DEV Community: Abhinav Anand The latest articles on DEV Community by Abhinav Anand (@abhinavan00). https://dev.to/abhinavan00 https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3213463%2F526e4e20-10d9-433c-9249-a6078abea908.png DEV Community: Abhinav Anand https://dev.to/abhinavan00 en Building My First Full-Stack App: Part 3 - Integrating the Database with PostgreSQL & Knex.js Abhinav Anand Fri, 13 Jun 2025 08:48:17 +0000 https://dev.to/abhinavan00/building-my-first-full-stack-app-part-3-integrating-the-database-with-postgresql-knexjs-2674 https://dev.to/abhinavan00/building-my-first-full-stack-app-part-3-integrating-the-database-with-postgresql-knexjs-2674 <h1> <strong>Introduction</strong> </h1> <p>As discussed in Part 2, I designed the overall layout of the backend server by creating all the essential endpoints, connecting it to the frontend, and tested it using a mock database.</p> <p>Now, it's time to transition to a real database. Why is a persistent database essential?</p> <ul> <li> <strong>Manual Data Updates:</strong> With a mock database, data updates are manual and not persistent across sessions.</li> <li> <strong>Scalability Limitations:</strong> In-memory arrays become inefficient and unmanageable with growing datasets.</li> <li> <strong>Inefficient Authentication:</strong> Each login attempt requires iterating through the entire dataset, which is highly inefficient for real applications.</li> </ul> <h1> <strong>What We'll Cover: The Database Layer</strong> </h1> <p>In this part, we'll cover how I set up a relational database using PostgreSQL, and connected it to the backend server using Knex.js. We'll also explore why I chose synchronous <code>bcryptjs</code> for password hashing, and the crucial step of securely transferring the Clarifai API call to the backend (a task we deferred in Part 2).</p> <h3> <strong>Key Technologies for This Section</strong> </h3> <ul> <li> <strong>Database:</strong> PostgreSQL</li> <li> <strong>Query Builder:</strong> Knex.js</li> <li> <strong>Database Management:</strong> Combination of DBeaver and psql</li> <li> <strong>Password Hashing:</strong> bcryptjs</li> </ul> <h1> <strong>Setting Up Your Database: PostgreSQL</strong> </h1> <h3> <strong>Why PostgreSQL?</strong> </h3> <p>I specifically chose a relational database, opting for PostgreSQL due to its widespread popularity, robustness, and the invaluable learning opportunity it offers over non-relational alternatives. PostgreSQL is a mature, reliable, and widely supported database system.</p> <h3> <strong>Database Installation and Setup</strong> </h3> <p>To install PostgreSQL, I utilized Homebrew (as I'm using a Mac). Here are the steps I took to successfully install and start PostgreSQL:</p> <ol> <li>First, I ran <code>brew update</code> to ensure Homebrew was up-to-date.</li> <li>Next, I executed <code>brew doctor</code> for system health checks.</li> <li>Then, I simply ran <code>brew install postgresql</code>.</li> <li>Finally, <code>brew services start postgresql</code> to start the PostgreSQL service.</li> </ol> <p>After starting PostgreSQL, I created a new database using the command: <code>createdb 'your_database_name'</code></p> <p>To connect to the database via the command line, I used: <code>psql 'your_database_name'</code></p> <h3> <strong>Designing the Database Schema</strong> </h3> <p>Next, I designed a simple, secure database schema comprising two interconnected tables: <code>users</code> (for general user information) and <code>login</code> (for storing hashed passwords and login credentials, ensuring user privacy).</p> <p>To simplify visualization and management, I connected the PostgreSQL database to <strong>DBeaver</strong>, a graphical tool, which greatly helped visualize the database for a first-timer. <em>(Consider adding a screenshot of DBeaver here showing your tables!)</em></p> <h3> <strong>The <code>users</code> Table</strong> </h3> <p>The <code>users</code> table stores general user information. For this table, I created columns for <code>id</code>, <code>name</code>, <code>email</code>, <code>entries</code>, and <code>joined</code>. The <code>id</code> column serves as the primary key.</p> <p>To build the <code>users</code> table, I ran this query in DBeaver:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight jsx"><code><span class="nx">CREATE</span> <span class="nx">TABLE</span> <span class="nf">users </span><span class="p">(</span> <span class="nx">id</span> <span class="nx">serial</span> <span class="nx">PRIMARY</span> <span class="nx">KEY</span><span class="p">,</span> <span class="nx">name</span> <span class="nc">VARCHAR </span><span class="p">(</span><span class="mi">100</span><span class="p">),</span> <span class="nx">email</span> <span class="nx">text</span> <span class="nx">UNIQUE</span> <span class="nx">NOT</span> <span class="nx">NULL</span><span class="p">,</span> <span class="nx">entries</span> <span class="nx">BIGINT</span> <span class="nx">DEFAULT</span> <span class="mi">0</span><span class="p">,</span> <span class="nx">joined</span> <span class="nx">TIMESTAMP</span> <span class="nx">NOT</span> <span class="nx">NULL</span> <span class="p">);</span> </code></pre> </div> <h3> <strong>The <code>login</code> Table</strong> </h3> <p>This <code>login</code> table includes valuable login information. It consists of <code>id</code>, <code>hash</code> (for the hashed password), and <code>email</code>. The <code>id</code> also serves as the primary key, connecting it to the <code>users</code> table (though implicitly in this setup, often via foreign keys in more complex designs).</p> <p>To build the <code>login</code> table, I ran this query:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight jsx"><code><span class="nx">CREATE</span> <span class="nx">TABLE</span> <span class="nf">login </span><span class="p">(</span> <span class="nx">id</span> <span class="nx">serial</span> <span class="nx">PRIMARY</span> <span class="nx">KEY</span><span class="p">,</span> <span class="nx">hash</span> <span class="nc">VARCHAR</span><span class="p">(</span><span class="mi">100</span><span class="p">)</span> <span class="nx">NOT</span> <span class="nx">NULL</span><span class="p">,</span> <span class="nx">email</span> <span class="nx">text</span> <span class="nx">UNIQUE</span> <span class="nx">NOT</span> <span class="nx">NULL</span> <span class="p">);</span> </code></pre> </div> <h3> <strong>Connecting Backend to Database with Knex.js</strong> </h3> <h3> <strong>Introducing Knex.js: Your SQL Query Builder</strong> </h3> <p>Knex.js is a powerful SQL query builder for JavaScript, simplifying database interactions and query construction in Node.js applications without the full abstraction of an ORM. It provides a simple and powerful way to build and execute SQL queries, as well as a helpful set of utilities for working with databases.</p> <p>I chose Knex.js over raw SQL or a full ORM due to its clear documentation and a more intuitive query building syntax, which I found easier for this project's scope. Ultimately, the choice depends on project needs and personal preference.</p> <h3> <strong>Installation and Configuration</strong> </h3> <p>Now, it’s time to install Knex.js to establish the connection with our database:</p> <ol> <li>To install Knex.js, I simply ran the command: <code>npm install knex</code> </li> <li>Since I was using PostgreSQL, I also installed its client library: <code>npm install pg</code> </li> <li>Then, I imported Knex into my server file: <code>import knex from 'knex'</code> </li> <li> <p>Next, I configured the database connection:JavaScript<br> </p> <pre class="highlight jsx"><code><span class="kd">const</span> <span class="nx">db</span> <span class="o">=</span> <span class="nf">knex</span><span class="p">({</span> <span class="na">client</span><span class="p">:</span> <span class="dl">'</span><span class="s1">pg</span><span class="dl">'</span><span class="p">,</span> <span class="na">connection</span><span class="p">:</span> <span class="p">{</span> <span class="na">host</span> <span class="p">:</span> <span class="dl">'</span><span class="s1">127.0.0.1</span><span class="dl">'</span><span class="p">,</span> <span class="c1">// localhost</span> <span class="na">user</span> <span class="p">:</span> <span class="dl">'</span><span class="s1">postgres</span><span class="dl">'</span><span class="p">,</span> <span class="c1">// Add your database username here</span> <span class="na">port</span><span class="p">:</span> <span class="mi">5432</span><span class="p">,</span> <span class="c1">// Standard PostgreSQL port. Ensure this matches your setup.</span> <span class="na">password</span> <span class="p">:</span> <span class="dl">''</span><span class="p">,</span> <span class="c1">// Add your correct password here</span> <span class="na">database</span> <span class="p">:</span> <span class="dl">'</span><span class="s1">smartweb</span><span class="dl">'</span> <span class="c1">// Add your database name here</span> <span class="p">}</span> <span class="p">});</span> </code></pre> <p><em>(</em><em>Note:</em>* Ensure your <code>port</code> is correctly set to <code>5432</code> unless you've configured a custom port.)*</p> </li> </ol> <p>To test that the connection was established, I used a <code>SELECT</code> query builder from Knex's documentation:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight jsx"><code><span class="nx">db</span><span class="p">.</span><span class="nf">select</span><span class="p">(</span><span class="dl">'</span><span class="s1">*</span><span class="dl">'</span><span class="p">).</span><span class="k">from</span><span class="p">(</span><span class="dl">'</span><span class="s1">users</span><span class="dl">'</span><span class="p">)</span> <span class="p">.</span><span class="nf">then</span><span class="p">(</span><span class="nx">data</span> <span class="o">=&gt;</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="nx">data</span><span class="p">))</span> <span class="p">.</span><span class="k">catch</span><span class="p">(</span><span class="nx">err</span> <span class="o">=&gt;</span> <span class="nx">console</span><span class="p">.</span><span class="nf">error</span><span class="p">(</span><span class="dl">"</span><span class="s2">Database connection test failed:</span><span class="dl">"</span><span class="p">,</span> <span class="nx">err</span><span class="p">));</span> </code></pre> </div> <p>I didn’t get any errors, which meant everything was working fine. Now, it was time for Refactoring API Endpoints.</p> <h3> <strong>Refactoring API Endpoints for Database Interaction</strong> </h3> <h3> <strong>Implementing Password Hashing with bcryptjs</strong> </h3> <p>Password hashing is critical: storing plain text passwords is a severe security vulnerability. I chose <strong><code>bcryptjs</code></strong> for its proven reliability and adherence to modern security standards, ensuring user password privacy. Passwords should only be known to the user, not even the company.</p> <p>To integrate <code>bcryptjs</code>, I installed it first:</p> <p><code>npm install bcryptjs</code></p> <p>Then, I imported it into my <code>server.js</code> file: <code>import bcrypt from "bcryptjs";</code></p> <p>For this initial implementation, I opted for <code>bcryptjs</code>'s synchronous hashing to simplify the learning curve. Future iterations will adopt asynchronous methods for improved performance and non-blocking operations in a production environment.</p> <p>Now, let's refactor the endpoints. I largely referred to the Knex.js documentation for guidance during this process.</p> <h3> <strong>Refactoring the <code>/register</code> Endpoint</strong> </h3> <p>To make it easier to understand, here's the code, followed by a line-by-line explanation:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight jsx"><code><span class="nx">app</span><span class="p">.</span><span class="nf">post</span><span class="p">(</span><span class="dl">'</span><span class="s1">/register</span><span class="dl">'</span><span class="p">,</span> <span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="p">{</span><span class="nx">name</span><span class="p">,</span> <span class="nx">email</span><span class="p">,</span> <span class="nx">password</span><span class="p">}</span> <span class="o">=</span> <span class="nx">req</span><span class="p">.</span><span class="nx">body</span><span class="p">;</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">name</span> <span class="o">||</span> <span class="o">!</span><span class="nx">email</span> <span class="o">||</span> <span class="o">!</span><span class="nx">password</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">400</span><span class="p">).</span><span class="nf">json</span><span class="p">(</span><span class="dl">'</span><span class="s1">Incorrect form submission</span><span class="dl">'</span><span class="p">);</span> <span class="p">}</span> <span class="kd">const</span> <span class="nx">salt</span> <span class="o">=</span> <span class="nx">bcrypt</span><span class="p">.</span><span class="nf">genSaltSync</span><span class="p">(</span><span class="mi">10</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">hash</span> <span class="o">=</span> <span class="nx">bcrypt</span><span class="p">.</span><span class="nf">hashSync</span><span class="p">(</span><span class="nx">password</span><span class="p">,</span> <span class="nx">salt</span><span class="p">);</span> <span class="nx">db</span><span class="p">.</span><span class="nf">transaction</span><span class="p">(</span><span class="nx">trx</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">trx</span><span class="p">.</span><span class="nf">insert</span><span class="p">({</span> <span class="na">hash</span><span class="p">:</span> <span class="nx">hash</span><span class="p">,</span> <span class="na">email</span><span class="p">:</span> <span class="nx">email</span> <span class="p">})</span> <span class="p">.</span><span class="nf">into</span><span class="p">(</span><span class="dl">'</span><span class="s1">login</span><span class="dl">'</span><span class="p">)</span> <span class="p">.</span><span class="nf">returning</span><span class="p">(</span><span class="dl">'</span><span class="s1">email</span><span class="dl">'</span><span class="p">)</span> <span class="p">.</span><span class="nf">then</span><span class="p">(</span><span class="nx">loginEmail</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">return</span> <span class="nf">trx</span><span class="p">(</span><span class="dl">'</span><span class="s1">users</span><span class="dl">'</span><span class="p">)</span> <span class="p">.</span><span class="nf">returning</span><span class="p">(</span><span class="dl">'</span><span class="s1">*</span><span class="dl">'</span><span class="p">)</span> <span class="p">.</span><span class="nf">insert</span><span class="p">({</span> <span class="na">name</span><span class="p">:</span> <span class="nx">name</span><span class="p">,</span> <span class="na">email</span><span class="p">:</span> <span class="nx">loginEmail</span><span class="p">[</span><span class="mi">0</span><span class="p">].</span><span class="nx">email</span><span class="p">,</span> <span class="na">joined</span><span class="p">:</span> <span class="k">new</span> <span class="nc">Date</span><span class="p">()</span> <span class="p">})</span> <span class="p">.</span><span class="nf">then</span><span class="p">(</span><span class="nx">user</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">res</span><span class="p">.</span><span class="nf">json</span><span class="p">(</span><span class="nx">user</span><span class="p">[</span><span class="mi">0</span><span class="p">]);</span> <span class="p">});</span> <span class="p">})</span> <span class="p">.</span><span class="nf">then</span><span class="p">(</span><span class="nx">trx</span><span class="p">.</span><span class="nx">commit</span><span class="p">)</span> <span class="p">.</span><span class="k">catch</span><span class="p">(</span><span class="nx">trx</span><span class="p">.</span><span class="nx">rollback</span><span class="p">)</span> <span class="p">.</span><span class="k">catch</span><span class="p">(</span><span class="nx">err</span> <span class="o">=&gt;</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">400</span><span class="p">).</span><span class="nf">json</span><span class="p">(</span><span class="dl">'</span><span class="s1">Unable to register</span><span class="dl">'</span><span class="p">));</span> <span class="p">});</span> <span class="p">});</span> </code></pre> </div> <ul> <li> <code>const {name, email, password} = req.body;</code>: This is a simple destructuring method, used for cleaner code by avoiding <code>req.body.name</code> repeatedly.</li> <li> <code>if (!name || !email || !password) { return res.status(400).json('Incorrect form submission'); }</code>: This validation ensures all required fields are submitted, preventing incomplete user registrations and improving data integrity.</li> <li> <code>const salt = bcrypt.genSaltSync(10); const hash = bcrypt.hashSync(password, salt);</code>: This step is for hashing the password using <code>bcryptjs</code>. As mentioned, I used the synchronous method for simplicity in this initial project.</li> <li> <code>db.transaction(trx =&gt; { ... });</code>: I utilized <strong>Knex.js transactions</strong> to ensure atomic operations when inserting user data into both the <code>login</code> and <code>users</code> tables. This guarantees that either both inserts succeed, or neither does, maintaining data consistency. <ul> <li> <code>trx.insert({ hash: hash, email: email }).into('login').returning('email')</code>: Inserts the hashed password and email into the <code>login</code> table, returning the email to be used in the next step.</li> <li> <code>.then(loginEmail =&gt; { return trx('users').returning('*').insert({ ... }) ... });</code>: Takes the returned email from the <code>login</code> table and inserts it into the <code>users</code> table along with other user information, returning the newly created user record.</li> </ul> </li> <li> <code>.then(user =&gt; { res.json(user[0]); })</code>: Sends the newly created user object back to the client.</li> <li> <code>.then(trx.commit).catch(trx.rollback)</code>: <code>.then(trx.commit)</code> ensures the transaction is committed if all operations succeed, while <code>.catch(trx.rollback)</code> rolls back all changes if any error occurs within the transaction, maintaining data consistency.</li> <li> <code>.catch(err =&gt; res.status(400).json('Unable to register'));</code>: Catches any errors during the transaction and returns a generic 'Unable to register' message to the client for security reasons, avoiding revealing exact error details.</li> </ul> <h3> <strong>Refactoring the <code>/signin</code> Endpoint</strong> </h3> <p>Now, it’s time for refactoring the sign-in endpoint:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight jsx"><code><span class="nx">app</span><span class="p">.</span><span class="nf">post</span><span class="p">(</span><span class="dl">'</span><span class="s1">/signin</span><span class="dl">'</span><span class="p">,</span> <span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="p">{</span><span class="nx">password</span><span class="p">,</span> <span class="nx">email</span><span class="p">}</span> <span class="o">=</span> <span class="nx">req</span><span class="p">.</span><span class="nx">body</span><span class="p">;</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">email</span> <span class="o">||</span> <span class="o">!</span><span class="nx">password</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">400</span><span class="p">).</span><span class="nf">json</span><span class="p">(</span><span class="dl">'</span><span class="s1">Please enter email and password</span><span class="dl">'</span><span class="p">);</span> <span class="p">}</span> <span class="nx">db</span><span class="p">.</span><span class="nf">select</span><span class="p">(</span><span class="dl">'</span><span class="s1">email</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">hash</span><span class="dl">'</span><span class="p">).</span><span class="k">from</span><span class="p">(</span><span class="dl">'</span><span class="s1">login</span><span class="dl">'</span><span class="p">)</span> <span class="p">.</span><span class="nf">where</span><span class="p">(</span><span class="dl">'</span><span class="s1">email</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">=</span><span class="dl">'</span><span class="p">,</span> <span class="nx">email</span><span class="p">)</span> <span class="p">.</span><span class="nf">then</span><span class="p">(</span><span class="nx">data</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">data</span><span class="p">.</span><span class="nx">length</span><span class="p">)</span> <span class="p">{</span> <span class="c1">// Check if user exists before attempting to access data[0]</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">400</span><span class="p">).</span><span class="nf">json</span><span class="p">(</span><span class="dl">'</span><span class="s1">Wrong credentials</span><span class="dl">'</span><span class="p">);</span> <span class="p">}</span> <span class="kd">const</span> <span class="nx">isValid</span> <span class="o">=</span> <span class="nx">bcrypt</span><span class="p">.</span><span class="nf">compareSync</span><span class="p">(</span><span class="nx">password</span><span class="p">,</span> <span class="nx">data</span><span class="p">[</span><span class="mi">0</span><span class="p">].</span><span class="nx">hash</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="nx">isValid</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">db</span><span class="p">.</span><span class="nf">select</span><span class="p">(</span><span class="dl">'</span><span class="s1">*</span><span class="dl">'</span><span class="p">).</span><span class="k">from</span><span class="p">(</span><span class="dl">'</span><span class="s1">users</span><span class="dl">'</span><span class="p">)</span> <span class="p">.</span><span class="nf">where</span><span class="p">(</span><span class="dl">'</span><span class="s1">email</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">=</span><span class="dl">'</span><span class="p">,</span> <span class="nx">email</span><span class="p">)</span> <span class="p">.</span><span class="nf">then</span><span class="p">(</span><span class="nx">user</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">res</span><span class="p">.</span><span class="nf">json</span><span class="p">(</span><span class="nx">user</span><span class="p">[</span><span class="mi">0</span><span class="p">]);</span> <span class="p">})</span> <span class="p">.</span><span class="k">catch</span><span class="p">(</span><span class="nx">err</span> <span class="o">=&gt;</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">400</span><span class="p">).</span><span class="nf">json</span><span class="p">(</span><span class="dl">'</span><span class="s1">Unable to get user</span><span class="dl">'</span><span class="p">));</span> <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">400</span><span class="p">).</span><span class="nf">json</span><span class="p">(</span><span class="dl">'</span><span class="s1">Wrong credentials</span><span class="dl">'</span><span class="p">);</span> <span class="p">}</span> <span class="p">})</span> <span class="p">.</span><span class="k">catch</span><span class="p">(</span><span class="nx">err</span> <span class="o">=&gt;</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">400</span><span class="p">).</span><span class="nf">json</span><span class="p">(</span><span class="dl">'</span><span class="s1">Unknown user</span><span class="dl">'</span><span class="p">));</span> <span class="p">});</span> </code></pre> </div> <ul> <li> <code>db.select('email', 'hash').from('login').where('email', '=', email)</code>: This step fetches the email and hashed password (<code>hash</code>) from the <code>login</code> table for the provided email.</li> <li> <code>if (!data.length) { return res.status(400).json('Wrong credentials'); }</code>: Crucially, this check ensures that a user with the provided email exists before attempting to compare passwords, preventing errors if <code>data</code> is empty.</li> <li> <code>const isValid = bcrypt.compareSync(password, data[0].hash);</code>: The retrieved hash is then compared with the provided password using <code>bcryptjs.compareSync()</code>.</li> <li>If <code>isValid</code> is true (password matches), the code fetches the full user profile from the <code>users</code> table and responds with <code>user[0]</code>. Otherwise, it responds with 'Wrong credentials' or 'Unknown user' in case of other errors, again avoiding specific error details.</li> </ul> <h3> <strong>Refactoring the <code>/profile/:id</code> Endpoint</strong> </h3> <p>This endpoint is simpler, as it only needs to retrieve a user's profile based on their ID from <code>req.params</code>.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight jsx"><code><span class="nx">app</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">/profile/:id</span><span class="dl">'</span><span class="p">,</span> <span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="c1">// Corrected endpoint path</span> <span class="kd">const</span> <span class="p">{</span><span class="nx">id</span><span class="p">}</span> <span class="o">=</span> <span class="nx">req</span><span class="p">.</span><span class="nx">params</span><span class="p">;</span> <span class="nx">db</span><span class="p">.</span><span class="nf">select</span><span class="p">(</span><span class="dl">'</span><span class="s1">*</span><span class="dl">'</span><span class="p">).</span><span class="k">from</span><span class="p">(</span><span class="dl">'</span><span class="s1">users</span><span class="dl">'</span><span class="p">)</span> <span class="p">.</span><span class="nf">where</span><span class="p">(</span><span class="dl">'</span><span class="s1">id</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">=</span><span class="dl">'</span><span class="p">,</span> <span class="nx">id</span><span class="p">)</span> <span class="p">.</span><span class="nf">then</span><span class="p">(</span><span class="nx">user</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">user</span><span class="p">.</span><span class="nx">length</span><span class="p">)</span> <span class="p">{</span> <span class="nx">res</span><span class="p">.</span><span class="nf">json</span><span class="p">(</span><span class="nx">user</span><span class="p">[</span><span class="mi">0</span><span class="p">]);</span> <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">400</span><span class="p">).</span><span class="nf">json</span><span class="p">(</span><span class="dl">'</span><span class="s1">Not Found</span><span class="dl">'</span><span class="p">);</span> <span class="p">}</span> <span class="p">})</span> <span class="p">.</span><span class="k">catch</span><span class="p">(</span><span class="nx">err</span> <span class="o">=&gt;</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">400</span><span class="p">).</span><span class="nf">json</span><span class="p">(</span><span class="dl">'</span><span class="s1">Error getting user</span><span class="dl">'</span><span class="p">));</span> <span class="p">});</span> </code></pre> </div> <h3> <strong>Refactoring the <code>/image</code> Endpoint</strong> </h3> <p>Similar to <code>/profile/:id</code>, this endpoint updates the image entries count for a user.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight jsx"><code><span class="nx">app</span><span class="p">.</span><span class="nf">put</span><span class="p">(</span><span class="dl">'</span><span class="s1">/image</span><span class="dl">'</span><span class="p">,</span> <span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">id</span> <span class="p">}</span> <span class="o">=</span> <span class="nx">req</span><span class="p">.</span><span class="nx">body</span><span class="p">;</span> <span class="nf">db</span><span class="p">(</span><span class="dl">'</span><span class="s1">users</span><span class="dl">'</span><span class="p">).</span><span class="nf">where</span><span class="p">(</span><span class="dl">'</span><span class="s1">id</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">=</span><span class="dl">'</span><span class="p">,</span> <span class="nx">id</span><span class="p">)</span> <span class="p">.</span><span class="nf">increment</span><span class="p">(</span><span class="dl">'</span><span class="s1">entries</span><span class="dl">'</span><span class="p">,</span> <span class="mi">1</span><span class="p">)</span> <span class="p">.</span><span class="nf">returning</span><span class="p">(</span><span class="dl">'</span><span class="s1">entries</span><span class="dl">'</span><span class="p">)</span> <span class="p">.</span><span class="nf">then</span><span class="p">(</span><span class="nx">entries</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">res</span><span class="p">.</span><span class="nf">json</span><span class="p">(</span><span class="nx">entries</span><span class="p">[</span><span class="mi">0</span><span class="p">].</span><span class="nx">entries</span><span class="p">);</span> <span class="p">})</span> <span class="p">.</span><span class="k">catch</span><span class="p">(</span><span class="nx">err</span> <span class="o">=&gt;</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">400</span><span class="p">).</span><span class="nf">json</span><span class="p">(</span><span class="dl">'</span><span class="s1">Unable to update entries</span><span class="dl">'</span><span class="p">));</span> <span class="p">});</span> </code></pre> </div> <p>After implementing these changes, I thoroughly tested all endpoints, and everything was working correctly without errors. This was a significant step forward!</p> <h3> <strong>Handling Database Errors and Security Considerations</strong> </h3> <h3> <strong>Robust Error Management</strong> </h3> <p>For error management, I ensured that no exact error details are exposed to the user. All endpoints return generic error messages (e.g., 'Unable to register', 'Wrong credentials', 'Not Found'), enhancing security and user experience.</p> <h3> <strong>Basic Frontend Response Handling</strong> </h3> <p>While the backend handles primary security like hashing and API key management, the frontend also plays a role in how it processes responses. After fetching data from the backend:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight jsx"><code><span class="p">.</span><span class="nf">then</span><span class="p">(</span><span class="nx">res</span> <span class="o">=&gt;</span> <span class="nx">res</span><span class="p">.</span><span class="nf">json</span><span class="p">())</span> <span class="p">.</span><span class="nf">then</span><span class="p">(</span><span class="nx">user</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">user</span><span class="p">.</span><span class="nx">id</span><span class="p">)</span> <span class="p">{</span> <span class="k">this</span><span class="p">.</span><span class="nx">props</span><span class="p">.</span><span class="nf">loadUser</span><span class="p">(</span><span class="nx">user</span><span class="p">);</span> <span class="k">this</span><span class="p">.</span><span class="nx">props</span><span class="p">.</span><span class="nf">onRouteChange</span><span class="p">(</span><span class="dl">'</span><span class="s1">home</span><span class="dl">'</span><span class="p">);</span> <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> <span class="nf">alert</span><span class="p">(</span><span class="dl">"</span><span class="s2">Invalid credentials</span><span class="dl">"</span><span class="p">);</span> <span class="p">}</span> <span class="p">})</span> </code></pre> </div> <p>This snippet ensures that if a valid user ID is returned from the backend, the user's data is loaded, and the application navigates to the 'home' route. If no user ID is present, an alert indicates invalid credentials. The <code>loadUser</code> function (defined in <code>App.jsx</code>) updates the application's state with the user's details:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight jsx"><code><span class="nx">loadUser</span> <span class="o">=</span> <span class="p">(</span><span class="nx">data</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">this</span><span class="p">.</span><span class="nf">setState</span><span class="p">({</span><span class="na">user</span> <span class="p">:</span> <span class="p">{</span> <span class="na">id</span><span class="p">:</span> <span class="nx">data</span><span class="p">.</span><span class="nx">id</span><span class="p">,</span> <span class="na">name</span><span class="p">:</span> <span class="nx">data</span><span class="p">.</span><span class="nx">name</span><span class="p">,</span> <span class="na">email</span><span class="p">:</span> <span class="nx">data</span><span class="p">.</span><span class="nx">email</span><span class="p">,</span> <span class="na">entries</span><span class="p">:</span> <span class="nx">data</span><span class="p">.</span><span class="nx">entries</span><span class="p">,</span> <span class="na">joined</span><span class="p">:</span> <span class="nx">data</span><span class="p">.</span><span class="nx">joined</span> <span class="p">}});</span> <span class="p">};</span> </code></pre> </div> <p>This state management ensures the frontend accurately reflects the logged-in user's information.</p> <p><em>(</em><em>Important Security Note:</em>* For production applications, storing sensitive user data or tokens directly in <code>localStorage</code> or <code>sessionStorage</code> on the frontend should be done with extreme caution due to XSS vulnerabilities. More secure methods, like <code>httpOnly</code> cookies, are typically preferred for handling authentication tokens.)*</p> <h3> <strong>Transferring Clarifai API to Backend</strong> </h3> <p>To prevent exposing my Personal Access Token (PAT) key from the frontend console, I transferred the Clarifai API call to the backend. This is a critical security measure.</p> <p>Here’s the backend code snippet for handling the Clarifai API call:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight jsx"><code><span class="kd">const</span> <span class="nx">handleAPICall</span> <span class="o">=</span> <span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">input</span> <span class="p">}</span> <span class="o">=</span> <span class="nx">req</span><span class="p">.</span><span class="nx">body</span><span class="p">;</span> <span class="c1">// IMPORTANT: These should be loaded from environment variables (.env file)</span> <span class="c1">// and NOT hardcoded or committed to version control in a real application.</span> <span class="kd">const</span> <span class="nx">PAT</span> <span class="o">=</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">CLARIFAI_PAT</span><span class="p">;</span> <span class="c1">// Your Personal Access Token</span> <span class="kd">const</span> <span class="nx">USER_ID</span> <span class="o">=</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">CLARIFAI_USER_ID</span><span class="p">;</span> <span class="c1">// Your Clarifai User ID</span> <span class="kd">const</span> <span class="nx">APP_ID</span> <span class="o">=</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">CLARIFAI_APP_ID</span><span class="p">;</span> <span class="c1">// Your Clarifai App ID</span> <span class="kd">const</span> <span class="nx">MODEL_ID</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">face-detection</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">IMAGE_URL</span> <span class="o">=</span> <span class="nx">input</span><span class="p">;</span> <span class="c1">// Clarifai API request setup (largely from Clarifai Docs)</span> <span class="kd">const</span> <span class="nx">raw</span> <span class="o">=</span> <span class="nx">JSON</span><span class="p">.</span><span class="nf">stringify</span><span class="p">({</span> <span class="dl">"</span><span class="s2">user_app_id</span><span class="dl">"</span><span class="p">:</span> <span class="p">{</span> <span class="dl">"</span><span class="s2">user_id</span><span class="dl">"</span><span class="p">:</span> <span class="nx">USER_ID</span><span class="p">,</span> <span class="dl">"</span><span class="s2">app_id</span><span class="dl">"</span><span class="p">:</span> <span class="nx">APP_ID</span> <span class="p">},</span> <span class="dl">"</span><span class="s2">inputs</span><span class="dl">"</span><span class="p">:</span> <span class="p">[</span> <span class="p">{</span> <span class="dl">"</span><span class="s2">data</span><span class="dl">"</span><span class="p">:</span> <span class="p">{</span> <span class="dl">"</span><span class="s2">image</span><span class="dl">"</span><span class="p">:</span> <span class="p">{</span> <span class="dl">"</span><span class="s2">url</span><span class="dl">"</span><span class="p">:</span> <span class="nx">IMAGE_URL</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> <span class="p">]</span> <span class="p">});</span> <span class="kd">const</span> <span class="nx">requestOptions</span> <span class="o">=</span> <span class="p">{</span> <span class="na">method</span><span class="p">:</span> <span class="dl">'</span><span class="s1">POST</span><span class="dl">'</span><span class="p">,</span> <span class="na">headers</span><span class="p">:</span> <span class="p">{</span> <span class="dl">'</span><span class="s1">Accept</span><span class="dl">'</span><span class="p">:</span> <span class="dl">'</span><span class="s1">application/json</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">Authorization</span><span class="dl">'</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Key </span><span class="dl">'</span> <span class="o">+</span> <span class="nx">PAT</span> <span class="p">},</span> <span class="na">body</span><span class="p">:</span> <span class="nx">raw</span> <span class="p">};</span> <span class="nf">fetch</span><span class="p">(</span><span class="dl">"</span><span class="s2">https://api.clarifai.com/v2/models/</span><span class="dl">"</span> <span class="o">+</span> <span class="nx">MODEL_ID</span> <span class="o">+</span> <span class="dl">"</span><span class="s2">/outputs</span><span class="dl">"</span><span class="p">,</span> <span class="nx">requestOptions</span><span class="p">)</span> <span class="p">.</span><span class="nf">then</span><span class="p">(</span><span class="nx">response</span> <span class="o">=&gt;</span> <span class="nx">response</span><span class="p">.</span><span class="nf">json</span><span class="p">())</span> <span class="p">.</span><span class="nf">then</span><span class="p">(</span><span class="nx">data</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">res</span><span class="p">.</span><span class="nf">json</span><span class="p">(</span><span class="nx">data</span><span class="p">);</span> <span class="p">})</span> <span class="p">.</span><span class="k">catch</span><span class="p">(</span><span class="nx">err</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">400</span><span class="p">).</span><span class="nf">json</span><span class="p">(</span><span class="dl">'</span><span class="s1">Unable to work with API</span><span class="dl">'</span><span class="p">);</span> <span class="p">});</span> <span class="p">};</span> <span class="c1">// You'll also need an endpoint to handle this API call, e.g.:</span> <span class="c1">// app.post('/imageurl', (req, res) =&gt; { handleAPICall(req, res); });</span> </code></pre> </div> <p>The core API call structure largely follows Clarifai's documentation, adapted for a Node.js environment. I've created a dedicated endpoint (<code>/imageurl</code>) on the backend to manage this API call securely. The key modification is handling the API response and passing it back to the frontend.</p> <p>Here's the frontend code snippet after adjusting the Clarifai API call to the backend:</p> <p>JavaScript<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight jsx"><code><span class="nx">onButtonSubmit</span> <span class="o">=</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">this</span><span class="p">.</span><span class="nf">setState</span><span class="p">({</span><span class="na">imageUrl</span><span class="p">:</span> <span class="k">this</span><span class="p">.</span><span class="nx">state</span><span class="p">.</span><span class="nx">input</span><span class="p">},</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nf">fetch</span><span class="p">(</span><span class="dl">'</span><span class="s1">http://localhost:3000/imageurl</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="c1">// IMPORTANT: Change this to your DEPLOYED backend URL for production!</span> <span class="na">method</span><span class="p">:</span> <span class="dl">'</span><span class="s1">post</span><span class="dl">'</span><span class="p">,</span> <span class="na">headers</span><span class="p">:</span> <span class="p">{</span><span class="dl">'</span><span class="s1">Content-Type</span><span class="dl">'</span><span class="p">:</span> <span class="dl">'</span><span class="s1">application/json</span><span class="dl">'</span><span class="p">},</span> <span class="na">body</span><span class="p">:</span> <span class="nx">JSON</span><span class="p">.</span><span class="nf">stringify</span><span class="p">({</span> <span class="na">input</span><span class="p">:</span> <span class="k">this</span><span class="p">.</span><span class="nx">state</span><span class="p">.</span><span class="nx">input</span> <span class="p">})</span> <span class="p">})</span> <span class="p">.</span><span class="nf">then</span><span class="p">(</span><span class="nx">response</span> <span class="o">=&gt;</span> <span class="nx">response</span><span class="p">.</span><span class="nf">json</span><span class="p">())</span> <span class="p">.</span><span class="nf">then</span><span class="p">(</span><span class="nx">result</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">result</span><span class="p">)</span> <span class="p">{</span> <span class="nf">fetch</span><span class="p">(</span><span class="dl">'</span><span class="s1">http://localhost:3000/image</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="c1">// IMPORTANT: Change this to your DEPLOYED backend URL for production!</span> <span class="na">method</span><span class="p">:</span> <span class="dl">'</span><span class="s1">put</span><span class="dl">'</span><span class="p">,</span> <span class="na">headers</span><span class="p">:</span> <span class="p">{</span><span class="dl">'</span><span class="s1">Content-Type</span><span class="dl">'</span><span class="p">:</span> <span class="dl">'</span><span class="s1">application/json</span><span class="dl">'</span><span class="p">},</span> <span class="na">body</span><span class="p">:</span> <span class="nx">JSON</span><span class="p">.</span><span class="nf">stringify</span><span class="p">({</span> <span class="na">id</span><span class="p">:</span> <span class="k">this</span><span class="p">.</span><span class="nx">state</span><span class="p">.</span><span class="nx">user</span><span class="p">.</span><span class="nx">id</span> <span class="p">})</span> <span class="p">})</span> <span class="p">.</span><span class="nf">then</span><span class="p">(</span><span class="nx">res</span> <span class="o">=&gt;</span> <span class="nx">res</span><span class="p">.</span><span class="nf">json</span><span class="p">())</span> <span class="p">.</span><span class="nf">then</span><span class="p">(</span><span class="nx">count</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">this</span><span class="p">.</span><span class="nf">setState</span><span class="p">(</span><span class="nb">Object</span><span class="p">.</span><span class="nf">assign</span><span class="p">(</span><span class="k">this</span><span class="p">.</span><span class="nx">state</span><span class="p">.</span><span class="nx">user</span><span class="p">,</span> <span class="p">{</span><span class="na">entries</span><span class="p">:</span> <span class="nx">count</span><span class="p">}));</span> <span class="p">});</span> <span class="p">}</span> <span class="k">this</span><span class="p">.</span><span class="nf">displayFaceBox</span><span class="p">(</span><span class="k">this</span><span class="p">.</span><span class="nf">calculateFaceLocation</span><span class="p">(</span><span class="nx">result</span><span class="p">));</span> <span class="p">})</span> <span class="p">.</span><span class="k">catch</span><span class="p">(</span><span class="nx">error</span> <span class="o">=&gt;</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="dl">'</span><span class="s1">error</span><span class="dl">'</span><span class="p">,</span> <span class="nx">error</span><span class="p">));</span> <span class="p">});</span> <span class="p">};</span> </code></pre> </div> <p>The frontend now sends the image URL to its own backend endpoint (<code>/imageurl</code>), which then securely handles the Clarifai API interaction and returns the results. If a successful result is received, a subsequent call updates the user's image entry count.</p> <h3> <strong>Conclusion: The Full-Stack Picture Nears Completion</strong> </h3> <p>It was incredibly satisfying to see everything working seamlessly after creating the real database and connecting it to the backend server using Knex.js. Knex made building queries and interacting with the backend surprisingly simple. My application now feels like a complete full-stack app, with user data stored perfectly and securely in the database.</p> <h3> <strong>Key Learning Points:</strong> </h3> <ul> <li>Database design principles (including table separation for security).</li> <li>Working with PostgreSQL for persistent data storage.</li> <li>Mastering Knex.js for efficient and readable database operations.</li> <li>Implementing secure password hashing with <code>bcryptjs</code>.</li> <li>Refactoring API endpoints for robust database interaction.</li> <li>Understanding the importance of moving sensitive API calls to the backend for security.</li> </ul> <h3> <strong>What's Next: Deployment</strong> </h3> <p>Deployment proved to be a significant challenge. While my prior learning focused on Heroku, I opted for Render.com due to its free tier – a platform with distinct deployment processes. Despite taking a full day, successfully deploying the application was a highly rewarding experience.</p> <p>I'm thinking of sharing my complete experience with Render.com, a step-by-step guide on how I deployed my app, as it might help someone else facing similar issues.</p> <p>Okay, lastly, don’t forget to share your thoughts and leave some comments below. And as I also say at the end of my every blog, if you find something advisable, please tell me—I’m always open to advice!</p> database postgres nextjs webdev Building My First Full-Stack App: Part 2 - Crafting the Node.js Backend for Face Detection Abhinav Anand Fri, 13 Jun 2025 08:06:48 +0000 https://dev.to/abhinavan00/building-my-first-full-stack-app-part-2-crafting-the-nodejs-backend-for-face-detection-52n2 https://dev.to/abhinavan00/building-my-first-full-stack-app-part-2-crafting-the-nodejs-backend-for-face-detection-52n2 <h1> <strong>Setting Up the Node.js and Express.js Server</strong> </h1> <h2> <strong>Initializing the Project</strong> </h2> <p>I started by creating a dedicated folder for the server and ran npm init to set up the basic Node.js package.json file. After that, I created the main server file, <code>server.js</code>.</p> <h2> <strong>Express.js Fundamentals in Action</strong> </h2> <p>To get the server running, I installed <strong>Express.js</strong> by running npm install express.</p> <p>My basic server setup in <code>server.js</code> looked like this:</p> <p>import express from 'express';<br> const app = express();</p> <p>// Root route to test if the server is working<br> app.get('/', (req, res) =&gt; {<br> res.json('working');<br> });` </p> <p>`app.listen(3000, () =&gt; {<br> console.log('Server is running on port 3000');<br> });</p> <p>I tested this root route with Postman.com to confirm the server was up and running.</p> <h2> <strong>A Crucial Middleware Lesson: Parsing Request Bodies</strong> </h2> <p>During initial testing, I quickly encountered an error. The server wasn't able to read the incoming request bodies from the frontend. After some investigation, I realized I'd forgotten to add the necessary middleware to parse the response. To fix this, I simply added app.use(express.json()). With this in place, my server could now correctly interpret JSON data sent from the frontend, and everything started working as expected.</p> <h1> <strong>Designing API Endpoints for Face Detection</strong> </h1> <h2> <strong>Planning the API Structure</strong> </h2> <p>Before diving into implementation, I like to outline the overall structure of my API endpoints. This planning phase simplifies development, even for a smaller number of routes. My planned structure looked something like this:</p> <p>/*<br> /signin --&gt; POST = will respond =&gt; success/failed<br> /register --&gt; POST = will respond =&gt; user<br> /profile/:id --&gt; GET = will respond =&gt; user<br> /image --&gt; PUT = will respond =&gt; updated user's data<br> */</p> <p>Now, let's create each of these API endpoints step by step.</p> <h3> <strong>The /signin Endpoint</strong> </h3> <p>To test this endpoint, I started with a simple, temporary <strong>fake database</strong> containing two users. This allowed me to simulate authentication without setting up a full database yet.</p> <p>Here's the initial sign-in route I created:</p> <p>app.post('/signin', (req, res) =&gt; {<br> const { email, password } = req.body; // Destructuring for cleaner code<br> // For simplicity during testing, hardcoded a single user for authentication.<br> if (database.user[0].email === email &amp;&amp; database.user[0].password === password) {<br> res.json('success');<br> } else {<br> res.status(400).json('Invalid Credentials');<br> }<br> });</p> <h3> <strong>The /register Endpoint</strong> </h3> <p>For the registration route, I simulated adding a new user to our temporary database using the array's <code>push</code> method:</p> <p><code>app.post('/register', (req, res) =&gt; {<br> const { email, name, password } = req.body;<br> database.users.push({<br> id: '125',<br> name: name,<br> email: email,<br> password: password,<br> entries: 0,<br> joined: new Date()<br> });<br> res.json(database.users[database.users.length - 1]);<br> });</code></p> <h3> <strong>The <code>/profile/:id</code> Endpoint</strong> </h3> <p>While not immediately used by the frontend in this version, I included this route for future expandability, allowing users to view their profiles later.</p> <p>JavaScript</p> <p><code>app.get('/profile/:id', (req, res) =&gt; {<br> const { id } = req.params;<br> let found = false;<br> database.users.forEach(user =&gt; {<br> if (user.id === id) {<br> found = true;<br> return res.json(user);<br> }<br> });<br> if (!found) {<br> res.status(404).json('User Not Found');<br> }<br> });</code></p> <h3> <strong>The <code>/image</code> Endpoint</strong> </h3> <p>This endpoint is designed to receive a user ID and increment their <code>entries</code> count, similar to the profile route.</p> <p>JavaScript</p> <p><code>app.put('/image', (req, res) =&gt; {<br> const { id } = req.body;<br> let found = false;<br> database.users.forEach(user =&gt; {<br> if (user.id === id) {<br> found = true;<br> user.entries++;<br> return res.json(user.entries);<br> }<br> });<br> if (!found) {<br> res.status(404).json('User Not Found');<br> }<br> });</code></p> <p>After implementing each endpoint, I thoroughly tested it using Postman before moving to the next, ensuring functionality.</p> <h2> <strong>Crucial for Full-Stack: Understanding and Implementing CORS</strong> </h2> <p>All necessary endpoints were created and tested. It was time to connect them to the frontend. However, after connecting the sign-in endpoint and testing it with my frontend, I encountered the infamous <strong>CORS (Cross-Origin Resource Sharing) issue</strong>.</p> <p>The browser console showed that the request was blocked due to "no-cors." After doing some research, I understood that CORS ensures security by allowing controlled sharing of resources across different origins (domains) in a web browser. The backend is the proper place to handle this issue because it ensures that security rules are consistently applied and cannot be bypassed by malicious clients.</p> <p>To solve this, I added the <code>cors</code> middleware to the backend. I installed it using <code>npm install cors</code>, imported it (<code>import cors from 'cors'</code>), and then added it as middleware (<code>app.use(cors())</code>). With this, the sign-in endpoint now works perfectly with the frontend.</p> <h1> <strong>Conclusion: The Backend's Power and What's Next</strong> </h1> <p>In this part, we successfully built and connected a foundational backend server to our frontend. While currently using a mock database for initial testing, this setup was crucial for establishing the core application flow.</p> <p>I learned a lot in this phase, including:</p> <ul> <li>The value of outlining basic server endpoints before connecting to a final database.</li> <li>How to efficiently test API endpoints using <strong>Postman.com</strong>.</li> <li>The importance of <code>express.json()</code> middleware for parsing request bodies.</li> <li>The practical steps to connect backend endpoints to a frontend.</li> <li>How to identify and effectively handle <strong>CORS issues</strong> in a full-stack application.</li> <li>The fundamental concepts of backend server development.</li> </ul> <h2> <strong>A Note on Clarifai API Integration (Next Steps)</strong> </h2> <p>You might have noticed that I haven't moved the Clarifai API integration to the backend in this specific part. My development approach was to first ensure all core components (frontend, backend server, and eventually database) were functional and communicating correctly. In a later refinement stage, or in a subsequent blog post, I'll integrate the Clarifai API directly into this backend for enhanced security and a more robust application architecture.</p> <h2> <strong>What's Coming in Part 3</strong> </h2> <p>Now that our frontend and backend are communicating, the next logical step is to introduce persistence! In Part 3, we'll dive into the <strong>database part</strong>. We'll talk about how I created the database and connected it to the backend server using <strong>Knex.js</strong>.</p> <p>Please don't forget to share your thoughts and leave comments about this blog. I'm always open to advice, so if you find something that needs to be changed or can be improved, just tell me!</p> backenddevelopment node express webdev Building My First Full-Stack App: Part 1 - Crafting the React Frontend for Face Detection Abhinav Anand Tue, 27 May 2025 10:10:13 +0000 https://dev.to/abhinavan00/building-my-first-full-stack-app-part-1-crafting-the-react-frontend-for-face-detection-48k1 https://dev.to/abhinavan00/building-my-first-full-stack-app-part-1-crafting-the-react-frontend-for-face-detection-48k1 <h1> <strong>Introduction</strong> </h1> <p>This is my first deep dive into building a full-stack web application, and I'm excited to share my learning journey and the technical steps involved. My goal with this project was to solidify my understanding of frontend development with React, connect to an external API, build a robust backend server, and manage a database – culminating in a deployed application.</p> <h2> <strong>What is this app?</strong> </h2> <p>This is a simple web application where users can paste an image URL, and the app will detect and highlight faces within that image.</p> <h2> <strong>Key Technologies Used:</strong> </h2> <ul> <li> <strong>Front-End:</strong> Vite + React.js</li> <li> <strong>Back-End:</strong> Node.js + Express.js</li> <li> <strong>Database:</strong> PostgreSQL (managed with dBeaver)</li> </ul> <h3> You can explore the full codebase here: </h3> <p><a href="https://github.com/abhinavan00/face_detection_app" rel="noopener noreferrer">https://github.com/abhinavan00/face_detection_app</a></p> <h1> <strong>The Frontend (React.js)</strong> </h1> <h2> <strong>Setting Up the Project:</strong> </h2> <p>I initiated the React project using <code>npm create vite@latest</code>, selecting JavaScript as the language. This provided a lightweight and fast development environment. After initial setup, I streamlined the project by removing unnecessary boilerplate from <code>App.jsx</code>, <code>App.css</code>, and <code>index.css</code> to align with my specific design requirements.</p> <h2> <strong>Core Component Architecture:</strong> </h2> <p>Before writing any code, I planned the application's skeletal structure to ensure modularity and maintainability. The design included several functional components:</p> <ul> <li> <strong>Logo:</strong> Displays the application branding.</li> <li> <strong>Navigation:</strong> Handles user authentication links (Sign In, Register).</li> <li> <strong>Entry Count:</strong> Shows user-specific data (e.g., images processed).</li> <li> <strong>ImageLinkForm:</strong> Contains the input field for image URLs and the submission button.</li> <li> <strong>FaceRecognition:</strong> Responsible for displaying the image and overlaying the detected bounding boxes.</li> <li> <strong>Smart Components:</strong> <code>App.jsx</code> (the main container), <code>SignIn</code>, and <code>Register</code> pages. The <code>SignIn</code> and <code>Register</code> components were styled efficiently using <strong>Tachyons</strong>.</li> </ul> <h2> <strong>Handling User Input and Displaying Results:</strong> </h2> <p>For state management, I opted for <strong>React Class Components</strong> in this project, although I have also practiced with React Hooks. The core state elements were <code>input</code> (to capture the image URL from the form) and <code>imageUrl</code> (to store the URL for image display).</p> <p>Upon user submission, the <code>input</code> value updates <code>imageUrl</code>. This <code>imageUrl</code> is then passed as a prop to the <code>FaceRecognition</code> component via <code>ImageLinkForm</code>, enabling the image to be displayed.</p> <p>To detect faces and draw bounding boxes, I utilized <strong>Clarifai's face-detection API</strong>. The initial API call was performed via <strong>JavaScript's Fetch API</strong> (RESTful method). I also explored integrating this API using gRPC for a more robust backend solution in a separate practice session.</p> <h3> <strong>Overcoming the CORS Challenge (A First-Time Debugging Experience):</strong> </h3> <p>This particular challenge significantly deepened my understanding of web security. Initially, my frontend API requests were consistently being rejected. I quickly identified the issue as a <strong>CORS (Cross-Origin Resource Sharing) policy violation</strong>, a concept I hadn't encountered directly in my coursework.</p> <p>My local frontend server (running on <code>localhost</code>) was attempting to make a direct request to the Clarifai API, which was blocking it for security reasons. After extensive searching and troubleshooting (including exploring my course's Discord channel and external resources), I understood the need to proxy the request.</p> <p>My immediate solution for testing was to create a <strong>"fake server"</strong> (a simple local proxy) that would appear as the origin to Clarifai, bypassing the CORS restriction for development purposes. This temporary solution allowed me to successfully retrieve API results and proceed with development, though I knew a proper backend proxy would be essential for the final application.</p> <p><strong>Calculating and Displaying Bounding Boxes:</strong><br> Once I received the data from Clarifai, the next step was to parse the API response to calculate the precise coordinates for the bounding boxes. This involved some careful geometric calculations based on the image dimensions and the API's returned data.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fkhuk45bqcync02g1pkkk.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fkhuk45bqcync02g1pkkk.png" alt="Image description" width="800" height="364"></a></p> <p>The calculated <code>displayFaceBox</code> object was then passed as a prop to the <code>FaceRecognition</code> component, which dynamically rendered the bounding boxes around the detected faces.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F9s6wohgwg6lxpgp6m1w8.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F9s6wohgwg6lxpgp6m1w8.png" alt="Image description" width="800" height="396"></a></p> <h1> <strong>Conclusion</strong> </h1> <p>I hope this first part has given you a clear insight into building the frontend of a full-stack application with React. I'd love to hear your thoughts or questions about anything covered here – feel free to leave them in the comments below!"</p> webdev programming react javascript