TL;DR: This text is an excerpt (Chapter 9) from Pro Express.js: Master Express.js—The Node.js Framework For Your Web Development. The book will be released next week (December 24, 2014), and we’ll announce a great limited-time offer on it on Sunday, December 28, 2014. So stay tuned… and happy Holidays!!!
Good web applications must have informative error messages to notify clients exactly why their request has failed. Errors might be caused either by the client (e.g., wrong input data) or by the server (e.g., a bug in the code).
The client might be a browser, in which case the application should display an HTML page. For example, a 404 page should display when the requested resource is not found. Or the client might be another application consuming our resources via the REST API. In this case, the application should send the appropriate HTTP status code and the message in the JSON format (or XML or another format that is supported). For these reasons, it’s always the best practice to customize error-handling code when developing a serious application.
In a typical Express.js application, error handlers follow the routes. Error handling deserves its own section of the book because it’s different from other middleware. After the error handlers, we’ll cover the Express.js application methods and ways to start the Express.js app. Therefore, the major topics of this chapter are as follows:
- Error handling
- Running an app
This text is part of my new book Pro Express.js: Master Express.js—The Node.js Framework For Your Web Development [Apress, 2014]. Security is important, that’s why I decided to publish this chapter on my blog. The book will be released very soon.
The set of tips in this chapter deals with security in Express.js applications. Security is often a neglected topic that is deferred until the last minute before the release. Obviously, this approach of treating security as an afterthought is prone to leaving holes for attackers. A better approach is to consider and implement security matters from the ground up.
Apress and I are VERY close to finishing our long-awaited Pro Express.js. 20 chapters are already in production (see screenshot below). We have been working on this for more than two years, but we are finally going to wrap it up. We will be releasing it in the end of December or early January. This book will be entirely focused on mastering Express.js. It will include four major examples, 26 chapters, and one cheatsheet. It is going to be a complete brain dump of everything that we know about Express.js and web development. We are going to cover all the ways that we use to create web applications, and we are going to show you exactly how we implemented HackHall.com.
HOWEVER, we need your help. Before we finalize everything and send it off to the printer, we need to make sure we have covered everything. That is where you come in. Please take a few minutes to answer this super-short two-question survey— there is really only one thing we want to ask you … What are your two top questions about Express.js that we absolutely NEED to answer in our book? Leave you answers as comments at here.
By the way, I’ll be releasing Express.js Security Tips in just a little bit on Webapplog.com. It’s one of the chapters of the up-coming Pro Express.js. The other already published excerpts from the book include LoopBack 101: Express.js on Steroids, Sails.js 101, and Secret Express.js Settings.
20 chapters of Pro Express.js are almost ready
I want to express gratitude to Randson Oliveira for his contributions to the Node Frameworks project. In fact, he is the #1 contributor on the project right now. Thank you for your dedication!
The Node Frameworks Contributor
If you don’t know what the Node Frameworks project is about—check it out. The mission of this resource is to provide recommendations and one place for discovering Node.js frameworks and tutorials/examples for them. The stats for each library is really interesting to compare.
LoopBack is a comprehensive Node.js web framework with a rich command-line scaffolding and a web API explorer: strongloop.com/node-js/loopback. The framework is maintained by StrongLoop which is also the gate-keeper of Express.js.
This concise tutorial will illustrate how to get started with LoopBack and the common traits between LoopBack and Express.js. This text is from my new book Pro Express.js by Apress which you can already start reading in Apress Alpha or pre-order on Amazon.com and other bookstores.
Here’s my interview with Brian Rinaldi of ModernWeb on NodeJS and Express at QConNY 2014 where I spoke about CoffeeScript. The inverview is 13 minutes long and discusses some controversial topics and my traditionally published book Practical Node.js.
One of The Foundation members asked in forum, “How do I find a good developer?”. I was glad to help, but then I thought that others might benefit from this advice so I answered it via a post.
The best thing is to work on something small first. This way you’ll test the waters before putting a major project under risk. This might include a test or a real, but small task, (preferably outside of the main project) like writing a bookmarklet or a scrapper.
In August, I posted an idea of a three-month apprenticeship in web development and Node.js:
I only wanted to test the water, and was surprised that I got over 20 requests. Therefore, I went ahead with the interview process in order to select one aspiring Node.js programmer…
There is no such thing as a job security. You can trust my word on this, because I worked for one of the most stable employers in the world, the U.S. federal government, during 2007–2008, and had seen a lot of bright software engineers, analysts, technical writers, quality assurance engineers, and project managers let go due to the market downturn and budget cuts. Startups and private corporations are even more brutal. They won’t even give you a two-week notice! I know of a company that fired its lead software engineer with just ONE hour of notice… poor fellow didn’t expect it at all when he was coming to work in the morning just to go back home for the rest of the day right away!
Sails.js (GitHub) is a convention-over-configuration type of a framework. This means that it’s similar in philosophy to Ruby on Rails. Sails.js is a true MVC framework, unlike Express.js which relies on developers for adding ORMs like Mongoose. Sails.js uses the Waterline ORM.