Ip QB (Unit 6)
Ip QB (Unit 6)
Ip QB (Unit 6)
UNIT 6
1. What is Express.js? What are core features of Express framework?
ANS]
• Routing : Express allows developers to map URLs to specific functions in their application. It uses a
URL mechanism to keep the web application’s state intact. In Express JS, routing and creating servers
is an inbuilt feature, we don’t need to setup if else statements to setup routes. We can directly use
the simple methods of Express JS to setup routes.
• Middleware : Express is useful for connecting to databases and other functions. Middlewares are the
middle processes that execute between processes. In terms of web development, when we store
passwords in a database using a server, we use middleware to encrypt our passwords to make them
secure. But Node JS does not contain any middleware by default, but we can create our own custom
middleware in it. Instead of Node JS, Express.js contains built-in middleware like express.static() to
server static files to clients.
• Error Handling : Error handling is used to ensure the smooth running of your software or program in
case of any undetected issue in your software. But in Node JS, there is no way to handle errors
automatically through any module. Developers can setup error handling using try catch blocks or
event emitters. But in Express JS, it is much easier to handle errors because there are multiple ways to
handle errors, like asynchronous handling, global error handling, etc.
• Request & Response : Object Request and Response means what is requested by the client side and,
in exchange for that request, what data is sent to the client side from the server side in terms of
response. The request and response object is contained in both Node JS and Express JS, but still,
Express JS comes with multiple additional functionalities in this object. For example, Express JS allows
developers to use parameters to access URLs, and res.send() is a much more convenient way to send
responses. It also allows user middlewares to be used in server-side coding.
• Body Parsing : Body parsing refers to parsing data sent from the client side to the server side. The
client sent data in the body of the request and also sent the type of content in headers, so converting
data according to the content type is called body parsing. In Node.js, there is no built-in method or
function to parse client-side data, but we can use modules like querystring or buffer. But Express JS
contains built-in modules to parse data without any external modules like middleware or Express.
json() Parsing.
• Debugging : Express comes with a debugging engine that can make debugging easier.
• Static file serving : Express allows developers to serve static files, such as HTML, CSS, and JavaScript,
directly from the server.
• Community : Express is one of the most popular server frameworks used with Node.js, so there is a
lot of knowledge and documentation about it online.
• REpresentational State Transfer (REST) is an architectural style that defines a set of constraints to be
used for creating web services. REST API is a way of accessing web services in a simple and flexible
way without having any processing.
• REST technology is generally preferred to the more robust Simple Object Access Protocol
(SOAP) technology because REST uses less bandwidth, simple and flexible making it more suitable for
internet usage. It’s used to fetch or give some information from a web service. All communication
done via REST API uses only HTTP request.
Working: A request is sent from client to server in the form of a web URL as HTTP GET or POST or PUT or
DELETE request. After that, a response comes back from the server in the form of a resource which can
be anything like HTML, XML, Image, or JSON. But now JSON is the most popular format being used in
Web Services.
In HTTP there are five methods that are commonly used in a REST-based Architecture i.e., POST, GET, PUT,
PATCH, and DELETE. These correspond to create, read, update, and delete (or CRUD) operations
respectively. There are other methods which are less frequently used like OPTIONS and HEAD.
• GET: The HTTP GET method is used to read (or retrieve) a representation of a resource. In the safe
path, GET returns a representation in XML or JSON and an HTTP response code of 200 (OK). In an
error case, it most often returns a 404 (NOT FOUND) or 400 (BAD REQUEST).
• POST: The POST verb is most often utilized to create new resources. In particular, it’s used to create
subordinate resources. That is, subordinate to some other (e.g. parent) resource. On successful
creation, return HTTP status 201, returning a Location header with a link to the newly-created
resource with the 201 HTTP status.
NOTE: POST is neither safe nor idempotent.
• PUT: It is used for updating the capabilities. However, PUT can also be used to create a resource in
the case where the resource ID is chosen by the client instead of by the server. In other words, if the
PUT is to a URI that contains the value of a non-existent resource ID. On successful update, return 200
(or 204 if not returning any content in the body) from a PUT. If using PUT for create, return HTTP
status 201 on successful creation. PUT is not safe operation but it’s idempotent.
• PATCH: It is used to modify capabilities. The PATCH request only needs to contain the changes to the
resource, not the complete resource. This resembles PUT, but the body contains a set of instructions
describing how a resource currently residing on the server should be modified to produce a new
version. This means that the PATCH body should not just be a modified part of the resource, but in
some kind of patch language like JSON Patch or XML Patch. PATCH is neither safe nor idempotent.
• DELETE: It is used to delete a resource identified by a URI. On successful deletion, return HTTP status
200 (OK) along with a response body.
• Express is useful for connecting to databases and other functions. Middlewares are the middle
processes that execute between processes.
• In terms of web development, when we store passwords in a database using a server, we use
middleware to encrypt our passwords to make them secure.
• But Node JS does not contain any middleware by default, but we can create our own custom
middleware in it. Instead of Node JS, Express.js contains built-in middleware like express.static() to
server static files to clients.
Types of Middleware
Express JS offers different types of middleware and you should choose the middleware on the basis of
functionality required.
• Application-level middleware: Bound to the entire application using app.use() or app.METHOD() and
executes for all routes.
• Router-level middleware: Associated with specific routes using router.use() or router.METHOD() and
executes for routes defined within that router.
• Error-handling middleware: Handles errors during the request-response cycle. Defined with four
parameters (err, req, res, next).
• Built-in middleware: Provided by Express (e.g., express.static, express.json, etc.).
• Third-party middleware: Developed by external packages (e.g., body-parser, morgan, etc.).
Steps to install middleware : https://www.geeksforgeeks.org/middleware-in-express-js/
• Cookies are small piece of information i.e. sent from a website and stored in user's web browser
when user browses that website.
• Every time the user loads that website back, the browser sends that stored data back to website or
server, to recognize user.
Purpose:
Cookies are used for various purposes, such as:
• Express Generator is a Node.js Framework like ExpressJS which is used to create express Applications
easily and quickly.
• It acts as a tool for generating express applications. In this article, we will discuss the Express
Generator.
• Express Generator is a command-line tool for quickly creating an Express.js application skeleton,
providing a structured foundation with pre-configured settings, middleware, and directories, enabling
rapid development of web applications.
Features:
• It generates express Applications in one go using only one command.
• The generated site has a modular structure that we can modify according to our needs for our web
application.
• The generated file structure is easy to understand.
• We can also configure options while creating our site like which type of view we want to use (For
example, ejs, pug, and handlebars).
Steps to Create Project with Express Generator (for detailed steps : https://www.geeksforgeeks.org/what-
is-express-generator/)
Step 1: Install express-generator globally from npm.
Step 2: Create the application
Step 3: Starting the express server
6. How to handle authentication in Express.js?
ANS]
Handling authentication in Express.js involves verifying the identity of users and ensuring that only
authorized users have access to protected resources.
Authentication involves three main components:
1. Identification: The process of claiming an identity.
2. Verification: The process of checking the claimed identity.
3. Authorization: The process of granting access to resources based on the verified identity.
In Express.js, authentication can be achieved using various strategies, including:
• Session-based authentication: Uses a session cookie to store user data.
• Token-based authentication: Uses a JSON Web Token (JWT) to authenticate users.
• OAuth/OIDC: Uses a third-party service to authenticate users.
Here's a step-by-step guide on how to implement authentication in Express.js using session-based
authentication:
Step 1: Choose an Authentication Strategy
Step 2: Install Required Packages
You'll need to install the following packages:
• express-session: For session management.
• passport: For authentication.
• passport-local: For local authentication strategy.
Run the following command: