-4epf" class="ltag__link__link"> <div class="ltag__link__content"> <h2>Bulletproof node.js project architecture 🛡️</h2> <h3>Sam ・ Apr 18 '19</h3> <div class="ltag__link__taglist"> <span class="ltag__link__tag">#node</span> <span class="ltag__link__tag">#javascript</span> <span class="ltag__link__tag">#webdev</span> <span class="ltag__link__tag">#tutorial</span> </div> </div> </a> </div> <h2> Now tell me, what is your favorite node.js framework? </h2> <p>Send me a tweet to <a href="https://twitter.com/santypk4" rel="noopener noreferrer">@santypk4</a>, come on! I want to know what the people are using, I don’t want to fall behind!</p> <h1> 👉 GET MORE ADVANCED NODE.JS DEVELOPMENT ARTICLES </h1> <p>Join the other 2,000+ savvy node.js developers who get article updates.</p> <p><a href="https://softwareontheroad.us20.list-manage.com/subscribe/post?u=337d8675485234c707e63777d&amp;id=14f1331817" rel="noopener noreferrer"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fthepracticaldev.s3.amazonaws.com%2Fi%2Fz35fnxzuzl8h3b87xvud.png" alt="Email List Form"></a></p> node javascript frameworks Top 10 Front-End Frameworks by Downloads [2015-2019] Sam Tue, 23 Jul 2019 08:45:00 +0000 https://forem.com/santypk4/top-10-front-end-frameworks-by-downloads-2015-2019-2427 https://forem.com/santypk4/top-10-front-end-frameworks-by-downloads-2015-2019-2427 <p><strong>Originally posted on <a href="https://softwareontheroad.com/frontend-frameworks/">softwareontheroad.com</a></strong></p> <p>I was so tired of reading biased articles claiming what framework is best based on wrong assumptions or money from sponsorships (Yes, that’s a thing).</p> <p>So here is my research on the most daily downloads frameworks from March 2015 to July 2019.</p> <p><iframe width="710" height="399" src="https://www.youtube.com/embed/gcqddfFAnoo"> </iframe> </p> <p><strong>TL;DR: React.js is the most daily-downloaded frontend framework of 2019.</strong></p> <h1> And here are my opinions on each framework </h1> <ul> <li>jQuery</li> <li>React</li> <li>Preact</li> <li>Angular.js</li> <li>Angular.io</li> <li>Vue</li> <li>Ember</li> <li>Polymer</li> <li>Backbone</li> <li>Svelte</li> <li>Conclusion</li> </ul> <h1> jQuery </h1> <p>Yes, I hear you screaming, jQuery is not a framework but a library.</p> <p>I decided to include it because it’s one of the most known javascript tools out there. People who develop PHP (and WordPress) know about jQuery. Even my father (long story) knows about its existence.</p> <p>And I’ve seen so many vanilla implementations of ‘frameworks’ or ways to develop pages with jQuery that I had to consider it.</p> <h1> React.js </h1> <p>When I tried to React.js for the first time back in December 2015, I hated it.</p> <p>How do you dare to mix CSS and javascript?</p> <p>Those days are gone, now I love declaring CSS inside my react components, <a href="https://npmjs.com/package/emotion"><em>you should try Emotion by the way.</em></a></p> <h1> Preact </h1> <p>There was a time two years ago, when people read the source code of React.js and discovered how they can improve it by striping out a lot of code.</p> <p>That was the born of Preact and similar frameworks that I don’t recall the name at the moment.</p> <p>They even made the APIs compatible, so you can just replace all the calls to React in your app and use Preact.</p> <p>I can’t say anything about it, I never had the chance to try it out.</p> <h1> Angular.js (The classic) </h1> <p>Oh my first love, Angular.js, I started using it on version 1.3, it was so buggy.</p> <p>Well, maybe it wasn’t so buggy, we were bad developers.</p> <p>You could mess up your app by manipulating the $scope by hand, pretty easily because everything was mutable, the concept of immutability per se wasn’t so popular at the time.</p> <p>And I will not start talking about renders and calling $digest and $apply.</p> <p>A couple of friends still develops and maintain legacy apps on Angular.js <em>(and they hate it.)</em></p> <p>Angular.js was the framework that changes it all, we should be proud of having the chance to work with it.</p> <h1> 👉 GET MORE ADVANCED NODE.JS DEVELOPMENT ARTICLES </h1> <p>Join the other 2,000+ savvy node.js developers who get article updates.</p> <p><a href="https://softwareontheroad.us20.list-manage.com/subscribe/post?u=337d8675485234c707e63777d&amp;id=14f1331817"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--o1xBML_F--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://thepracticaldev.s3.amazonaws.com/i/z35fnxzuzl8h3b87xvud.png" alt="Email List Form"></a></p> <h1> Angular.io (2/4/6/8/etc) </h1> <p>I was an angular fanboy back then (who wasn’t?) but I knew and I acknowledged that angular.js has its flaws.</p> <p>And oh god they made the waiting for version 2 so longer!!</p> <p>Luckily when it came out I had the chance to implement a brand new app for the company, and angular2 was the choice.</p> <p>I love its organized code, the stability of the apps and the SOLID principles that it forces you to follow.</p> <p>Definitively my second favorite framework.</p> <h1> Vue </h1> <p>I had two encounters with vue.js</p> <ol> <li>One afternoon I decided to open the source code just to peek, and found Chinese (don’t quite sure) characters as comments and drop out scared.</li> <li>Have to write 3 components because the frontend developer of a client vanished from the earth.</li> </ol> <p>I can’t say that it’s an awesome I just found it regular. Nothing that you can’t do with react or angular.</p> <h1> Ember </h1> <p>I never meet any developer who has been deployed a production Ember application, just my friend Fernando who is a polyglot developer and likes to try every language and framework he can.</p> <p>So that makes me think this is one of those frameworks that you see in all of these kinds of posts, that it’s mentioned only to fill up the list, which is sad.</p> <p>Do you use Ember? <a href="https://twitter.com/santypk4">Let me know in twitter</a></p> <h1> Polymer </h1> <p>The one ‘backed’ by google, I only try polymer once in 2016 to make a ‘web component’, show it to my coworkers, and never touch it back.</p> <p>Maybe I’ve been using an app from Google written in Polymer and never notice it.</p> <h1> Backbone </h1> <p>The good old Backbone.</p> <p>I’m too young to say anything bad about it because when I was introduced to web development in early 2014, I skipped jQuery and PHP and went straight to learn Angular.js.</p> <p>But my fellow old-time developer friend Gonzalo says it was stable and fun.</p> <p>I believe a version of openenglish.com was developed with it…</p> <h1> Svelte </h1> <p>Last year, at my former job we were doing a late-night deploy <em>(yeah, I don’t want to talk about it)</em> and the <em>hyper</em> frontend, that always show me new frontend stuff, was developing a new alternative version of our main product (he is very passionate about his work, it was so lovely to work with him).</p> <p>I think the product manager didn’t like the idea of rewriting the application for the sake of changing the framework, but it was a fast &amp; stable build, I liked it.</p> <h1> Conclusion </h1> <p>There are tons of frontend frameworks out there, but just a few are worth trying, and just a couple worth using.</p> <p>Try to stick with the one you like better and feel comfortable working with, chances are you are gonna need to become an expert on it, so better choose wisely.</p> <p><a href="///static/73986baddb656c0c3f767b6b277c0d88/c3447/conclusion.jpg"><br> <br> <br> <img src="https://res.cloudinary.com/practicaldev/image/fetch/s--yYT7wD2l--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://softwareontheroad.com/static/73986baddb656c0c3f767b6b277c0d88/d8f19/conclusion.jpg" alt="The most downloaded framework of 2019 is React.js" title=""><br> </a></p> <h1> 👉 GET MORE ADVANCED NODE.JS DEVELOPMENT ARTICLES </h1> <p>Join the other 2,000+ savvy node.js developers who get article updates.</p> <p><a href="https://softwareontheroad.us20.list-manage.com/subscribe/post?u=337d8675485234c707e63777d&amp;id=14f1331817"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--o1xBML_F--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://thepracticaldev.s3.amazonaws.com/i/z35fnxzuzl8h3b87xvud.png" alt="Email List Form"></a></p> <p>And don't miss this masterpiece, I believe you will love it :)</p> <div class="ltag__link"> <a href="/santypk4" class="ltag__link__link"> <div class="ltag__link__pic"> <img src="https://res.cloudinary.com/practicaldev/image/fetch/s--tK0lUGhk--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://res.cloudinary.com/practicaldev/image/fetch/s--zjiZBhrQ--/c_fill%2Cf_auto%2Cfl_progressive%2Ch_150%2Cq_auto%2Cw_150/https://dev-to-uploads.s3.amazonaws.com/uploads/user/profile_image/158113/a620d8e0-b050-4601-876b-2ae94d2a9470.jpg" alt="santypk4 image"> </div> </a> <a href="/santypk4/bulletproof-node-js-project-architecture-4epf" class="ltag__link__link"> <div class="ltag__link__content"> <h2>Bulletproof node.js project architecture 🛡️</h2> <h3>Sam ・ Apr 18 '19 ・ 11 min read</h3> <div class="ltag__link__taglist"> <span class="ltag__link__tag">#node</span> <span class="ltag__link__tag">#javascript</span> <span class="ltag__link__tag">#webdev</span> <span class="ltag__link__tag">#tutorial</span> </div> </div> </a> </div> javascript angular react vue 🛑 You don't need passport.js - Guide to node.js authentication ✌️ Sam Fri, 31 May 2019 12:24:44 +0000 https://forem.com/santypk4/you-don-t-need-passport-js-guide-to-node-js-authentication-26ig https://forem.com/santypk4/you-don-t-need-passport-js-guide-to-node-js-authentication-26ig <p><strong>Originally posted on <a href="https://softwareontheroad.com/nodejs-jwt-authentication-oauth" rel="noopener noreferrer">softwareontheroad.com</a></strong></p> <h1> Introduction </h1> <p>While third-party authentication services like Google Firebase, AWS Cognito, and Auth0 are gaining popularity, and all-in-one library solutions like passport.js are the industry standard, is common to see that developers never really understand all the parts involved in the authentication flow.</p> <p>This series of articles about node.js authentication, are aimed to demystify concepts such as JSON Web Token (JWT), social login (OAuth2), user impersonation (an admin can log in as a specific user without password), common security pitfalls and attack vectors.</p> <p>Also, there is a GitHub repository with a complete node.js authentication flow that you can use as a base for your projects.</p> <h1> Table of contents </h1> <ul> <li>Requirements ✍️</li> <li>How to make the Sign-Up 🥇</li> <li>How to make the Sign-In 🥈</li> <li>JWT explained 👩‍🏫</li> <li>Generating JWTs 🏭</li> <li>Secured endpoints ⚔️</li> <li>User impersonation 🕵️</li> <li>Conclusion 🏗️</li> <li><a href="https://github.com/santiq/nodejs-auth" rel="noopener noreferrer">Example repository 🔬</a></li> </ul> <p><a></a></p> <h1> Project requirements ✍️ </h1> <p>The requirements for this project are: </p> <ul> <li><p>A database to store the user's email and password, or clientId and clientSecret, or any pair of public and private keys.</p></li> <li><p>A strong and efficient cryptographic algorithm to encrypt the passwords.</p></li> </ul> <p>At the time of writing, I consider that Argon2 is the best cryptographic algorithm out there, please don't use a simple cryptographic algorithm like SHA256, SHA512 or MD5.</p> <p>Please refer to this awesome post for more details about <a href="https://medium.com/@mpreziuso/password-hashing-pbkdf2-scrypt-bcrypt-and-argon2-e25aaf41598e" rel="noopener noreferrer">choosing a password hashing algorithm</a></p> <p><a></a></p> <h2> How to create a Sign-Up 🥇 </h2> <p>When a user is created, the password has to be hashed and stored in the database alongside the email and other custom details (user profile, timestamp, etc)</p> <p><em><strong>Note: Read about the node.js project structure in the previous article <a href="https://dev.to/ideal-nodejs-project-structure">Bulletproof node.js project architecture 🛡️</a></strong></em><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="k">import</span> <span class="o">*</span> <span class="k">as</span> <span class="nx">argon2</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">argon2</span><span class="dl">'</span><span class="p">;</span> <span class="kd">class</span> <span class="nc">AuthService</span> <span class="p">{</span> <span class="kr">public</span> <span class="k">async</span> <span class="nc">SignUp</span><span class="p">(</span><span class="nx">email</span><span class="p">,</span> <span class="nx">password</span><span class="p">,</span> <span class="nx">name</span><span class="p">):</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="nx">any</span><span class="o">&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">salt</span> <span class="o">=</span> <span class="nf">randomBytes</span><span class="p">(</span><span class="mi">32</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">passwordHashed</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">argon2</span><span class="p">.</span><span class="nf">hash</span><span class="p">(</span><span class="nx">password</span><span class="p">,</span> <span class="p">{</span> <span class="nx">salt</span> <span class="p">});</span> <span class="kd">const</span> <span class="nx">userRecord</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">UserModel</span><span class="p">.</span><span class="nf">create</span><span class="p">({</span> <span class="na">password</span><span class="p">:</span> <span class="nx">passwordHashed</span><span class="p">,</span> <span class="nx">email</span><span class="p">,</span> <span class="na">salt</span><span class="p">:</span> <span class="nx">salt</span><span class="p">.</span><span class="nf">toString</span><span class="p">(</span><span class="dl">'</span><span class="s1">hex</span><span class="dl">'</span><span class="p">),</span> <span class="c1">// notice the .toString('hex')</span> <span class="nx">name</span><span class="p">,</span> <span class="p">});</span> <span class="k">return</span> <span class="p">{</span> <span class="c1">// MAKE SURE TO NEVER SEND BACK THE PASSWORD OR SALT!!!!</span> <span class="na">user</span><span class="p">:</span> <span class="p">{</span> <span class="na">email</span><span class="p">:</span> <span class="nx">userRecord</span><span class="p">.</span><span class="nx">email</span><span class="p">,</span> <span class="na">name</span><span class="p">:</span> <span class="nx">userRecord</span><span class="p">.</span><span class="nx">name</span><span class="p">,</span> <span class="p">},</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>Notice that we also create a <em>salt</em> for the password. A salt is random data that is used as an additional input to the hashing function, also the salt is randomly generated for every new user record.</p> <p>The user record looks like this:</p> <p><a href="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fjgkem7ce29t40gwtenoj.png" class="article-body-image-wrapper"><img src="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fjgkem7ce29t40gwtenoj.png" alt="User record - Database MongoDB" width="800" height="216"></a><br> <em>Robo3T for MongoDB</em></p> <p><a></a></p> <h2> How to create a Sign-In 🥈 </h2> <p><a href="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fl572nqwwu14v5bmkm11a.png" class="article-body-image-wrapper"><img src="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fl572nqwwu14v5bmkm11a.png" alt="Sign-In Diagram" width="372" height="636"></a></p> <p>When the user performs a sign in, this is what happens:</p> <ul> <li><p>The client sends a pair of <em>Public Identification</em> and a <em>Private key</em>, usually an email and a password</p></li> <li><p>The server looks for the user in the database using the email.</p></li> <li><p>If the user exists in the database, the server hashes the sent password and compares it to the stored hashed password</p></li> <li><p>If the password is valid, it emits a JSON Web Token (or JWT)</p></li> </ul> <p>This is the temporary <em>key</em> that the client has to send in every request to an authenticated endpoint<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="k">import</span> <span class="o">*</span> <span class="k">as</span> <span class="nx">argon2</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">argon2</span><span class="dl">'</span><span class="p">;</span> <span class="kd">class</span> <span class="nc">AuthService</span> <span class="p">{</span> <span class="kr">public</span> <span class="k">async</span> <span class="nc">Login</span><span class="p">(</span><span class="nx">email</span><span class="p">,</span> <span class="nx">password</span><span class="p">):</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="nx">any</span><span class="o">&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">userRecord</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">UserModel</span><span class="p">.</span><span class="nf">findOne</span><span class="p">({</span> <span class="nx">email</span> <span class="p">});</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">userRecord</span><span class="p">)</span> <span class="p">{</span> <span class="k">throw</span> <span class="k">new</span> <span class="nc">Error</span><span class="p">(</span><span class="dl">'</span><span class="s1">User not found</span><span class="dl">'</span><span class="p">)</span> <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">correctPassword</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">argon2</span><span class="p">.</span><span class="nf">verify</span><span class="p">(</span><span class="nx">userRecord</span><span class="p">.</span><span class="nx">password</span><span class="p">,</span> <span class="nx">password</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">correctPassword</span><span class="p">)</span> <span class="p">{</span> <span class="k">throw</span> <span class="k">new</span> <span class="nc">Error</span><span class="p">(</span><span class="dl">'</span><span class="s1">Incorrect password</span><span class="dl">'</span><span class="p">)</span> <span class="p">}</span> <span class="p">}</span> <span class="k">return</span> <span class="p">{</span> <span class="na">user</span><span class="p">:</span> <span class="p">{</span> <span class="na">email</span><span class="p">:</span> <span class="nx">userRecord</span><span class="p">.</span><span class="nx">email</span><span class="p">,</span> <span class="na">name</span><span class="p">:</span> <span class="nx">userRecord</span><span class="p">.</span><span class="nx">name</span><span class="p">,</span> <span class="p">},</span> <span class="na">token</span><span class="p">:</span> <span class="k">this</span><span class="p">.</span><span class="nf">generateJWT</span><span class="p">(</span><span class="nx">userRecord</span><span class="p">),</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>The password verification is performed using the argon2 library to prevent 'timing-based attacks',<br> which means, when an attacker tries to brute-force a password based in the solid principle of <a href="https://en.wikipedia.org/wiki/Timing_attack" rel="noopener noreferrer">how much time takes the server to respond</a>.</p> <p>In the next section, we will discuss how to generate a JWT</p> <p><a></a></p> <h1> But, what is a JWT anyway? 👩‍🏫 </h1> <p>A JSON Web Token or JWT is an encoded JSON object, in a string or Token.</p> <p>You can think it as a replacement of a cookie, with several advantages.</p> <p>The token has 3 parts and looks like this:</p> <p><a href="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Frrgvy007r20zv2z5w4j1.png" class="article-body-image-wrapper"><img src="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Frrgvy007r20zv2z5w4j1.png" alt="JSON Web Token example" width="572" height="160"></a></p> <p>The data of the JWT can be decoded in the client side without the <strong>Secret</strong> or <strong>Signature</strong>.</p> <p>This can be useful to transport information or metadata, encoded inside the token, to be used in the frontend application, such as things like the user role, profile, token expiration, and so on.</p> <p><a href="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fzphea6mnbbjm108mffl3.png" class="article-body-image-wrapper"><img src="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fzphea6mnbbjm108mffl3.png" alt="JSON Web Token decoded example" width="584" height="616"></a></p> <p><a></a></p> <h1> How to generate JWT in node.js 🏭 </h1> <p>Let's implement the generateToken function needed to complete our authentication service</p> <p>By using the library <code>jsonwebtoken</code>, that you can find in npmjs.com, we are able to generate a JWT.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="k">import</span> <span class="o">*</span> <span class="k">as</span> <span class="nx">jwt</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">jsonwebtoken</span><span class="dl">'</span> <span class="kd">class</span> <span class="nc">AuthService</span> <span class="p">{</span> <span class="kr">private</span> <span class="nf">generateToken</span><span class="p">(</span><span class="nx">user</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">data</span> <span class="o">=</span> <span class="p">{</span> <span class="na">_id</span><span class="p">:</span> <span class="nx">user</span><span class="p">.</span><span class="nx">_id</span><span class="p">,</span> <span class="na">name</span><span class="p">:</span> <span class="nx">user</span><span class="p">.</span><span class="nx">name</span><span class="p">,</span> <span class="na">email</span><span class="p">:</span> <span class="nx">user</span><span class="p">.</span><span class="nx">email</span> <span class="p">};</span> <span class="kd">const</span> <span class="nx">signature</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">MySuP3R_z3kr3t</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">expiration</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">6h</span><span class="dl">'</span><span class="p">;</span> <span class="k">return</span> <span class="nx">jwt</span><span class="p">.</span><span class="nf">sign</span><span class="p">({</span> <span class="nx">data</span><span class="p">,</span> <span class="p">},</span> <span class="nx">signature</span><span class="p">,</span> <span class="p">{</span> <span class="na">expiresIn</span><span class="p">:</span> <span class="nx">expiration</span> <span class="p">});</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>The important here is the encoded data, you should never send sensitive information about the user.</p> <p>The signature is the 'secret' that is used to generate the JWT, and is very important to keep this signature safe.</p> <p>If it gets compromised, an attacker could generate tokens on behalf the users and steal their sessions and.</p> <p><a></a></p> <h2> Securing endpoints and verifying the JWT ⚔️ </h2> <p>The frontend code is now required to send the JWT in every request to a secure endpoint.</p> <p>A good practice is to include the JWT in a header, commonly the Authorization header.</p> <p><a href="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fyk2vblhsyt5mq2en43su.png" class="article-body-image-wrapper"><img src="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fyk2vblhsyt5mq2en43su.png" alt="Authorization Header" width="800" height="135"></a></p> <p>Now in the backend, a middleware for the express routes has to be created.</p> <p><em>Middleware "isAuth"</em><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="k">import</span> <span class="o">*</span> <span class="k">as</span> <span class="nx">jwt</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">express-jwt</span><span class="dl">'</span><span class="p">;</span> <span class="c1">// We are assuming that the JWT will come in the header Authorization but it could come in the req.body or in a query param, you have to decide what works best for you.</span> <span class="kd">const</span> <span class="nx">getTokenFromHeader</span> <span class="o">=</span> <span class="p">(</span><span class="nx">req</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">req</span><span class="p">.</span><span class="nx">headers</span><span class="p">.</span><span class="nx">authorization</span> <span class="o">&amp;&amp;</span> <span class="nx">req</span><span class="p">.</span><span class="nx">headers</span><span class="p">.</span><span class="nx">authorization</span><span class="p">.</span><span class="nf">split</span><span class="p">(</span><span class="dl">'</span><span class="s1"> </span><span class="dl">'</span><span class="p">)[</span><span class="mi">0</span><span class="p">]</span> <span class="o">===</span> <span class="dl">'</span><span class="s1">Bearer</span><span class="dl">'</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">req</span><span class="p">.</span><span class="nx">headers</span><span class="p">.</span><span class="nx">authorization</span><span class="p">.</span><span class="nf">split</span><span class="p">(</span><span class="dl">'</span><span class="s1"> </span><span class="dl">'</span><span class="p">)[</span><span class="mi">1</span><span class="p">];</span> <span class="p">}</span> <span class="p">}</span> <span class="k">export</span> <span class="k">default</span> <span class="nf">jwt</span><span class="p">({</span> <span class="na">secret</span><span class="p">:</span> <span class="dl">'</span><span class="s1">MySuP3R_z3kr3t</span><span class="dl">'</span><span class="p">,</span> <span class="c1">// Has to be the same that we used to sign the JWT</span> <span class="na">userProperty</span><span class="p">:</span> <span class="dl">'</span><span class="s1">token</span><span class="dl">'</span><span class="p">,</span> <span class="c1">// this is where the next middleware can find the encoded data generated in services/auth:generateToken -&gt; 'req.token'</span> <span class="na">getToken</span><span class="p">:</span> <span class="nx">getTokenFromHeader</span><span class="p">,</span> <span class="c1">// A function to get the auth token from the request</span> <span class="p">})</span> </code></pre> </div> <p>Is very useful to have a middleware to get the complete current user record, from the database, and attach it to the request.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="k">export</span> <span class="k">default </span><span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">,</span> <span class="nx">next</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">decodedTokenData</span> <span class="o">=</span> <span class="nx">req</span><span class="p">.</span><span class="nx">tokenData</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">userRecord</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">UserModel</span><span class="p">.</span><span class="nf">findOne</span><span class="p">({</span> <span class="na">_id</span><span class="p">:</span> <span class="nx">decodedTokenData</span><span class="p">.</span><span class="nx">_id</span> <span class="p">})</span> <span class="nx">req</span><span class="p">.</span><span class="nx">currentUser</span> <span class="o">=</span> <span class="nx">userRecord</span><span class="p">;</span> <span class="k">if</span><span class="p">(</span><span class="o">!</span><span class="nx">userRecord</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">401</span><span class="p">).</span><span class="nf">end</span><span class="p">(</span><span class="dl">'</span><span class="s1">User not found</span><span class="dl">'</span><span class="p">)</span> <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> <span class="k">return</span> <span class="nf">next</span><span class="p">();</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>Now the routes can access the current user that is performing the request.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code> <span class="k">import</span> <span class="nx">isAuth</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">../middlewares/isAuth</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="nx">attachCurrentUser</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">../middlewares/attachCurrentUser</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="nx">ItemsModel</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">../models/items</span><span class="dl">'</span><span class="p">;</span> <span class="k">export</span> <span class="k">default </span><span class="p">(</span><span class="nx">app</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">app</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">/inventory/personal-items</span><span class="dl">'</span><span class="p">,</span> <span class="nx">isAuth</span><span class="p">,</span> <span class="nx">attachCurrentUser</span><span class="p">,</span> <span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">user</span> <span class="o">=</span> <span class="nx">req</span><span class="p">.</span><span class="nx">currentUser</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">userItems</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">ItemsModel</span><span class="p">.</span><span class="nf">find</span><span class="p">({</span> <span class="na">owner</span><span class="p">:</span> <span class="nx">user</span><span class="p">.</span><span class="nx">_id</span> <span class="p">});</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">json</span><span class="p">(</span><span class="nx">userItems</span><span class="p">).</span><span class="nf">status</span><span class="p">(</span><span class="mi">200</span><span class="p">);</span> <span class="p">})</span> <span class="p">}</span> </code></pre> </div> <p>The route 'inventory/personal-items' is now secured, you need to have a valid JWT to access it, but also it will use the current user from that JWT to look up in the database for the corresponding items.</p> <h2> Why a JWT is secured ? </h2> <p>A common question that you may have after reading this is: </p> <p><strong><em>If the JWT data can be decoded in the client side, can a JWT be manipulated in a way to change the user id or other data ?</em></strong></p> <p>While you can decode a JWT easily, you can not encode it with new data without having the 'Secret' that was used when the JWT was signed.</p> <p>This is the way is so important to never disclose the secret.</p> <p>Our server is checking the signature on the middleware <code>IsAuth</code> the library <code>express-jwt</code> takes care of that.</p> <p>Now that we understand how a JWT works, let's move on to a cool advance feature.</p> <p><a></a></p> <h2> How to impersonate a user 🕵️ </h2> <p>User impersonation is a technique used to sign in as a specific user, without knowing the user's password.</p> <p>This a very useful feature for the super admins, developers or support, to be able to solve or debug a user problem that is only visible with his session.</p> <p>There is no need in having the user password to use the application on his behalf, just generate a JWT with the correct signature and the required user metadata.</p> <p>Let's create an endpoint that can generate a JWT to log in as a specific user, this endpoint will only be able to be used by a super-admin user</p> <p>First, we need to establish a higher role for the super admin user, there are many ways to do it, a simple one is just to add a 'role' property on the user record in the database.</p> <p><a href="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fenkkjh7t9v6zqwgz0bwc.png" class="article-body-image-wrapper"><img src="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fenkkjh7t9v6zqwgz0bwc.png" alt="super admin role in user database record" width="800" height="135"></a></p> <p>Second, let's create a new middleware that checks the user role.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="k">export</span> <span class="k">default </span><span class="p">(</span><span class="nx">requiredRole</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">return </span><span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">,</span> <span class="nx">next</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">if</span><span class="p">(</span><span class="nx">req</span><span class="p">.</span><span class="nx">currentUser</span><span class="p">.</span><span class="nx">role</span> <span class="o">===</span> <span class="nx">requiredRole</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nf">next</span><span class="p">();</span> <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">401</span><span class="p">).</span><span class="nf">send</span><span class="p">(</span><span class="dl">'</span><span class="s1">Action not allowed</span><span class="dl">'</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>That middleware needs to be placed after the <code>isAuth</code> and <code>attachCurrentUser</code> middlewares.</p> <p>Third, the endpoint that generates a JWT for the user to impersonate.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code> <span class="k">import</span> <span class="nx">isAuth</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">../middlewares/isAuth</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="nx">attachCurrentUser</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">../middlewares/attachCurrentUser</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="nx">roleRequired</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">../middlwares/roleRequired</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="nx">UserModel</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">../models/user</span><span class="dl">'</span><span class="p">;</span> <span class="k">export</span> <span class="k">default </span><span class="p">(</span><span class="nx">app</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">app</span><span class="p">.</span><span class="nf">post</span><span class="p">(</span><span class="dl">'</span><span class="s1">/auth/signin-as-user</span><span class="dl">'</span><span class="p">,</span> <span class="nx">isAuth</span><span class="p">,</span> <span class="nx">attachCurrentUser</span><span class="p">,</span> <span class="nf">roleRequired</span><span class="p">(</span><span class="dl">'</span><span class="s1">super-admin</span><span class="dl">'</span><span class="p">),</span> <span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">userEmail</span> <span class="o">=</span> <span class="nx">req</span><span class="p">.</span><span class="nx">body</span><span class="p">.</span><span class="nx">email</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">userRecord</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">UserModel</span><span class="p">.</span><span class="nf">findOne</span><span class="p">({</span> <span class="nx">email</span> <span class="p">});</span> <span class="k">if</span><span class="p">(</span><span class="o">!</span><span class="nx">userRecord</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">404</span><span class="p">).</span><span class="nf">send</span><span class="p">(</span><span class="dl">'</span><span class="s1">User not found</span><span class="dl">'</span><span class="p">);</span> <span class="p">}</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">json</span><span class="p">({</span> <span class="na">user</span><span class="p">:</span> <span class="p">{</span> <span class="na">email</span><span class="p">:</span> <span class="nx">userRecord</span><span class="p">.</span><span class="nx">email</span><span class="p">,</span> <span class="na">name</span><span class="p">:</span> <span class="nx">userRecord</span><span class="p">.</span><span class="nx">name</span> <span class="p">},</span> <span class="na">jwt</span><span class="p">:</span> <span class="k">this</span><span class="p">.</span><span class="nf">generateToken</span><span class="p">(</span><span class="nx">userRecord</span><span class="p">)</span> <span class="p">})</span> <span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">200</span><span class="p">);</span> <span class="p">})</span> <span class="p">}</span> </code></pre> </div> <p>So, there is no black magic here, the super-admin knows the email of the user that wants to impersonate, and the logic is pretty similar to the sign-in, but there is no check for correctness of password.</p> <p>That's because the password is not needed, the security of the endpoint comes from the roleRequired middleware.</p> <p><a></a></p> <h1> Conclusion 🏗️ </h1> <p>While is good to rely on third-party authentication services and libraries, to save development time, is also necessary to know the underlayin logic and principles behind authentication.</p> <p>In this article we explored the JWT capabilities, why is important to choose a good cryptographic algorithm to hash the passwords, and how to impersonate a user, something that is not so simple if you are using a library like passport.js.</p> <p>In the next part of this series, we are going to explore the different options to provide 'Social Login' authentication for our customers by using the OAuth2 protocal and an easier alternative, a third-party authentication provider like Firebase.</p> <h3> <a href="https://github.com/santiq/nodejs-auth" rel="noopener noreferrer">See the example repository here 🔬</a> </h3> <h3> Resources </h3> <ul> <li><p><a href="https://security.stackexchange.com/questions/193351/in-2018-what-is-the-recommended-hash-to-store-passwords-bcrypt-scrypt-argon2" rel="noopener noreferrer">What is the recommended hash to store passwords: bcrypt, scrypt, Argon2?</a></p></li> <li><p><a href="https://en.wikipedia.org/wiki/Timing_attack" rel="noopener noreferrer">Timing attack</a></p></li> </ul> <h1> ✋ Hey ! Before you go 🏃‍ </h1> <p>If you enjoy this article, I recommend you to subscribe to my email list so you never miss another one like this. ⬇️ ⬇️</p> <p><a href="https://softwareontheroad.us20.list-manage.com/subscribe/post?u=337d8675485234c707e63777d&amp;id=14f1331817" rel="noopener noreferrer"><img src="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F2qu3814s10qiplde1ho3.png" alt="Email List Form" width="800" height="288"></a></p> <p>I will not try to sell you anything, I promise </p> <p>And don't miss my previous post, I believe you will love it :)</p> <div class="ltag__link"> <a href="/santypk4" class="ltag__link__link"> <div class="ltag__link__pic"> <img src="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F158113%2Fa620d8e0-b050-4601-876b-2ae94d2a9470.jpg" alt="santypk4"> </div> </a> <a href="/santypk4/bulletproof-node-js-project-architecture-4epf" class="ltag__link__link"> <div class="ltag__link__content"> <h2>Bulletproof node.js project architecture 🛡️</h2> <h3>Sam ・ Apr 18 '19</h3> <div class="ltag__link__taglist"> <span class="ltag__link__tag">#node</span> <span class="ltag__link__tag">#javascript</span> <span class="ltag__link__tag">#webdev</span> <span class="ltag__link__tag">#tutorial</span> </div> </div> </a> </div> <p>Read my research on the most downloaded frontend framework, the result will surprise you!</p> <div class="ltag__link"> <a href="/santypk4" class="ltag__link__link"> <div class="ltag__link__pic"> <img src="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F158113%2Fa620d8e0-b050-4601-876b-2ae94d2a9470.jpg" alt="santypk4"> </div> </a> <a href="/santypk4/top-10-front-end-frameworks-by-downloads-2015-2019-2427" class="ltag__link__link"> <div class="ltag__link__content"> <h2>Top 10 Front-End Frameworks by Downloads [2015-2019]</h2> <h3>Sam ・ Jul 28 '19</h3> <div class="ltag__link__taglist"> <span class="ltag__link__tag">#javascript</span> <span class="ltag__link__tag">#angular</span> <span class="ltag__link__tag">#react</span> <span class="ltag__link__tag">#vue</span> </div> </div> </a> </div> node javascript tutorial webdev Timelapse: Creating a Landing Page Sam Mon, 27 May 2019 15:48:14 +0000 https://forem.com/santypk4/creating-a-landing-page-timelapse-1fc5 https://forem.com/santypk4/creating-a-landing-page-timelapse-1fc5 <p>This is how you can make a Landing Page with a good placed Call-To-Action.</p> <p>I didn't have a design in mind, I just start moving things around, and using other websites as inspiration</p> <p><iframe width="710" height="399" src="https://www.youtube.com/embed/noF88drN7rc"> </iframe> </p> <p>My blog is open source, you can check it here:</p> <p><a href="https://github.com/santiq/softwareontheroad">https://github.com/santiq/softwareontheroad</a></p> <p>Pull Requests related to the video can be found here:</p> <ul> <li> <a href="https://github.com/santiq/softwareontheroad/pull/30">https://github.com/santiq/softwareontheroad/pull/30</a> </li> <li><a href="https://github.com/santiq/softwareontheroad/pull/31">https://github.com/santiq/softwareontheroad/pull/31</a></li> </ul> <p>As always, thanks for passing by.</p> javascript react gatsby video Bulletproof node.js project architecture 🛡️ Sam Thu, 18 Apr 2019 21:54:40 +0000 https://forem.com/santypk4/bulletproof-node-js-project-architecture-4epf https://forem.com/santypk4/bulletproof-node-js-project-architecture-4epf <p><em>Originally posted on <a href="https://softwareontheroad.com/ideal-nodejs-project-structure?utm_source=devto&amp;utm_medium=post" rel="noopener noreferrer">softwareontheroad.com</a></em></p> <p><strong>Update 04/21/2019</strong>: <a href="https://github.com/santiq/bulletproof-nodejs" rel="noopener noreferrer">Implementation example in a GitHub repository</a></p> <h1> Introduction </h1> <p>Express.js is great frameworks for making a node.js REST APIs however it doesn't give you any clue on how to organizing your node.js project.</p> <p>While it may sound silly, this is a real problem.</p> <p>The correct organization of your node.js project structure will avoid duplication of code, will improve stability, and potentially, will help you scale your services if is done correctly.</p> <p>This post is extense research, from my years of experience dealing with a poor structured node.js project, bad patterns, and countless hours of refactoring code and moving things around.</p> <p>If you need help to align your node.js project architecture, just drop me a letter at <a href="mailto:santiago@softwareontheroad.com">santiago@softwareontheroad.com</a></p> <h1> Table of contents </h1> <ul> <li>The folder structure 🏢</li> <li>3 Layer architecture 🥪</li> <li>Service Layer 💼</li> <li>Pub/Sub Layer ️️️️🎙️️</li> <li>Dependency Injection 💉</li> <li>Unit Testing 🕵🏻</li> <li>Cron Jobs and recurring task ⚡</li> <li>Configurations and secrets 🤫</li> <li>Loaders 🏗️</li> <li><a href="https://github.com/santiq/bulletproof-nodejs" rel="noopener noreferrer">Example Repository</a></li> </ul> <p><a></a></p> <h1> The folder structure 🏢 </h1> <p>Here is the node.js project structure that I'm talking about.</p> <p>I use this in every node.js REST API service that I build, let's see in details what every component do.</p> <div class="highlight js-code-highlight"> <pre class="highlight markdown"><code> src │ app.js # App entry point └───api # Express route controllers for all the endpoints of the app └───config # Environment variables and configuration related stuff └───jobs # Jobs definitions for agenda.js └───loaders # Split the startup process into modules └───models # Database models └───services # All the business logic is here └───subscribers # Event handlers for async task └───types # Type declaration files (d.ts) for Typescript<span class="sb"> </span></code></pre> </div> <p>It is more than just a way of ordering javascript files...</p> <p><a></a></p> <h1> 3 Layer architecture 🥪 </h1> <p>The idea is to use the <strong>principle of separation of concerns</strong> to move the business logic away from the node.js API Routes.</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fyt1sg0tymyzhljnzn4im.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fyt1sg0tymyzhljnzn4im.png" alt="3 layer pattern"></a></p> <p>Because someday, you will want to use your business logic on a CLI tool, or not going far, in a recurring task.</p> <p>And make an API call from the node.js server to itself it's not a good idea...</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F9up29c6n33iohi6ycc8v.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F9up29c6n33iohi6ycc8v.png" alt="3 layer pattern for node.js REST API"></a></p> <h2> ☠️ Don't put your business logic inside the controllers!! ☠️ </h2> <p>You may be tempted to just use the express.js controllers to store the business logic of your application, but this quickly becomes spaghetti code, as soon as you need to write unit tests, you will end up dealing with complex mocks for <em>req</em> or <em>res</em> express.js objects.</p> <p>It's complicated to distingue when a response should be sent, and when to continue processing in 'background', let's say after the response is sent to the client.</p> <p>Here is an example of what not to do.</p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code> <span class="nx">route</span><span class="p">.</span><span class="nf">post</span><span class="p">(</span><span class="dl">'</span><span class="s1">/</span><span class="dl">'</span><span class="p">,</span> <span class="k">async </span><span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">,</span> <span class="nx">next</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="c1">// This should be a middleware or should be handled by a library like Joi.</span> <span class="kd">const</span> <span class="nx">userDTO</span> <span class="o">=</span> <span class="nx">req</span><span class="p">.</span><span class="nx">body</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">isUserValid</span> <span class="o">=</span> <span class="nx">validators</span><span class="p">.</span><span class="nf">user</span><span class="p">(</span><span class="nx">userDTO</span><span class="p">)</span> <span class="k">if</span><span class="p">(</span><span class="o">!</span><span class="nx">isUserValid</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">400</span><span class="p">).</span><span class="nf">end</span><span class="p">();</span> <span class="p">}</span> <span class="c1">// Lot of business logic here...</span> <span class="kd">const</span> <span class="nx">userRecord</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">UserModel</span><span class="p">.</span><span class="nf">create</span><span class="p">(</span><span class="nx">userDTO</span><span class="p">);</span> <span class="k">delete</span> <span class="nx">userRecord</span><span class="p">.</span><span class="nx">password</span><span class="p">;</span> <span class="k">delete</span> <span class="nx">userRecord</span><span class="p">.</span><span class="nx">salt</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">companyRecord</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">CompanyModel</span><span class="p">.</span><span class="nf">create</span><span class="p">(</span><span class="nx">userRecord</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">companyDashboard</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">CompanyDashboard</span><span class="p">.</span><span class="nf">create</span><span class="p">(</span><span class="nx">userRecord</span><span class="p">,</span> <span class="nx">companyRecord</span><span class="p">);</span> <span class="p">...</span><span class="nx">whatever</span><span class="p">...</span> <span class="c1">// And here is the 'optimization' that mess up everything.</span> <span class="c1">// The response is sent to client...</span> <span class="nx">res</span><span class="p">.</span><span class="nf">json</span><span class="p">({</span> <span class="na">user</span><span class="p">:</span> <span class="nx">userRecord</span><span class="p">,</span> <span class="na">company</span><span class="p">:</span> <span class="nx">companyRecord</span> <span class="p">});</span> <span class="c1">// But code execution continues :(</span> <span class="kd">const</span> <span class="nx">salaryRecord</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">SalaryModel</span><span class="p">.</span><span class="nf">create</span><span class="p">(</span><span class="nx">userRecord</span><span class="p">,</span> <span class="nx">companyRecord</span><span class="p">);</span> <span class="nx">eventTracker</span><span class="p">.</span><span class="nf">track</span><span class="p">(</span><span class="dl">'</span><span class="s1">user_signup</span><span class="dl">'</span><span class="p">,</span><span class="nx">userRecord</span><span class="p">,</span><span class="nx">companyRecord</span><span class="p">,</span><span class="nx">salaryRecord</span><span class="p">);</span> <span class="nx">intercom</span><span class="p">.</span><span class="nf">createUser</span><span class="p">(</span><span class="nx">userRecord</span><span class="p">);</span> <span class="nx">gaAnalytics</span><span class="p">.</span><span class="nf">event</span><span class="p">(</span><span class="dl">'</span><span class="s1">user_signup</span><span class="dl">'</span><span class="p">,</span><span class="nx">userRecord</span><span class="p">);</span> <span class="k">await</span> <span class="nx">EmailService</span><span class="p">.</span><span class="nf">startSignupSequence</span><span class="p">(</span><span class="nx">userRecord</span><span class="p">)</span> <span class="p">});</span> </code></pre> </div> <p><a></a></p> <p># Use a service layer for your business logic 💼</p> <p>This layer is where your business logic should live.</p> <p>It's just a collection of classes with clear porpuses, following the <strong>SOLID</strong> principles applied to node.js.</p> <p><em>In this layer there should not exists any form of 'SQL query', use the data access layer for that.</em></p> <ul> <li><p>Move your code away from the express.js router</p></li> <li><p>Don't pass the req or res object to the service layer</p></li> <li><p>Don't return anything related to the HTTP transport layer like a status code or headers from the service layer.</p></li> </ul> <p><strong>Example</strong></p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code> <span class="nx">route</span><span class="p">.</span><span class="nf">post</span><span class="p">(</span><span class="dl">'</span><span class="s1">/</span><span class="dl">'</span><span class="p">,</span> <span class="nx">validators</span><span class="p">.</span><span class="nx">userSignup</span><span class="p">,</span> <span class="c1">// this middleware take care of validation</span> <span class="k">async </span><span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">,</span> <span class="nx">next</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="c1">// The actual responsability of the route layer.</span> <span class="kd">const</span> <span class="nx">userDTO</span> <span class="o">=</span> <span class="nx">req</span><span class="p">.</span><span class="nx">body</span><span class="p">;</span> <span class="c1">// Call to service layer.</span> <span class="c1">// Abstraction on how to access the data layer and the business logic.</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">user</span><span class="p">,</span> <span class="nx">company</span> <span class="p">}</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">UserService</span><span class="p">.</span><span class="nc">Signup</span><span class="p">(</span><span class="nx">userDTO</span><span class="p">);</span> <span class="c1">// Return a response to client.</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">json</span><span class="p">({</span> <span class="nx">user</span><span class="p">,</span> <span class="nx">company</span> <span class="p">});</span> <span class="p">});</span> </code></pre> </div> <p>Here is how your service will be working behind the scenes.</p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code> <span class="k">import</span> <span class="nx">UserModel</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">../models/user</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="nx">CompanyModel</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">../models/company</span><span class="dl">'</span><span class="p">;</span> <span class="k">export</span> <span class="k">default</span> <span class="kd">class</span> <span class="nc">UserService</span> <span class="p">{</span> <span class="k">async</span> <span class="nc">Signup</span><span class="p">(</span><span class="nx">user</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">userRecord</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">UserModel</span><span class="p">.</span><span class="nf">create</span><span class="p">(</span><span class="nx">user</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">companyRecord</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">CompanyModel</span><span class="p">.</span><span class="nf">create</span><span class="p">(</span><span class="nx">userRecord</span><span class="p">);</span> <span class="c1">// needs userRecord to have the database id </span> <span class="kd">const</span> <span class="nx">salaryRecord</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">SalaryModel</span><span class="p">.</span><span class="nf">create</span><span class="p">(</span><span class="nx">userRecord</span><span class="p">,</span> <span class="nx">companyRecord</span><span class="p">);</span> <span class="c1">// depends on user and company to be created</span> <span class="p">...</span><span class="nx">whatever</span> <span class="k">await</span> <span class="nx">EmailService</span><span class="p">.</span><span class="nf">startSignupSequence</span><span class="p">(</span><span class="nx">userRecord</span><span class="p">)</span> <span class="p">...</span><span class="k">do</span> <span class="nx">more</span> <span class="nx">stuff</span> <span class="k">return</span> <span class="p">{</span> <span class="na">user</span><span class="p">:</span> <span class="nx">userRecord</span><span class="p">,</span> <span class="na">company</span><span class="p">:</span> <span class="nx">companyRecord</span> <span class="p">};</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p><a href="https://github.com/santiq/bulletproof-nodejs" rel="noopener noreferrer">Visit the example repository</a></p> <p><a></a></p> <h1> Use a Pub/Sub layer too 🎙️ </h1> <p>The pub/sub pattern goes beyond the classic 3 layer architecture proposed here but it's extremely useful.</p> <p>The simple node.js API endpoint that creates a user right now, may want to call third-party services, maybe to an analytics service, or maybe start an email sequence.</p> <p>Sooner than later, that simple "create" operation will be doing several things, and you will end up with 1000 lines of code, all in a single function.</p> <p>That violates the principle of single responsibility.</p> <p>So, it's better to separate responsibilities from the start, so your code remains maintainable.</p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code> <span class="k">import</span> <span class="nx">UserModel</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">../models/user</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="nx">CompanyModel</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">../models/company</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="nx">SalaryModel</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">../models/salary</span><span class="dl">'</span><span class="p">;</span> <span class="k">export</span> <span class="k">default</span> <span class="kd">class</span> <span class="nc">UserService</span><span class="p">()</span> <span class="p">{</span> <span class="k">async</span> <span class="nc">Signup</span><span class="p">(</span><span class="nx">user</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">userRecord</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">UserModel</span><span class="p">.</span><span class="nf">create</span><span class="p">(</span><span class="nx">user</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">companyRecord</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">CompanyModel</span><span class="p">.</span><span class="nf">create</span><span class="p">(</span><span class="nx">user</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">salaryRecord</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">SalaryModel</span><span class="p">.</span><span class="nf">create</span><span class="p">(</span><span class="nx">user</span><span class="p">,</span> <span class="nx">salary</span><span class="p">);</span> <span class="nx">eventTracker</span><span class="p">.</span><span class="nf">track</span><span class="p">(</span> <span class="dl">'</span><span class="s1">user_signup</span><span class="dl">'</span><span class="p">,</span> <span class="nx">userRecord</span><span class="p">,</span> <span class="nx">companyRecord</span><span class="p">,</span> <span class="nx">salaryRecord</span> <span class="p">);</span> <span class="nx">intercom</span><span class="p">.</span><span class="nf">createUser</span><span class="p">(</span> <span class="nx">userRecord</span> <span class="p">);</span> <span class="nx">gaAnalytics</span><span class="p">.</span><span class="nf">event</span><span class="p">(</span> <span class="dl">'</span><span class="s1">user_signup</span><span class="dl">'</span><span class="p">,</span> <span class="nx">userRecord</span> <span class="p">);</span> <span class="k">await</span> <span class="nx">EmailService</span><span class="p">.</span><span class="nf">startSignupSequence</span><span class="p">(</span><span class="nx">userRecord</span><span class="p">)</span> <span class="p">...</span><span class="nx">more</span> <span class="nx">stuff</span> <span class="k">return</span> <span class="p">{</span> <span class="na">user</span><span class="p">:</span> <span class="nx">userRecord</span><span class="p">,</span> <span class="na">company</span><span class="p">:</span> <span class="nx">companyRecord</span> <span class="p">};</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p><strong>An imperative call to a dependent service is not the best way of doing it.</strong></p> <p>A better approach is by emitting an event i.e. 'a user signed up with this email'. </p> <p>And you are done, now it's the responsibility of the listeners to do their job.</p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code> <span class="k">import</span> <span class="nx">UserModel</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">../models/user</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="nx">CompanyModel</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">../models/company</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="nx">SalaryModel</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">../models/salary</span><span class="dl">'</span><span class="p">;</span> <span class="k">export</span> <span class="k">default</span> <span class="kd">class</span> <span class="nc">UserService</span><span class="p">()</span> <span class="p">{</span> <span class="k">async</span> <span class="nc">Signup</span><span class="p">(</span><span class="nx">user</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">userRecord</span> <span class="o">=</span> <span class="k">await</span> <span class="k">this</span><span class="p">.</span><span class="nx">userModel</span><span class="p">.</span><span class="nf">create</span><span class="p">(</span><span class="nx">user</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">companyRecord</span> <span class="o">=</span> <span class="k">await</span> <span class="k">this</span><span class="p">.</span><span class="nx">companyModel</span><span class="p">.</span><span class="nf">create</span><span class="p">(</span><span class="nx">user</span><span class="p">);</span> <span class="k">this</span><span class="p">.</span><span class="nx">eventEmitter</span><span class="p">.</span><span class="nf">emit</span><span class="p">(</span><span class="dl">'</span><span class="s1">user_signup</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">user</span><span class="p">:</span> <span class="nx">userRecord</span><span class="p">,</span> <span class="na">company</span><span class="p">:</span> <span class="nx">companyRecord</span> <span class="p">})</span> <span class="k">return</span> <span class="nx">userRecord</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>Now you can split the event handlers/listeners into multiple files.</p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code> <span class="nx">eventEmitter</span><span class="p">.</span><span class="nf">on</span><span class="p">(</span><span class="dl">'</span><span class="s1">user_signup</span><span class="dl">'</span><span class="p">,</span> <span class="p">({</span> <span class="nx">user</span><span class="p">,</span> <span class="nx">company</span> <span class="p">})</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">eventTracker</span><span class="p">.</span><span class="nf">track</span><span class="p">(</span> <span class="dl">'</span><span class="s1">user_signup</span><span class="dl">'</span><span class="p">,</span> <span class="nx">user</span><span class="p">,</span> <span class="nx">company</span><span class="p">,</span> <span class="p">);</span> <span class="nx">intercom</span><span class="p">.</span><span class="nf">createUser</span><span class="p">(</span> <span class="nx">user</span> <span class="p">);</span> <span class="nx">gaAnalytics</span><span class="p">.</span><span class="nf">event</span><span class="p">(</span> <span class="dl">'</span><span class="s1">user_signup</span><span class="dl">'</span><span class="p">,</span> <span class="nx">user</span> <span class="p">);</span> <span class="p">})</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code> <span class="nx">eventEmitter</span><span class="p">.</span><span class="nf">on</span><span class="p">(</span><span class="dl">'</span><span class="s1">user_signup</span><span class="dl">'</span><span class="p">,</span> <span class="k">async </span><span class="p">({</span> <span class="nx">user</span><span class="p">,</span> <span class="nx">company</span> <span class="p">})</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">salaryRecord</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">SalaryModel</span><span class="p">.</span><span class="nf">create</span><span class="p">(</span><span class="nx">user</span><span class="p">,</span> <span class="nx">company</span><span class="p">);</span> <span class="p">})</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code> <span class="nx">eventEmitter</span><span class="p">.</span><span class="nf">on</span><span class="p">(</span><span class="dl">'</span><span class="s1">user_signup</span><span class="dl">'</span><span class="p">,</span> <span class="k">async </span><span class="p">({</span> <span class="nx">user</span><span class="p">,</span> <span class="nx">company</span> <span class="p">})</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">await</span> <span class="nx">EmailService</span><span class="p">.</span><span class="nf">startSignupSequence</span><span class="p">(</span><span class="nx">user</span><span class="p">)</span> <span class="p">})</span> </code></pre> </div> <p>You can wrap the await statements into a try-catch block or <a href="https://softwareontheroad.com/nodejs-crash-exception-handler" rel="noopener noreferrer">you can just let it fail and handle the 'unhandledPromise' <em>process.on('unhandledRejection',cb)</em></a></p> <p><a></a></p> <h1> Dependency Injection 💉 </h1> <p>D.I. or inversion of control (IoC) is a common pattern that will help the organization of your code, by 'injecting' or passing through the constructor the <em>dependencies</em> of your class or function.</p> <p>By doing this way you will gain the flexibility to inject a <em>'compatible dependency'</em> when, for example, you write the unit tests for the service, or when the service is used in another context.</p> <p><em>Code with no D.I</em></p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code> <span class="k">import</span> <span class="nx">UserModel</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">../models/user</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="nx">CompanyModel</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">../models/company</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="nx">SalaryModel</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">../models/salary</span><span class="dl">'</span><span class="p">;</span> <span class="kd">class</span> <span class="nc">UserService</span> <span class="p">{</span> <span class="nf">constructor</span><span class="p">(){}</span> <span class="nc">Sigup</span><span class="p">(){</span> <span class="c1">// Caling UserMode, CompanyModel, etc</span> <span class="p">...</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p><em>Code with manual dependency injection</em></p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code> <span class="k">export</span> <span class="k">default</span> <span class="kd">class</span> <span class="nc">UserService</span> <span class="p">{</span> <span class="nf">constructor</span><span class="p">(</span><span class="nx">userModel</span><span class="p">,</span> <span class="nx">companyModel</span><span class="p">,</span> <span class="nx">salaryModel</span><span class="p">){</span> <span class="k">this</span><span class="p">.</span><span class="nx">userModel</span> <span class="o">=</span> <span class="nx">userModel</span><span class="p">;</span> <span class="k">this</span><span class="p">.</span><span class="nx">companyModel</span> <span class="o">=</span> <span class="nx">companyModel</span><span class="p">;</span> <span class="k">this</span><span class="p">.</span><span class="nx">salaryModel</span> <span class="o">=</span> <span class="nx">salaryModel</span><span class="p">;</span> <span class="p">}</span> <span class="nf">getMyUser</span><span class="p">(</span><span class="nx">userId</span><span class="p">){</span> <span class="c1">// models available throug 'this'</span> <span class="kd">const</span> <span class="nx">user</span> <span class="o">=</span> <span class="k">this</span><span class="p">.</span><span class="nx">userModel</span><span class="p">.</span><span class="nf">findById</span><span class="p">(</span><span class="nx">userId</span><span class="p">);</span> <span class="k">return</span> <span class="nx">user</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>Now you can inject custom dependencies.</p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code> <span class="k">import</span> <span class="nx">UserService</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">../services/user</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="nx">UserModel</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">../models/user</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="nx">CompanyModel</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">../models/company</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">salaryModelMock</span> <span class="o">=</span> <span class="p">{</span> <span class="nf">calculateNetSalary</span><span class="p">(){</span> <span class="k">return</span> <span class="mi">42</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> <span class="kd">const</span> <span class="nx">userServiceInstance</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">UserService</span><span class="p">(</span><span class="nx">userModel</span><span class="p">,</span> <span class="nx">companyModel</span><span class="p">,</span> <span class="nx">salaryModelMock</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">user</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">userServiceInstance</span><span class="p">.</span><span class="nf">getMyUser</span><span class="p">(</span><span class="dl">'</span><span class="s1">12346</span><span class="dl">'</span><span class="p">);</span> </code></pre> </div> <p>The amount of dependencies a service can have is infinite, and refactor every instantiation of it when you add a new one is a boring and error-prone task.</p> <p>That's why dependency injection frameworks were created.</p> <p>The idea is you declare your dependencies in the class, and when you need an instance of that class, you just call the 'Service Locator'.</p> <p>Let's see an example using <a href="https://www.npmjs.com/package/typedi" rel="noopener noreferrer">typedi</a> an npm library that brings D.I to node.js</p> <p><a href="https://www.github.com/typestack/typedi" rel="noopener noreferrer">You can read more on how to use typedi in the official documentation</a></p> <p><em>WARNING typescript example</em></p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code> <span class="k">import</span> <span class="p">{</span> <span class="nx">Service</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">typedi</span><span class="dl">'</span><span class="p">;</span> <span class="p">@</span><span class="nd">Service</span><span class="p">()</span> <span class="k">export</span> <span class="k">default</span> <span class="kd">class</span> <span class="nc">UserService</span> <span class="p">{</span> <span class="nf">constructor</span><span class="p">(</span> <span class="k">private</span> <span class="nx">userModel</span><span class="p">,</span> <span class="k">private</span> <span class="nx">companyModel</span><span class="p">,</span> <span class="k">private</span> <span class="nx">salaryModel</span> <span class="p">){}</span> <span class="nf">getMyUser</span><span class="p">(</span><span class="nx">userId</span><span class="p">){</span> <span class="kd">const</span> <span class="nx">user</span> <span class="o">=</span> <span class="k">this</span><span class="p">.</span><span class="nx">userModel</span><span class="p">.</span><span class="nf">findById</span><span class="p">(</span><span class="nx">userId</span><span class="p">);</span> <span class="k">return</span> <span class="nx">user</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p><em>services/user.ts</em></p> <p>Now <em>typedi</em> will take care of resolving any dependency the UserService require.</p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code> <span class="k">import</span> <span class="p">{</span> <span class="nx">Container</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">typedi</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="nx">UserService</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">../services/user</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">userServiceInstance</span> <span class="o">=</span> <span class="nx">Container</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="nx">UserService</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">user</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">userServiceInstance</span><span class="p">.</span><span class="nf">getMyUser</span><span class="p">(</span><span class="dl">'</span><span class="s1">12346</span><span class="dl">'</span><span class="p">);</span> </code></pre> </div> <p><em><em>Abusing service locator calls is an anti-pattern</em></em></p> <h2> Using Dependency Injection with Express.js in Node.js </h2> <p>Using D.I. in express.js is the final piece of the puzzle for this node.js project architecture.</p> <p><strong>Routing layer</strong></p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code> <span class="nx">route</span><span class="p">.</span><span class="nf">post</span><span class="p">(</span><span class="dl">'</span><span class="s1">/</span><span class="dl">'</span><span class="p">,</span> <span class="k">async </span><span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">,</span> <span class="nx">next</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">userDTO</span> <span class="o">=</span> <span class="nx">req</span><span class="p">.</span><span class="nx">body</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">userServiceInstance</span> <span class="o">=</span> <span class="nx">Container</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="nx">UserService</span><span class="p">)</span> <span class="c1">// Service locator</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">user</span><span class="p">,</span> <span class="nx">company</span> <span class="p">}</span> <span class="o">=</span> <span class="nx">userServiceInstance</span><span class="p">.</span><span class="nc">Signup</span><span class="p">(</span><span class="nx">userDTO</span><span class="p">);</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">json</span><span class="p">({</span> <span class="nx">user</span><span class="p">,</span> <span class="nx">company</span> <span class="p">});</span> <span class="p">});</span> </code></pre> </div> <p>Awesome, project is looking great! <br> It's so organized that makes me want to be coding something right now.</p> <p><a href="https://github.com/santiq/bulletproof-nodejs" rel="noopener noreferrer">Visit the example repository</a></p> <p><a></a></p> <h1> An unit test example 🕵🏻 </h1> <p>By using dependency injection and these organization patterns, unit testing becomes really simple.</p> <p>You don't have to mock req/res objects or require(...) calls.</p> <p><strong>Example: Unit test for signup user method</strong></p> <p><em>tests/unit/services/user.js</em></p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code> <span class="k">import</span> <span class="nx">UserService</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">../../../src/services/user</span><span class="dl">'</span><span class="p">;</span> <span class="nf">describe</span><span class="p">(</span><span class="dl">'</span><span class="s1">User service unit tests</span><span class="dl">'</span><span class="p">,</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nf">describe</span><span class="p">(</span><span class="dl">'</span><span class="s1">Signup</span><span class="dl">'</span><span class="p">,</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nf">test</span><span class="p">(</span><span class="dl">'</span><span class="s1">Should create user record and emit user_signup event</span><span class="dl">'</span><span class="p">,</span> <span class="k">async </span><span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">eventEmitterService</span> <span class="o">=</span> <span class="p">{</span> <span class="na">emit</span><span class="p">:</span> <span class="nx">jest</span><span class="p">.</span><span class="nf">fn</span><span class="p">(),</span> <span class="p">};</span> <span class="kd">const</span> <span class="nx">userModel</span> <span class="o">=</span> <span class="p">{</span> <span class="na">create</span><span class="p">:</span> <span class="p">(</span><span class="nx">user</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">return</span> <span class="p">{</span> <span class="p">...</span><span class="nx">user</span><span class="p">,</span> <span class="na">_id</span><span class="p">:</span> <span class="dl">'</span><span class="s1">mock-user-id</span><span class="dl">'</span> <span class="p">}</span> <span class="p">},</span> <span class="p">};</span> <span class="kd">const</span> <span class="nx">companyModel</span> <span class="o">=</span> <span class="p">{</span> <span class="na">create</span><span class="p">:</span> <span class="p">(</span><span class="nx">user</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">return</span> <span class="p">{</span> <span class="na">owner</span><span class="p">:</span> <span class="nx">user</span><span class="p">.</span><span class="nx">_id</span><span class="p">,</span> <span class="na">companyTaxId</span><span class="p">:</span> <span class="dl">'</span><span class="s1">12345</span><span class="dl">'</span><span class="p">,</span> <span class="p">}</span> <span class="p">},</span> <span class="p">};</span> <span class="kd">const</span> <span class="nx">userInput</span><span class="o">=</span> <span class="p">{</span> <span class="na">fullname</span><span class="p">:</span> <span class="dl">'</span><span class="s1">User Unit Test</span><span class="dl">'</span><span class="p">,</span> <span class="na">email</span><span class="p">:</span> <span class="dl">'</span><span class="s1">test@example.com</span><span class="dl">'</span><span class="p">,</span> <span class="p">};</span> <span class="kd">const</span> <span class="nx">userService</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">UserService</span><span class="p">(</span><span class="nx">userModel</span><span class="p">,</span> <span class="nx">companyModel</span><span class="p">,</span> <span class="nx">eventEmitterService</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">userRecord</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">userService</span><span class="p">.</span><span class="nc">SignUp</span><span class="p">(</span><span class="nx">teamId</span><span class="p">.</span><span class="nf">toHexString</span><span class="p">(),</span> <span class="nx">userInput</span><span class="p">);</span> <span class="nf">expect</span><span class="p">(</span><span class="nx">userRecord</span><span class="p">).</span><span class="nf">toBeDefined</span><span class="p">();</span> <span class="nf">expect</span><span class="p">(</span><span class="nx">userRecord</span><span class="p">.</span><span class="nx">_id</span><span class="p">).</span><span class="nf">toBeDefined</span><span class="p">();</span> <span class="nf">expect</span><span class="p">(</span><span class="nx">eventEmitterService</span><span class="p">.</span><span class="nx">emit</span><span class="p">).</span><span class="nf">toBeCalled</span><span class="p">();</span> <span class="p">});</span> <span class="p">})</span> <span class="p">})</span> </code></pre> </div> <p><a></a></p> <h1> Cron Jobs and recurring task ⚡ </h1> <p>So, now that the business logic encapsulated into the service layer, it's easier to use it from a Cron job.</p> <p>You should never rely on node.js <code>setTimeout</code> or another primitive way of delay the execution of code, but on a framework that persist your jobs, and the execution of them, in a database.</p> <p>This way you will have control over the failed jobs, and feedback of those who succeed.<br> I already wrote on good practice for this so, <a href="https://softwareontheroad.com/nodejs-scalability-issues" rel="noopener noreferrer">check my guide on using agenda.js the best task manager for node.js</a>.</p> <p><a></a></p> <h1> Configurations and secrets 🤫 </h1> <p>Following the battle-tested concepts of <a href="https://12factor.net" rel="noopener noreferrer">Twelve-Factor App</a> for node.js the best approach to store API Keys and database string connections, it's by using <strong>dotenv</strong>.</p> <p>Put a <code>.env</code> file, that must never be committed <em>(but it has to exist with default values in your repository)</em> then, the npm package <code>dotenv</code> loads the .env file and insert the vars into the <code>process.env</code> object of node.js.</p> <p>That could be enough but, I like to add an extra step.<br> Have a <code>config/index.ts</code> file where the <code>dotenv</code> npm package and loads the .env file and then I use an object to store the variables, so we have a structure and code autocompletion.</p> <p><em>config/index.js</em></p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code> <span class="kd">const</span> <span class="nx">dotenv</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">dotenv</span><span class="dl">'</span><span class="p">);</span> <span class="c1">// config() will read your .env file, parse the contents, assign it to process.env.</span> <span class="nx">dotenv</span><span class="p">.</span><span class="nf">config</span><span class="p">();</span> <span class="k">export</span> <span class="k">default</span> <span class="p">{</span> <span class="na">port</span><span class="p">:</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">PORT</span><span class="p">,</span> <span class="na">databaseURL</span><span class="p">:</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">DATABASE_URI</span><span class="p">,</span> <span class="na">paypal</span><span class="p">:</span> <span class="p">{</span> <span class="na">publicKey</span><span class="p">:</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">PAYPAL_PUBLIC_KEY</span><span class="p">,</span> <span class="na">secretKey</span><span class="p">:</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">PAYPAL_SECRET_KEY</span><span class="p">,</span> <span class="p">},</span> <span class="na">paypal</span><span class="p">:</span> <span class="p">{</span> <span class="na">publicKey</span><span class="p">:</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">PAYPAL_PUBLIC_KEY</span><span class="p">,</span> <span class="na">secretKey</span><span class="p">:</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">PAYPAL_SECRET_KEY</span><span class="p">,</span> <span class="p">},</span> <span class="na">mailchimp</span><span class="p">:</span> <span class="p">{</span> <span class="na">apiKey</span><span class="p">:</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">MAILCHIMP_API_KEY</span><span class="p">,</span> <span class="na">sender</span><span class="p">:</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">MAILCHIMP_SENDER</span><span class="p">,</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>This way you avoid flooding your code with <code>process.env.MY_RANDOM_VAR</code> instructions, and by having the autocompletion you don't have to know how to name the env var.</p> <p><a href="https://github.com/santiq/bulletproof-nodejs" rel="noopener noreferrer">Visit the example repository</a></p> <p><a></a></p> <h1> Loaders 🏗️ </h1> <p>I took this pattern from <a href="https://www.npmjs.com/package/microframework-w3tec" rel="noopener noreferrer">W3Tech microframework</a> but without depending upon their package.</p> <p>The idea is that you split the startup process of your node.js service into testable modules.</p> <p>Let's see a classic express.js app initialization</p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code> <span class="kd">const</span> <span class="nx">mongoose</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">mongoose</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">express</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">express</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">bodyParser</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">body-parser</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">session</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">express-session</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">cors</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">cors</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">errorhandler</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">errorhandler</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">app</span> <span class="o">=</span> <span class="nf">express</span><span class="p">();</span> <span class="nx">app</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">/status</span><span class="dl">'</span><span class="p">,</span> <span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">200</span><span class="p">).</span><span class="nf">end</span><span class="p">();</span> <span class="p">});</span> <span class="nx">app</span><span class="p">.</span><span class="nf">head</span><span class="p">(</span><span class="dl">'</span><span class="s1">/status</span><span class="dl">'</span><span class="p">,</span> <span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">200</span><span class="p">).</span><span class="nf">end</span><span class="p">();</span> <span class="p">});</span> <span class="nx">app</span><span class="p">.</span><span class="nf">use</span><span class="p">(</span><span class="nf">cors</span><span class="p">());</span> <span class="nx">app</span><span class="p">.</span><span class="nf">use</span><span class="p">(</span><span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">morgan</span><span class="dl">'</span><span class="p">)(</span><span class="dl">'</span><span class="s1">dev</span><span class="dl">'</span><span class="p">));</span> <span class="nx">app</span><span class="p">.</span><span class="nf">use</span><span class="p">(</span><span class="nx">bodyParser</span><span class="p">.</span><span class="nf">urlencoded</span><span class="p">({</span> <span class="na">extended</span><span class="p">:</span> <span class="kc">false</span> <span class="p">}));</span> <span class="nx">app</span><span class="p">.</span><span class="nf">use</span><span class="p">(</span><span class="nx">bodyParser</span><span class="p">.</span><span class="nf">json</span><span class="p">(</span><span class="nx">setupForStripeWebhooks</span><span class="p">));</span> <span class="nx">app</span><span class="p">.</span><span class="nf">use</span><span class="p">(</span><span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">method-override</span><span class="dl">'</span><span class="p">)());</span> <span class="nx">app</span><span class="p">.</span><span class="nf">use</span><span class="p">(</span><span class="nx">express</span><span class="p">.</span><span class="nf">static</span><span class="p">(</span><span class="nx">__dirname</span> <span class="o">+</span> <span class="dl">'</span><span class="s1">/public</span><span class="dl">'</span><span class="p">));</span> <span class="nx">app</span><span class="p">.</span><span class="nf">use</span><span class="p">(</span><span class="nf">session</span><span class="p">({</span> <span class="na">secret</span><span class="p">:</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">SECRET</span><span class="p">,</span> <span class="na">cookie</span><span class="p">:</span> <span class="p">{</span> <span class="na">maxAge</span><span class="p">:</span> <span class="mi">60000</span> <span class="p">},</span> <span class="na">resave</span><span class="p">:</span> <span class="kc">false</span><span class="p">,</span> <span class="na">saveUninitialized</span><span class="p">:</span> <span class="kc">false</span> <span class="p">}));</span> <span class="nx">mongoose</span><span class="p">.</span><span class="nf">connect</span><span class="p">(</span><span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">DATABASE_URL</span><span class="p">,</span> <span class="p">{</span> <span class="na">useNewUrlParser</span><span class="p">:</span> <span class="kc">true</span> <span class="p">});</span> <span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">./config/passport</span><span class="dl">'</span><span class="p">);</span> <span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">./models/user</span><span class="dl">'</span><span class="p">);</span> <span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">./models/company</span><span class="dl">'</span><span class="p">);</span> <span class="nx">app</span><span class="p">.</span><span class="nf">use</span><span class="p">(</span><span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">./routes</span><span class="dl">'</span><span class="p">));</span> <span class="nx">app</span><span class="p">.</span><span class="nf">use</span><span class="p">((</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">,</span> <span class="nx">next</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">var</span> <span class="nx">err</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Error</span><span class="p">(</span><span class="dl">'</span><span class="s1">Not Found</span><span class="dl">'</span><span class="p">);</span> <span class="nx">err</span><span class="p">.</span><span class="nx">status</span> <span class="o">=</span> <span class="mi">404</span><span class="p">;</span> <span class="nf">next</span><span class="p">(</span><span class="nx">err</span><span class="p">);</span> <span class="p">});</span> <span class="nx">app</span><span class="p">.</span><span class="nf">use</span><span class="p">((</span><span class="nx">err</span><span class="p">,</span> <span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="nx">err</span><span class="p">.</span><span class="nx">status</span> <span class="o">||</span> <span class="mi">500</span><span class="p">);</span> <span class="nx">res</span><span class="p">.</span><span class="nf">json</span><span class="p">({</span><span class="dl">'</span><span class="s1">errors</span><span class="dl">'</span><span class="p">:</span> <span class="p">{</span> <span class="na">message</span><span class="p">:</span> <span class="nx">err</span><span class="p">.</span><span class="nx">message</span><span class="p">,</span> <span class="na">error</span><span class="p">:</span> <span class="p">{}</span> <span class="p">}});</span> <span class="p">});</span> <span class="p">...</span> <span class="nx">more</span> <span class="nx">stuff</span> <span class="p">...</span> <span class="nx">maybe</span> <span class="nx">start</span> <span class="nx">up</span> <span class="nx">Redis</span> <span class="p">...</span> <span class="nx">maybe</span> <span class="nx">add</span> <span class="nx">more</span> <span class="nx">middlewares</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">startServer</span><span class="p">()</span> <span class="p">{</span> <span class="nx">app</span><span class="p">.</span><span class="nf">listen</span><span class="p">(</span><span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">PORT</span><span class="p">,</span> <span class="nx">err</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">err</span><span class="p">)</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="nx">err</span><span class="p">);</span> <span class="k">return</span><span class="p">;</span> <span class="p">}</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="s2">`Your server is ready !`</span><span class="p">);</span> <span class="p">});</span> <span class="p">}</span> <span class="c1">// Run the async function to start our server</span> <span class="nf">startServer</span><span class="p">();</span> </code></pre> </div> <p>As you see, this part of your application can be a real mess.</p> <p>Here is an effective way to deal with it.</p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code> <span class="kd">const</span> <span class="nx">loaders</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">./loaders</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">express</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">express</span><span class="dl">'</span><span class="p">);</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">startServer</span><span class="p">()</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">app</span> <span class="o">=</span> <span class="nf">express</span><span class="p">();</span> <span class="k">await</span> <span class="nx">loaders</span><span class="p">.</span><span class="nf">init</span><span class="p">({</span> <span class="na">expressApp</span><span class="p">:</span> <span class="nx">app</span> <span class="p">});</span> <span class="nx">app</span><span class="p">.</span><span class="nf">listen</span><span class="p">(</span><span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">PORT</span><span class="p">,</span> <span class="nx">err</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">err</span><span class="p">)</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="nx">err</span><span class="p">);</span> <span class="k">return</span><span class="p">;</span> <span class="p">}</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="s2">`Your server is ready !`</span><span class="p">);</span> <span class="p">});</span> <span class="p">}</span> <span class="nf">startServer</span><span class="p">();</span> </code></pre> </div> <p>Now the loaders are just tiny files with a concise purpose </p> <p><em>loaders/index.js</em></p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code> <span class="k">import</span> <span class="nx">expressLoader</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">./express</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="nx">mongooseLoader</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">./mongoose</span><span class="dl">'</span><span class="p">;</span> <span class="k">export</span> <span class="k">default</span> <span class="k">async </span><span class="p">({</span> <span class="nx">expressApp</span> <span class="p">})</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">mongoConnection</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">mongooseLoader</span><span class="p">();</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="dl">'</span><span class="s1">MongoDB Intialized</span><span class="dl">'</span><span class="p">);</span> <span class="k">await</span> <span class="nf">expressLoader</span><span class="p">({</span> <span class="na">app</span><span class="p">:</span> <span class="nx">expressApp</span> <span class="p">});</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="dl">'</span><span class="s1">Express Intialized</span><span class="dl">'</span><span class="p">);</span> <span class="c1">// ... more loaders can be here</span> <span class="c1">// ... Initialize agenda</span> <span class="c1">// ... or Redis, or whatever you want</span> <span class="p">}</span> </code></pre> </div> <p>The express loader</p> <p><em>loaders/express.js</em></p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code> <span class="k">import</span> <span class="o">*</span> <span class="k">as</span> <span class="nx">express</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">express</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="o">*</span> <span class="k">as</span> <span class="nx">bodyParser</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">body-parser</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="o">*</span> <span class="k">as</span> <span class="nx">cors</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">cors</span><span class="dl">'</span><span class="p">;</span> <span class="k">export</span> <span class="k">default</span> <span class="k">async </span><span class="p">({</span> <span class="nx">app</span> <span class="p">}:</span> <span class="p">{</span> <span class="nl">app</span><span class="p">:</span> <span class="nx">express</span><span class="p">.</span><span class="nx">Application</span> <span class="p">})</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">app</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">/status</span><span class="dl">'</span><span class="p">,</span> <span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">200</span><span class="p">).</span><span class="nf">end</span><span class="p">();</span> <span class="p">});</span> <span class="nx">app</span><span class="p">.</span><span class="nf">head</span><span class="p">(</span><span class="dl">'</span><span class="s1">/status</span><span class="dl">'</span><span class="p">,</span> <span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">200</span><span class="p">).</span><span class="nf">end</span><span class="p">();</span> <span class="p">});</span> <span class="nx">app</span><span class="p">.</span><span class="nf">enable</span><span class="p">(</span><span class="dl">'</span><span class="s1">trust proxy</span><span class="dl">'</span><span class="p">);</span> <span class="nx">app</span><span class="p">.</span><span class="nf">use</span><span class="p">(</span><span class="nf">cors</span><span class="p">());</span> <span class="nx">app</span><span class="p">.</span><span class="nf">use</span><span class="p">(</span><span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">morgan</span><span class="dl">'</span><span class="p">)(</span><span class="dl">'</span><span class="s1">dev</span><span class="dl">'</span><span class="p">));</span> <span class="nx">app</span><span class="p">.</span><span class="nf">use</span><span class="p">(</span><span class="nx">bodyParser</span><span class="p">.</span><span class="nf">urlencoded</span><span class="p">({</span> <span class="na">extended</span><span class="p">:</span> <span class="kc">false</span> <span class="p">}));</span> <span class="c1">// ...More middlewares</span> <span class="c1">// Return the express app</span> <span class="k">return</span> <span class="nx">app</span><span class="p">;</span> <span class="p">})</span> </code></pre> </div> <p>The mongo loader</p> <p><em>loaders/mongoose.js</em></p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code> <span class="k">import</span> <span class="o">*</span> <span class="k">as</span> <span class="nx">mongoose</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">mongoose</span><span class="dl">'</span> <span class="k">export</span> <span class="k">default</span> <span class="k">async </span><span class="p">():</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="nx">any</span><span class="o">&gt;</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">connection</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">mongoose</span><span class="p">.</span><span class="nf">connect</span><span class="p">(</span><span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">DATABASE_URL</span><span class="p">,</span> <span class="p">{</span> <span class="na">useNewUrlParser</span><span class="p">:</span> <span class="kc">true</span> <span class="p">});</span> <span class="k">return</span> <span class="nx">connection</span><span class="p">.</span><span class="nx">connection</span><span class="p">.</span><span class="nx">db</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <p><a href="https://github.com/santiq/bulletproof-nodejs" rel="noopener noreferrer">See a complete example of loaders here</a></p> <p><a></a></p> <h1> Conclusion </h1> <p>We deep dive into a production tested node.js project structure, here are some summarized tips:</p> <ul> <li><p>Use a 3 layer architecture.</p></li> <li><p>Don't put your business logic into the express.js controllers.</p></li> <li><p>Use PubSub pattern and emit events for background tasks.</p></li> <li><p>Have dependency injection for your peace of mind.</p></li> <li><p>Never leak your passwords, secrets and API keys, use a configuration manager.</p></li> <li><p>Split your node.js server configurations into small modules that can be loaded independently.</p></li> </ul> <h1> <a href="https://github.com/santiq/bulletproof-nodejs" rel="noopener noreferrer">See the example repository here</a> </h1> <h1> ✋ Hey ! Before you go 🏃‍ </h1> <p>If you enjoy this article, I recommend you to subscribe to my email list so you never miss another one like this. ⬇️ ⬇️</p> <p><a href="https://softwareontheroad.us20.list-manage.com/subscribe/post?u=337d8675485234c707e63777d&amp;id=14f1331817" rel="noopener noreferrer"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F2qu3814s10qiplde1ho3.png" alt="Email List Form"></a></p> <p>I will not try to sell you anything, I promise </p> <p>And don't miss my latest post, I believe you will love it :)</p> <div class="ltag__link"> <a href="/santypk4" class="ltag__link__link"> <div class="ltag__link__pic"> <img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F158113%2Fa620d8e0-b050-4601-876b-2ae94d2a9470.jpg" alt="santypk4"> </div> </a> <a href="/santypk4/you-don-t-need-passport-js-guide-to-node-js-authentication-26ig" class="ltag__link__link"> <div class="ltag__link__content"> <h2>🛑 You don't need passport.js - Guide to node.js authentication ✌️</h2> <h3>Sam ・ May 31 '19</h3> <div class="ltag__link__taglist"> <span class="ltag__link__tag">#node</span> <span class="ltag__link__tag">#javascript</span> <span class="ltag__link__tag">#tutorial</span> <span class="ltag__link__tag">#webdev</span> </div> </div> </a> </div> <p>Read my research on the most downloaded frontend framework, the result will surprise you!</p> <div class="ltag__link"> <a href="/santypk4" class="ltag__link__link"> <div class="ltag__link__pic"> <img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F158113%2Fa620d8e0-b050-4601-876b-2ae94d2a9470.jpg" alt="santypk4"> </div> </a> <a href="/santypk4/top-10-front-end-frameworks-by-downloads-2015-2019-2427" class="ltag__link__link"> <div class="ltag__link__content"> <h2>Top 10 Front-End Frameworks by Downloads [2015-2019]</h2> <h3>Sam ・ Jul 28 '19</h3> <div class="ltag__link__taglist"> <span class="ltag__link__tag">#javascript</span> <span class="ltag__link__tag">#angular</span> <span class="ltag__link__tag">#react</span> <span class="ltag__link__tag">#vue</span> </div> </div> </a> </div> <h3> Don't forget to visit my blog to get more awesome posts like this <a href="https://softwareontheroad.com/ideal-nodejs-project-structure?utm_source=devto&amp;utm_medium=post" rel="noopener noreferrer">softwareontheroad.com</a> </h3> node javascript webdev tutorial