- Part 1: The Motivation
- Part 2: The Basics
- Part 3: The Backend (this post)
- Part 4: The Frontend
- Part 5: The DevOps
- Part 6: The Monorepo
- Part 7: The Mobile
Single Threaded: Node uses a single threaded model with event looping.
Asynchronous: performs non-blocking I/O operations (reading from the network, accessing a database or the filesystem)
Callback: is an asynchronous equivalent for a function. A callback function is called at the completion of a given task. Node makes heavy use of callbacks. All the APIs of Node are written in such a way that they support callbacks.
Event Loop: Node uses events heavily, there is generally a main loop that listens for events, and then triggers a callback function when one of those events is detected.
Event Emitter: All objects are instances of events.EventEmitter can emit events
File System: Node implements File I/O using simple wrappers around standard POSIX functions
CommonJS: Node implements CommonJS modules standard, ES Modules are coming behind a --experimental-modules flag for now.
Express: one of the most simple yet powerful ways to create a web server. Its minimalist approach, unopinionated, focused on the core features of a server, is key to its success.
Routing: refers to determining how an application responds to a client request to a particular endpoint, which is a URI (or path) and a specific HTTP request method (GET, POST, and so on).
Middleware: is a chunk or cluster of code that has access to a user’s request, the application’s response, and the next middleware to be used. With such an architecture, it becomes easy for Express js developers to add, remove, or modify various features to and from the application, giving high scalability to the application.
Template engine: enables you to use static template files in your application. At runtime, the template engine replaces variables in a template file with actual values, and transforms the template into an HTML file sent to the client. This approach makes it easier to design an HTML page.
GraphQL is a query language for your API, and a server-side runtime for executing queries by using a type system you define for your data. GraphQL isn't tied to any specific database or storage engine and is instead backed by your existing code and data.
GraphQL offers many benefits over REST APIs: clients have the ability to dictate exactly what they need from the server, receive that data in a predictable way, ability to retrieve many resources in a single request, strongly-typed which allows API consumers to know exactly what data is available and in what form it exists.
Apollo Server is a community-maintained open-source GraphQL server. It works with pretty much all Node.js HTTP server frameworks. Apollo Server works with any GraphQL schema built with GraphQL.js, so you may build your schema with that or a convenience library such as graphql-tools.
Relational Database (MySQL)
Relational database is a set of formally described tables from which data can be accessed or reassembled in many different ways without having to reorganize the database tables.
SQL (Structured Query Language): The standard user and application programming interface (API) of a relational database. SQL statements are used both for interactive queries for information from a relational database and for gathering data for reports.
Relational databases provide transactional integrity: A database transaction, by definition, must be atomic, consistent, isolated and durable. Transactions are available in most SQL database implementations, though with varying levels of robustness.
Relational databases provide consistency and availability but lack solid partitioning functionality, even though relational databases support partitioning, but due to the core concept of ‘Joins’ and other things like shared indexes, scaling them using partitions is very difficult and not optimal.
Relational databases have a strict schema for the data storage. Through the use of 'alter' statements, the schema can be changed, but it has its impact on the existing code ('application specific code'), which has to be changed in accordance with the changes made to the schema.
MySQL is the world's most popular open-source database: uses standard SQL, compiles on a number of platforms, ideal for both small and large applications, very fast, reliable, and easy to use.
NoSQL Database (MongoDB)
A NoSQL database provides a mechanism for storage and retrieval of data that is modeled in means other than the tabular relations used in relational databases.
NoSQL types: Document databases (MongoDB), Graph stores (Neo4J), Key-value stores (Redis), Wide-column stores (Cassandra)
NoSQL benefits: more scalable and provide superior performance compare to relational databases, dynamic schemas, automatic sharding, automatic replication and integrated caching
MongoDB is widely recognized as the leading NoSQL database. For developers and database administrators, MongoDB provides agility, scalability, performance and high availability.
Caching is the term for storing reusable responses in order to make subsequent requests faster. There are many different types of caching available, each of which has its own characteristics. Application caches and memory caches are both popular for their ability to speed up certain responses.
Caching cases: in-memory data lookup, relational databases speedup, session store, token caching, website caching and fast access to any suitable data.
Caching types: object store, key-value store, native data structure store, in-memory, static file.
Caching algorithms: Least recently used (LRU), Time aware least recently used (TLRU), Most recently used (MRU), Random replacement (RR), Segmented LRU (SLRU), Least-frequently used (LFU), Least frequent recently used (LFRU)
Caching strategies: cache aside, read through, write through, write around, write back. In practice, carefully evaluate your goals, understand data access (read/write) patterns and choose the best strategy or a combination.
Caching benefits: decreased network costs, improved responsiveness, increased performance on the same hardware, availability of content during network interruptions.
Redis is a popular, open-source, in-memory data structure store that can be used as a database, cache, or message broker. Because it loads data from memory instead of from disk, Redis is faster than many traditional database solutions.
Message Brokers (RabbitMQ)
Message broker is an intermediary computer program module that translates a message from the formal messaging protocol of the sender to the formal messaging protocol of the receiver.
Message brokers can do 4 important things: divide the publisher and consumer, store the messages, route messages, check and organize messages
There are self-deployed and cloud-based messaging tools: Apache Kafka, ActiveMQ, RabbitMQ, OMS, JMS, Redis, Service Bus ...
RabbitMQ is known as a “traditional” message broker, which is suitable for a wide range of projects. It is successfully used both for development of new startups and notable enterprises. The main advantage of this message broker is the perfect set of plugins, combined with nice scalability. I like RabbitMQ due to the opportunity to use many plugins. They save time and speed-up work.
Authentication is about validating your credentials such as
password to verify your identity. The system then checks whether you are what you say you are using your credentials.
Authentication factors determine the many different elements the system uses to verify one’s identity before granting the individual access to anything. Based on the security level, authentication factors can vary from one of the following: Single- Factor Authentication, Two- Factor Authentication, Multi- Factor Authentication
Authorization is the process to determine whether the authenticated user has access to the particular resources. It verifies your rights to grant you access to resources such as information, databases, files, etc.
JWT (JSON Web Token) is a JSON object that is defined in RFC 7519 as a safe way to represent a set of information between two parties. The token is composed of a header, a payload, and a signature.
It's important to note that a JWT guarantees data ownership but not encryption: The JSON data you store into a JWT can be seen by anyone that intercepts the token, as it's just serialized, not encrypted.
I recommend that you store your JWT in cookies for web applications, because of the additional security they provide, and the simplicity of protecting against CSRF with modern web frameworks. HTML5 Web Storage is vulnerable to XSS, has a larger attack surface area, and can impact all application users on a successful attack.
Web Socket (Socket.IO)
WebSocket represents a long awaited evolution in client/server web technology. It allow a long-held single TCP socket connection to be established between the client and server which allows for bi-directional, full duplex, messages to be instantly distributed with little overhead resulting in a very low latency connection.
WebSocket is a thin transport layer built on top of a device’s TCP/IP stack. The intent is to provide what is essentially an as-close-to-raw-as-possible TCP communication layer to web application developers while adding a few abstractions to eliminate certain friction that would otherwise exist concerting the way the web works.
Socket.IO is a library that enables real-time, bidirectional and event-based communication between the browser and the server. Socket.IO is NOT a WebSocket implementation. Although Socket.IO indeed uses WebSocket as a transport when possible, it adds some metadata to each packet: the packet type, the namespace and the ack id when a message acknowledgement is needed.
Search Engine (Elasticsearch)
There are lots of ways to do search in your web application: via a back-end search engine such as Elasticsearch or Solr, commercial search services such as Algolia and AWS Cloudsearch, using a database with built-in search such as MySQL or MongoDB.
Full-text search, or FTS, is a technique used by search engines to find results in a database. You can use it to power search results on websites like shops, search engines, newspapers, and more.
Elasticsearch is used for a lot of different use cases: "classical" full text search, analytics store, auto completer, spell checker, alerting engine, and as a general purpose document store.
Elasticsearch is an overkilled solution for search functionality in your web application, it requires complicated installation and configuration. It is designed to deliver answers fast, really fast. To do this, most of the data structures It uses must reside in memory. To a large extent, It assumes you provide it with enough memory to do so.
My recommendation would be sticking with database built-in search when you're starting out, upgrading to a search service like Algolia to save time and cost when things getting a litle bigger. Finally coming up with an in-house search engine like Elasticsearch.
Automated testing allows you to test your code frequently in a small amount of time. This means you can find problems and bugs before you actually push your code to production.
In general, there are three kinds of automated tests in software development: Unit Tests (Test a small unit of an application without external resources like a database), Integration Tests ( Test the application with all external resources in place.) and Functional / End To End Tests (Test the application through its User Interface).