Zero to Production Node.js on Amazon Web Services

Zero to Production Node.js on Amazon Web Services Exercise 1: Hacking on Express

Topics:
Kevin Whinnery
Kevin Whinnery
Twilio Node Module

This course has been updated! We now recommend you take the AWS for Front-End Engineers (ft. S3, Cloudfront & Route 53) course.

Check out a free preview of the full Zero to Production Node.js on Amazon Web Services course:
The "Exercise 1: Hacking on Express" Lesson is part of the full, Zero to Production Node.js on Amazon Web Services course featured in this preview video. Here's what you'd learn in this lesson:

In this exercise, you will work with the Express framework in the TodoMVC++ application. You will modify the headers sent by Express, create a logging middleware, and add “X-Shenanigans-None” to all API requests. Tasks for this exercise are located in the Issues section of the Github project and labeled “Exercise1”.

Get Unlimited Access Now

Transcript from the "Exercise 1: Hacking on Express" Lesson

[00:00:00]
>> [MUSIC]

[00:00:03]
>> Kevin Whinnery: Now, we get to what I hope will be one of the fun part of the day, one of many hopefully, where we spend a lot of time actually hacking on this application. Now, unfortunately you guys have all ready found a few bugs that I did not intend to put in the application, specifically around the read me in the setup experience.

[00:00:25] However, there are actually a lot of things in this application, that leave something to be desired. In fact, you could say, that I have issues, in fact many of them, seven at the moment that I could use your help on. So, what I would like to do over the next, we'll see how long it takes, maybe 20 minutes, to a half hour, maybe more.

[00:00:50] We can kind of play it by ear. I have a three GitHub issues here labeled exercise 1. And those are GitHub, are those issues are around features or problems with the application, that I would like for us to collectively add. So, what I would like for you to do, is to pick one of these issues, or get through all of them if you're if you're feeling particularly industrious.

[00:01:17] And try to add the feature or correct the problem that is described in one of these GitHub issues. So, for example, Issue number seven is for a feature edition. So, at Twilio, all of our HTP APIs We will return a header called X-Shenanigans-None, because one of our core values as a company is no shenanigans.

[00:01:42] So, we return this header with every response from the API. But, sadly, this API for to do's, does not return the X-Shenanigans header. So, we should look at expanding the implementation we have with express to add that header to every request that served our to do's API. So, we could send it back with every request.

[00:02:06] But I've scoped it here to say, only do this for the to do's route. See if we can forward those API requests return back this X-Shenanigans header. So, that's one of the things you could tackle. Another thing you might want to tackle is this piece, which is not sending a powered by express header with every response.

[00:02:28] So, if you were to look here at this application, which is already running. In the Network tab, in web inspector.
>> Kevin Whinnery: Where's this gonna be?
>> Kevin Whinnery: Where's my? Here we go. I just have to click on the resource there. So, if you look at the headers there are sent back with the response.

[00:02:55] There is a X-Power-By: Express header that gets returned by default in an Express Application. And it's innocuous enough, but when you're taking an Express Application to production, usually you don't want to include that extra information, because it's possible that an evil doer. Could launch a targeted attack on your application with the knowledge of what web framework you're using on the backend.

[00:03:20] So, it's not the hugest deal in the world, but if it's a good thing not to do in a production node application. So, removing or disabling that header is a good thing to do. The other piece that you might take a look at.
>> Kevin Whinnery: Is the logging middleware for Express.

[00:03:39] So, right now, we don't use very much middleware in the application. And one of the things that would be nice to do would be actually to log the HTTP traffic, that's coming into the application. So, there's lots of modules out there that do this. I've linked to one called Morgan, which is very popular to use with Express applications.

[00:04:02] So, adding some HTTP request logging middleware would be a nice feature to take on as well. So, if you would like to take one of these on, you can just hack on it locally, and if you are comfortable with the Git workflow, you can actually send a pull request to this repository.

[00:04:25] With the implementation of the feature that you implemented, and if we have you know if in 20 to 30 minutes time a few pull requests that show how to do this. I'll go ahead and merge them in. Otherwise, I will cheat and I will show you how it is to implement each of these bits.

[00:04:45] But I would vastly prefer to merge a poor request from one of you. So, if you would like to take on one or three of these issues in the next 20 to 30 minutes. We'll say 30 minutes, cuz there are still a few folks that are getting their environment set up.

[00:04:59] But we'll play it by or no sooner than 30 minutes will we reconvene, and talk about some of the solutions.