Web Development with Node and Express Ethan Brown Web Development with Node and Express by Ethan Brown Copyright © 2014 Ethan Brown. All rights reserved. Printed in the United States of America. Published by O’Reilly Media, Inc., 1005 Gravenstein Highway North, Sebastopol, CA 95472. O’Reilly books may be purchased for educational, business, or sales promotional use. Online editions are also available for most titles (http://my.safaribooksonline.com). For more information, contact our corporate/ institutional sales department: 800-998-9938 or [email protected]. Editors: Simon St. Laurent and Brian Anderson Indexer: Ellen Troutman Zaig Production Editor: Matthew Hacker Cover Designer: Karen Montgomery Copyeditor: Linley Dolby Interior Designer: David Futato Proofreader: Rachel Monaghan Illustrator: Rebecca Demarest July 2014: First Edition Revision History for the First Edition: 2014-06-27: First release See http://oreilly.com/catalog/errata.csp?isbn=9781491949306 for release details. Nutshell Handbook, the Nutshell Handbook logo, and the O’Reilly logo are registered trademarks of O’Reilly Media, Inc. Web Development with Node and Express, the picture of a black lark and a white-winged lark, and related trade dress are trademarks of O’Reilly Media, Inc. Many of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks. Where those designations appear in this book, and O’Reilly Media, Inc. was aware of a trademark claim, the designations have been printed in caps or initial caps. While every precaution has been taken in the preparation of this book, the publisher and author assume no responsibility for errors or omissions, or for damages resulting from the use of the information contained herein. ISBN: 978-1-491-94930-6 [LSI] This book is dedicated to my family: My father, Tom, who gave me a love of engineering; my mother, Ann, who gave me a love of writing; and my sister, Meris, who has been a constant companion. Table of Contents Foreword. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiii Preface. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xv 1. Introducing Express. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 The JavaScript Revolution 1 Introducing Express 2 A Brief History of Express 4 Upgrading to Express 4.0 4 Node: A New Kind of Web Server 5 The Node Ecosystem 6 Licensing 7 2. Getting Started with Node. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 Getting Node 9 Using the Terminal 10 Editors 11 npm 12 A Simple Web Server with Node 13 Hello World 14 Event-Driven Programming 14 Routing 15 Serving Static Resources 15 Onward to Express 17 3. Saving Time with Express. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 Scaffolding 19 The Meadowlark Travel Website 20 Initial Steps 20 Views and Layouts 24 v Static Files and Views 26 Dynamic Content in Views 27 Conclusion 28 4. Tidying Up. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29 Best Practices 29 Version Control 30 How to Use Git with This Book 30 If You’re Following Along by Doing It Yourself 31 If You’re Following Along by Using the Official Repository 32 npm Packages 33 Project Metadata 34 Node Modules 34 5. Quality Assurance. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37 QA: Is It Worth It? 38 Logic Versus Presentation 39 The Types of Tests 39 Overview of QA Techniques 40 Running Your Server 40 Page Testing 41 Cross-Page Testing 44 Logic Testing 47 Linting 48 Link Checking 49 Automating with Grunt 49 Continuous Integration (CI) 52 6. The Request and Response Objects. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53 The Parts of a URL 53 HTTP Request Methods 54 Request Headers 55 Response Headers 55 Internet Media Types 56 Request Body 56 Parameters 57 The Request Object 57 The Response Object 59 Getting More Information 60 Boiling It Down 61 Rendering Content 61 Processing Forms 63 vi | Table of Contents Providing an API 64 7. Templating with Handlebars. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67 There Are No Absolute Rules Except This One 68 Choosing a Template Engine 69 Jade: A Different Approach 69 Handlebars Basics 71 Comments 72 Blocks 72 Server-Side Templates 74 Views and Layouts 74 Using Layouts (or Not) in Express 76 Partials 77 Sections 79 Perfecting Your Templates 80 Client-Side Handlebars 81 Conclusion 83 8. Form Handling. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85 Sending Client Data to the Server 85 HTML Forms 85 Encoding 86 Different Approaches to Form Handling 87 Form Handling with Express 89 Handling AJAX Forms 90 File Uploads 92 jQuery File Upload 94 9. Cookies and Sessions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99 Externalizing Credentials 100 Cookies in Express 101 Examining Cookies 103 Sessions 103 Memory Stores 103 Using Sessions 104 Using Sessions to Implement Flash Messages 105 What to Use Sessions For 106 10. Middleware. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109 Common Middleware 114 Table of Contents | vii Third-Party Middleware 116 11. Sending Email. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117 SMTP, MSAs, and MTAs 117 Receiving Email 118 Email Headers 118 Email Formats 119 HTML Email 119 Nodemailer 120 Sending Mail 120 Sending Mail to Multiple Recipients 121 Better Options for Bulk Email 122 Sending HTML Email 122 Images in HTML Email 123 Using Views to Send HTML Email 123 Encapsulating Email Functionality 125 Email as a Site Monitoring Tool 127 12. Production Concerns. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129 Execution Environments 129 Environment-Specific Configuration 130 Scaling Your Website 131 Scaling Out with App Clusters 132 Handling Uncaught Exceptions 135 Scaling Out with Multiple Servers 138 Monitoring Your Website 139 Third-Party Uptime Monitors 139 Application Failures 140 Stress Testing 140 13. Persistence. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143 Filesystem Persistence 143 Cloud Persistence 145 Database Persistence 146 A Note on Performance 146 Setting Up MongoDB 147 Mongoose 147 Database Connections with Mongoose 148 Creating Schemas and Models 149 Seeding Initial Data 150 Retrieving Data 151 Adding Data 152 viii | Table of Contents