TMI Node QA

1. Describe the HTTP requests/response lifecycle.

A) User types URL https://host:port/path
B) Browser sends request: GET /path HTTP/1.1; Host: host:port;...; body
C) Server interprets request (use /path and HTTP method to map request to function that can handle request. Function executes
C.1) possible interaction with db
C.2) Response data formed
C.3) Response status set
C.4) Response sent
D) Server sends response: HTTP/1.1 200 OK;....;body
E) Browser interprets response and displays page

2. Describe the architecture of a basic Express app. How is it organized?

Using Express we get a lot of the functionality of a web server for free and can add whatever 
optional functionality with middleware as needed. Express provides:

Handlers for requests for all the HTTP verbs (GET, POST, etc)
Common web application settings such as port numbers
An architecture that allows middleware, so you can modify the request handling pipeline at any point
The Express framework is made up of 4 objects, each with various methods and properties, to help us 
build web servers, and a top-level function:

express(): The top-level function exported by the Express module. Calling this function creates 
an Express app and gives us access to the other Express objects below.
Application: This object is the Express application itself. It provides methods to route HTTP 
requests, configure middleware and other functionality relevant to constructing web applications.
Request: Represents the HTTP request and has properties to access the various features of the 
request such as query string, headers and so on. By convention, this object is referred to as 
req and is passed to route handling methods.
Response: Represents the HTTP response that is sent to the client when the request is completed. 
Conventionally called res, it is passed to route handling methods. It contains methods to format 
the response, set the response headers and status code.
Router: We'll go over the Router object later on, but for now you can think of it as a 
"mini-application." It is used to make your applications more modular.

3. Tell me about a time when you've used Express Router. How was it helpful?

4. What’s the difference between a unit and an integration test?

When building React components some attention was given to unit testing each component. The 
individual components of Node applications also need to be unit tested. But even if each 
component of your code works well in isolation there may still be errors at the interface 
between components. The interface is a shared boundary across which components exchange data. 
Integration tests are designed to uncover errors that occur during this communication.

5. What is SQL and how does it relate to PostgreSQL?

SQL server is a database management system which is mainly used for e-commerce and providing 
different data warehousing solutions. PostgreSQL is an advanced version of SQL which provides 
support to different functions of SQL like foreign keys, subqueries, triggers, and different 
user-defined types and functions.

6. What is an XSS attack and do you know any steps to take to prevent them?

Cross-site scripting (XSS). This is when your browser receives a response from an API that 
has embedded code surreptitiously included in the data... and the browser executes it unwittingly.

Installing xss exports a function that sanitizes strings of content by reading through a string 
of content and removing any code that can be used for an attack. 

7. What are environmental variables and what might you put in them?
A place to store certain items for use but not view. 
PORT and DB_URL and API Tokens

8. Create and require a Node module in a basic Express app: https://glitch.com/edit/#!/code-export-require-destructure
9. Move a set of endpoints into a router and reconnect the app: https://github.com/Thinkful-Ed/todo-router
10. Complete this set of SQL drills: https://gist.github.com/alfaraday/acc104c0d9f3731207127c96fc332b5e#file-nw-sql-drills-md

Node = JavaScript running directly on a machine, not inside a browser.
Node tasks = machine scripts that can read, write, manipulate files, API servers that can access ports on machine to communicate with web, command line tools that can proccess info or perform computing tasks, web servers that generate dynamic content by connecting to db
NPM = Node Package Manager => used for managing a project's dependencies and other meta info, i.e. initialize a project, list which packages a project needs in order to function, write short scripts
Express = framework for building Node web APIs, gives functionality of a web server, can add middleware
Web server = program that understands URLs and can read HTTP requests



1. Describe the HTTP requests/response lifecycle.
Amazing site on describing the entire process in visual detail.
https://dev.to/dangolant/things-i-brushed-up-on-this-week-the-http-request-lifecycle-
Amazing video describing the process with cool visual effects
https://www.youtube.com/watch?v=eesqK59rhGA
Slides courtesy of Chris Klanac and Thinkful
http://thinkful.slides.com/thinkful/node-express#/4
==================================CONVERSATIONAL===========================================
When a user/client types a URL into their favorite browser, the BROWSER understands this as 
a request using the GET method to a server and first gets the protocol (http protocol in most instances), 
then the host (like www.google.com), sometimes a port number (though optional), and the resource path 
(like /api or /index.html).  If there's a query string (denoted by a ?), it will come after the
resource path (for example ?searchTerm=gaga).  (If we were using something like a POST method,
a payload or body will be added to the request).
If successful, the server sends a response (for example its payload may include 
html pages, css, js, and other resources), a status code (in this case 200), and some header
information.
==================================FROM THE READING==========================================
First, a client makes a request to an HTTP server. The client opens a connection to the server and sends a request message.
At a minimum, the request message contains the request method (GET, POST, PUT, PATCH, or DELETE), the HTTP protocol and 
version being used, as well as the host (e.g., www.example.com). The request may also contain a body if, for instance, the 
user is posting a form or uploading a file.
- Request:
  - 


2. Describe the architecture of a basic Express app. How is it organized?
A thorough, readable description of both Node and Express
https://developer.mozilla.org/en-US/docs/Learn/Server-side/Express_Nodejs/Introduction
==================================CONVERSATIONAL===========================================
Well Express is a popular web framework for Node, so let me explain Node first.
In short, Node is a runtime environment that allows developers to code in JavaScript
outside of the browser, allowing the ability to create server-side apps using only
JavaScript. Node also has its own package manager with a dependency resolution
that can be used to automate the apps build tools (starting with a simple npm install).
Back to Express, its library gives us the ability to write handlers for CRUD methods,
as well as set up the port for connecting and construct the template for the response.
Express uses "middleware", allowing us to handle the request from the client side
in a chain of processes (most including promises that handle asynchronous operations).
A sample Express architecture will include a server.js file that 'requires' the express
module, handles a request at any or all endpoints via middleware as well as any errors, 
then 'listens' on a specified port number.

3. Tell me about a time when you've used Express Router. How was it helpful?
Refer to previous resource.
==================================CONVERSATIONAL===========================================
Express Routers help add modularity and readability to your app file structure. I've used them
in apps in which I would run different HTTP verbs on a number of different endpoints.
Keeping all of these handlers in the server file can get cumbersome and make it difficult to find 
bugs reading all of that code in one place.  With Express Routers, you can move all CRUD 
methods that relate to a specific api into its own folder and files, exporting the router to use
in your server.js file via module.exports.  This is also extremely beneficial for others
reading your code, making it much easier to follow, enhance, debug, etc.

4. What's your experience with continuous integration? How has it helped you?
Slides courtesy of Chris Klanac and Thinkful
http://thinkful.slides.com/thinkful/mocha-chai#/
==================================CONVERSATIONAL===========================================
Continous integration is awesome; we can constantly make changes to the code, testing to
ensure that no functionality was broken. In my experience, which has recently been in test-driven 
development, the continuous integration process has been to write tests, then write code to pass
those tests, then set up a separate server (like Travis CI whcih is set up to work with GitHub) 
to run tests every time you commit so that each feature is tested for each developer 
each time they change their code.  That way, if a feature does not pass all tests, it doesn't get 
included in the final production.

5. Describe how a Mongo database is structured.
Mongo CheatSheet from Thinkful
https://drive.google.com/file/d/0BzxWJx1gb9orbmtmdlVBTWd5aUU/view
Slides courtesy of Chris Klanac and Thinkful
http://thinkful.slides.com/thinkful/mongodb#/
==================================CONVERSATIONAL===========================================
The easiest way for me to describe this is by comparing the Mongo database to the SQL
database. In SQL, each database is organized into tables. In Mongo, each database is 
organized into collections (which is represented via BSON, extending the JSON model to provide additional data types, ordered fields, 
and to be efficient for encoding and decoding within different languages).  While a table will have a number of columns and rows,
a collection will have a number of documents each with its own fields. And although there
are many similarities between SQL databases and Mongo databases, the major difference is 
that Mongo databases are extremely flexible in how the document is stuctured (each document 
is not required to have the same amount of fields) while SQL requires each row to have the 
same amount of columns.  SQL also needs it data to be structured before inserting data,
whereas Mongo is flexible enough to accept unstructured data.
================================REMEMBER==========================================
Don't forget to study: SQL joins compared to references in Mongo, ORM's (Object relational mapping)
for SQL (like knex) versus Mongo (like mongoose)

6. How do JSON web tokens work?
==================================CONVERSATIONAL===========================================
JSON web tokens give users temporary authorization to access protected end points.

7. What is the purpose of bcrypt in the authentication process?
==================================CONVERSATIONAL===========================================
Bcrypt allows us to hash passwords (which conveniently gives developers a one-way transformation, 
that makes it difficult to recover passwords from hashes) and adds a salt
(which provides a unique string of letters and numbers to add to the hash as an extra layer of 
security). The major difference between bcrypt and other hashing modules like md5 is that 
bcrypt hashes passwords slowly, increasing the time it would take a potential attacker to 
crack the hash.