I am building a simple web service using node js, I only use the built in web server feature using:
var server = http.createServer(handleRequest);
I added a caching mechanism using node-cache, but that's it, I run the script via PM2 to make sure it's always running. Is this a safe and good practice to do? I saw some posts mentioning using nginx as reverse proxy server, won't that add an extra step that will slow things down?
Thanks!
It's recomended to use nginx as a frontier in production for secure reasons, load balancing, static content output and administration issues. In some cases it could be used for API versioning.
Related
I'm using the dev-server of Modern Web to build client side code.
Now I want to add a small backend with a REST API, but I can't find any information of how to add a backend with a REST API to this server.
Any hints on where to start?
You could write a plugin for it but I wouldn't recommend it.
It's a development server designed for testing client-side code.
It isn't designed to be a production server, and if you are going to write a REST API then you will, presumably, want it to be usable in a production environment.
Build your API with a tool designed for it (such as Express.js or Spring Boot) and use CORS to make it accessible to the server you use for client-side development.
I am building a web portal to interact with internal databases and potentially run ssh commands. I chose NodeJS with Express for this purpose.
Light weight server-side interactions such as templating or routing I managed with Node and Express but I am looking for ways to do heavy tasks such as DB work (insert/update/delete) or run node code with the click of a button from client-side.
My research brought a couple of ideas however I want to use the one which is future-proof, secure (but not vulnerable to security configurations) and scaleable. Please share your thoughts and guidance on the matter?
Socket IO (may not be scaleable)
REST API
AJAX (Has issues with AJAX and CORS in the past)
Other approaches????
Thanks
For what you are trying to accomplish, you should be looking into the MEAN stack. I would recommend that you use Angular4, Loopback (Built on top of Express), MySQL, and of course Node. It is very easy to make an angular sdk that will allow you to use the same loopback models that your server side will be using. As a result you will be able to do your heavy tasks such as DB work :)
If I have nodejs serve every file on my website, does it load faster than just plain HTML? Say, for instance, I had a site with loads of pictures. Does having expressjs serve them make the content load faster on page load?
No.
Nodejs has an http server module 'baked-in', but it's not necessarily faster than using any other HTTP server like Apache or Nginx.
In fact, you're likely to have Apache or Nginx fronting Node so that you can enable multiple domains on any given server.
If you're looking for blazing fast HTML service, you should look into cacheing your HTML pages in-mem using something like Redis.
No. It is more likely to make it slower since your application won't be optimised (compared to most HTTP servers) for serving static content.
Yes, I need to enable cross site scripting for internal testing of an application I am working on. I would have used Chrome's disable-xss-auditor or disable-web-security switches, but it looks like they are no longer included in the chrome build:
http://src.chromium.org/svn/trunk/src/chrome/common/chrome_switches.cc
What I am basically trying to achieve is to have a javascript application running locally on pages served by Apache (also running locally) be allowed to run scripts from a resource running on another server on our network.
Failing a way to enable xss for Firefox, Chrome, or my least favourite - IE, would there be a way to run some kind of proxy process to modify headers to allow the xss to happen? Any quick way to use Apache mod rewrite or some such to do this?
Again, this is for testing only. In production, all these scripts run from the same server, so there isn't even a need to sign them, but during development and testing, it is much easier to work only on the parts of the application you are concerned with and not have to run the rest that requires an full-on application server setup.
What you need is just a little passthrough service running on the first server that passes requests over to the second server, and returns the results it gets back from the second server.
You don't say what language the server side of your application is written in or what kind of data is passed to or returned from your service, so I can't be more specific than that, but it really should be about 15 lines of code to write the passthrough service.
What are asking for isn't cross-site scripting (which is a type of security vulnerability in which user input (e.g. from the URL) is injected into the page in such a way that third party scripts could be added via a link).
If you just want to run a script on a different server, then just use an absolute URI.
<script src="http://example.com/foo.js"></script>
If you need to perform Ajax requests to a remote server, use CORS or run a proxy on the current origin.
Again, this is for testing only
Just for testing, look at Charles Proxy. It's Map Remote feature allows you to (transparently) forward some requests to a remote server (based on wild card URL matching).
For one of my projects I'd like to try out Gigya as my social network connection provider and am writing my app using Node.js. Has anyone done this?
Gigya provides a JavaScript API that is intended to be used on the client.
http://developers.gigya.com/020_Client_API
It should be possible to adapt that for server side use.
Gigya's client side javascript is intended to be run in the browser as much as possible, since they perform 2 part authentication using cookies set by their domains. You can try to port it to run server side, but none of the public methods will work as advertised.
I've written a wrapper for their REST API using their proprietary authentication that I've been using in a work project for a few weeks: https://github.com/jproulx/Gigya-Node-SDK -- note that not everything has been tested thoroughly as I've only needed to use a subset of the socialize services on the server side. It should serve as a good jumping off point to bootstrap something for your needs.
Gigya does not yet have an official Node SDK. However, I've written an SDK that implements the entire service.
In addition to the standard APIs, it contains special support for streaming data from Accounts & DS.
Git: https://github.com/scotthovestadt/node-gigya
Install with "npm install gigya".