For some reason, I’ve implemented oAuth way more times than I imagined I would when I started my career. I recently had to go through the Google login flow again. As a company that holds so much data on its user, Google has rightfully tightened the rules on who can implement Google Login. I’m not sure if it has anything to do with GDPR or CCPA, but things seem to have changed a lot over the last couple of years (2018/2019).
If you are embarking on a journey to implement Google Login, I hope this blog post will help you with planning out the project, so it doesn’t have to delay.
Figure out the type of user data you’re accessing
I’ve written a couple of posts on how to use http modules, because when I started getting into coding with Node, I felt like I needed to learn the native APIs to evaluate the technology better. The understanding gave me a glimpse of the design decisions that Node has made over the years that made it so great. Knowing the native implementation made it clear to me at the time that this was going to be a technology that would play a significant role in web development. I wasn’t wrong. By investing my time in Node, I had a head start on the technology and benefited a lot from it in my career in the past few years.
Do not write your app with the native Node https module.
Here are the reasons: Continue reading Don’t use Node native http(s) module to write your web apps
There are lots of tutorials written to teach people how to use popular Node modules to handle routes and creating http servers, like Express or Koa. We all get too spoiled by the easiness of Node packages that we forget how easy to use Node core functions are. It’s tempting to import a library for every functionality we want to implement, but we should step back and think if that’s really what we need.
One of the main use cases for using only native modules is tests. Each test case is written for one scenario only. The code does not need to be extensible, because it’s not exported to anywhere else. The DRY (don’t repeat yourself) rule don’t apply to tests. You want to repeatedly test every scenario using slightly different case.
Packages like Express can handle a lot of cases for you, like taking in different types of routes, makes it easy to handle errors and then some. This makes the development process much faster but for tests these benefits irrelevant. A lot of things can happen because it depends on so many modules. I’ve run into many cases when there is a vulnerability found in a package that’s a submodule of a submodule of a submodule of a very reputable and well-maintained module, and our CICD process fails for a couple of days before we can put a patch in the module in question. The last thing a developer wants to fix in a failing test is the test itself.
In my experience, Node core is much more stable than any other node modules. It’s a very rare scenario that Node itself would break something and a library picks up the slack, which has been my experience following contributors of Node core and when they hear the needs of users and module developers regardless if they’re independent devs or large companies.
There’s also nothing worse than jumping into a big Node.js codebase where there are packages that’s 3.2M and only ~30 lines of code is used. Although, another bad practice is to write your own implementation for functionalities that have been well established by commonly used modules, and leave it poorly documented or tested. It’s a balance, and you as an engineer have to decide what to do based on your scenario.
- Use only native node modules in tests
- Node core is much more stable
- Reduce node_module size
Without further ado, here’s a snippet I always use to serve up pages quickly.
Continue reading Using the Native Node http Module to Start a Node Server, When and Why
Try the live demo of the working tutorial.
3-legged authorization(OAuth) is the “Login with XXX” button you see everywhere. It’s a login protocol that lets the authentication provider authorize your application with the permission of the user. It redirects users to a new page, signs in, and approves the use of the user’s data. Some companies provide SDKs to make the process easier like Google and Facebook login, but if you learn the general process once, you can implement this for any API that requires 3-legged authentication.
Instead of implementing OAuth yourself, there are lots of frameworks out there like Passport.js or paid services like Auth0 for you to use in a production application. This post is intended to be a tutorial so you can learn it and not be too frustrated with the process.
Since the most popular APIs like Google and Facebook already provide custom SDKs, I’ll use GitHub’s OAuth API because it doesn’t have an officially recommended SDK. Their API doc page is very succinct, so if you’re already a seasoned Web developer, just head over to their site and read their guide instead.
Continue reading How to do 3-legged OAuth with GitHub, a general guide by example with Node.js
A couple of weeks ago I finished the machine learning Coursera class by Andrew Ng. This has been a recommended supplementary class by some of my schoolmates doing a machine learning focus at Carnegie Mellon. My roommate had just taken it and as the only person on the team that actually followed through on the class, she was put on a machine learning project. I had someone to take it with, so I spent some weeknights and some weekends working on it.
I thoroughly enjoyed the class.
Continue reading A Review of Cousera’s Machine Learning Class
File uploads are trickier than it seems. There are a few ways to do it on the client side. It really is just sending a POST/PUT request to the server you’re uploading to, but set the content type to
multipart/form-data and the body is no longer strictly strings or JSON, but binary files, or any format you desire. One way to do it to use a form submission, which looks like this:
Continue reading Using fetch() to Upload a File
A couple of years ago I wrote a blog post on how to upload a file with formidable. I had the chance to write the upload function again, and found multer to be much easier to use. Here’s another beginner example.
This example saves your file into the file system.
Read the multer documentation to do different kinds of uploads.
Continue reading Simple File Upload with Express.js and Multer in Node.js
I gave a talk at JSConf China, for which I made a little demo in three.js. I wanted to be able to explain every line of code in ~10 minutes to people with no graphics knowledge. JSConf China is not a multi-track conference, everyone attending the conference hears the talk so I stuck to the basics.
Btw, the slides to my talk is here.
Demo with animation and controls
The demo was extremely simple. It basically:
1. creates a three.js scene with
2. adds some spheres to the scene with
3. animate and add controls to the scene with
Continue reading Bounce Some Particles with three.js
Here is a very simple, bare minimum example to demonstrate how Express 4 and body-parser module.
I’m using ejs as the rendering engine because it looks like html.
Continue reading Parsing Forms with Multiple Submit Buttons in Node.js with Express 4
Here’s a very simple upload example with express 4+ and formidable. According to Express doc:
In Express 4, req.files is no longer available on the req object by default. To access uploaded files on the req.files object, use a multipart-handling middleware like busboy, multer, formidable, multiparty, connect-multiparty, or pez.
So here’s an example combining the two.
The code is going to save the files you upload in disk under the folder
/uploads in the root directory of the project. Continue reading Simple File Upload with Express.js and Formidable in Node.js