aheckmann

/**
 * Module dependencies
 */

var express = require('express');
var fs = require('fs');
var mongoose = require('mongoose');
var Schema = mongoose.Schema;

// img path

nikmartin

Secure sessions are easy, but not very well documented.  
Here's a recipe for secure sessions in Node.js when NginX is used as an SSL proxy:

The desired configuration for using NginX as an SSL proxy is to offload SSL processing 
and to put a hardened web server in front of your Node.js application, like:

[NODE.JS APP] <- HTTP -> [NginX] <- HTTPS -> [PUBLIC INTERNET] <-> [CLIENT]

Edit for express 4.X and >:  Express no longer uses Connect as its middleware framework, it implements its own now. 

robmiller

#
# Working with branches
#

# Get the current branch name (not so useful in itself, but used in
# other aliases)
branch-name = "!git rev-parse --abbrev-ref HEAD"
# Push the current branch to the remote "origin", and set it to track
# the upstream branch
publish = "!git push -u origin $(git branch-name)"

jasonrudolph

5 entertaining things you can find with the GitHub Search API

Let's have some command-line fun with curl, [jq][1], and the [new GitHub Search API][2].

Today we're looking for:

• The hottest repositories created in the last week.
• The oldest user accounts with zero followers. (So sad.)
• Issue trends by language.
• Clojure projects defying convention.

cerebrl

tl;dr

1. Don't run as root.
2. For sessions, set httpOnly (and secure to true if running over SSL) when setting cookies.
3. Use the Helmet for secure headers: https://github.com/evilpacket/helmet
4. Enable csrf for preventing Cross-Site Request Forgery: http://expressjs.com/api.html#csrf
5. Don't use the deprecated bodyParser() and only use multipart explicitly. To avoid multiparts vulnerability to 'temp file' bloat, use the defer property and pipe() the multipart upload stream to the intended destination.

tssm

About programms

• Death to the Dialog Box
• Defending Perpetual Intermediacy
• Are your exceptions silent?
• Teaching Users to Read
• You'll Never Have Enough Cheese
• Gold Plating
• Happy Talk Must Die
• The Broken Window Theory

denji

Moved to git repository: https://github.com/denji/nginx-tuning

NGINX Tuning For Best Performance

For this configuration you can use web server you like, i decided, because i work mostly with it to use nginx.

Generally, properly configured nginx can handle up to 400K to 500K requests per second (clustered), most what i saw is 50K to 80K (non-clustered) requests per second and 30% CPU load, course, this was 2 x Intel Xeon with HyperThreading enabled, but it can work without problem on slower machines.

You must understand that this config is used in testing environment and not in production so you will need to find a way to implement most of those features best possible for your servers.

roman01la

check host localhost with address 127.0.0.1
        start "/sbin/start myapp"
        stop "/sbin/stop myapp"
        if failed port 3000 protocol HTTP
                request /
                with timeout 5 seconds
                then restart

Kartones

PSQL

Magic words:

psql -U postgres

Some interesting flags (to see all, use -h or --help depending on your psql version):

• -E: will describe the underlaying queries of the \ commands (cool for learning!)
• -l: psql will list all databases and then exit (useful if the user you connect with doesn't has a default database, like at AWS RDS)

gingi

function requireHTTPS(req, res, next) {
    if (!req.secure) {
        //FYI this should work for local development as well
        var domain = "https://" + req.get("host");
        if (process.env["SSL_PORT"]) {
            domain = domain.replace(/:\d+$/, "");
            domain += ":" + process.env["SSL_PORT"];
        }
        return res.redirect(domain + req.url);
    }