Whenever creating a new node project, use to set it up
npm init
NPM is a package manager for node.js and js libraries and frameworks. You can look up packages there, and install them for your project with:
npm install package-name --save
Traditionally, importing JS files into other JS files has not been supported... until now! There are several ways to do this, but node allows you to add things the to module.exports object.
module.exports = 'foo';
Whatever is on there, will be the return value of
require('yourJSFile.js');
You can assign this to a variable to use later
First install express with npm install express --save
and require it
var express = require('express'); //include express package
express
has lots of abilities, but we just want to start up a server app:
var app = express(); // create an express app
Then make it listen on a port
app.listen(3000, function(){ //start the server
console.log('listening on port ' + 3000);
});
In comp sci, there are different kinds of action you can take on data
- create
- read
- update
- destroy
There are different kinds of 'methods' you can use to make a request to a server that map to these actions:
- post (create)
- get (read)
- put/patch (update)
- delete (delete)
PUT is for updating an entire model, PATCH is for changing just a few attributes
Basic routing can be done at the app level
app.get('/', function(req, res){ // route for /
res.send('hi'); //respond with 'hi'
});
This sets up an event listener for any GET request that comes into the server with the path of /
. Give it a callback function which takes a request variable and a respond variable. Each of these have different methods/properties which we'll learn about
We can define a callback function that is called or all requests and then continues on to other request handlers
app.use(function(req, res, next){
console.log('middleware');
next();
})
next();
tells express to continue processing the request. app.get(),app.post()
, etc have this ability too, but it's rarely used.
Just like with app.get(),app.post()
, etc we can add the ability to handle just those requests that match a url pattern
app.use('/foo', function(req, res, next){
console.log('middleware');
next();
})
One of the main goals of express is to cleanly separate data from the view layer. To do this, it follows the Model View Controller pattern, which creates a middleman (Controller) which passes data (Models) off to the presentation/html (View) layer
In addition, putting all your routes inside server.js can become difficult to maintain with a lot of variables. We can group similar urls together into separate "controller" files.
var runsController = require('./controllers/runs.js'); //require our own runsController
app.use('/runs/', runsController); //use it for anything starting with /runs
Now, create a controllers directory, create an appropriately named file, and use:
var controller = require('express').Router(); //require express and create a router (controller)
controller.get('/', function(req, res){ //route for finding all routes by a the session user
res.send('runs index');
});
module.exports = controller;
Let's separate the views from the controller. Install express with npm install ejs --save
Create a directory called 'views' and create an appropriately named file with the extension .ejs. Now we can reference it. Express will assume the file path starts with the 'views' directory you created.
var controller = require('express').Router(); //require express and create a router (controller)
controller.get('/', function(req, res){ //route for finding all routes by a the session user
res.render('viewFile.ejs');
});
module.exports = controller;
EJS files are just html, but you can use javascript to dynamically create HTML:
<ul>
<% for(var i = 0; i < 4; i++) { %>
<li>
<%= i %><!-- add = to write a value to the html. Omit the = and it will just run the JS, but not show anything visually -->
</li>
<% } %>
</ul>
You can pass data into the view file by adding a second parameter that's an object. The properties of the object will become the variable name that's accessible in the view file.
var controller = require('express').Router(); //require express and create a router (controller)
controller.get('/', function(req, res){ //route for finding all routes by a the session user
res.render('viewFile.ejs', {
variable1Name: 'variable 1 value'
});
});
module.exports = controller;
Now inside the .ejs file, we can access variable1Name
like so:
Value: <%= variable1Name; %>
Data can be passed to the server through query strings (a.ka. GET parameters) which look like ?param1=value1¶m2=value2
They can be accessed like so:
app.get('/', function(req, res){
var param1 = req.query.param1;
var param2 = req.query.param2;
});
Your route can also have parameters in the path section
app.get('/:id', function(req, res){
var id = req.params.id;
});
We can also pass data to server in the body of the request.
<form action="/runs" method="POST">
<input type="text" name="param1"/>
</form>
npm install body-parser --save
and require it
var bodyParser = require('body-parser');
Next, tell express to expect form data
app.use(bodyParser.urlencoded({ extended: false })) //tell body parser that we'll be passing in form data
Then, inside any request handler, we can access the form data, formatted as a JS object:
app.post('/run', function(req, res){
var param1 = req.body.param1;
});
Install and require body-parser
as before, but the middleware changes:
controller.use(bodyParser.json()); //anything handled by this controller is expecting JSON data, not form data
Now instead of using form data, we can use Postman. Create a new tab, choose method, select "body", choose "raw", click on Text dropdown and choose JSON(application/json). Make sure Headers have a line for "Content-Type" set to "application/json"
We can capture the req.body
params the same way as with form data.
Unfortunately, forms can only use methods that are GET or POST. To fake DELETE, or PUT/PATCH we use the package method-override
. Install it using npm install method-override --save
and require it
var methodOverride = require('method-override');
Use it:
controller.use(methodOverride('_method')); //tell method override to expect ?method=PUT/DELETE attached to POST requests
Then in our form we add an extra get param (the param name must match what's passed to the methodOverride function):
<form action="/runs?_method=DELETE" method="POST">
<input type="text" name="param1"/>
</form>
Now the appropriate route handler will handle the request
app.delete('/runs', function(req, res){
});
There are seven routes which control basic HTTP operations for data:
https://gist.github.com/alexpchin/09939db6f81d654af06b
URL | HTTP Verb | Action |
---|---|---|
/photos/ | GET | index |
/photos/new | GET | new |
/photos | POST | create |
/photos/:id | GET | show |
/photos/:id/edit | GET | edit |
/photos/:id | PATCH/PUT | update |
/photos/:id | DELETE | destroy |
Cookies are used in browsers to store data on a user's computer. This way, when the user returns, the site can use that data to customize the app. Cookies are stored in plain-text though, so typically we use sessions, which are encrypted cookies that only last as long as the user's browser is open.
npm install express-session --save
and require it:
var session = require('express-session'); //include express sessions for session work
Now we "use" it:
app.use(session({ //setting up session encryption info
secret: "seakrett", //unique keyword for encrypting session data
resave: false, // don't resave session if nothing changed
saveUninitialized: false //even if no data, set a cookie
}));
To set data, simply run:
req.session.userData = 'some value';
To get data, simply run:
var userData = req.session.userData;
To destroy a session:
req.session.destroy(function(){
//do something once session destroy succeeds
});
To encrypt information, we npm install bcrypt --save
and require it:
var bcrypt = require('bcrypt');
To encrypt a value:
var encryptedValue = bcrypt.hashSync('value to encrypt', bcrypt.genSaltSync(10));
genSaltSync determines how difficult it is to crack the encryption. The higher the number, the harder it is, but the longer it takes. 10 is usually good.
Using this technique, the same starting value will not be encrypted the same way twice. This prevents from a hacker from guessing other users' passwords based on matching encrypted values. This means that we can never decrypt a salted value. Instead, we can only compare it with another salted value to see if they so close that they can't be anything but the same.
var valuesMatch = bcrypt.compareSync('does salted value match this?', saltedValue);
If we have static files (JS, CSS, HTML, etc), we can put them in a directory used just for these kinds of files. Use this near the top of server.js:
app.use(express.static('public')); //set up a static asset dir in /public
Create a directory that matches the name passed to express.static()
. Express will try to match requests with files in that directory
- The route
/plain.html
would match the file/public/plain.html
- The route
/css/app.css
would match the file/public/css/app.css
- The route
/js/app.js
would match the file/public/js/app.js
- Install postgres driver
npm install pg --save
- Install sequelize package
npm install sequelize --save
Set up a database connection in models/db.js
var Sequelize = require('sequelize'); //require sequelize package
var DB_URL = process.env.DATABASE_URL || 'postgres://matthuntington:password@localhost:5432/sedstack'; //use either environment variable or static url
var db = new Sequelize(DB_URL); //create the connection. Will not run multiple times, due to require cacheing the file
module.exports = db;
Now we can create a model:
var Sequelize = require('sequelize'); //require sequelize package
var db = require('./db.js'); //require connection to the db
var Runs = db.define('run', { //set up model variables
date: Sequelize.DATE, //use date data type
distance: Sequelize.FLOAT, //float for distance
});
db.sync(); //if table does not exist, create it
module.exports = Runs;
We can now require our run model elsewhere
var Runs = require('./models/runs.js');
and create a run (all sequelize db query functions return a promise. This is an object that has a then()
function that takes two params, a success callback for when the query succeeds and a fail callback for when it doesn't. Only the success callback is shown below):
Runs.create({
date: new Date('2016-1-1'),
distance: 5.5
}).then(function(createdRun){
//createdRun is the object representation of the row created in the DB
});
find all runs matching a criteria (more on querying: http://docs.sequelizejs.com/en/v3/docs/querying/)
Runs.findAll({
where: {
distance: 5.5
}
}).then(function(foundRuns){
//an array of run objects that represent rows in the db
});
update all runs matching a criteria
Runs.update(
{
date: new Date('2017-1-1'),
distance: 6.1
}, //change the selected runs to match this object
{
where: {
id: 1 //only update rows that have the column id set to 1
}
}
).then(function(didSucceed){
res.json(didSucceed); //respond with success status
});
delete all runs matching a criteria
Runs.destroy({ //destroy the run as specified by id in the url
where: {
id: 1 //only delete rows that have the column id set to 1
}
}).then(function(didSucceed){
res.json(didSucceed); //send back if it succeeded
});
We can set up relationships between models easily:
var Sequelize = require('sequelize'); //require sequelize package
var Runs = require('./run.js'); //require our Runs model
var db = require('./db.js'); //require connection to the DB
var Users = db.define('user', { //set up model for Users
username: {
type: Sequelize.STRING, //string data type
unique: true //each value must be unique in the DB
},
password: Sequelize.STRING //string for password
});
Users.hasMany(Runs, { as: 'Runs' }); //set up the relationship that Users have many runs. Will create a user_id column in the Runs table
db.sync(); //if table does not exist yet, create it
module.exports = Users;
Now, when we have a specific user object we have methods like .getRuns()
and .addRun()
:
Users.findById(1).then(function(user){ //find the user in the DB who's ID is 1
user.getRuns().then(function(runs){ //get that user's runs
//do something with 'runs' param
});
});
Users.findById(1).then(function(foundUser){ //get the user from the DB
Runs.create({
date: new Date('2017-1-1'),
distance: 6.1
}).then(function(createdRun){ //create a run from req.body data (JSON)
foundUser.addRun(createdRun).then(function(){ //add the run to the user
//do something here
});
});;
});