Last active
June 25, 2020 23:23
-
-
Save jobal22/460418e3789e5d5365b6fd7762d0c955 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
1. Describe the HTTP requests/response lifecycle. | |
A) User types URL https://host:port/path | |
B) Browser sends request: GET /path HTTP/1.1; Host: host:port;...; body | |
C) Server interprets request (use /path and HTTP method to map request to function that can handle request. Function executes | |
C.1) possible interaction with db | |
C.2) Response data formed | |
C.3) Response status set | |
C.4) Response sent | |
D) Server sends response: HTTP/1.1 200 OK;....;body | |
E) Browser interprets response and displays page | |
2. Describe the architecture of a basic Express app. How is it organized? | |
Using Express we get a lot of the functionality of a web server for free and can add whatever | |
optional functionality with middleware as needed. Express provides: | |
Handlers for requests for all the HTTP verbs (GET, POST, etc) | |
Common web application settings such as port numbers | |
An architecture that allows middleware, so you can modify the request handling pipeline at any point | |
The Express framework is made up of 4 objects, each with various methods and properties, to help us | |
build web servers, and a top-level function: | |
express(): The top-level function exported by the Express module. Calling this function creates | |
an Express app and gives us access to the other Express objects below. | |
Application: This object is the Express application itself. It provides methods to route HTTP | |
requests, configure middleware and other functionality relevant to constructing web applications. | |
Request: Represents the HTTP request and has properties to access the various features of the | |
request such as query string, headers and so on. By convention, this object is referred to as | |
req and is passed to route handling methods. | |
Response: Represents the HTTP response that is sent to the client when the request is completed. | |
Conventionally called res, it is passed to route handling methods. It contains methods to format | |
the response, set the response headers and status code. | |
Router: We'll go over the Router object later on, but for now you can think of it as a | |
"mini-application." It is used to make your applications more modular. | |
3. Tell me about a time when you've used Express Router. How was it helpful? | |
4. What’s the difference between a unit and an integration test? | |
When building React components some attention was given to unit testing each component. The | |
individual components of Node applications also need to be unit tested. But even if each | |
component of your code works well in isolation there may still be errors at the interface | |
between components. The interface is a shared boundary across which components exchange data. | |
Integration tests are designed to uncover errors that occur during this communication. | |
5. What is SQL and how does it relate to PostgreSQL? | |
SQL server is a database management system which is mainly used for e-commerce and providing | |
different data warehousing solutions. PostgreSQL is an advanced version of SQL which provides | |
support to different functions of SQL like foreign keys, subqueries, triggers, and different | |
user-defined types and functions. | |
6. What is an XSS attack and do you know any steps to take to prevent them? | |
Cross-site scripting (XSS). This is when your browser receives a response from an API that | |
has embedded code surreptitiously included in the data... and the browser executes it unwittingly. | |
Installing xss exports a function that sanitizes strings of content by reading through a string | |
of content and removing any code that can be used for an attack. | |
7. What are environmental variables and what might you put in them? | |
A place to store certain items for use but not view. | |
PORT and DB_URL and API Tokens | |
8. Create and require a Node module in a basic Express app: https://glitch.com/edit/#!/code-export-require-destructure | |
9. Move a set of endpoints into a router and reconnect the app: https://github.com/Thinkful-Ed/todo-router | |
10. Complete this set of SQL drills: https://gist.github.com/alfaraday/acc104c0d9f3731207127c96fc332b5e#file-nw-sql-drills-md | |
Node = JavaScript running directly on a machine, not inside a browser. | |
Node tasks = machine scripts that can read, write, manipulate files, API servers that can access ports on machine to communicate with web, command line tools that can proccess info or perform computing tasks, web servers that generate dynamic content by connecting to db | |
NPM = Node Package Manager => used for managing a project's dependencies and other meta info, i.e. initialize a project, list which packages a project needs in order to function, write short scripts | |
Express = framework for building Node web APIs, gives functionality of a web server, can add middleware | |
Web server = program that understands URLs and can read HTTP requests | |
1. Describe the HTTP requests/response lifecycle. | |
Amazing site on describing the entire process in visual detail. | |
https://dev.to/dangolant/things-i-brushed-up-on-this-week-the-http-request-lifecycle- | |
Amazing video describing the process with cool visual effects | |
https://www.youtube.com/watch?v=eesqK59rhGA | |
Slides courtesy of Chris Klanac and Thinkful | |
http://thinkful.slides.com/thinkful/node-express#/4 | |
==================================CONVERSATIONAL=========================================== | |
When a user/client types a URL into their favorite browser, the BROWSER understands this as | |
a request using the GET method to a server and first gets the protocol (http protocol in most instances), | |
then the host (like www.google.com), sometimes a port number (though optional), and the resource path | |
(like /api or /index.html). If there's a query string (denoted by a ?), it will come after the | |
resource path (for example ?searchTerm=gaga). (If we were using something like a POST method, | |
a payload or body will be added to the request). | |
If successful, the server sends a response (for example its payload may include | |
html pages, css, js, and other resources), a status code (in this case 200), and some header | |
information. | |
==================================FROM THE READING========================================== | |
First, a client makes a request to an HTTP server. The client opens a connection to the server and sends a request message. | |
At a minimum, the request message contains the request method (GET, POST, PUT, PATCH, or DELETE), the HTTP protocol and | |
version being used, as well as the host (e.g., www.example.com). The request may also contain a body if, for instance, the | |
user is posting a form or uploading a file. | |
- Request: | |
- | |
2. Describe the architecture of a basic Express app. How is it organized? | |
A thorough, readable description of both Node and Express | |
https://developer.mozilla.org/en-US/docs/Learn/Server-side/Express_Nodejs/Introduction | |
==================================CONVERSATIONAL=========================================== | |
Well Express is a popular web framework for Node, so let me explain Node first. | |
In short, Node is a runtime environment that allows developers to code in JavaScript | |
outside of the browser, allowing the ability to create server-side apps using only | |
JavaScript. Node also has its own package manager with a dependency resolution | |
that can be used to automate the apps build tools (starting with a simple npm install). | |
Back to Express, its library gives us the ability to write handlers for CRUD methods, | |
as well as set up the port for connecting and construct the template for the response. | |
Express uses "middleware", allowing us to handle the request from the client side | |
in a chain of processes (most including promises that handle asynchronous operations). | |
A sample Express architecture will include a server.js file that 'requires' the express | |
module, handles a request at any or all endpoints via middleware as well as any errors, | |
then 'listens' on a specified port number. | |
3. Tell me about a time when you've used Express Router. How was it helpful? | |
Refer to previous resource. | |
==================================CONVERSATIONAL=========================================== | |
Express Routers help add modularity and readability to your app file structure. I've used them | |
in apps in which I would run different HTTP verbs on a number of different endpoints. | |
Keeping all of these handlers in the server file can get cumbersome and make it difficult to find | |
bugs reading all of that code in one place. With Express Routers, you can move all CRUD | |
methods that relate to a specific api into its own folder and files, exporting the router to use | |
in your server.js file via module.exports. This is also extremely beneficial for others | |
reading your code, making it much easier to follow, enhance, debug, etc. | |
4. What's your experience with continuous integration? How has it helped you? | |
Slides courtesy of Chris Klanac and Thinkful | |
http://thinkful.slides.com/thinkful/mocha-chai#/ | |
==================================CONVERSATIONAL=========================================== | |
Continous integration is awesome; we can constantly make changes to the code, testing to | |
ensure that no functionality was broken. In my experience, which has recently been in test-driven | |
development, the continuous integration process has been to write tests, then write code to pass | |
those tests, then set up a separate server (like Travis CI whcih is set up to work with GitHub) | |
to run tests every time you commit so that each feature is tested for each developer | |
each time they change their code. That way, if a feature does not pass all tests, it doesn't get | |
included in the final production. | |
5. Describe how a Mongo database is structured. | |
Mongo CheatSheet from Thinkful | |
https://drive.google.com/file/d/0BzxWJx1gb9orbmtmdlVBTWd5aUU/view | |
Slides courtesy of Chris Klanac and Thinkful | |
http://thinkful.slides.com/thinkful/mongodb#/ | |
==================================CONVERSATIONAL=========================================== | |
The easiest way for me to describe this is by comparing the Mongo database to the SQL | |
database. In SQL, each database is organized into tables. In Mongo, each database is | |
organized into collections (which is represented via BSON, extending the JSON model to provide additional data types, ordered fields, | |
and to be efficient for encoding and decoding within different languages). While a table will have a number of columns and rows, | |
a collection will have a number of documents each with its own fields. And although there | |
are many similarities between SQL databases and Mongo databases, the major difference is | |
that Mongo databases are extremely flexible in how the document is stuctured (each document | |
is not required to have the same amount of fields) while SQL requires each row to have the | |
same amount of columns. SQL also needs it data to be structured before inserting data, | |
whereas Mongo is flexible enough to accept unstructured data. | |
================================REMEMBER========================================== | |
Don't forget to study: SQL joins compared to references in Mongo, ORM's (Object relational mapping) | |
for SQL (like knex) versus Mongo (like mongoose) | |
6. How do JSON web tokens work? | |
==================================CONVERSATIONAL=========================================== | |
JSON web tokens give users temporary authorization to access protected end points. | |
7. What is the purpose of bcrypt in the authentication process? | |
==================================CONVERSATIONAL=========================================== | |
Bcrypt allows us to hash passwords (which conveniently gives developers a one-way transformation, | |
that makes it difficult to recover passwords from hashes) and adds a salt | |
(which provides a unique string of letters and numbers to add to the hash as an extra layer of | |
security). The major difference between bcrypt and other hashing modules like md5 is that | |
bcrypt hashes passwords slowly, increasing the time it would take a potential attacker to | |
crack the hash. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment