Dylan  Iqbal

Dylan Iqbal

1566616193

Build a REST API to manage users and roles using Firebase and Node.js

Originally published by Joaquin at https://www.toptal.com

Introduction

Almost every app requires some level of authorization system. In some cases, validating a username/password set with our Users table is enough, but often, we need a more fine-grained permissions model to allow certain users to access certain resources and restrict them from others. Building a system to support the latter is not trivial and can be very time consuming. In this tutorial, we’ll learn how to build a role-based auth API using Firebase, which will help us get quickly up and running.

Role-based Auth

In this authorization model, access is granted to roles, instead of specific users, and a user can have one or more depending on how you design your permission model. Resources, on the other hand, require certain roles to allow a user to execute it.


Firebase

Firebase Authentication

In a nutshell, Firebase Authentication is an extensible token-based auth system and provides out-of-the-box integrations with the most common providers such as Google, Facebook, and Twitter, among others.

It enables us to use custom claims which we’ll leverage to build a flexible role-based API.

We can set any JSON value into the claims (e.g., { role: 'admin' } or { role: 'manager' }).

Once set, custom claims will be included in the token that Firebase generates, and we can read the value to control access.

It also comes with a very generous free quota, which in most cases will be more than enough.

Firebase Functions

Functions are a fully-managed serverless platform service. We just need to write our code in Node.js and deploy it. Firebase takes care of scaling the infrastructure on demand, server configuration, and more. In our case, we’ll use it to build our API and expose it via HTTP to the web.

Firebase allows us to set express.js apps as handlers for different paths—for example, you can create an Express app and hook it to /mypath, and all requests coming to this route will be handled by the app configured.

From within the context of a function, you have access to the whole Firebase Authentication API, using the Admin SDK.

This is how we’ll create the user API.

What We’ll Build

So before we get started, let’s take a look at what we’ll build. We are going to create a REST API with the following endpoints:

Each of these endpoints will handle authentication, validate authorization, perform the correspondent operation, and finally return a meaningful HTTP code.

We’ll create the authentication and authorization functions required to validate the token and check if the claims contain the required role to execute the operation.

Building the API

In order to build the API, we’ll need:

  • A Firebase project
  • firebase-tools installed

First, log in to Firebase:

firebase login 

Next, initialize a Functions project:

firebase init
 
? Which Firebase CLI features do you want to set up for this folder? ...
(O) Functions: Configure and deploy Cloud Functions
 
? Select a default Firebase project for this directory: {your-project}
 
? What language would you like to use to write Cloud Functions? TypeScript
 
? Do you want to use TSLint to catch probable bugs and enforce style? Yes
 
? Do you want to install dependencies with npm now? Yes

At this point, you will have a Functions folder, with minimum setup to create Firebase Functions.

At src/index.ts there’s a helloWorld example, which you can uncomment to validate that your Functions works. Then you can cd functions and run npm run serve. This command will transpile the code and start the local server.

You can check the results at http://localhost:5000/{your-project}/us-central1/helloWorld

Notice the function is exposed on the path defined as the name of it at 'index.ts: 'helloWorld'.

Creating a Firebase HTTP Function

Now let’s code our API. We are going to create an http Firebase function and hook it on /api path.

First, install npm install express.

On the src/index.ts we will:

  • Initialize the firebase-admin SDK module with admin.initializeApp();
  • Set an Express app as the handler of our api https endpoint
import * as functions from 'firebase-functions';
import * as admin from 'firebase-admin';
import * as express from 'express';
 
admin.initializeApp();
 
const app = express();
 
export const api = functions.https.onRequest(app);

Now, all requests going to /api will be handled by the app instance.

The next thing we’ll do is configure the app instance to support CORS and add JSON body parser middleware. This way we can make requests from any URL and parse JSON formatted requests.

We’ll first install required dependencies.

npm install --save cors body-parser 
npm install --save-dev @types/cors 

And then:

//...
import * as cors from 'cors';
import * as bodyParser from 'body-parser';
 
//...
const app = express();
app.use(bodyParser.json());
app.use(cors({ origin: true }));
 
export const api = functions.https.onRequest(app);

Finally, we will configure the routes that the app will handle.

//...
import { routesConfig } from './users/routes-config';
//…
app.use(cors({ origin: true }));
routesConfig(app)
 
export const api = functions.https.onRequest(app);

Firebase Functions allows us to set an Express app as the handler, and any path after the one you set up at functions.https.onRequest(app);—in this case, api—will also be handled by the app. This allows us to write specific endpoints such as api/users and set a handler for each HTTP verb, which we’ll do next.

Let’s create the file src/users/routes-config.ts

Here, we’ll set a create handler at POST '/users'

import { Application } from "express";
import { create} from "./controller";
 
export function routesConfig(app: Application) {
   app.post('/users',
       create
   );
}

Now, we’ll create the src/users/controller.ts file.

In this function, we first validate that all fields are in the body request, and next, we create the user and set the custom claims.

We are just passing { role } in the setCustomUserClaims—the other fields are already set by Firebase.

If no errors occur, we return a 201 code with the uid of the user created.

import { Request, Response } from "express";
import * as admin from 'firebase-admin'
 
export async function create(req: Request, res: Response) {
   try {
       const { displayName, password, email, role } = req.body
 
       if (!displayName || !password || !email || !role) {
           return res.status(400).send({ message: 'Missing fields' })
       }
 
       const { uid } = await admin.auth().createUser({
           displayName,
           password,
           email
       })
       await admin.auth().setCustomUserClaims(uid, { role })
 
       return res.status(201).send({ uid })
   } catch (err) {
       return handleError(res, err)
   }
}
 
function handleError(res: Response, err: any) {
   return res.status(500).send({ message: `${err.code} - ${err.message}` });
}

Now, let’s secure the handler by adding authorization. To do that, we’ll add a couple of handlers to our create endpoint. With express.js, you can set a chain of handlers that will be executed in order. Within a handler, you can execute code and pass it to the next() handler or return a response. What we’ll do is first authenticate the user and then validate if it is authorized to execute. If the user doesn’t have the required role, we’ll return a 403.

On file src/users/routes-config.ts:

//...
import { isAuthenticated } from "../auth/authenticated";
import { isAuthorized } from "../auth/authorized";
 
export function routesConfig(app: Application) {
   app.post('/users',
       isAuthenticated,
       isAuthorized({ hasRole: ['admin', 'manager'] }),
       create
   );
}

 Let’s create the files src/auth/authenticated.ts.

On this function, we’ll validate the presence of the authorization bearer token in the request header. Then we’ll decode it with admin.auth().verifyidToken() and persist the user’s uid, role, and email in the res.locals variable, which we’ll later use to validate authorization.

In the case the token is invalid, we return a 401 response to the client:

import { Request, Response } from "express";
import * as admin from 'firebase-admin'
 
export async function isAuthenticated(req: Request, res: Response, next: Function) {
   const { authorization } = req.headers
 
   if (!authorization)
       return res.status(401).send({ message: 'Unauthorized' });
 
   if (!authorization.startsWith('Bearer'))
       return res.status(401).send({ message: 'Unauthorized' });
 
   const split = authorization.split('Bearer ')
   if (split.length !== 2)
       return res.status(401).send({ message: 'Unauthorized' });
 
   const token = split[1]
 
   try {
       const decodedToken: admin.auth.DecodedIdToken = await admin.auth().verifyIdToken(token);
       console.log("decodedToken", JSON.stringify(decodedToken))
       res.locals = { ...res.locals, uid: decodedToken.uid, role: decodedToken.role, email: decodedToken.email }
       return next();
   }
   catch (err) {
       console.error(`${err.code} -  ${err.message}`)
       return res.status(401).send({ message: 'Unauthorized' });
   }
}

 Now, let’s create a src/auth/authorized.ts file.

In this handler, we extract the user’s info from res.locals we set previously and validate if it has the role required to execute the operation or in the case the operation allows the same user to execute, we validate that the ID on the request params is the same as the one in the auth token.

import { Request, Response } from "express";
 
export function isAuthorized(opts: { hasRole: Array<'admin' | 'manager' | 'user'>, allowSameUser?: boolean }) {
   return (req: Request, res: Response, next: Function) => {
       const { role, email, uid } = res.locals
       const { id } = req.params
 
       if (opts.allowSameUser && id && uid === id)
           return next();
 
       if (!role)
           return res.status(403).send();
 
       if (opts.hasRole.includes(role))
           return next();
 
       return res.status(403).send();
   }
}

 With these two methods, we’ll be able to authenticate requests and authorize them given the role in the incoming token. That’s great, but since Firebase doesn’t let us set custom claims from the project console, we won’t be able to execute any of these endpoints. In order to bypass this, we can create a root user from Firebase Authentication Console

And set an email comparison in the code. Now, when firing requests from this user, we’ll be able to execute all operations.

//…
  const { role, email, uid } = res.locals
  const { id } = req.params
 
  if (email === ‘your-root-user-email@domain.com’)
    return next();
//…

 Now, let’s add the rest of the CRUD operations to src/users/routes-config.ts.

For operations to get or update a single user where :id param is sent, we also allow the same user to execute the operation.

export function routesConfig(app: Application) {
   //…
   // lists all users
   app.get(‘/users’, [
       isAuthenticated,
       isAuthorized({ hasRole: [‘admin’, ‘manager’] }),
       all
   ]);
   // get :id user
   app.get(‘/users/:id’, [
       isAuthenticated,
       isAuthorized({ hasRole: [‘admin’, ‘manager’], allowSameUser: true }),
       get
   ]);
   // updates :id user
   app.patch(‘/users/:id’, [
       isAuthenticated,
       isAuthorized({ hasRole: [‘admin’, ‘manager’], allowSameUser: true }),
       patch
   ]);
   // deletes :id user
   app.delete(‘/users/:id’, [
       isAuthenticated,
       isAuthorized({ hasRole: [‘admin’, ‘manager’] }),
       remove
   ]);
}

 And on src/users/controller.ts. In these operations, we leverage the admin SDK to interact with Firebase Authentication and perform the respective operations. As we did previously on create operation, we return a meaningful HTTP code on each operation.

For the update operation, we validate all fields present and override customClaims with those sent in the request:

//…
 
export async function all(req: Request, res: Response) {
   try {
       const listUsers = await admin.auth().listUsers()
       const users = listUsers.users.map(user => {
           const customClaims = (user.customClaims || { role: ‘’ }) as { role?: string }
           const role = customClaims.role ? customClaims.role : ‘’
           return {
               uid: user.uid,
               email: user.email,
               displayName: user.displayName,
               role,
               lastSignInTime: user.metadata.lastSignInTime,
               creationTime: user.metadata.creationTime
           }
       })
 
       return res.status(200).send({ users })
   } catch (err) {
       return handleError(res, err)
   }
}
 
export async function get(req: Request, res: Response) {
   try {
       const { id } = req.params
       const user = await admin.auth().getUser(id)
       return res.status(200).send({ user })
   } catch (err) {
       return handleError(res, err)
   }
}
 
export async function patch(req: Request, res: Response) {
   try {
       const { id } = req.params
       const { displayName, password, email, role } = req.body
 
       if (!id || !displayName || !password || !email || !role) {
           return res.status(400).send({ message: ‘Missing fields’ })
       }
 
       const user = await admin.auth().updateUser(id, { displayName, password, email })
       await admin.auth().setCustomUserClaims(id, { role })
       return res.status(204).send({ user })
   } catch (err) {
       return handleError(res, err)
   }
}
 
export async function remove(req: Request, res: Response) {
   try {
       const { id } = req.params
       await admin.auth().deleteUser(id)
       return res.status(204).send({})
   } catch (err) {
       return handleError(res, err)
   }
}
 
//…

 Now we can run the function locally. To do that, first you need to set up the account key to be able to connect with the auth API locally. Then run:

npm run serve 

Deploy the API

Great! Now that we have our written the role-based API, we can deploy it to the web and start using it. Deploying with Firebase is super easy, we just need to run firebase deploy. Once the deploy is completed, we can access our API at the published URL.

You can check the API URL at https://console.firebase.google.com/u/0/project/{your-project}/functions/list.

In my case, it is https://us-central1-joaq-lab.cloudfunctions.net/api.

Consuming the API

Once our API is deployed, we have several ways to use it—in this tutorial, I’ll cover how to use it via Postman or from an Angular app.

If we enter the List All Users URL (/api/users) on any browser, we’ll get the following:

The reason for this is when sending the request from a browser, we are performing a GET request without auth headers. These means our API is actually working as expected!

Our API is secured via tokens—in order to generate such a token, we need to call Firebase’s Client SDK and log in with a valid user/password credential. When successful, Firebase will send a token back in the response which we can then add to the header of any following request we want to perform.

From an Angular App

In this tutorial, I’ll just go over the important pieces to consume the API from an Angular app. The full repository can be accessed here, and if you need a step-by-step tutorial on how to create an Angular app and configure @angular/fire to use

So, back to signing in, we’ll have a SignInComponent with a <form> to let the user enter a username and password.

//…
<form [formGroup]=“form”>
   <div class=“form-group”>
     <label>Email address</label>
     <input type=“email”
            formControlName=“email”
            class=“form-control”
            placeholder=“Enter email”>
  </div>
   <div class=“form-group”>
     <label>Password</label>
     <input type=“password”
            formControlName=“password”
            class=“form-control”
            placeholder=“Password”>
   </div>
</form>
 
//…

 And on the class, we signInWithEmailAndPassword using the AngularFireAuth service.

//…
 
form: FormGroup = new FormGroup({
   email: new FormControl(‘’),
   password: new FormControl(‘’)
})
 
constructor(
   private afAuth: AngularFireAuth
) { }
 
async signIn() {
   try {
     const { email, password } = this.form.value
     await this.afAuth.auth.signInWithEmailAndPassword(email, password)
   } catch (err) {
     console.log(err)
   }
}
 
//…

 At this point, we can sign in to our Firebase project.

And when we inspect the network requests in the DevTools, we can see that Firebase returns a token after verifying our user and password.

This token is the one we will use to send on our header’s request to the API we’ve built. One way to add the token to all requests is using an HttpInterceptor.

This file shows how to get the token from AngularFireAuth and add it to the header’s request. We then provide the interceptor file in the AppModule.

http-interceptors/auth-token.interceptor.ts

@Injectable({ providedIn: ‘root’ })
export class AuthTokenHttpInterceptor implements HttpInterceptor {
 
   constructor(
       private auth: AngularFireAuth
   ) {
 
   }
 
   intercept(req: HttpRequest&lt;any&gt;, next: HttpHandler): Observable&lt;HttpEvent&lt;any&gt;&gt; {
       return this.auth.idToken.pipe(
           take(1),
           switchMap(idToken =&gt; {
               let clone = req.clone()
               if (idToken) {
                   clone = clone.clone({ headers: req.headers.set(‘Authorization’, 'Bearer ’ + idToken) });
               }
               return next.handle(clone)
           })
       )
 
   }
}
 
export const AuthTokenHttpInterceptorProvider = {
   provide: HTTP_INTERCEPTORS,
   useClass: AuthTokenHttpInterceptor,
   multi: true
}

 app.module.ts

@NgModule({
//…
providers: [
   AuthTokenHttpInterceptorProvider
]
//…
})
export class AppModule { }

 Once the interceptor is set, we can make requests to our API from httpClient. For example, here’s a UsersService where we call the list all users, get the user by its ID, and create a user.

//…
 
export type CreateUserRequest = { displayName: string, password: string, email: string, role: string }
 
@Injectable({
providedIn: ‘root’
})
export class UserService {
 
private baseUrl = ‘{your-functions-url}/api/users’
 
constructor(
   private http: HttpClient
) { }
  get users$(): Observable&lt;User[]&gt; {
   return this.http.get&lt;{ users: User[] }&gt;(${this.baseUrl}).pipe(
     map(result =&gt; {
       return result.users
     })
   )
}
 
user$(id: string): Observable&lt;User&gt; {
   return this.http.get&lt;{ user: User }&gt;(${this.baseUrl}/${id}).pipe(
     map(result =&gt; {
       return result.user
     })
   )
}
 
create(user: CreateUserRequest) {
   return this.http.post(${this.baseUrl}, user)
}
}

 Now, we can call the API to get the user by its ID and list all users from a component like this:

//…
   <ul *ngIf=“user$ | async; let user”
      class=“list-group”>
     <li class=“list-group-item d-flex justify-content-between align-items-center”>
       <div>
         <h5 class=“mb-1”>{{user.displayName}}</h5>
         <small>{{user.email}}</small>
       </div>
      <span class=“badge badge-primary badge-pill”>{{user.role?.toUpperCase()}}</span>
     </li>
   </ul>
 
  <ul *ngIf=“users$ | async; let users”
       class=“list-group”>
     <li *ngFor=“let user of users”
         class=“list-group-item d-flex justify-content-between align-items-center”>
       <div>
         <h5 class=“mb-1”>{{user.displayName}}</h5>
         <small class=“d-block”>{{user.email}}</small>
         <small class=“d-block”>{{user.uid}}</small>
       </div>
       <span class=“badge badge-primary badge-pill”>{{user.role?.toUpperCase()}}</span>
     </li>
   </ul>
//…

 

//…
 
users$: Observable&lt;User[]&gt;
user$: Observable&lt;User&gt;
 
constructor(
   private userService: UserService,
   private userForm: UserFormService,
   private modal: NgbModal,
   private afAuth: AngularFireAuth
) { }
 
ngOnInit() {
   this.users$ = this.userService.users$
 
   this.user$ = this.afAuth.user.pipe(
     filter(user =&gt; !!user),
     switchMap(user =&gt; this.userService.user$(user.uid))
   )
}
 
//…

 And here’s the result.

Notice that if we sign in with a user with role=user, only the Me section will be rendered.

And we’ll get a 403 on the network inspector.

From Postman

Postman is a tool to build and make requests to APIs. This way, we can simulate that we are calling our API from any client app or a different service.

What we’ll demo is how to send a request to list all users.

Once we open the tool, we set the URL https://us-central1-{your-project}.cloudfunctions.net/api/users:

Next, on the tab authorization, we choose Bearer Token and we set the value we extracted from Dev Tools previously.

Conclusion

Congratulations! You’ve made it through the whole tutorial and now you’ve learned to create a user role-based API on Firebase.

We’ve also covered how to consume it from an Angular app and Postman.

Let’s recap the most important things:

  1. Firebase allows you to get quickly up and running with an enterprise-level auth API, which you can extend later on.
  2. Almost every project requires authorization—if you need to control access using a role-based model, Firebase Authentication lets you get started very quickly.
  3. The role-based model relies on validating resources that are requested from users with specific roles vs. specific users.
  4. Using an Express.js app on Firebase Function, we can create a REST API and set handlers to authenticate and authorize requests.
  5. Leveraging built-in custom claims, you can create a role-based auth API and secure your app.

Thanks for reading

If you liked this post, share it with all of your programming buddies!

Follow us on Facebook | Twitter

Further reading

The Complete Node.js Developer Course (3rd Edition)

Angular & NodeJS - The MEAN Stack Guide

NodeJS - The Complete Guide (incl. MVC, REST APIs, GraphQL)

Best 50 Nodejs interview questions from Beginners to Advanced in 2019

Node.js 12: The future of server-side JavaScript

An Introduction to Node.js Design Patterns

Basic Server Side Rendering with Vue.js and Express

Fullstack Vue App with MongoDB, Express.js and Node.js

How to create a full stack React/Express/MongoDB app using Docker


#node-js #firebase #rest #api

What is GEEK

Buddha Community

Build a REST API to manage users and roles using Firebase and Node.js
Dylan  Iqbal

Dylan Iqbal

1566616193

Build a REST API to manage users and roles using Firebase and Node.js

Originally published by Joaquin at https://www.toptal.com

Introduction

Almost every app requires some level of authorization system. In some cases, validating a username/password set with our Users table is enough, but often, we need a more fine-grained permissions model to allow certain users to access certain resources and restrict them from others. Building a system to support the latter is not trivial and can be very time consuming. In this tutorial, we’ll learn how to build a role-based auth API using Firebase, which will help us get quickly up and running.

Role-based Auth

In this authorization model, access is granted to roles, instead of specific users, and a user can have one or more depending on how you design your permission model. Resources, on the other hand, require certain roles to allow a user to execute it.


Firebase

Firebase Authentication

In a nutshell, Firebase Authentication is an extensible token-based auth system and provides out-of-the-box integrations with the most common providers such as Google, Facebook, and Twitter, among others.

It enables us to use custom claims which we’ll leverage to build a flexible role-based API.

We can set any JSON value into the claims (e.g., { role: 'admin' } or { role: 'manager' }).

Once set, custom claims will be included in the token that Firebase generates, and we can read the value to control access.

It also comes with a very generous free quota, which in most cases will be more than enough.

Firebase Functions

Functions are a fully-managed serverless platform service. We just need to write our code in Node.js and deploy it. Firebase takes care of scaling the infrastructure on demand, server configuration, and more. In our case, we’ll use it to build our API and expose it via HTTP to the web.

Firebase allows us to set express.js apps as handlers for different paths—for example, you can create an Express app and hook it to /mypath, and all requests coming to this route will be handled by the app configured.

From within the context of a function, you have access to the whole Firebase Authentication API, using the Admin SDK.

This is how we’ll create the user API.

What We’ll Build

So before we get started, let’s take a look at what we’ll build. We are going to create a REST API with the following endpoints:

Each of these endpoints will handle authentication, validate authorization, perform the correspondent operation, and finally return a meaningful HTTP code.

We’ll create the authentication and authorization functions required to validate the token and check if the claims contain the required role to execute the operation.

Building the API

In order to build the API, we’ll need:

  • A Firebase project
  • firebase-tools installed

First, log in to Firebase:

firebase login 

Next, initialize a Functions project:

firebase init
 
? Which Firebase CLI features do you want to set up for this folder? ...
(O) Functions: Configure and deploy Cloud Functions
 
? Select a default Firebase project for this directory: {your-project}
 
? What language would you like to use to write Cloud Functions? TypeScript
 
? Do you want to use TSLint to catch probable bugs and enforce style? Yes
 
? Do you want to install dependencies with npm now? Yes

At this point, you will have a Functions folder, with minimum setup to create Firebase Functions.

At src/index.ts there’s a helloWorld example, which you can uncomment to validate that your Functions works. Then you can cd functions and run npm run serve. This command will transpile the code and start the local server.

You can check the results at http://localhost:5000/{your-project}/us-central1/helloWorld

Notice the function is exposed on the path defined as the name of it at 'index.ts: 'helloWorld'.

Creating a Firebase HTTP Function

Now let’s code our API. We are going to create an http Firebase function and hook it on /api path.

First, install npm install express.

On the src/index.ts we will:

  • Initialize the firebase-admin SDK module with admin.initializeApp();
  • Set an Express app as the handler of our api https endpoint
import * as functions from 'firebase-functions';
import * as admin from 'firebase-admin';
import * as express from 'express';
 
admin.initializeApp();
 
const app = express();
 
export const api = functions.https.onRequest(app);

Now, all requests going to /api will be handled by the app instance.

The next thing we’ll do is configure the app instance to support CORS and add JSON body parser middleware. This way we can make requests from any URL and parse JSON formatted requests.

We’ll first install required dependencies.

npm install --save cors body-parser 
npm install --save-dev @types/cors 

And then:

//...
import * as cors from 'cors';
import * as bodyParser from 'body-parser';
 
//...
const app = express();
app.use(bodyParser.json());
app.use(cors({ origin: true }));
 
export const api = functions.https.onRequest(app);

Finally, we will configure the routes that the app will handle.

//...
import { routesConfig } from './users/routes-config';
//…
app.use(cors({ origin: true }));
routesConfig(app)
 
export const api = functions.https.onRequest(app);

Firebase Functions allows us to set an Express app as the handler, and any path after the one you set up at functions.https.onRequest(app);—in this case, api—will also be handled by the app. This allows us to write specific endpoints such as api/users and set a handler for each HTTP verb, which we’ll do next.

Let’s create the file src/users/routes-config.ts

Here, we’ll set a create handler at POST '/users'

import { Application } from "express";
import { create} from "./controller";
 
export function routesConfig(app: Application) {
   app.post('/users',
       create
   );
}

Now, we’ll create the src/users/controller.ts file.

In this function, we first validate that all fields are in the body request, and next, we create the user and set the custom claims.

We are just passing { role } in the setCustomUserClaims—the other fields are already set by Firebase.

If no errors occur, we return a 201 code with the uid of the user created.

import { Request, Response } from "express";
import * as admin from 'firebase-admin'
 
export async function create(req: Request, res: Response) {
   try {
       const { displayName, password, email, role } = req.body
 
       if (!displayName || !password || !email || !role) {
           return res.status(400).send({ message: 'Missing fields' })
       }
 
       const { uid } = await admin.auth().createUser({
           displayName,
           password,
           email
       })
       await admin.auth().setCustomUserClaims(uid, { role })
 
       return res.status(201).send({ uid })
   } catch (err) {
       return handleError(res, err)
   }
}
 
function handleError(res: Response, err: any) {
   return res.status(500).send({ message: `${err.code} - ${err.message}` });
}

Now, let’s secure the handler by adding authorization. To do that, we’ll add a couple of handlers to our create endpoint. With express.js, you can set a chain of handlers that will be executed in order. Within a handler, you can execute code and pass it to the next() handler or return a response. What we’ll do is first authenticate the user and then validate if it is authorized to execute. If the user doesn’t have the required role, we’ll return a 403.

On file src/users/routes-config.ts:

//...
import { isAuthenticated } from "../auth/authenticated";
import { isAuthorized } from "../auth/authorized";
 
export function routesConfig(app: Application) {
   app.post('/users',
       isAuthenticated,
       isAuthorized({ hasRole: ['admin', 'manager'] }),
       create
   );
}

 Let’s create the files src/auth/authenticated.ts.

On this function, we’ll validate the presence of the authorization bearer token in the request header. Then we’ll decode it with admin.auth().verifyidToken() and persist the user’s uid, role, and email in the res.locals variable, which we’ll later use to validate authorization.

In the case the token is invalid, we return a 401 response to the client:

import { Request, Response } from "express";
import * as admin from 'firebase-admin'
 
export async function isAuthenticated(req: Request, res: Response, next: Function) {
   const { authorization } = req.headers
 
   if (!authorization)
       return res.status(401).send({ message: 'Unauthorized' });
 
   if (!authorization.startsWith('Bearer'))
       return res.status(401).send({ message: 'Unauthorized' });
 
   const split = authorization.split('Bearer ')
   if (split.length !== 2)
       return res.status(401).send({ message: 'Unauthorized' });
 
   const token = split[1]
 
   try {
       const decodedToken: admin.auth.DecodedIdToken = await admin.auth().verifyIdToken(token);
       console.log("decodedToken", JSON.stringify(decodedToken))
       res.locals = { ...res.locals, uid: decodedToken.uid, role: decodedToken.role, email: decodedToken.email }
       return next();
   }
   catch (err) {
       console.error(`${err.code} -  ${err.message}`)
       return res.status(401).send({ message: 'Unauthorized' });
   }
}

 Now, let’s create a src/auth/authorized.ts file.

In this handler, we extract the user’s info from res.locals we set previously and validate if it has the role required to execute the operation or in the case the operation allows the same user to execute, we validate that the ID on the request params is the same as the one in the auth token.

import { Request, Response } from "express";
 
export function isAuthorized(opts: { hasRole: Array&lt;'admin' | 'manager' | 'user'&gt;, allowSameUser?: boolean }) {
   return (req: Request, res: Response, next: Function) =&gt; {
       const { role, email, uid } = res.locals
       const { id } = req.params
 
       if (opts.allowSameUser && id && uid === id)
           return next();
 
       if (!role)
           return res.status(403).send();
 
       if (opts.hasRole.includes(role))
           return next();
 
       return res.status(403).send();
   }
}

 With these two methods, we’ll be able to authenticate requests and authorize them given the role in the incoming token. That’s great, but since Firebase doesn’t let us set custom claims from the project console, we won’t be able to execute any of these endpoints. In order to bypass this, we can create a root user from Firebase Authentication Console

And set an email comparison in the code. Now, when firing requests from this user, we’ll be able to execute all operations.

//…
  const { role, email, uid } = res.locals
  const { id } = req.params
 
  if (email === ‘your-root-user-email@domain.com’)
    return next();
//…

 Now, let’s add the rest of the CRUD operations to src/users/routes-config.ts.

For operations to get or update a single user where :id param is sent, we also allow the same user to execute the operation.

export function routesConfig(app: Application) {
   //…
   // lists all users
   app.get(‘/users’, [
       isAuthenticated,
       isAuthorized({ hasRole: [‘admin’, ‘manager’] }),
       all
   ]);
   // get :id user
   app.get(‘/users/:id’, [
       isAuthenticated,
       isAuthorized({ hasRole: [‘admin’, ‘manager’], allowSameUser: true }),
       get
   ]);
   // updates :id user
   app.patch(‘/users/:id’, [
       isAuthenticated,
       isAuthorized({ hasRole: [‘admin’, ‘manager’], allowSameUser: true }),
       patch
   ]);
   // deletes :id user
   app.delete(‘/users/:id’, [
       isAuthenticated,
       isAuthorized({ hasRole: [‘admin’, ‘manager’] }),
       remove
   ]);
}

 And on src/users/controller.ts. In these operations, we leverage the admin SDK to interact with Firebase Authentication and perform the respective operations. As we did previously on create operation, we return a meaningful HTTP code on each operation.

For the update operation, we validate all fields present and override customClaims with those sent in the request:

//…
 
export async function all(req: Request, res: Response) {
   try {
       const listUsers = await admin.auth().listUsers()
       const users = listUsers.users.map(user =&gt; {
           const customClaims = (user.customClaims || { role: ‘’ }) as { role?: string }
           const role = customClaims.role ? customClaims.role : ‘’
           return {
               uid: user.uid,
               email: user.email,
               displayName: user.displayName,
               role,
               lastSignInTime: user.metadata.lastSignInTime,
               creationTime: user.metadata.creationTime
           }
       })
 
       return res.status(200).send({ users })
   } catch (err) {
       return handleError(res, err)
   }
}
 
export async function get(req: Request, res: Response) {
   try {
       const { id } = req.params
       const user = await admin.auth().getUser(id)
       return res.status(200).send({ user })
   } catch (err) {
       return handleError(res, err)
   }
}
 
export async function patch(req: Request, res: Response) {
   try {
       const { id } = req.params
       const { displayName, password, email, role } = req.body
 
       if (!id || !displayName || !password || !email || !role) {
           return res.status(400).send({ message: ‘Missing fields’ })
       }
 
       const user = await admin.auth().updateUser(id, { displayName, password, email })
       await admin.auth().setCustomUserClaims(id, { role })
       return res.status(204).send({ user })
   } catch (err) {
       return handleError(res, err)
   }
}
 
export async function remove(req: Request, res: Response) {
   try {
       const { id } = req.params
       await admin.auth().deleteUser(id)
       return res.status(204).send({})
   } catch (err) {
       return handleError(res, err)
   }
}
 
//…

 Now we can run the function locally. To do that, first you need to set up the account key to be able to connect with the auth API locally. Then run:

npm run serve 

Deploy the API

Great! Now that we have our written the role-based API, we can deploy it to the web and start using it. Deploying with Firebase is super easy, we just need to run firebase deploy. Once the deploy is completed, we can access our API at the published URL.

You can check the API URL at https://console.firebase.google.com/u/0/project/{your-project}/functions/list.

In my case, it is https://us-central1-joaq-lab.cloudfunctions.net/api.

Consuming the API

Once our API is deployed, we have several ways to use it—in this tutorial, I’ll cover how to use it via Postman or from an Angular app.

If we enter the List All Users URL (/api/users) on any browser, we’ll get the following:

The reason for this is when sending the request from a browser, we are performing a GET request without auth headers. These means our API is actually working as expected!

Our API is secured via tokens—in order to generate such a token, we need to call Firebase’s Client SDK and log in with a valid user/password credential. When successful, Firebase will send a token back in the response which we can then add to the header of any following request we want to perform.

From an Angular App

In this tutorial, I’ll just go over the important pieces to consume the API from an Angular app. The full repository can be accessed here, and if you need a step-by-step tutorial on how to create an Angular app and configure @angular/fire to use

So, back to signing in, we’ll have a SignInComponent with a <form> to let the user enter a username and password.

//…
<form [formGroup]=“form”>
   <div class=“form-group”>
     <label>Email address</label>
     <input type=“email”
            formControlName=“email”
            class=“form-control”
            placeholder=“Enter email”>
  </div>
   <div class=“form-group”>
     <label>Password</label>
     <input type=“password”
            formControlName=“password”
            class=“form-control”
            placeholder=“Password”>
   </div>
</form>
 
//…

 And on the class, we signInWithEmailAndPassword using the AngularFireAuth service.

//…
 
form: FormGroup = new FormGroup({
   email: new FormControl(‘’),
   password: new FormControl(‘’)
})
 
constructor(
   private afAuth: AngularFireAuth
) { }
 
async signIn() {
   try {
     const { email, password } = this.form.value
     await this.afAuth.auth.signInWithEmailAndPassword(email, password)
   } catch (err) {
     console.log(err)
   }
}
 
//…

 At this point, we can sign in to our Firebase project.

And when we inspect the network requests in the DevTools, we can see that Firebase returns a token after verifying our user and password.

This token is the one we will use to send on our header’s request to the API we’ve built. One way to add the token to all requests is using an HttpInterceptor.

This file shows how to get the token from AngularFireAuth and add it to the header’s request. We then provide the interceptor file in the AppModule.

http-interceptors/auth-token.interceptor.ts

@Injectable({ providedIn: ‘root’ })
export class AuthTokenHttpInterceptor implements HttpInterceptor {
 
   constructor(
       private auth: AngularFireAuth
   ) {
 
   }
 
   intercept(req: HttpRequest&lt;any&gt;, next: HttpHandler): Observable&lt;HttpEvent&lt;any&gt;&gt; {
       return this.auth.idToken.pipe(
           take(1),
           switchMap(idToken =&gt; {
               let clone = req.clone()
               if (idToken) {
                   clone = clone.clone({ headers: req.headers.set(‘Authorization’, 'Bearer ’ + idToken) });
               }
               return next.handle(clone)
           })
       )
 
   }
}
 
export const AuthTokenHttpInterceptorProvider = {
   provide: HTTP_INTERCEPTORS,
   useClass: AuthTokenHttpInterceptor,
   multi: true
}

 app.module.ts

@NgModule({
//…
providers: [
   AuthTokenHttpInterceptorProvider
]
//…
})
export class AppModule { }

 Once the interceptor is set, we can make requests to our API from httpClient. For example, here’s a UsersService where we call the list all users, get the user by its ID, and create a user.

//…
 
export type CreateUserRequest = { displayName: string, password: string, email: string, role: string }
 
@Injectable({
providedIn: ‘root’
})
export class UserService {
 
private baseUrl = ‘{your-functions-url}/api/users’
 
constructor(
   private http: HttpClient
) { }
  get users$(): Observable&lt;User[]&gt; {
   return this.http.get&lt;{ users: User[] }&gt;(${this.baseUrl}).pipe(
     map(result =&gt; {
       return result.users
     })
   )
}
 
user$(id: string): Observable&lt;User&gt; {
   return this.http.get&lt;{ user: User }&gt;(${this.baseUrl}/${id}).pipe(
     map(result =&gt; {
       return result.user
     })
   )
}
 
create(user: CreateUserRequest) {
   return this.http.post(${this.baseUrl}, user)
}
}

 Now, we can call the API to get the user by its ID and list all users from a component like this:

//…
   <ul *ngIf=“user$ | async; let user”
      class=“list-group”>
     <li class=“list-group-item d-flex justify-content-between align-items-center”>
       <div>
         <h5 class=“mb-1”>{{user.displayName}}</h5>
         <small>{{user.email}}</small>
       </div>
      <span class=“badge badge-primary badge-pill”>{{user.role?.toUpperCase()}}</span>
     </li>
   </ul>
 
  <ul *ngIf=“users$ | async; let users”
       class=“list-group”>
     <li *ngFor=“let user of users”
         class=“list-group-item d-flex justify-content-between align-items-center”>
       <div>
         <h5 class=“mb-1”>{{user.displayName}}</h5>
         <small class=“d-block”>{{user.email}}</small>
         <small class=“d-block”>{{user.uid}}</small>
       </div>
       <span class=“badge badge-primary badge-pill”>{{user.role?.toUpperCase()}}</span>
     </li>
   </ul>
//…

 

//…
 
users$: Observable&lt;User[]&gt;
user$: Observable&lt;User&gt;
 
constructor(
   private userService: UserService,
   private userForm: UserFormService,
   private modal: NgbModal,
   private afAuth: AngularFireAuth
) { }
 
ngOnInit() {
   this.users$ = this.userService.users$
 
   this.user$ = this.afAuth.user.pipe(
     filter(user =&gt; !!user),
     switchMap(user =&gt; this.userService.user$(user.uid))
   )
}
 
//…

 And here’s the result.

Notice that if we sign in with a user with role=user, only the Me section will be rendered.

And we’ll get a 403 on the network inspector.

From Postman

Postman is a tool to build and make requests to APIs. This way, we can simulate that we are calling our API from any client app or a different service.

What we’ll demo is how to send a request to list all users.

Once we open the tool, we set the URL https://us-central1-{your-project}.cloudfunctions.net/api/users:

Next, on the tab authorization, we choose Bearer Token and we set the value we extracted from Dev Tools previously.

Conclusion

Congratulations! You’ve made it through the whole tutorial and now you’ve learned to create a user role-based API on Firebase.

We’ve also covered how to consume it from an Angular app and Postman.

Let’s recap the most important things:

  1. Firebase allows you to get quickly up and running with an enterprise-level auth API, which you can extend later on.
  2. Almost every project requires authorization—if you need to control access using a role-based model, Firebase Authentication lets you get started very quickly.
  3. The role-based model relies on validating resources that are requested from users with specific roles vs. specific users.
  4. Using an Express.js app on Firebase Function, we can create a REST API and set handlers to authenticate and authorize requests.
  5. Leveraging built-in custom claims, you can create a role-based auth API and secure your app.

Thanks for reading

If you liked this post, share it with all of your programming buddies!

Follow us on Facebook | Twitter

Further reading

The Complete Node.js Developer Course (3rd Edition)

Angular & NodeJS - The MEAN Stack Guide

NodeJS - The Complete Guide (incl. MVC, REST APIs, GraphQL)

Best 50 Nodejs interview questions from Beginners to Advanced in 2019

Node.js 12: The future of server-side JavaScript

An Introduction to Node.js Design Patterns

Basic Server Side Rendering with Vue.js and Express

Fullstack Vue App with MongoDB, Express.js and Node.js

How to create a full stack React/Express/MongoDB app using Docker


#node-js #firebase #rest #api

NBB: Ad-hoc CLJS Scripting on Node.js

Nbb

Not babashka. Node.js babashka!?

Ad-hoc CLJS scripting on Node.js.

Status

Experimental. Please report issues here.

Goals and features

Nbb's main goal is to make it easy to get started with ad hoc CLJS scripting on Node.js.

Additional goals and features are:

  • Fast startup without relying on a custom version of Node.js.
  • Small artifact (current size is around 1.2MB).
  • First class macros.
  • Support building small TUI apps using Reagent.
  • Complement babashka with libraries from the Node.js ecosystem.

Requirements

Nbb requires Node.js v12 or newer.

How does this tool work?

CLJS code is evaluated through SCI, the same interpreter that powers babashka. Because SCI works with advanced compilation, the bundle size, especially when combined with other dependencies, is smaller than what you get with self-hosted CLJS. That makes startup faster. The trade-off is that execution is less performant and that only a subset of CLJS is available (e.g. no deftype, yet).

Usage

Install nbb from NPM:

$ npm install nbb -g

Omit -g for a local install.

Try out an expression:

$ nbb -e '(+ 1 2 3)'
6

And then install some other NPM libraries to use in the script. E.g.:

$ npm install csv-parse shelljs zx

Create a script which uses the NPM libraries:

(ns script
  (:require ["csv-parse/lib/sync$default" :as csv-parse]
            ["fs" :as fs]
            ["path" :as path]
            ["shelljs$default" :as sh]
            ["term-size$default" :as term-size]
            ["zx$default" :as zx]
            ["zx$fs" :as zxfs]
            [nbb.core :refer [*file*]]))

(prn (path/resolve "."))

(prn (term-size))

(println (count (str (fs/readFileSync *file*))))

(prn (sh/ls "."))

(prn (csv-parse "foo,bar"))

(prn (zxfs/existsSync *file*))

(zx/$ #js ["ls"])

Call the script:

$ nbb script.cljs
"/private/tmp/test-script"
#js {:columns 216, :rows 47}
510
#js ["node_modules" "package-lock.json" "package.json" "script.cljs"]
#js [#js ["foo" "bar"]]
true
$ ls
node_modules
package-lock.json
package.json
script.cljs

Macros

Nbb has first class support for macros: you can define them right inside your .cljs file, like you are used to from JVM Clojure. Consider the plet macro to make working with promises more palatable:

(defmacro plet
  [bindings & body]
  (let [binding-pairs (reverse (partition 2 bindings))
        body (cons 'do body)]
    (reduce (fn [body [sym expr]]
              (let [expr (list '.resolve 'js/Promise expr)]
                (list '.then expr (list 'clojure.core/fn (vector sym)
                                        body))))
            body
            binding-pairs)))

Using this macro we can look async code more like sync code. Consider this puppeteer example:

(-> (.launch puppeteer)
      (.then (fn [browser]
               (-> (.newPage browser)
                   (.then (fn [page]
                            (-> (.goto page "https://clojure.org")
                                (.then #(.screenshot page #js{:path "screenshot.png"}))
                                (.catch #(js/console.log %))
                                (.then #(.close browser)))))))))

Using plet this becomes:

(plet [browser (.launch puppeteer)
       page (.newPage browser)
       _ (.goto page "https://clojure.org")
       _ (-> (.screenshot page #js{:path "screenshot.png"})
             (.catch #(js/console.log %)))]
      (.close browser))

See the puppeteer example for the full code.

Since v0.0.36, nbb includes promesa which is a library to deal with promises. The above plet macro is similar to promesa.core/let.

Startup time

$ time nbb -e '(+ 1 2 3)'
6
nbb -e '(+ 1 2 3)'   0.17s  user 0.02s system 109% cpu 0.168 total

The baseline startup time for a script is about 170ms seconds on my laptop. When invoked via npx this adds another 300ms or so, so for faster startup, either use a globally installed nbb or use $(npm bin)/nbb script.cljs to bypass npx.

Dependencies

NPM dependencies

Nbb does not depend on any NPM dependencies. All NPM libraries loaded by a script are resolved relative to that script. When using the Reagent module, React is resolved in the same way as any other NPM library.

Classpath

To load .cljs files from local paths or dependencies, you can use the --classpath argument. The current dir is added to the classpath automatically. So if there is a file foo/bar.cljs relative to your current dir, then you can load it via (:require [foo.bar :as fb]). Note that nbb uses the same naming conventions for namespaces and directories as other Clojure tools: foo-bar in the namespace name becomes foo_bar in the directory name.

To load dependencies from the Clojure ecosystem, you can use the Clojure CLI or babashka to download them and produce a classpath:

$ classpath="$(clojure -A:nbb -Spath -Sdeps '{:aliases {:nbb {:replace-deps {com.github.seancorfield/honeysql {:git/tag "v2.0.0-rc5" :git/sha "01c3a55"}}}}}')"

and then feed it to the --classpath argument:

$ nbb --classpath "$classpath" -e "(require '[honey.sql :as sql]) (sql/format {:select :foo :from :bar :where [:= :baz 2]})"
["SELECT foo FROM bar WHERE baz = ?" 2]

Currently nbb only reads from directories, not jar files, so you are encouraged to use git libs. Support for .jar files will be added later.

Current file

The name of the file that is currently being executed is available via nbb.core/*file* or on the metadata of vars:

(ns foo
  (:require [nbb.core :refer [*file*]]))

(prn *file*) ;; "/private/tmp/foo.cljs"

(defn f [])
(prn (:file (meta #'f))) ;; "/private/tmp/foo.cljs"

Reagent

Nbb includes reagent.core which will be lazily loaded when required. You can use this together with ink to create a TUI application:

$ npm install ink

ink-demo.cljs:

(ns ink-demo
  (:require ["ink" :refer [render Text]]
            [reagent.core :as r]))

(defonce state (r/atom 0))

(doseq [n (range 1 11)]
  (js/setTimeout #(swap! state inc) (* n 500)))

(defn hello []
  [:> Text {:color "green"} "Hello, world! " @state])

(render (r/as-element [hello]))

Promesa

Working with callbacks and promises can become tedious. Since nbb v0.0.36 the promesa.core namespace is included with the let and do! macros. An example:

(ns prom
  (:require [promesa.core :as p]))

(defn sleep [ms]
  (js/Promise.
   (fn [resolve _]
     (js/setTimeout resolve ms))))

(defn do-stuff
  []
  (p/do!
   (println "Doing stuff which takes a while")
   (sleep 1000)
   1))

(p/let [a (do-stuff)
        b (inc a)
        c (do-stuff)
        d (+ b c)]
  (prn d))
$ nbb prom.cljs
Doing stuff which takes a while
Doing stuff which takes a while
3

Also see API docs.

Js-interop

Since nbb v0.0.75 applied-science/js-interop is available:

(ns example
  (:require [applied-science.js-interop :as j]))

(def o (j/lit {:a 1 :b 2 :c {:d 1}}))

(prn (j/select-keys o [:a :b])) ;; #js {:a 1, :b 2}
(prn (j/get-in o [:c :d])) ;; 1

Most of this library is supported in nbb, except the following:

  • destructuring using :syms
  • property access using .-x notation. In nbb, you must use keywords.

See the example of what is currently supported.

Examples

See the examples directory for small examples.

Also check out these projects built with nbb:

API

See API documentation.

Migrating to shadow-cljs

See this gist on how to convert an nbb script or project to shadow-cljs.

Build

Prequisites:

  • babashka >= 0.4.0
  • Clojure CLI >= 1.10.3.933
  • Node.js 16.5.0 (lower version may work, but this is the one I used to build)

To build:

  • Clone and cd into this repo
  • bb release

Run bb tasks for more project-related tasks.

Download Details:
Author: borkdude
Download Link: Download The Source Code
Official Website: https://github.com/borkdude/nbb 
License: EPL-1.0

#node #javascript

Wilford  Pagac

Wilford Pagac

1594289280

What is REST API? An Overview | Liquid Web

What is REST?

The REST acronym is defined as a “REpresentational State Transfer” and is designed to take advantage of existing HTTP protocols when used for Web APIs. It is very flexible in that it is not tied to resources or methods and has the ability to handle different calls and data formats. Because REST API is not constrained to an XML format like SOAP, it can return multiple other formats depending on what is needed. If a service adheres to this style, it is considered a “RESTful” application. REST allows components to access and manage functions within another application.

REST was initially defined in a dissertation by Roy Fielding’s twenty years ago. He proposed these standards as an alternative to SOAP (The Simple Object Access Protocol is a simple standard for accessing objects and exchanging structured messages within a distributed computing environment). REST (or RESTful) defines the general rules used to regulate the interactions between web apps utilizing the HTTP protocol for CRUD (create, retrieve, update, delete) operations.

What is an API?

An API (or Application Programming Interface) provides a method of interaction between two systems.

What is a RESTful API?

A RESTful API (or application program interface) uses HTTP requests to GET, PUT, POST, and DELETE data following the REST standards. This allows two pieces of software to communicate with each other. In essence, REST API is a set of remote calls using standard methods to return data in a specific format.

The systems that interact in this manner can be very different. Each app may use a unique programming language, operating system, database, etc. So, how do we create a system that can easily communicate and understand other apps?? This is where the Rest API is used as an interaction system.

When using a RESTful API, we should determine in advance what resources we want to expose to the outside world. Typically, the RESTful API service is implemented, keeping the following ideas in mind:

  • Format: There should be no restrictions on the data exchange format
  • Implementation: REST is based entirely on HTTP
  • Service Definition: Because REST is very flexible, API can be modified to ensure the application understands the request/response format.
  • The RESTful API focuses on resources and how efficiently you perform operations with it using HTTP.

The features of the REST API design style state:

  • Each entity must have a unique identifier.
  • Standard methods should be used to read and modify data.
  • It should provide support for different types of resources.
  • The interactions should be stateless.

For REST to fit this model, we must adhere to the following rules:

  • Client-Server Architecture: The interface is separate from the server-side data repository. This affords flexibility and the development of components independently of each other.
  • Detachment: The client connections are not stored on the server between requests.
  • Cacheability: It must be explicitly stated whether the client can store responses.
  • Multi-level: The API should work whether it interacts directly with a server or through an additional layer, like a load balancer.

#tutorials #api #application #application programming interface #crud #http #json #programming #protocols #representational state transfer #rest #rest api #rest api graphql #rest api json #rest api xml #restful #soap #xml #yaml

An API-First Approach For Designing Restful APIs | Hacker Noon

I’ve been working with Restful APIs for some time now and one thing that I love to do is to talk about APIs.

So, today I will show you how to build an API using the API-First approach and Design First with OpenAPI Specification.

First thing first, if you don’t know what’s an API-First approach means, it would be nice you stop reading this and check the blog post that I wrote to the Farfetchs blog where I explain everything that you need to know to start an API using API-First.

Preparing the ground

Before you get your hands dirty, let’s prepare the ground and understand the use case that will be developed.

Tools

If you desire to reproduce the examples that will be shown here, you will need some of those items below.

  • NodeJS
  • OpenAPI Specification
  • Text Editor (I’ll use VSCode)
  • Command Line

Use Case

To keep easy to understand, let’s use the Todo List App, it is a very common concept beyond the software development community.

#api #rest-api #openai #api-first-development #api-design #apis #restful-apis #restful-api

Aria Barnes

Aria Barnes

1622719015

Why use Node.js for Web Development? Benefits and Examples of Apps

Front-end web development has been overwhelmed by JavaScript highlights for quite a long time. Google, Facebook, Wikipedia, and most of all online pages use JS for customer side activities. As of late, it additionally made a shift to cross-platform mobile development as a main technology in React Native, Nativescript, Apache Cordova, and other crossover devices. 

Throughout the most recent couple of years, Node.js moved to backend development as well. Designers need to utilize a similar tech stack for the whole web project without learning another language for server-side development. Node.js is a device that adjusts JS usefulness and syntax to the backend. 

What is Node.js? 

Node.js isn’t a language, or library, or system. It’s a runtime situation: commonly JavaScript needs a program to work, however Node.js makes appropriate settings for JS to run outside of the program. It’s based on a JavaScript V8 motor that can run in Chrome, different programs, or independently. 

The extent of V8 is to change JS program situated code into machine code — so JS turns into a broadly useful language and can be perceived by servers. This is one of the advantages of utilizing Node.js in web application development: it expands the usefulness of JavaScript, permitting designers to coordinate the language with APIs, different languages, and outside libraries.

What Are the Advantages of Node.js Web Application Development? 

Of late, organizations have been effectively changing from their backend tech stacks to Node.js. LinkedIn picked Node.js over Ruby on Rails since it took care of expanding responsibility better and decreased the quantity of servers by multiple times. PayPal and Netflix did something comparative, just they had a goal to change their design to microservices. We should investigate the motivations to pick Node.JS for web application development and when we are planning to hire node js developers. 

Amazing Tech Stack for Web Development 

The principal thing that makes Node.js a go-to environment for web development is its JavaScript legacy. It’s the most well known language right now with a great many free devices and a functioning local area. Node.js, because of its association with JS, immediately rose in ubiquity — presently it has in excess of 368 million downloads and a great many free tools in the bundle module. 

Alongside prevalence, Node.js additionally acquired the fundamental JS benefits: 

  • quick execution and information preparing; 
  • exceptionally reusable code; 
  • the code is not difficult to learn, compose, read, and keep up; 
  • tremendous asset library, a huge number of free aides, and a functioning local area. 

In addition, it’s a piece of a well known MEAN tech stack (the blend of MongoDB, Express.js, Angular, and Node.js — four tools that handle all vital parts of web application development). 

Designers Can Utilize JavaScript for the Whole Undertaking 

This is perhaps the most clear advantage of Node.js web application development. JavaScript is an unquestionable requirement for web development. Regardless of whether you construct a multi-page or single-page application, you need to know JS well. On the off chance that you are now OK with JavaScript, learning Node.js won’t be an issue. Grammar, fundamental usefulness, primary standards — every one of these things are comparable. 

In the event that you have JS designers in your group, it will be simpler for them to learn JS-based Node than a totally new dialect. What’s more, the front-end and back-end codebase will be basically the same, simple to peruse, and keep up — in light of the fact that they are both JS-based. 

A Quick Environment for Microservice Development 

There’s another motivation behind why Node.js got famous so rapidly. The environment suits well the idea of microservice development (spilling stone monument usefulness into handfuls or many more modest administrations). 

Microservices need to speak with one another rapidly — and Node.js is probably the quickest device in information handling. Among the fundamental Node.js benefits for programming development are its non-obstructing algorithms.

Node.js measures a few demands all at once without trusting that the first will be concluded. Many microservices can send messages to one another, and they will be gotten and addressed all the while. 

Versatile Web Application Development 

Node.js was worked in view of adaptability — its name really says it. The environment permits numerous hubs to run all the while and speak with one another. Here’s the reason Node.js adaptability is better than other web backend development arrangements. 

Node.js has a module that is liable for load adjusting for each running CPU center. This is one of numerous Node.js module benefits: you can run various hubs all at once, and the environment will naturally adjust the responsibility. 

Node.js permits even apportioning: you can part your application into various situations. You show various forms of the application to different clients, in light of their age, interests, area, language, and so on. This builds personalization and diminishes responsibility. Hub accomplishes this with kid measures — tasks that rapidly speak with one another and share a similar root. 

What’s more, Node’s non-hindering solicitation handling framework adds to fast, letting applications measure a great many solicitations. 

Control Stream Highlights

Numerous designers consider nonconcurrent to be one of the two impediments and benefits of Node.js web application development. In Node, at whatever point the capacity is executed, the code consequently sends a callback. As the quantity of capacities develops, so does the number of callbacks — and you end up in a circumstance known as the callback damnation. 

In any case, Node.js offers an exit plan. You can utilize systems that will plan capacities and sort through callbacks. Systems will associate comparable capacities consequently — so you can track down an essential component via search or in an envelope. At that point, there’s no compelling reason to look through callbacks.

 

Final Words

So, these are some of the top benefits of Nodejs in web application development. This is how Nodejs is contributing a lot to the field of web application development. 

I hope now you are totally aware of the whole process of how Nodejs is really important for your web project. If you are looking to hire a node js development company in India then I would suggest that you take a little consultancy too whenever you call. 

Good Luck!

Original Source

#node.js development company in india #node js development company #hire node js developers #hire node.js developers in india #node.js development services #node.js development