Forem: Utkarsh Singh

Basic server side caching using Redis in nodejs

Utkarsh Singh — Tue, 23 Nov 2021 11:20:21 +0000

Caching is the process of storing copies of files in a cache, or temporary storage location, so that they can be accessed more quickly.
Caching helps us in making our website more faster, respond to user queries faster by acting as a middleware between server and database.

There is commonly two types of caching :-

1) Server side caches are generally used to avoid making expensive database operations repeatedly to serve up the same content to lots of different clients.

2) Client side caches are used to avoid transferring the same data over the network repeatedly.

Today we will learn basic server side caching using redis(a fast, open source, in-memory, key-value data store).

Installing Redis:-

Firstly we will need to install redis before using it in our project.

Installing redis on Mac using Homebrew -

brew install redis
brew services start redis
redis-server /usr/local/etc/redis.conf

Installing redis on Windows -

Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Windows-Subsystem-Linux
sudo apt-get update
sudo apt-get upgrade
sudo apt-get install redis-server
sudo service redis-server restart

Installing redis on ubuntu -

sudo apt update
sudo apt install redis-server
sudo nano /etc/redis/redis.conf

Inside the file, find the supervised directive. This directive allows you to declare an init system to manage Redis as a service, providing you with more control over its operation. The supervised directive is set to no by default. Since you are running Ubuntu, which uses the systemd init system, change this to systemd:

. . .

# If you run Redis from upstart or systemd, Redis can interact with your
# supervision tree. Options:
#   supervised no      - no supervision interaction
#   supervised upstart - signal upstart by putting Redis into SIGSTOP mode
#   supervised systemd - signal systemd by writing READY=1 to $NOTIFY_SOCKET
#   supervised auto    - detect upstart or systemd method based on
#                        UPSTART_JOB or NOTIFY_SOCKET environment variables
# Note: these supervision methods only signal "process is ready."
#       They do not enable continuous liveness pings back to your supervisor.
supervised systemd

. . .

and finally restart redis

sudo systemctl restart redis.service

1) In the project folder initialise the project using npm init and install express, redis and node-fetch(same as fetch in javascript for making requests to rest clients ). Also install nodemon as dev dependency.

npm init -y
npm install --save express redis
npm install --dev nodemon

2) In the project folder paste this code in app.js importing express , nodefetch and redis and start basic server.

const express = require("express");
const app = express();
const redis = require("redis");
const fetch = require("node-fetch");

app.get("/", (req, res) => {
    res.status(200).send("This is homepage!");
})

app.listen(8080, () => {
     console.log("Server started!");
});

3) Create a redis client passing default redis port(6379) as parameter and also create a new route(/post) that will fetch data from https://api.github.com/users and send data as response.
We will cache this data on our first visit to server and after that in all visits we will check if data is stored in cache or not . If it is stored we will not fetch it instead send response from cache.

const express = require("express");
const app = express();
const redis = require("redis");
const fetch = require("node-fetch");

const client = redis.createClient(6379);

app.get("/posts", (req, res) => {
    console.log("fetching data")    // this will tell uswe are fetching data  from api
    fetch(`https://api.github.com/users`,((response)=>{
       const data = response.json();
       client.set("userData",data);   // save data(key,value pair) in redis in form of cache

     res.send({data:data});
   })
})

app.listen(8080, () => {
     console.log("Server started!");
});

Here we used client.set(key,value) for saving data in redis.

4) We will now create a middleware and add it in "/post" route for checking if cache already exists.If data is already present in cache we will return it directly else we will leave our middleware and fetch it from the route.

const checkDataInCache = (req,res,next) =>{
  const  data = client.get("userData"); //get data from cache and check if it exists
  if(data !== null){
    res.send({data:data});
  }else{
    next();
  }
}

Now we are almost done with our code(full code given at last) and now we will test it.

If we send a get request at "/posts" at first we will see log as " fetching .." that shows that we are fetching data from api.
But after that in all requests there will be no log and data will be loaded more quickly.
(We can check for the speed by going in console and them network).

This was basic representation of how to use caching.Full code given below.
Hope it helps!!

const express = require("express");
const app = express();
const redis = require("redis");
const fetch = require("node-fetch");

const client = redis.createClient(6379);

app.get("/posts",checkDataInCache, (req, res) => {
    console.log("fetching data")    // this will tell us if we are fetching data  from api
    fetch(`https://api.github.com/users`,((response)=>{
       const data = response.json();
       client.set("userData",data);   // save data(key,value pair) in redis in form of cache

     res.send({data:data});
   })
})

const checkDataInCache = (req,res,next) =>{
  const  data = client.get("userData"); //get data from cache and check if it exists
  if(data !== null){
    res.send({data:data});
  }else{
    next();
  }
}
app.listen(8080, () => {
     console.log("Server started!");
});

Token based authentication in nodejs

Utkarsh Singh — Sun, 21 Nov 2021 15:38:27 +0000

There are times when we need to authenticate the user before giving him access to specific pages on our website.This authentication ensures that user has access to only those data that he has privileges on.

An entry level programmer would just fetch username and password stored in database at the time of login and if they match would give him access , which is not wrong but only half a step in the process of authentication.

It is also necessary to ensure that of all the data stored in database only data related to user is shown.

This can be achieved in two ways:
1- Token based authentication(using jwt-jsonWebToken)
2- Session based authentication

Today we will talk and implement token based authentication in NodeJs.

1- Install following packages and dependencies which we are going to work with -
we will build our server with express , jsonWebToken is library used for creating and verifying tokens and dotenv for storing our secrets in .env file that will not be visible to others.

npm install --save express jsonWebToken dotenv
npm install -D nodemon

2- .env file contains two things:
1-SECRET_ACCESS_TOKEN
2-REFRESH_TOKEN

Secret access token is a secret code that we use to verify ourself as creator of tokens and same secret is used while verifying tokens too.

Refresh tokens are used to create new access token once they expire.
(We will not be implemeting refresh tokens for now)
e.g. -
These tokens can be created randomly using encrypt library in nodejs.

SECRET_ACCESS_TOKEN="9c2fa79645d6210a31e1cfb8435f06d5c10d9c7e5e80069e91a52fc870b05409"
SECRET_REFRESH_TOKEN="f1f0e9c17f296226431f4468ed329781b3b774583c86462247576c2d92f01900"

3-Create a basic server in app.js file containing following code and start the server with nodemon.

require("dotenv").config();
const express = require("express");
const app = express();
const jwt = require("jsonwebtoken");

app.get("/", (req, res) => {
    res.status(200).send("This is homepage!");
})

app.listen(process.env.PORT, () => {
     console.log("Server started!");
});

4- Now we will create a new route("/login) that will check for user id and password at the time of login and generate token for the same user that we will pass in headers with every request we make ever after.
After authentication is successful we go ahead and create a token using jwt.sign(user,token) , it signs the token with the user we enter and will return the same user when we will verify the token.
If authentication fails , we tell user to enter correct credentials.

const express = require("express");
const app = express();
const jwt = require("jsonwebtoken");
require("dotenv").config();

app.get("/", (req, res) => {
    res.status(200).send("This is homepage!");
})

app.post("/login", (req, res) => {
    const {username , password} = req.body; //get username and password that we passed client side.

    //Authenticate with username and password stored in database.Do it yourself!

   if(Authentication is successfull)
   {

   //Create a token signed by username

      const user = {name : req.body.username}
      const accessToken = jwt.sign(user , process.env.SECRET_ACCESS_TOKEN);
      res.send({accessToken : accessToken});
   }
   else
    {
      res.send("Wrong Credentials!");
    }
})

app.listen(process.env.PORT, () => {
     console.log("Server started!");
});

5- Now we have created a token and sent it to client side , this token will be passed in headers with every request to authenticate for the user and show him data related to user only.
For verifying we will create a middleware(autenticateToken).It takes access token from the headers that is passed client side and verifies it using jwt.verify(token , secret-access-token , (error,user)=>{})
.The callback returns user info that is saved in res so that it is accessible in our route;

   if(Authentication is successfull)
   {

   //Create a token signed by username

      const user = {name : req.body.username}
      const accessToken = jwt.sign(user , process.env.SECRET_ACCESS_TOKEN);
      res.send({accessToken : accessToken});
   }
   else
    {
      res.send("Wrong Credentials!");
    }
})

const authenticateToken = (req,res,next) =>{

  // We will pass token in the following format => "token"

  const accessToken = req.headers['authorization'];

  if (accessToken == null)
  return res.sendStatus(401);

  jwt.verify(accessToken , process.env.SECRET_ACCESS_TOKEN,(err,data)=>{
    if (err) return res.status(402).send(err);
    req.user = data;
    next();
  })
}

app.listen(process.env.PORT, () => {
     console.log("Server started!");
});

6 -It verifies the token and in callback return error and the user info that we can use to filter out contents from our database , since here we are not connected to a database we will create an array of posts to check if token works.

const posts = [{
  {username : "Bob" , title:"superman" , serial : 1},
  {username : "Allen" , title:"Batman" , serial : 2},
  {username : "Ray" , title:"Iron Man" , serial : 3}
 }];

7 - We create a new route("/posts") to test our tokens and add this middleware in our "/posts" route and then filter our content out with our username.

 const posts = [{
  {username : "Bob" , title:"superman" , serial : 1},
  {username : "Allen" , title:"Batman" , serial : 2},
  {username : "Ray" , title:"Iron Man" , serial : 3}
 }];

app.get("/posts", authenticateToken , (req,res)=>{
    res.json(posts.filter((post)=>  post.username == req.user.name));
});


const authenticateToken = (req,res,next) =>{

  // We will pass token in the following format => "token"

  const accessToken = req.headers['authorization'];

  if (accessToken == null)
  return res.sendStatus(401);

  jwt.verify(accessToken , process.env.SECRET_ACCESS_TOKEN,(err,data)=>{
    if (err) return res.status(402).send(err);
    req.user = data;
    next();
  })
}

app.listen(process.env.PORT, () => {
     console.log("Server started!");
});

Output:

if we passed username as Bob we get :

{username : "Bob" , title:"superman" , serial : 1}

This is how we authenticate using tokens and filter out data of our user.
This token can also be set for automatic expiry of 1 min(or as we like) by passing in an expiry time jwt.sign(user,SECRET_ACCESS_TOKEN , 3600).

Complete Code :

const express = require("express");
const app = express();
const jwt = require("jsonwebtoken");
require("dotenv").config();

 const posts = [{
  {username : "Bob" , title:"superman" , serial : 1},
  {username : "Allen" , title:"Batman" , serial : 2},
  {username : "Ray" , title:"Iron Man" , serial : 3}
 }];

app.get("/posts", authenticateToken , (req,res)=>{
    res.json(posts.filter((post)=>  post.username == req.user.name));
});

app.post("/login", (req, res) => {
    const {username , password} = req.body; //get username and password that we passed client side.

  //Authenticate with username and password stored in database.Do it yourself!

   if(Authentication is successfull)
   {

   //Create a token signed by username

      const user = {name : req.body.username}
      const accessToken = jwt.sign(user , process.env.SECRET_ACCESS_TOKEN);
      res.send({accessToken : accessToken});
   }
   else
    {
      res.send("Wrong Credentials!");
    }
})

app.get("/", (req, res) => {
    res.status(200).send("This is homepage!");
})

const authenticateToken = (req,res,next) =>{

  // We will pass token in the following format => "token"

  const accessToken = req.headers['authorization'];

  if (accessToken == null)
  return res.sendStatus(401);

  jwt.verify(accessToken , process.env.SECRET_ACCESS_TOKEN,(err,data)=>{
    if (err) return res.status(402).send(err);
    req.user = data;
    next();
  })
}



app.listen(process.env.PORT, () => {
     console.log("Server started!");
});

**Important -

We usually create an access token and refresh token seperately.Access token have an expiry that are refreshed by refresh token by creating a seperate function.**

Hope it helps!