Node.js - Express.js

Installation

Node.js can be installed in different ways:

• Download it from the official site:

https://nodejs.org/en/

• Installing Node.js via package manager:

https://nodejs.org/en/download/package-manager/

Debian and Ubuntu based Linux distributions: https://github.com/nodesource/distributions/blob/master/README.md#debinstall

• From Ubuntu repositories:

sudo apt install nodejs

Last time installed the version 12.15 via package manager https://github.com/nodesource/distributions/blob/master/README.md#debinstall

After installation, you can check that Node.js was installed correctly by executing the following command in Bash:

node -v

Node package manager - npm

The Node.js installer will install the node command in your machine but it will also install the Node package manager (npm) command. You can also test that npm has been installed correctly by executing the following command:

npm -v

We can use the npm command to install third-party Node.js packages. The npm command allows us to install a few different kinds of dependencies:

• Global dependencies: Shared across projects. They are installed in our development environment, outside of a project. An example of this kind of dependencies is a CLI tool such as tsc command because we will invoke fro our CLI, not from a project.

• Local Dependencies: This kind of dependencies are installed locally, inside of a project. Not shared across projects. They are needed during the execution of the application; in other words, after the application has been deployed and the development phase has been completed. An example is a framework or library that we use to build our application such as Express.js.

• Development dependencies: Local, not shared across the project and needed only during development. An example is a development tool that we use only during the development phase such as a testing library.

We can install npm dependencies using the following commands:

• Install all the dependencies in the package.json file:

npm install

• Install a global dependency:

npm install -g NAME_OF_THE_DEPENDENCY

• Install a local dependency:

npm install --save NAME_OF_THE_DEPENDENCY

• Install a local development dependency:

npm install --save-dev NAME_OF_THE_DEPENDENCY

You can learn more about npm by reading the official documentation at https://docs.npmjs.com

Exploring HTTP requests

We can use the Chrome developer tools to examine all the HTTP request send from the browser. We can do this by accessing the network tab after opening the developer tools. We will then be able to see all the HTTP requests in a list:

Exploring_HTTP_requests_using_the_Google_Chrome_developer_tools

If nothing is displayed is most likely because you need to reload the page after opening the developer tools. The network tab also allows us to filter the HTTP request by the content type. For example, if we click in XHR the developer's tools will only display the HTTP requests performed as an AJAX request.

When we click on one of the HTTP requests we are able to explore the details about the requests. Including details such as the request headers, response headers, and status code.

You can learn more about the Chrome developer tools network tab at https://developers.google.com/web/tools/chrome-devtools/network-performance

Executing an HTTP call from the Chrome console

We use ts-node to run our Express applications. However, sometimes we want to call one of the REST web services that we have implemented. For example, we might want to perform the following AJAX call:

(async () => {
  const response = await fetch(
    "http://www.remojansen.com/website/js/models/awards.json"
  );
  const json = await response.json();
  console.log(json);
})();

We use the fetch function to perform an AJAX call. The best thing about fetch is that it returns a Promise, which means that we can use async/await instead of the Promise.then() method. The only problem is that our browser might not be compatible with async/await because it is one of the latest JavaScript features. So we want to compile this code into JavaScript to avoid potential compatibility issues. We can do this using the tsc command but it is a bit tedious. So instead of that, it is handy to use the TypeScript online compiler (AKA the TypeScript playground): http://www.typescriptlang.org/play/

After we write the TypeScript code we can copy the JavaScript ouput from the right-side editor. We can then open the Chrome developer tools and select the console tab. We can then paste the JavaScript code and press enter to execute it.

You can learn more about the Chrome developer tools console at https://developers.google.com/web/tools/chrome-devtools/console

Creating a new TypeScript-Node.js project

Each new TypeScript project requires a new empty folder. It is recommended to create a new folder under your home directory. I call this directory "CODE" and inside it, I create a new empty folder for each project.

A TypeScript project could be a Node.js project but it could also not be a Node.js project. For example, it could be an Angular or React.js project. In this section, we are going to focus on the steps required to create a TypeScript project independently of the kind of application that we will build.

All our TypeScript projects are going to need the following:

1- A new empty directory

2- A TypeScript compiler configuration file (tsconfig.json)

tsc --init

3- A npm configuration file (package.json)

npm init --y

4- At this point, we are ready to open the project using VS Code. To open a project in VS Code we need to open VS Code and select File → Open Folder...

5- After opening the folder in VS Code, we need to create a new folder. This time we will use the VS Code feature that allows us to create a new folder. I’m going to name the folder src.

6- Then I will create a new file named demo.ts using VS Code. The file will be contained inside the src directory.

7- Finally, I will add some content to the demo.ts file. In this case, we are going to add just one line of code:

console.log("Hello world!");

npm install --save-dev @types/node

import * as fs from "fs";

"lib": [ "es6" ]

Transpiling and running a TypeScript project

Now that we have created the basic structure of a TypeScript project we are going to compile it and execute it. To compile the TypeScript project we need to use the tsc command and the project flag to specify the TypeScript compiler configuration file:

tsc -p tsconfig.json

If everything goes well this will generate a new file named demo.js right next to the existing demo.ts file. We can then execute the JavaScript file demo.js using the node command:

node ./src/demo.js

Please note that the node command can only be used to execute JavaScript files (.js) not TypeScript files (.ts) this means that we must compile our application before we can run it. This requires two steps and it is a bit tedious. However, we can use the ts-node command to do the two steps with one single command:

ts-node ./src/demo.ts

Note that the ts-node command can be used with TypeScript files.

What is a Library and a framework

The key difference between a library and a framework is "Inversion of Control". When you call a method from a library, you are in control. But with a framework, the control is inverted: the framework calls you.

A library is just a collection of class definitions. The reason behind is simply code reuse, i.e. get the code that has already been written by other developers. The classes and methods normally define specific operations in a domain specific area. For example, there are some libraries of mathematics which can let developer just call the function without redo the implementation of how an algorithm works.

In framework, all the control flow is already there, and there's a bunch of predefined white spots that you should fill out with your code. A framework is normally more complex. It defines a skeleton where the application defines its own features to fill out the skeleton. In this way, your code will be called by the framework when appropriately. The benefit is that developers do not need to worry about if a design is good or not, but just about implementing domain specific functions.

HTTP web services with Express.js

We are going to use Express.js to declare REST Web Services. A web service is a piece of code that can be invoked remotely by a consumer (known as the client). We are going to build web services using the HTML protocol. We will use a unique URL for each web service and we will use HTTP requests and responses (with headers and body) to transfer data between the client and the server.

It is very important to understand that we are going to use Express.js as a framework that helps us to implement web services. This means that Express is used to implement the server part (not the client).

When we are working with Express, we will declare web services that always receive HTTP requests and answer with HTTP responses. Express will never receive a response because that only happens in the client.

Express will run as a process in our machine. We will execute this process using the terminal. However, the client will be just some code that we will execute in our web browser.

Please refer to the An Introduction to API's by Gonzalo Vázquez article if you need additional help to understand the HTTP protocol and Web APIs as a concept.

Installing the express module and its type definitions

We now know how to create a generic TypeScript Node.js project, but we need to be a little more specific. We are going to focus on bulding Node.js applications using a framework know as Express.js.

To be able to use Express, we need to install the express module and its type definitions @types/express:

npm install --save express
npm install --save-dev @types/express

We can then import express as follows:

import express from "express";

This will fail if you forget to install both modules.

Express Hello World

At this point, we should be able to create a very basic Express application and execute it to see if everything has gone right so far. We are going to change the content of the demo.ts file (file that we created when we tested the new TypeScript-node project) from:

console.log("Hello world!");

To:

// Import express module
import express from "express";

// Declare a new express application
const app = express()

// Declare port to be used by the server
const port = 8080

// Declare endpoint for HTTP GET /
app.get('/', (req, res) => res.send('Hello World!'));

// Start HTTP server in port 8080
app.listen(
  port,
  () => console.log(`Example app listening on port ${port}!`)
);

We can then run the Express application using:

ts-node ./src/demo.ts

If everything goes well the following should be displayed in bash:

Example app listening on port 3000!

You can then open Google Chrome and visit http://localhost:3030 and if everything went well you should see the following on the screen:

Hello World!

The previous code snippet represents the minimum amount of code required to start an Express application. The code snippet declares a new express application and our very first web service. The address path “/” will return “Hello World!” for HTTP reuquests with GET as its method. This is our very first web service. The Express application then starts running in the port 8080.

The preceding code snipped creates an HTTP server and starts running it. Once the server is running you cannot use the bash anymore unless you kill the process. You can kill the process by pressing Ctrl + c when focus on the bash.

Please note that if you change the code you will need to:

• Save the changes
• Kill the process using Ctrl + c
• Rerun it with ts-node

Later in this document, we will learn a way to automatically re-load the server when the code changes but it is important to know how to do it by hand.

sudo npm install -g nodemon

nodemon.json

{
  "watch": ["src"],
  "ext": "ts",
  "ignore": ["src/**/*.spec.ts"],
  "exec": "ts-node ./src/demo.ts"
}

nodemon

Declaring endpoints

Now we are going to learn how to declare HTTP endpoints for a REST Web API that allow us to manage movies. Instead of using a real database we are going to use an array of movies stored in memory.

import express from "express";
import * as bodyParser from "body-parser";

// Creates app
const app = express();

// Declare default HTTP GET endpoint
app.get("/", (req, res) => {
    res.send("This is the home page!");
});

// Declare a list of movies using an in-memory array
let movies = [
    {
        title: "Titanic",
        year: 1997
    },
    {
        title: "A star is born",
        year: 2018
    }
];

// Declare HTTP GET endpoint to get movies
app.get("/movies", (req, res) => {
    res.json(movies);
});

// INSERT MORE CODE HERE...

// Start the application
app.listen(8080, () => {
    console.log(
        "The server is running in port 8080!"
    );
});

// ...

// Declare HTTP GET endpoint to get a movie by movie ID
app.get("/movies/:movieId", (req, res) => {
    const movieId = req.params.movieId;
    res.json(movies[movieId]);
});

// ...

(async () => {

  const response = await fetch(
    "http://localhost:8080/movies",
    {
      method: "GET"
    }
  );

  const json = await response.json();
  console.log(json);

})();

npm install --save body-parser
npm install --save @types/body-parser

import express from "express";
import bodyParser from "body-parser";

// Creates app
const app = express();

// Enable JSON body in requests
app.use(bodyParser.json());
app.use(bodyParser.urlencoded({ extended: true }));

// Declare HTTP POST endpoint to create a movie
app.post("/movies", (req, res) => {
    const newMovie = req.body;
    movies.push(newMovie);
    res.json(newMovie);
});

// ...

(async () => {

  const data = {
    title: "Alien",
    year: 1979
  };

  const response = await fetch(
    "http://localhost:8080/movies",
    {
      method: "POST",
      headers: {
        "Content-Type": "application/json; charset=utf-8",
      },
      body: JSON.stringify(data)
    }
  );

  const json = await response.json();
  console.log(json);

})();

// ...

app.put("/movies", (req, res) => {
    const newMovie = req.body;
    movies.push(newMovie);
    res.json(newMovie);
});

// ...

// ...

app.delete("/movies/:movieId", (req, res) => {
    const movieId = req.params.movieId as string;
    movies = movies.filter((movie, index) => {
        // console.log(index, movieId, index.toString() !== movieId);
        return index.toString() !== movieId;
    });
    res.json(movies);
});

// ...

Installing TypeORM

TypeORM is an object-relational mapping library. It allow us to map the data from the format used by the database (rows of data) to the format used in our application code (class definitions). This allow us to not have to think about the database details such as the SQL syntax while we implement our applications.

In order to be able to use TypeORM we are going to need to install the following dependencies (in addition to the dependencies that are pre-required for an Express application as we explored in some of the previous tutorials):

npm install typeorm
npm install pg
npm install reflect-metadata

Note: You need to do this inside the demo folder that we created earlier

We also need to ensure that we update the following settings in the TypeScript compiler configuration file (tsconfig.json):

"lib": ["es6", "dom"],
// ...
"experimentalDecorators": true,
"emitDecoratorMetadata": true

Creating database entities

The following code snippet should be added to a new file named movie.ts. We need to import some decorators from the TypeOrm module. In TypeScript a decorator is a function that can be applied using the @ symbol. Decorators can be applied to classes and its methods and properties:

import { Entity, Column, PrimaryGeneratedColumn } from "typeorm";

@Entity()
export class Movie {
    @PrimaryGeneratedColumn()
    public id!: number;
    @Column()
    public title!: string;
    @Column()
    public year!: number;
}

The preceding code snippet uses the following decorators:

• @Entity() This decorator must be applied to a class and it is used to generate a table in our database. The Movie class will become a table named movie in our database.

• @PrimaryGeneratedColumn() This decorator must be applied to a property and it is used to generate a primary key column in the database. The primary key will be numeric and will increment using auto-generated incremental numeric values.

• @Column() This decorators must be applied to a property and it is used to generate a column in the database. The data type of the column will be automatically selected based on the data type of the properties of the class.

Reading multiple entities from the database

The following code snippet declares an HTTP endpoint that returns all the movies in the database. We use the method "find" in the movieRepository to read all the rows in the movies table:

app.get("/movies", (req, res) => {
    (async () => {
        const movies = await movieRepository.find();
        res.json(movies);
    })();
});

We can check that this is working by accessing the following URL: http://localhost:8080/movies

Please remember that you must save the files and restart the application for this changes to be effective. At first, the server should return an empty array because there are no rows in the database yet. We can use SQLectron to insert some data into the database by hand. To do so, we need to open SQLectron and select the connection that we created previously and execute some SQL commands by hand. For example, the following SQL statement can be used to insert a row into the movie table:

INSERT INTO "public"."movie" ("title", "year")
VALUES ('Alien', 1979);

The movie table is auto-generated by TypeORM when we create a connection.

We can explore our database from SQLectron. On the left side, we can see all the databases in our database server. We can click on the demo database to expand it. The TypeORM tables are generated under a schema named public. We can click on the schema to see the movie table and click on the table to see its columns. If you can’t remember how to write SQL commands by hand you can right-click on one of the tables and select an operation such as insert. A template insert statement for the selected table will be then pasted into the editor.

Reading one entity by its ID from the database

We can read one entity from the database by its ID by passing the ID as a request parameter. We can then use the findOne method in the repository class:

app.get("/movies/:movieID", (req, res) => {
    (async () => {
        const movieIdStr = req.params.movieID as string;
        const movieIdNbr = parseInt(movieIdStr);
        if (isNaN(movieIdNbr)) {
            res.status(400).send({
                msg: "Id must be a number!"
            });
        }
        const movies = await movieRepository.findOne(movieIdNbr);
        res.json(movies);
    })();
});

We can check that this is working by accessing the following URL:

http://localhost:8080/movies/1

Once more, we must insert a movie with the ID 1 into our database before this can work.

Deleting an entity from the database by its ID

We can delete an entity using the HTTP DELETE method and the delete method in the repository class:

app.delete("/movies/:movieId", (req, res) => {
    const movieIdStr = req.params.movieId as string;
    movieRepository.delete(movieIdStr);
    res.json(true);
});

We can invoke the preceding service using the following client-side code:

(async () => {
    const response = await fetch(
        "http://localhost:8080/movies/1",
        {
            method: "DELETE"
        }
    );
    const json = await response.json();
    console.log(json);
})();

Creating a new entity

We use the HTTP POST method to create new entities. The following code snippet demonstrates how we can use the save method of the repository to save a new entity. The following code expects a valid movie instance to be sent to the server via the HTTP request body:

app.post("/movies", (req, res) => {
    (async () => {
        const newMovie = req.body;
        const movies = await movieRepository.save(newMovie);
        res.json(movies);
    })();
})

It is important to remember to add the HTTP headers and to send the new entity as a JSON string when we invoke the preceding web service from a web client:

(async () => {

    const newMovie = {
        title: "2001: A Space Odyssey",
        year: 1968
    };

    const response = await fetch(
        "http://localhost:8080/movies/1",
        {
            method: "POST",
            headers: {
                "Content-Type": "application/json; charset=UTF-8"
            },
            body: JSON.stringify(newMovie)
        }
    );

    const json = await response.json();
    console.log(json);

})();

Updating an existing entity

There are two main ways to update an entity. We can update an entity partially or fully.

app.put("/movies/:movieId", (req, res) => {
    (async () => {
        const movieId = req.params.movieId;
        const update = req.body;
        const oldMovie = await movieRepository.findOne(movieId);
        if (oldMovie) {
            oldMovie.title = update.title;
            oldMovie.year = update.year;
            const updatedMovie = await movieRepository.save(oldMovie);
            res.json(updatedMovie);
        } else {
            res.status(404).send();
        }
    })();
});

{
    id: 1,
    title: "Alien",
    year: 1979
}

{ year: 1979 }

app.patch("/movies/:movieId", (req, res) => {
   (async () => {
       const movieId = req.params.movieId;
       const update = req.body;
       const oldMovie = await movieRepository.findOne(movieId);
       if (oldMovie) {
           const key = Object.keys(update)[0];
           const val = update[key];
           (oldMovie as any)[key] = val;
           const updatedMovie = await movieRepository.save(oldMovie);
           res.json(updatedMovie);
       } else {
           res.status(404).send();
       }
   })();
});

Implementing MVC with Express

The example that we are about to implement contains the following files:

├── src
│   ├── controllers
│   │   └── movie_controller.ts
│   ├── entities
│   │   └── movie.ts
│   ├── repositories
│   │   └── movie_repository.ts
│   ├── config
│   │   └── db.ts
│   └── main.ts
├── package.json
└── tsconfig.json

import { createConnection } from "typeorm";
import { Movie } from "../entities/movie";
import { Director } from "../entities/director";
import { User } from "../entities/user";

export async function createDbConnection() {

    // Read the database settings from the environment variables
    const DATABASE_HOST = process.env.DATABASE_HOST;
    const DATABASE_PASSWORD = process.env.DATABASE_PASSWORD;
    const DATABASE_USER = process.env.DATABASE_USER;
    const DATABASE_DB = process.env.DATABASE_DB;

    // Display the settings in the console so we can see if something is wrong
    console.log(
        `
            host: ${DATABASE_HOST}
            password: ${DATABASE_PASSWORD}
            user: ${DATABASE_USER}
            db: ${DATABASE_DB}
        `
    );

    // Open database connection
    await createConnection({
        type: "postgres",
        host: DATABASE_HOST,
        port: 5432,
        username: DATABASE_USER,
        password: DATABASE_PASSWORD,
        database: DATABASE_DB,
        // If you forget to add your entities here you will get a "repository not found" error
        entities: [
            Movie,
            Director,
            User
        ],
        // This setting will automatically create database tables in the database server
        synchronize: true
    });

}

import { Entity, Column, PrimaryGeneratedColumn } from "typeorm";

@Entity()
export class Movie {
    @PrimaryGeneratedColumn()
    public id!: number;
    @Column()
    public title!: string;
    @Column()
    public year!: number;
}

import { getConnection } from "typeorm";
import { Movie } from "../entities/movie";

export function getMovieRepository() {
    const connection = getConnection();
    const movieRepository = connection.getRepository(Movie);
    return movieRepository;
}

// ...

await createConnection({
        type: "postgres",
        host: DATABASE_HOST,
        port: 5432,
        username: DATABASE_USER,
        password: DATABASE_PASSWORD,
        database: DATABASE_DB,
        entities: [
            Movie                      // Add the entity we create the database connection
        ],
        synchronize: true
});

// ...

import * as express from "express";
import * as joi from "joi";
import { authMiddleware, loggerMiddleware } from "../config/middleware";
import { getMovieRepository } from "../repositories/movie_repository";

export function getMovieController() {

    // Create a repository so we can perform database operations
    const movieRepository = getMovieRepository();

    // Create router instance so we can declare enpoints
    const router = express.Router();

    // Declare Joi Schema so we can validate movies
    const movieSchemaForPost = {
        title: joi.string(),
        year: joi.number().greater(0)
    };

    // HTTP GET http://localhost:8080/movies/
    router.get("/", (req, res) => {
        (async () => {
            const movies = await movieRepository.find();
            res.json(movies);
        })();
    });

    // HTTP GET http://localhost:8080/movies/1
    router.get("/:id", (req, res) => {
        (async () => {
            const id = req.params.id;
            const movies = await movieRepository.findOne(id);
            res.json(movies);
        })();
    });

    // HTTP GET http://localhost:8080/movies/by_year/1979
    router.get("/by_year/:year", (req, res) => {
        (async () => {
            const year = req.params.year;
            const movies = await movieRepository.find({ year: year });
            res.json(movies);
        })();
    });

    // HTTP DELETE http://localhost:8080/movies/1
    router.delete("/:id", authMiddleware, (req, res) => {
        (async () => {
            const userId = (req as any).userId;
            const id = req.params.id;
            const movies = await movieRepository.delete(id);
            res.json(movies);
        })();
    });

    // HTTP POST http://localhost:8080/movies/
    router.post("/", authMiddleware, (req, res) => {
        (async () => {
            const newMovie = req.body;
            const result = joi.validate(req.body, movieSchemaForPost);
            if (result.error) {
                res.status(400).send({ msg: "Movie is not valid!" });
            } else {
                const movies = await movieRepository.save(newMovie);
                res.json(movies);
            }
        })();
    });

    return router;
}

const moviesController = getMovieController();
app.use("/movies", moviesController);

import express from "express";
import bodyParser from "body-parser";
import { getMovieController } from "./controllers/movie_controller";
import { createDbConnection } from "./config/db";

(async () => {

    // Create db connection
    await createDbConnection();

    // Creates app
    const app = express();

    // Server config to be able to send JSON
    app.use(bodyParser.json());
    app.use(bodyParser.urlencoded({ extended: true }));

    // Declare the main path
    app.get("/", (req, res) => {
        res.send("This is the home page!");
    });

    // Declare controllers
    const moviesController = getMovieController();
    app.use("/movies", moviesController);

    // Start the server
    app.listen(8080, () => {
        console.log(
            "The server is running in port 8080!"
        );
    });

})();

Prerequisite - Creating users accounts

Before we can implement login we need to allow our users to create an account. So we are going to create a database table for users and we are going to create a controller for Users that will allow us to create user accounts. We are not going to detail too much these steps because they are almost identical to the steps that we followed when we declared the movie controller. We will start by declaring an entity named User.

import { Entity, Column, PrimaryGeneratedColumn } from "typeorm";

@Entity()
export class User {
    @PrimaryGeneratedColumn()
    public id!: number;
    @Column()
    public email!: string;
    @Column()
    public password!: string;
}

We then need to create a repository for the User entity.

import { getConnection } from "typeorm";
import { User } from "../entities/user";

export function getUserRepository() {
    const connection = getConnection();
    const userRepository = connection.getRepository(User);
    return userRepository;
}

It is important to not forget that we need to add the new entity to our database connection in the /src/config/db.ts file:

// ...

await createConnection({
        type: "postgres",
        host: DATABASE_HOST,
        port: 5432,
        username: DATABASE_USER,
        password: DATABASE_PASSWORD,
        database: DATABASE_DB,
        entities: [
            Movie,
            User                       // Add the new entity to our database connection
        ],
        synchronize: true
});

// ...

At this point, we are ready to implement the user controller. This controller only implements an endpoint that allows us to create a new user account. The following content should be added to the user_controller.ts file under the controllers directory:

import * as express from "express";
import { getUserRepository } from "../repositories/user_repository";
import * as joi from "joi";

export function getUserController() {

    const userRepository = getUserRepository();
    const router = express.Router();

    const userDetailsSchema = {
        email: joi.string().email(),
        password: joi.string()
    };

    // HTTP POST http://localhost:8080/users/
    router.post("/", (req, res) => {
        (async () => {
            const newUser = req.body;
            const result = joi.validate(newUser, userDetailsSchema);
            if (result.error) {
                res.status(400).send();
            } else {
                const user = await userRepository.save(newUser);
                res.json({ ok: "ok" }).send();
            }
        })();
    });

    return router;
}

Please don't forget that we need to add the controllers to the application's entry point:

// ...

const moviesController = getMovieController();
app.use("/movies", moviesController);
const usersController = getUsersController();
app.use("/users", usersController);


// ...

We can invoke the endpoint from a web browser using the following code. Please remember that you need to compile the code into JavaScript before you can run it:

(async () => {
    const data = {
        email: "test@demo.com",
        password: "secret1"
    };
    const response = await fetch(
        "http://localhost:8080/users/",
        {
            method: "POST",
            headers: {
                "Content-Type": "application/json"
            },
            body: JSON.stringify(data)
        }
    );
    const json = await response.json();
    console.log(json);
})();

Auth middleware

In Express, a Middleware is an especial function that takes three arguments:

• An HTTP request
• An HTTP response
• A function that is known as "next"

The following code snippet implements a middleware function that displays "Hello from middleware!" in the console:

import * as express from "express";

function helloMiddleware(
    req: express.Request,
    res: express.Response,
    next: express.NextFunction
) {
    console.log("Hello from middleware!");
    next();
}

The helloMiddleware function is a middleware function. This middleware function logs some text in the console and invokes the next function. To understand what is the "next" function, we need to learn how we can apply a middleware. A middleware function can be applied to an endpoint by passing it as the second argument when we declare an HTTP endpoint:

//...

router.post("/", helloMiddleware,  (req, res) => {
   // ...
});

// ...

For example, the preceding code snippet declares an HTTP POST endpoint for the path "/". We can pass the middleware function as the second argument. The middleware will be invoked first when an HTTP POST request hits the "/" path. After, the middleware function is executed the next function might be invoked by the middleware function. The next function triggers the endpoint requests handler to be executed.

This means that if the middleware doesn't invoke the next function the endpoint handler is never executed. This is the case of the auth middleware function. We use the auth middleware function to check if the HTTP requests contain a valid JWT in one of the request headers. If the token is not present or invalid we never invoke the next function which means that the endpoint handler is never executed.

The following code snippet implements the auth middleware. It demonstrates how we can read the request header, verify a token using a secret key stored in an environment variable and invoke the next action. The following content should be added to the middleware.ts file under the config directory:

import * as express from "express";
import jwt from "jsonwebtoken";

// Middleware function used for JWT token validation
export function authMiddleware(
    req: express.Request,
    res: express.Response,
    next: express.NextFunction
) {
    // Read token signature from environment variables
    const AUTH_SECRET = process.env.AUTH_SECRET;
    // Read token from request headers
    const token = req.headers["x-auth-token"];
    // Client error if no token found in request headers
    if (typeof token !== "string") {
        res.status(400).send();
    } else {
        // Server error is enironment variable is not set
        if (AUTH_SECRET === undefined) {
            res.status(500).send();
        } else {
            try {
                // Check that the token is valid
                const obj = jwt.verify(token, AUTH_SECRET) as any;
                // Add the user ID to the HTTP request object so we can access it from the NEXT request handler
                (req as any).userId = obj.id;
                // Invoke NEXT request handler
                next();
            } catch(err) {
                // Unauthorized if the token cannot be verified
                res.status(401).send();
            }
        }
    }
}

Private endpoints

We can apply the auth middleware function to the endpoints that we want to make private. We say that these endpoints are private because they cannot be invoked without a valid JWT.

// ...

// HTTP DELETE http://localhost:8080/movies/1
router.delete("/:id", authMiddleware, (req, res) => {
    (async () => {
        const userId = (req as any).userId;
        const id = req.params.id;
        const movies = await movieRepository.delete(id);
        res.json(movies);
    })();
});

// HTTP POST http://localhost:8080/movies/
router.post("/", authMiddleware, (req, res) => {
    (async () => {
        const newMovie = req.body;
        const result = joi.validate(req.body, movieSchemaForPost);
        if (result.error) {
            res.status(400).send({ msg: "Movie is not valid!" });
        } else {
            const movies = await movieRepository.save(newMovie);
            res.json(movies);
        }
    })();
});

// ...

To invoke a private endpoint from the web browser we will need to provide a valid JWT as one of the request headers as demonstrated by the following code snippet. Please remember that you need to compile the following code snippet before you can execute it in a web browser:

(async () => {
    const response = await fetch(
        "http://localhost:8080/movies/1",
        {
            method: "DELETE",
            headers: {
                "x-auth-token": "INSERT_YOUR_JWT_HERE"
            }
        }
    );
    const json = await response.json();
    console.log(json);
})();

However, as you can imagine, you need to get a valid JWT before you can perform the preceding operation. To get a JWT we need to pass a valid user email and password to the auth controller. In the next section, we are going to learn how to implement it.

Login

The login endpoint is declared by the auth controller. The login endpoint tries to search for an existing user in our database and creates a JWT that contains the user ID. The following content should be added to the auth_controller.ts file under the controllers directory:

import * as express from "express";
import { getUserRepository } from "../repositories/user_repository";
import * as joi from "joi";
import jwt from "jsonwebtoken";

export function getAuthController() {

    const AUTH_SECRET = process.env.AUTH_SECRET;
    const userRepository = getUserRepository();
    const router = express.Router();

    const userDetailsSchema = {
        email: joi.string().email(),
        password: joi.string()
    };

    // HTTP POST http://localhost:8080/auth/login/
    router.post("/login", (req, res) => {
        (async () => {
            const userDetails = req.body;
            const result = joi.validate(userDetails, userDetailsSchema);
            if (result.error) {
                res.status(400).send();
            } else {
                const match = await userRepository.findOne(userDetails);
                if (match === undefined) {
                    res.status(401).send();
                } else {
                    if (AUTH_SECRET === undefined) {
                        res.status(500).send();
                    } else {
                        const token = jwt.sign({ id: match.id }, AUTH_SECRET);
                        res.json({ token: token }).send();
                    }
                }
            }
        })();
    });

    return router;
}

Please don't forget that we need to add the controllers to the application's entry point:

// …

const moviesController = getMovieController();
app.use("/movies", moviesController);
const usersController = getUsersController();
app.use("/users", usersController);
const authController = getAuthController();
app.use("/auth", authController);


// ...

We can invoke the preceding endpoint from the web browser using the following fetch call. Please remember that you need to compile the following code snippet before you can execute it in a web browser:

(async () => {
    const data = {
        email: "test@demo.com",
        password: "secret1"
    };
    const response = await fetch(
        "http://localhost:8080/auth/login//",
        {
            method: "POST",
            headers: {
                "Content-Type": "application/json"
            },
            body: JSON.stringify(data)
        }
    );
    const json = await response.json();
    console.log(json);
})();

Writing unit tests

We are going to write some automated test using mocha and chai as our main testing framework. We can install these librariesusing the npminstall command:

sudo npm install mocha chai @types/mocha @types/chai nyc typescript ts-node

Please note that the preceding code snippet will also install the nyc command as well as TypeScript and ts-node locally. We installed previously TypeScript and ts-node as global dependencies with npm install -g however, this time we are going to install them as local dependencies because it is required by the nyc command.

The next step is to edit the scripts section in our «package.json» file:

"scripts": {
    "test": "INSERT TEST COMMAND HERE"
},

We need to replace the text «INSERT TEST COMMAND HERE» with our test command:

nyc --clean --all
    --require ts-node/register
    --require reflect-metadata/Reflect
    --extension .ts
    --mocha --timeout 5000 **/*.test.ts

Please note that line breaks should be removed. They have been added here for formatting purposes only.

The preceding command will execute all mocha tests contained in files with the extension .test.ts. This command also collects test coverage data that we can later use to generate a test coverage report. A test coverage report is a useful source of information because it allows us to identify parts of our application that have not been tested.

After installing some dependencies, we are going to write our first couple unit tests.

The preceding code snippet is testing the Calculator class which is described in the /src/calculator.ts file:

./src/calculator.ts

export class Calculator {
    public add(a: number, b:number) {
        throw new Error();
    }
    public div(a: number, b: number) {
        throw new Error();
    }
}

We are going to create a folder named tests on the root of our project and create a file named calculator.test.ts inside it. The calculator.test.ts file should contain the following source code:

./tests/calculator.test.ts

import { expect } from "chai";
import {it, describe} from "mocha";
import {Calculator} from "../src/calculator";

describe("Calculator", () => {
    it("Should be able to add two numbers", () => {
        const calculator = new Calculator();
        const expected = 10;
        const actual = calculator.add(5,5);
        expect(actual).to.eq(expected);
    });

    it("Should be able to divide two numbers",() => {
        const calculator = new Calculator();
        const expected = 5;
        const actual = calculator.div(10,2);
        expect(actual).to.eq(expected);
    });

});

The calculator.test.ts file declares the following elements:

• A test fixture or suite using the describe function from mocha. A test fixture is a fixed state of a set of objects used as a baseline for running tests. The purpose of a test fixture is to ensure that there is a well known and static environment in which tests are run so that results are repeatable.

• Two test cases using the it function from mocha. A test case is a set of conditions or variables under which a tester will determine whether a system under test satisfies requirements or works correctly. The process of developing test cases can also help find problems in the requirements or design of an application.

• Two test assertions using the expect function from chai. An assertion is a boolean expression at a specific point in a program which will be true unless there is a bug in the program. A test assertion is defined as an expression, which encapsulates some testable logic specified about a target under test.

As we can see in the preceding unit tests examples, we can invoke the method or function that we wish to test, and we then compare the result of the method or function with our expected result given a set of known arguments.

We can execute our tests using the npm script commands that we defined previously:

npm test

After a couple of seconds we should be able to see the results in Bash:

The unit test output

Writing pure functions and isolating components

The previous examples are very simple because the add and div methods in the Calculator class are pure functions. A pure function is a function that generates a result using only the arguments that are passed into the function. A pure function will never access variables that have been declared outside of the function and have not been passed as one of its arguments. Additionally,a pure function never modifies the arguments that are passed into it.

The following function is not a pure function:

function isIndexPage(){
    return window.location.pathname === "/";
}

The above function is not pure because it access the window object which is a global variable and it is not passed to the function as an argument. Writing a unit tests for a function that is not pure is very difficult or even not possible. For example, to write a unit test for the above function we would have to replace the window global object with a mock or fake version of it. Because the window object is hard-coded within the body of the isIndexPage function, it is very hard to replace the window global object with a mock or fake version of it. We can avoid this problem by writing our code in a way that is easy to tests. For example, the following function is a pure function:

function isIndexPage(pathname: string){
    return window.location.pathname ==="/";
}

The above function is very easy to test because we can pass the real window object in the application:

isIndexPage(window.location.pathname);

The nice thing is that we can also replace the window object with a fake version in our tests:

it ("Should be able to identify the homepage", () => {
    expect(isIndexPage("/")).to.eq(true);
    expect(isIndexPage("/something")).to.eq(false);
    expect(isIndexPage("/something/somethingElse")).to.eq(false);
});

Writing the function as a pure function allows us to replace the dependencies of the isIndexPage function for mock versions in our tests. This allows us to test the isIndexPage function in isolation from its dependencies. Isolating components is the most fundamental skill required to write good unit tests.

Working with factory functions

In the preceding section, we transformed the isIndexPage into a pure function by passing an additional argument to it. However,sometimes there are some restrictions, which may prevent us from being able to add additional arguments to a function when we wish to do so. For example, the Expres.js HTTP GET endpoints are declared as follows:

router.get("/movies", (req,res) => {
    const movies = await movieRepository.find();
    res.json(movies).send();
});

The preceding code snippet passes a path and an anonymous function to the get method in a router instance. We can re-write the preceding code snippet using a named function instead:

const httpGetMoviesHandler = (req,res) => {
    const movies = await movieRepository.find();
    res.json(movies).send();
};

router.get("/movies",httpGetMoviesHandler);

Setting up the project

(5%, Marks)

In this project, we are going to implement the REST API for a simplified version of the website Reddit. The user will be able to create an account/ login and post links. Other users will then be able to upvote and downvote the links.

The application should be implemented using the technologies that we used in class: TypeScript, Node.js, Express.js, TypeORM, and Postgres.

To complete this practice you are going to need to install Node.js, TypeScript, and ts-node. You will also need to create a package.json file and a tsconfig.json file. You are going to need to change the default configuration in the tsconfig.json as we have been doing in class.

Please remember to refer to the guides shared in Moodle if you need additional help:

• PART I: Setting up a Node.js + TypeScript development environment
• PART II: Express/Node.js basics with TypeScript
• PART III: Getting started with TypeORM, Postgres and Docker
• PART IV: Authentication, server-side validation, and the model-view-controller (MVC) design pattern
• PART V: Writing automated tests and debugging our Node.js applications

You project directory architecture should look as follows:

├───node_modules
│   └─── ...
├───package.json
├───tsconfig.json
├───app.ts
├───index.ts
├───db.ts
│   ├───backend
│   │   ├───controllers
│   │   ├───entities
│   │   ├───middleware
│   │   └───repositories
│   └───frontend
│       └─── client.ts
└───test
    └───controllers

.
├── 'node_modules'
│    └── ...
├── tsconfig.json
├── package.json
├── package-lock.json
├── nodemon.json
├── app.ts
├── db.ts
├── 'test'
│    └── controllers
└── 'src'
     └── 'backend'
          ├── 'repositories'
          │    ├── vote_repository.ts
          │    ├── users_repository.ts
          │    ├── link_repository.ts
          │    └── comment_repository.ts
          ├── 'entities'
          │    ├── vote.ts
          │    ├── comment.ts
          │    ├── link.ts
          │    └── users.ts
          ├── 'controllers'
          │    ├── users_controller.ts
          │    ├── link_controller.ts
          │    ├── comment_controller.ts
          │    └── auth_controller.ts
          └── 'middleware'
               └── auth_middleware.ts

Controllers

(45%, 45 Marks)

We are going to need 4 controllers. Each endpoint has different requirements but all endpoints share the following set of common requirements:

• In all your controllers, the inputs of each endpoint should be validated and an error HTTP 400 (Bad Request) should be returned if the inputs are invalid.

• When a request tries to access a private endpoint without a known identity, an error HTTP 401 (Unauthorized) should be returned.

• When a user doesn't have permissions to perform an operation, an error HTTP 403 (Forbidden) should be returned.

• If an exception takes place an error HTTP 500 (Internal Server Error) should be returned..

Security

(20%, 20 Marks)

You must implement user authentication using JWT tokens as we have explained during the lectures of this module. The endpoint flagged as "private" must be protected by a middleware that uses JWT tokens. Please implement the JWT tokens using the "jsonwebtoken" library.

You are going to need to define a middleware named "authMiddleware" in a file named "auth_middleware.ts" under the /src/middleware directory.

Web client

(10%, 10 Marks)

You must implement a web client for one each of the endpoints previously described.

Automated test

(20%, 20 Marks)

You must implement one integration test and one unit test:

The unit test must ensure that one of the POST methods in the links controller is correct. The controller must be tested in isolation. Please implement this test using the mocha and chai libraries.

We must ensure that one of the POST methods in the links controller is correct using an integration test. Please implement this test using the "supertest" library.