Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 2 years ago.
Improve this question
So, what I would like to implement is something like the twitter new-user function, which makes a new page on their website based on the user's input - such as https://twitter.com/newuser
How would I go about doing this? (I am fluent in NodeJS, Express, Javascript, MongoDB - the node client too, CSS, HTML)
You can define a dynamic route in express and show user data based on url paramter.
app.get('/:userName', function (req, res) {
res.send("this is the " + req.params.userName + " Profile");
})
You shoud make a database table to store users data. (and username will be unique).
after that in your profile route you can get username from url and read user data from database based on userName parameter.
Related
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 7 months ago.
Improve this question
I am randomly wondering how to get information based on input without using the <form method = "POST" ....> using express.js how would I access the req.body of something like this from the without using a form entry on the front end? - just curious
If I understand your question correctly, you are asking how to send data in an HTTP request.
How are you sending your HTTP requests from the front-end - perhaps Axios? That's a detail worth providing in your question.
For an Axios POST method, you can provide a request body as the second parameter, with the first parameter being the URL. See the Axios documentation here: https://axios-http.com/docs/post_example
axios.post('/user', {
firstName: 'Fred',
lastName: 'Flintstone'
})
.then(function (response) {
console.log(response);
})
.catch(function (error) {
console.log(error);
});
The second parameter is a simple JavaScript object. To populate req.body, use body-parsing middleware such as express.json().
https://expressjs.com/en/4x/api.html#req.body
If you're just using an API platform tool like Postman, then in your request Body you can choose "raw" from the radio button and then JSON from the dropdown.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 10 months ago.
Improve this question
Every time a protected url is called i check for req.user that is set up automatically by the JWT middleware.
Now I'm wondering:
1 - where does JWT tokens are stored when calling sign() ?
2 - do i have to verify() the token every time a protected url is called? if yes why?
3 - When i set a new token for an already signed user does the old token (if exists) gets deleted ? What if the expiration is not been set up or is 5 years for example?
4 - Why can't I set new tokens on same browser/app page ? I get invalid signature error if i register a new token but the token matches (i checked) It's like I can't signin more than 1 user on same browserstrong text
JWT tokens do not need to be stored anywhere really, although some might do
you protect routes for a given reason, therefore it is essential to verify that non-authorised requests do not go through.
this depends on how you engineered the auth system, normally all the JWT tokens upon generation need to be told when to expire
I do not quite understand the problem here, you need to offer us more details before expecting a solution
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 6 years ago.
Improve this question
I want to know what is the best way to send messages between two users? I know you can do rooms and join them but you have to "create" them first. Think of it like chat messenger. You only show the messages you recieve between those two users.
I can do one big object but eventually that would be a big object.
What are your suggestions on handling this?
Every socket in Socket.io has its own ID. You can send messages directly to a socket, once you know that ID. Example from https://socket.io/docs/v3/rooms/index.html#Default-room
io.on('connection', socket => {
socket.on('private message', (anotherSocketId, msg) => {
socket.to(anotherSocketId).emit('private message', socket.id, msg);
});
});
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 8 years ago.
Improve this question
I want to work on a project where i want to set a server which hosts videos, pictures, and texts. The main objective is to push up the media contents update to the client using Sever-Side Event.
It is more or less like digital signage player where i have to set up my own server and the client player. I'm totally new at this thing. Can someone give me any ideas on how i can do it. Just basic ideas would be great and i can search about them.
You might want to check out node-easysse and easysse-client
server
var easysse = require("easysse");
app.get("/chat-stream", easysse);
app.post("/chat", function(req, res) {
easysse.emit("chat", req.body.username, req.body.message);
});
client
<script src="easysse-client.js"></script>
<script>
var client = easysseClient.connect("/chat-stream");
client.on("chat", function(username, message){
console.log(username, "says", message);
});
$.post("/chat", {username: "mjackson", message: "hehe"});
// "mjackson says hehe"
</script>
Api docs
node-easysse API
easysse-client API
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 8 years ago.
Improve this question
For my webapp (angular + node.js), I'm implementing a gamification system where users gain points for performing actions like answering questions, watching a video, etc. Currently, I simply post to '/api/users/updatepoints' with the user's id and number of points changed to update the database.
This is of course not secure, since a user could easily do an ajax request from the console while logged in, and I was wondering how I can prevent users from illegally sending out ajax requests? What sort of server-side validation could I use to do so?
//front end
$http.post('/api/users/updatepoints', {
kidId: xxx,
pointsChanged: yyy
})
//backend
exports.updatePoints = function(req, res) {
var kidId = req.body.kidId,
pointsChanged = req.body.pointsChanged;
User.findOne({_id: kidId}, function(err, user) {
if (err) return res.send(400);
user.points += pointsChanged;
user.save(function(err) {
if (err) return res.send(400);
return res.send(200)
});
})
}
The simple answer is "you can't".
A sufficiently determined hacker will always be able to take control of anything you are running on their computer. The only way to avoid that is to validate everything server side.
For example the only way to defeat "map hacks" in competitive online play is to never send information to the client unless that information is being displayed to the user.
If it's important, do it server side. Let the client side do its processing and validate and verify everything it sends you.
This is much too big a subject to properly discuss in a format like this though. Try doing some internet searches on preventing client hacks in games.