Welcome, Guest: Register On Nairaland / LOGIN! / Trending / Recent / New
Stats: 3,143,292 members, 7,780,683 topics. Date: Thursday, 28 March 2024 at 07:25 PM

Node Js Gurus @nswer This Biko - Programming (2) - Nairaland

Nairaland Forum / Science/Technology / Programming / Node Js Gurus @nswer This Biko (3177 Views)

Free PHP, Node js ,Mongo db, Angular And C# Proje Source Code With Documentation / React + Node Js : Fullstack Web Development Training / Lets Learn React Native,javascript,react Js And Node Js Together(alimosho LGA) (2) (3) (4)

(1) (2) (3) (Reply) (Go Down)

Re: Node Js Gurus @nswer This Biko by codeigniter(m): 2:11pm On Sep 15, 2020
cixak95211:


Authentication, like you said, is one of the hardest things in Nodejs, especially if you want to do it properly. Most people just whip up a JWT -based token and thats' all. but it comes with a problem, e.g how to invalidate a token. The token does expire. But the problem is what if user permissions are changed before the token expires e..g downgrading a user. If the user has saved the token somehow, they can still use it access to former [now obsolete] permissions.
So you must always 1.) get fresh user's tats from the DB at authenticated request and NOT RELY on what the jwt says, even if yes, you did sign it and it was not tampered i.e. the signature is intact and 2.) implement an in-memory store like Memcached and Redis to keep blacklisted tokens till they expire.,,, a very fast way to invalidate tokens. It doesn end there.
You should 3.) implement refresh tokens + access token architecture, this way it's easy to mitigate an attack when somebody steals your token or logs in from another device and/or ip address, however you want it.
Stages #2 and especially #3 is where it gets pretty difficult for newbies. But as with other things in life, perfections comes via practice.
that would work but it going to add more to d bill. the problem with node js jwt is that it doesn't create a table with the application/backend which makes it difficult to invalidate the token. anyways, I would prefer to use a table in my db.
Re: Node Js Gurus @nswer This Biko by Taofeekdboy(m): 2:20pm On Sep 15, 2020
codeigniter:


yes, coming from drf makes it easier because u will have understood the concepts which is the most important thing, but drf takes care of all the manual work, e.g I use permission based class and add an auth library at the settings which will depend on drf token table, drf is very easy if u are using class based view. jwt is easier than password but when I was doing MERN, i read that the token doesn't expire and if another person access ur device they can easily copy the token. I built a personalized API auth for flask I use decorators to make sure it can be used by anyone. i might release to make developer more lazy! lol. why did u switch to node.js, I would like to know I am very u will miss Django orm, except if u use mongoose
No, I didn't leave Django and I can't leave it, I am just adding to my skills.
As you have said, drf makes it easy but also, it inherits most of his authentication from Django authentication, so whenever I want a custom authentication, I set a custom authentication which I can use.
As for node js, JWT in node js has expiry date same as using any frontend Javascript frameworks, as cx9 said, the problem comes in when you try to invalidate a token, as a MERN stack, you can set a function in your application that will invalidate the token after the expiry of the token, though some do it with cron but I do it usually with a function and it will automatically log you when the token expires... It takes time and consistency tho...
Re: Node Js Gurus @nswer This Biko by cixak95211: 6:28pm On Sep 15, 2020
codeigniter:

that would work but it going to add more to d bill. the problem with node js jwt is that it doesn't create a table with the application/backend which makes it difficult to invalidate the token. anyways, I would prefer to use a table in my db.

I just gave you a summary of how to invalidate tokens in node js . Creating tables to look up data will make the application stateful . . . That is called a session. Its fine if you want to go that way. Using jwts, doesnt require a session, in short, [using a session kills the original intention of JWTs] ,therefore keeping the application stateless. Its similar to using callbacks inside a try/catch blocks. which is an anti-pattern. It kills the need for that. There are myriads of myriads of web applications that use jwt for authentication and dont have issues. it might seem hard for you, perhaps cos u are new to nodejs, but like i said earlier, as your knowledge of nodejs grows, you will see it was pretty easy after all.
Re: Node Js Gurus @nswer This Biko by codeigniter(m): 7:54pm On Sep 15, 2020
cixak95211:


I just gave you a summary of how to invalidate tokens in node js . Creating tables to look up data will make the application stateful . . . That is called a session. Its fine if you want to go that way. Using jwts, doesnt require a session, in short, [using a session kills the original intention of JWTs] ,therefore keeping the application stateless. Its similar to using callbacks inside a try/catch blocks. which is an anti-pattern. It kills the need for that. There are myriads of myriads of web applications that use jwt for authentication and dont have issues. it might seem hard for you, perhaps cos u are new to nodejs, but like i said earlier, as your knowledge of nodejs grows, you will see it was pretty easy after all.

ok I get It, I haven't really built any node applications using jwt. u were right when u said there is no need to make the application stateful when using jwt, what I was saying was instead using in memory db, which means u might be using another db e.g mongodb. I would rather create a session, to save cost, but if I don't a db then I can use redis or others. well I don't think I will go back to nodejs, except maybe on jobs, but I won't use for my personal projects
Re: Node Js Gurus @nswer This Biko by cixak95211: 8:04pm On Sep 15, 2020
codeigniter:


ok I get It, I haven't really built any node applications using jwt. u were right when u said there is no need to make the application stateful when using jwt, what I was saying was instead using in memory db, which means u might be using another db e.g mongodb. I would rather create a session, to save cost, but if I don't a db then I can use redis or others. well I don't think I will go back to nodejs, except maybe on jobs, but I won't use for my personal projects

In memory dbs like Redis and Memcached are up to 300% faster in i/o operations that disk-based db like mongodb, mysql; because they reside in volatile RAM. Although you could persist the data once in a while, if persistence matters to you . . That's why it is preferred and it also prevents you from making the call to the DB [round-trip calling]. Secondly, sessions dont scale well, at least, vertically. Imagine you have deployed your app to 10 database replicas ....This can be disastrous, cos the first login request could go to Database A
and if you're doing a round-robin, the next request, for that same user could go to Database E
Now E doesnt hold the login session, it's held in A. To beat this problem, you have to sync your session data across all 10 Databases each time a user logs in, that's 10 round-trip calls. And you might ask why 10 DBS. . Facebook saves as of 2019, 1.5 petabytes of storage, that is not gonna fit into one database, not even into 10,000 databases, if they want efficiency
Re: Node Js Gurus @nswer This Biko by crunchyDope(m): 9:25pm On Sep 15, 2020
codeigniter:

that would work but it going to add more to d bill. the problem with node js jwt is that it doesn't create a table with the application/backend which makes it difficult to invalidate the token. anyways, I would prefer to use a table in my db.
cixak95211:


In memory dbs like Redis and Memcached are up to 300% faster in i/o operations that disk-based db like mongodb, mysql; because they reside in volatile RAM. Although you could persist the data once in a while, if persistence matters to you . . That's why it is preferred and it also prevents you from making the call to the DB [round-trip calling]. Secondly, sessions dont scale well, at least, vertically. Imagine you have deployed your app to 10 database replicas ....This can be disastrous, cos the first login request could go to Database A
and if you're doing a round-robin, the next request, for that same user could go to Database E
Now E doesnt hold the login session, it's held in A. To beat this problem, you have to sync your session data across all 10 Databases each time a user logs in, that's 10 round-trip calls. And you might ask why 10 DBS. . Facebook saves as of 2019, 1.5 petabytes of storage, that is not gonna fit into one database, not even into 10,000 databases, if they want efficiency
codeigniter:

that would work but it going to add more to d bill. the problem with node js jwt is that it doesn't create a table with the application/backend which makes it difficult to invalidate the token. anyways, I would prefer to use a table in my db.

mehn u guys are too good, how do i get there?

u guys make me feel stupid lolz, i feel like my personal project would be like crap if u guys were to look at it , like too many unnecessary codes!

one question bosses
like is it worth creating a table from a config file? m using the library "config" to get fields for a table or do i just write it in the code and update the code everytime i need to update a table . cos am writing a code to delete or alter a table field based on the config file and i feel the logic is flawed, bosses i need yo input
Re: Node Js Gurus @nswer This Biko by codeigniter(m): 11:53pm On Sep 15, 2020
cixak95211:


In memory dbs like Redis and Memcached are up to 300% faster in i/o operations that disk-based db like mongodb, mysql; because they reside in volatile RAM. Although you could persist the data once in a while, if persistence matters to you . . That's why it is preferred and it also prevents you from making the call to the DB [round-trip calling]. Secondly, sessions dont scale well, at least, vertically. Imagine you have deployed your app to 10 database replicas ....This can be disastrous, cos the first login request could go to Database A
and if you're doing a round-robin, the next request, for that same user could go to Database E
Now E doesnt hold the login session, it's held in A. To beat this problem, you have to sync your session data across all 10 Databases each time a user logs in, that's 10 round-trip calls. And you might ask why 10 DBS. . Facebook saves as of 2019, 1.5 petabytes of storage, that is not gonna fit into one database, not even into 10,000 databases, if they want efficiency

It's great that u think at scale, and I understand what u are driving at. But what i saying is about saving most. Do u work for company or freelance
Re: Node Js Gurus @nswer This Biko by cixak95211: 3:04am On Sep 16, 2020
codeigniter:


It's great that u think at scale, and I understand what u are driving at. But what i saying is about saving most. Do u work for company or freelance

I work for a company; I don't freelance cos I
have my own as well.
Re: Node Js Gurus @nswer This Biko by codeigniter(m): 10:40am On Sep 16, 2020
cixak95211:


I work for a company; I don't freelance cos I
have my own as well.
that great, at least you have job security. what would u advice a newbie to do? hunt for jobs, freelance or build their own products. u seem more experienced
Re: Node Js Gurus @nswer This Biko by tensazangetsu20(m): 12:17pm On Sep 16, 2020
codeigniter:

that great, at least you have job security. what would u advice a newbie to do? hunt for jobs, freelance or build their own products. u seem more experienced
Bro there's nothing like job security o. There's only skill security.

2 Likes

Re: Node Js Gurus @nswer This Biko by codeigniter(m): 3:29pm On Sep 16, 2020
tensazangetsu20:
Bro there's nothing like job security o. There's only skill security.
Noted
Re: Node Js Gurus @nswer This Biko by cixak95211: 4:21pm On Sep 16, 2020
codeigniter:

that great, at least you have job security. what would u advice a newbie to do? hunt for jobs, freelance or build their own products. u seem more experienced

You arent a newbie ... are you?
For a newbie . . ., I'll advise they try to rack up hours working in a production environment. Coding in your bedroom , doing a todo app is way drastic in change than when coding for production and enterprise uses cases .e.g ur custom tic-tac-toe app might not require custom domain or workspace implementation, but for productions, customers will require it. This single task alone will take you a to a whole new level of computing and it's gang of wahala that it comes with. Then when you must have racked up quite some experience, you start thinking as a product engineer and not a software engineer. A SE can write code, but a PE can deliver a fantastic product that has a market and passes customer validation.
Building a product as a SE alone is a recipe for disaster, it takes a more than writing codes. At this stage, you should try do one of two things for yourself. The first few might fail, dont give up. The next one will be a banger !!!

3 Likes 1 Share

Re: Node Js Gurus @nswer This Biko by Taofeekdboy(m): 5:22pm On Sep 16, 2020
cixak95211:


You arent a newbie ... are you?
For a newbie . . ., I'll advise they try to rack up hours working in a production environment. Coding in your bedroom , doing a todo app is way drastic in change than when coding for production and enterprise uses cases .e.g ur custom tic-tac-toe app might not require custom domain or workspace implementation, but for productions, customers will require it. This single task alone will take you a to a whole new level of computing and it's gang of wahala that it comes with. Then when you must have racked up quite some experience, you start thinking as a product engineer and not a software engineer. A SE can write code, but a PE can deliver a fantastic product that has a market and passes customer validation.
Building a product as a SE alone is a recipe for disaster, it takes a more than writing codes. At this stage, you should try do one of two things for yourself. The first few might fail, dont give up. The next one will be a banger !!!
you have said it all brother... Most importantly, learn how to structure your code.. Structural programming is always advisable because it improves your coding ability and as you have said, working on production environment requires a good knowledge of design patterns as well. Working with other devs or senior devs will get you there.
Re: Node Js Gurus @nswer This Biko by Nobody: 8:23pm On Sep 16, 2020
cixak95211:


Authentication, like you said, is one of the hardest things in Nodejs, especially if you want to do it properly. Most people just whip up a JWT -based token and thats' all. but it comes with a problem, e.g how to invalidate a token. The token does expire. But the problem is what if user permissions are changed before the token expires e..g downgrading a user. If the user has saved the token somehow, they can still use it access to former [now obsolete] permissions.
So you must always 1.) get fresh user's tats from the DB at authenticated request and NOT RELY on what the jwt says, even if yes, you did sign it and it was not tampered i.e. the signature is intact and 2.) implement an in-memory store like Memcached and Redis to keep blacklisted tokens till they expire.,,, a very fast way to invalidate tokens. It doesn end there.
You should 3.) implement refresh tokens + access token architecture, this way it's easy to mitigate an attack when somebody steals your token or logs in from another device and/or ip address, however you want it.
Stages #2 and especially #3 is where it gets pretty difficult for newbies. But as with other things in life, perfections comes via practice.

Working on a project and I know I'll have to use this refresh token concept. Already scared in advance as it's my first time doing anything reasonable with node grin
Re: Node Js Gurus @nswer This Biko by codeigniter(m): 9:06pm On Sep 16, 2020
cixak95211:


You arent a newbie ... are you?
For a newbie . . ., I'll advise they try to rack up hours working in a production environment. Coding in your bedroom , doing a todo app is way drastic in change than when coding for production and enterprise uses cases .e.g ur custom tic-tac-toe app might not require custom domain or workspace implementation, but for productions, customers will require it. This single task alone will take you a to a whole new level of computing and it's gang of wahala that it comes with. Then when you must have racked up quite some experience, you start thinking as a product engineer and not a software engineer. A SE can write code, but a PE can deliver a fantastic product that has a market and passes customer validation.
Building a product as a SE alone is a recipe for disaster, it takes a more than writing codes. At this stage, you should try do one of two things for yourself. The first few might fail, dont give up. The next one will be a banger !!!

I am not a newbie, I just thought asking that question my help people who will stumble upon this thread. since everyone goals is to either freelance, build a product or work for a company

1 Like

Re: Node Js Gurus @nswer This Biko by CenturyCoder: 1:47am On Sep 17, 2020
Taofeekdboy:
you have said it all brother... Most importantly, learn how to structure your code.. Structural programming is always advisable because it improves your coding ability and as you have said, working on production environment requires a good knowledge of design patterns as well. Working with other devs or senior devs will you get there.

Please do you know any resourcesthat I can get that will help me learn how to write code for large scale applications. Please I would like to improve on my self
Re: Node Js Gurus @nswer This Biko by Taofeekdboy(m): 5:16am On Sep 17, 2020
CenturyCoder:


Please do you know any resourcesthat I can get that will help me learn how to write code for large scale applications. Please I would like to improve on my self
There are courses on design patterns, if you cannot afford the courses on udemy, you can watch YouTube videos of Mosh Hamedani and others on design patterns and structural programming. There is a lot of difference when writing your own project and working for a client or production environment.. I learnt that in a hard way.

1 Like

Re: Node Js Gurus @nswer This Biko by crunchyDope(m): 2:25pm On Sep 17, 2020
CHIMDIYA4EVA:


Working on a project and I know I'll have to use this refresh token concept. Already scared in advance as it's my first time doing anything reasonable with node grin

same boat....

1 Like

Re: Node Js Gurus @nswer This Biko by Babtunz: 2:35pm On Sep 18, 2020
cixak95211:


You arent a newbie ... are you?
For a newbie . . ., I'll advise they try to rack up hours working in a production environment. Coding in your bedroom , doing a todo app is way drastic in change than when coding for production and enterprise uses cases .e.g ur custom tic-tac-toe app might not require custom domain or workspace implementation, but for productions, customers will require it. This single task alone will take you a to a whole new level of computing and it's gang of wahala that it comes with. Then when you must have racked up quite some experience, you start thinking as a product engineer and not a software engineer. A SE can write code, but a PE can deliver a fantastic product that has a market and passes customer validation.
Building a product as a SE alone is a recipe for disaster, it takes a more than writing codes. At this stage, you should try do one of two things for yourself. The first few might fail, dont give up. The next one will be a banger !!!



Hi @cixak95211, I really learnt a bunch of stuff from your comment and I'd be happy if you'll share you social handles so I can connect with, please...

I'm a starter with Node.js but I'm confident with my JS scripts and I can catch up so fast! I'm willing to tap from your wealth of knowledge and experience please, if you don't mind. Please revert

1 Like

Re: Node Js Gurus @nswer This Biko by cixak95211: 10:05am On Sep 19, 2020
Babtunz:




Hi @cixak95211, I really learnt a bunch of stuff from your comment and I'd be happy if you'll share you social handles so I can connect with, please...

I'm a starter with Node.js but I'm confident with my JS scripts and I can catch up so fast! I'm willing to tap from your wealth of knowledge and experience please, if you don't mind. Please revert

Do you have an email I could mail 'em to ?
Re: Node Js Gurus @nswer This Biko by Babtunz: 1:45pm On Sep 19, 2020
cixak95211:


Do you have an email I could mail 'em to ?
Thanks for you swift response
Yeah, I got your mail, but currently I do not have access to Whatsapp, I use Gmail and Twitter these days. Will it be okay if I send my Twitter handle or you would like to continue with the e-mail?

Please let me know, thanks.
Re: Node Js Gurus @nswer This Biko by crunchyDope(m): 2:59pm On Sep 21, 2020
cixak95211:

boss biko , how do yo change a value in a config file{dev or prod}?
(programmatically)
Re: Node Js Gurus @nswer This Biko by cixak95211: 5:31pm On Sep 21, 2020
crunchyDope:

boss biko , how do yo change a value in a config file{dev or prod}?
(programmatically)

i dont understand, why would u be changing values in production? Or you mean change values of a sample config file?
Give me on clear use case.
Re: Node Js Gurus @nswer This Biko by cixak95211: 5:32pm On Sep 21, 2020
Babtunz:

Thanks for you swift response
Yeah, I got your mail, but currently I do not have access to Whatsapp, I use Gmail and Twitter these days. Will it be okay if I send my Twitter handle or you would like to continue with the e-mail?

Please let me know, thanks.

Not a problem, Any one works, sir !
Re: Node Js Gurus @nswer This Biko by crunchyDope(m): 6:34pm On Sep 21, 2020
cixak95211:


i dont understand, why would u be changing values in production? Or you mean change values of a sample config file?
Give me on clear use case.
ok boss

i was thinking about the whole running process of this node js,and d updating the code thingy.

so am thinking abt having a core(app) running that checks the config file every 15 minutes.

when it checks the config file? it could see a new file to run...lets say there is a "{
new: " new new new"
}".

it would take that new and load it, and call the init() on it..

now after another 15 minutes it would check that file and voila! that new still has the same file instead of {new:""}..

so how do i change the new in the config file,

am using the config library
Re: Node Js Gurus @nswer This Biko by Nobody: 1:00am On Sep 22, 2020
crunchyDope:


same boat....
lol...still haven't done it... It's for a personal project so me doing it depends on my mood
Re: Node Js Gurus @nswer This Biko by MrJavaS: 9:07am On Sep 22, 2020
Babtunz:




Hi @cixak95211, I really learnt a bunch of stuff from your comment and I'd be happy if you'll share you social handles so I can connect with, please...

I'm a starter with Node.js but I'm confident with my JS scripts and I can catch up so fast! I'm willing to tap from your wealth of knowledge and experience please, if you don't mind. Please revert

I'm also a fellow JavaScript intermediate developer like you and I'd like us to connect
if you don't mind.
Re: Node Js Gurus @nswer This Biko by cixak95211: 9:49am On Sep 22, 2020
crunchyDope:

ok boss

i was thinking about the whole running process of this node js,and d updating the code thingy.

so am thinking abt having a core(app) running that checks the config file every 15 minutes.

when it checks the config file? it could see a new file to run...lets say there is a "{
new: " new new new"
}".

it would take that new and load it, and call the init() on it..

now after another 15 minutes it would check that file and voila! that new still has the same file instead of {new:""}..

so how do i change the new in the config file,

am using the config library

There is really no need to be checking the config every 15 mins, that is a cron job. Yes, crons have their use case but in this case, why dont you make whatever changes your config, send a webhook event. Saying "hello, config has been changed"
Now the server will just sit idle and wait to receive that webhook event and when it does receive it, it knows the config has been changed and can then proceed according to your demands. Just in case you were wondering, during ci/cd, the server does not run a cron job every now and then to see if a new branch or pull request has been merged, Rather, it sits idle and wait for that message to come in; and when it does come in, it looks at the message details and handles the request accordingly.
You save more server resources this way. I hope this comment has helped you.
Re: Node Js Gurus @nswer This Biko by crunchyDope(m): 10:51am On Sep 22, 2020
cixak95211:


There is really no need to be checking the config every 15 mins, that is a cron job. Yes, crons have their use case but in this case, why dont you make whatever changes your config, send a webhook event. Saying "hello, config has been changed"
Now the server will just sit idle and wait to receive that webhook event and when it does receive it, it knows the config has been changed and can then proceed according to your demands. Just in case you were wondering, during ci/cd, the server does not run a cron job every now and then to see if a new branch or pull request has been merged, Rather, it sits idle and wait for that message to come in; and when it does come in, it looks at the message details and handles the request accordingly.
You save more server resources this way. I hope this comment has helped you.

i am using the cron-job library to do the checking of the config , but looks like am going to make the core dependent on a file, and while am at it i would pick up the webhooks tuts. thanks!
Re: Node Js Gurus @nswer This Biko by Babtunz: 12:24pm On Sep 22, 2020
MrJavaS:


I'm also a fellow JavaScript intermediate developer like you and I'd like us to connect
if you don't mind.

Sure, I'd love to.
You can send me a mail with your twitter handle, I'll take it up from there. Looking forward to learning with you!
Re: Node Js Gurus @nswer This Biko by crunchyDope(m): 4:15pm On Sep 22, 2020
cixak95211:


There is really no need to be checking the config every 15 mins, that is a cron job. Yes, crons have their use case but in this case, why dont you make whatever changes your config, send a webhook event. Saying "hello, config has been changed"
Now the server will just sit idle and wait to receive that webhook event and when it does receive it, it knows the config has been changed and can then proceed according to your demands. Just in case you were wondering, during ci/cd, the server does not run a cron job every now and then to see if a new branch or pull request has been merged, Rather, it sits idle and wait for that message to come in; and when it does come in, it looks at the message details and handles the request accordingly.
You save more server resources this way. I hope this comment has helped you.

boss you are too good..

instead of the webhook am using "fs.watch" which eliminates the cron job tasks..and just re-require the json file .
Re: Node Js Gurus @nswer This Biko by cixak95211: 6:56pm On Sep 22, 2020
crunchyDope:


boss you are too good..

instead of the webhook am using "fs.watch" which eliminates the cron job tasks..and just re-require the json file .

I'm flattered. Thank you.
If you are referring to the node js' fs.watch, yeah that works fine . . i like to use webhooks generally cos they are "language & platform agnostic"
I should prolly start a Youtube channel one of these days.

(1) (2) (3) (Reply)

Why Will The Fg Allow Sidmach Tech Take 100% Control Of Jamb Website? / Java Tutorial: Beginner's Guild / Why Is C++ So Hard?

(Go Up)

Sections: politics (1) business autos (1) jobs (1) career education (1) romance computers phones travel sports fashion health
religion celebs tv-movies music-radio literature webmasters programming techmarket

Links: (1) (2) (3) (4) (5) (6) (7) (8) (9) (10)

Nairaland - Copyright © 2005 - 2024 Oluwaseun Osewa. All rights reserved. See How To Advertise. 100
Disclaimer: Every Nairaland member is solely responsible for anything that he/she posts or uploads on Nairaland.