-
Routing refers to how an application’s endpoints (URIs) respond to client requests
- forwards the supported requests to appropriate controller functions
-
Middleware is code that examines an incoming request and prepares it for further processing
-
Controller functions to get the requested data from the models, create an HTML page displaying the data, and return it to the user to view in the browser
-
Views used by the controllers to render the data.
-
- Endpoints are functions available through the API
- the destination that a route needs to map to
- like retrieving the API index, updating a post, or deleting a comment
- GET, POST, DELETE
- Has Rest APIs
- Login and Registration
- Express routes
- supports JWT (JSONWebToken)
- access is verified by JWT Token in HttpOnly Cookies
- TODO auth0
- works with MongoDB database
- uses Mongoose ODM (Object Data Modeling) library for MongoDB and Node. js
- Role based Authorization
- employee users can sign up, sign in
- public page to sign in
- import vs require
- Cross-origin Requests (CORS)
- CORS in 100 Seconds
- CORS in Express
- mechanism to allow website on 1 URL to request data from another different URL
- Browser implements a Same-Origin Policy for security
- allows a website to freely request data from its own URL but blocks anything from an external URL unless certain conditions are met
- Requests has an Origin header to request message
- browser allows request to server on same origin
- if request goes to different URL - is a cross-origin request
- server will add Access-Control-Allow-Origin header to response
- its value needs to match the origin header
- server will add Access-Control-Allow-Origin header to response
- Requests has an Origin header to request message
- Express CORS middleware to respond with the proper CORS header on every response
- allows a website to freely request data from its own URL but blocks anything from an external URL unless certain conditions are met
- express.json and express.urlencoded
- DO NOT NEED
express.json()andexpress.urlencoded()for GET Requests or DELETE Requests - For POST and PUT requests, because in both these requests you are sending data (in the form of some data object) to the server and you are asking the server to accept or store that data (object), which is enclosed in the body (i.e. req.body) of that (POST or PUT) Request
bodyParser.json- returns middleware that only parses incoming JSON requests and puts the parsed data in req.body
- recognize the incoming Request Object as a JSON Object
- POST requests
bodyParser.urlencoded({extended: ...})- parses incoming requests with urlencoded payloads
- recognize the incoming Request Object as strings or arrays (or nested objects with true)
- tells the system whether you want to use a simple algorithm for shallow parsing (i.e. false) or complex algorithm (i.e. true) for deep parsing that can deal with nested objects
- PUT requests
- DO NOT NEED
- Environment Variables
- Variables with values
- for setting configuration options as well as storing important values securely
- Dotenv
- npm package to allow developers to create a .env file that has custom environment files that are added into the process.env object
- Why i should not use dotenv in production mode