What I want to do
I'd like to use Server-Sent-Events for notifications and another feature – I don't need to go into detail for the other feature, but it requires real-time updates taken from a database just like notifications do.
Possible alternatives
Websockets would be an option, but I think it might be a bit too much, as I only require a one-way channel for this. However I'm totally aware that I might be wrong here and Websockets could be the best option – feel free to school me on this. The current backend-setup is Node.js (Express.js webserver) with MongoDB.
Approaches I've seen so far
I've already seen some approaches on this matter, but the main issue here is that I'd like it to be as scalable as possible. Having a for-Loop constantly query my database is the worst approach I've seen so far. The best approach I've seen is observing the MongoDB oplog, but that one seemed a bit like a hack to me rather than a good, solid solution.
I posted a link to this question on reddit in the subreddit r/node where the user /u/PremJyotish221 told me to use Redis with PUB/SUB, and let me tell you... it works perfectly! :)
So to anyone stumbling over this with the same problem, I can absolutely recommend it. It's fast, easy, reliable, and scalable.
Related
I kept searching for a tutorial that explains the logic behind facebook notifications (or any similar notifications system) and I couldn't really find any that approach this.
I mean those notifications with a dropdown that say "X commented on your picture" and so on.
How would you guys build such a feature with node? (socket.io?) What would you store in the database? If someone can give me some references would be great.
I never did a notification system to be honest, but as far as I know, yes, sockets (and for node specifically, socket.io, it's the only one I know) can allow you to do that easily, you should look at their basic documentation to learn more about it and understand how it can be done, and yes you can at the same time as notifying the user about the like, store it in a database for further reference, you can store the time, the profile who liked the post, the ID of the post, this kind of things.
Hope I'm clear and that you will find socket.io documentation easy enough to build your notification system!
I've just started trying to use NodeJS and socket.io to create a simple multiplayer online game (similar idea to online chess). I apologise if the answer to my question is really obvious because I have tried googling around, but I think I am missing some key bit of understanding.
Basically, I need to store a few things on the server while the application is running. For example:
I need to store which socket connections are hosts, and which are players.
I need to store the current state of each game (e.g. in the case of chess, where the pieces are and whose turn it is)
It would also be nice to be able to store all the socket.io "rooms".
Feel free to answer the question at this point, information below is for extra reference.
There are a few things that I have tried or seen online:
When I google something with "persistence", I get results based on saving to a database or something, I don't think this is what I want.
I have tried just adding variables at the top of the NodeJS file, like I would with global variables in an ordinary JS file. This seems to work, but just feels wrong to me, if someone could explain how this works it would be great.
I have also seen things called session variables, I think this might be what I want.
I have seen applications that do this by just passing the information back and forward between to client and server, but I would prefer that the client couldn't just edit the information to "hack" to game.
Any help or explanation appreciated.
Nothing wrong with saving to a database. If your server crashes and restarts a few seconds later, you don't really want everyone's data to just be obliterated. I think you're thinking about it in the way that databases are always long-term and slow. But really, there are DB technologies great for this type of thing, and oft used with socket.io.
The one I'd probably opt for is Redis, which is super fast and stores data in-memory. This means that it's not constantly writing to disk, and it's a bit of a halfway house between having full persistent storage like with MySQL, and the slightly dodgy method of just keeping it in Node memory via variables.
When reddit created "Place", that massive multiplayer drawing with a tonne of concurrent users, they used Redis and Cassandra together. You can read a bit about it here.
I'm trying to secure my play application but I have no idea where to start. In play tutorial I have not found any chapter about that topic. As far as I see security topic is changing between play versions. So what are You guys using to secure Yours applications.
I'm new in Play so please forgive me if I'm asking obvious questions.
Edit:
Ok, maby question was't clear enough(I'm really sorry about that). When talking about security I mean that I need something to deal with users credentials and tool which allows me to restrict access to some pages and eventually to some rest actions in my application.
Edit2:
I'll try deadbolt2 now and we'll see how does it works. But I still encurage You guys to share Your knowledge about Play security with others:)
The documentation seems to still be a bit lacklustre on this topic, but essentially, authentication/authorisation functionality is usually performed using Action composition, which is the basis of reusable controller code in Play. There an example here (also linked from the docs that should help give you the general idea.)
Action composition in Play 2.2.x is done using ActionBuilders. These take a block which accepts a request and returns a Future[SimpleResult]. This allows the action builder to either execute the given block, or return a different Future[SimpleResult] (say, an Unauthorized in the case that a user's credentials did not check out.)
In our app we use the Play2-auth module for handling authentication with session cookies. This has (just) been updated to work with Play 2.2.x but uses a slightly different mechanism for action composition (stackable controllers.) You might be best off working out how the precise functionality you need can be accomplished just using the native framework tools before adding a dependency to it.
I agree with the other answers but just add that I use securesocial to integrate with other auth providers (google, FB, etc...), so I don't have to do auth myself. It's quite easy to get up and running.
https://github.com/jaliss/securesocial
Access control, security, etc. is a very wide topic, because it means very different things depending on context. This may be one of the reasons why Play has little documentation for it, which puzzled me at the beginning as well.
Play2 has some security helpers, namely it's the Authenticated method, for some insights on how to use it, check the comments in the source code. Its a simple method that you could implement yourself, and most do. It, essentially, just proposes a structure for where to place your methods that would check if request is authenticated and what to do if it's not.
Play2 also has some cryptography logic, which is used for signing cookies.
That's about it, you don't have any more pre-built security structures, but that's a good thing, because you don't want the framework making decisions like that for you, if it doesn't know in what context it will be used.
What is essential is to go and research how attacks relevant to your application are carried out, best practices and so on. I recommend going to OWASP, particularly the OWASP Cheat Sheets. If the list of Cheat Sheets seems intimidating start with the OWASP Top Ten Cheat Sheet. Don't mind the large volume of information, it's very useful knowledge.
I wanted to know if anyone has been using AirBnB Rendr and is it stable and ok to use in commercial projects or is it still changing a lot?
I'm developing a website which can run both client and server based, this mean I need to be able to render pages and widgets server and client based.
The server is running Node.js, dust.js and has custom server based code to render the pages and widgets on the server side. I need to pick how to handle it on the client side.
Naturally I want to try and not repeat code, but obviously the client is different I can:
Keep my current page based server rendering and develop custom
client side code.
Use backbone.js on client side and keep my server based code the
same.
Use AirBnB rendr that is based on Node.js and backbone to use the
same code on client and o server. AirBnB Rendr Library
I like the 3rd idea very much, but I'm looking for some input from you guys.
Has anyone used it? any experience with it in terms of stability and/or how often their api changes etc?
I've just started playing around with Rendr. If I ignore the learning curve and oboarding friction, I like it a lot and I plan to write my next large production app using Rendr.
Unfortunately, as bababa listed above, the documentation needs a lot of work. There is an explanation of how Rendr works in its README and the example app's README but beyond that you'll need to source dive in order to figure out how the gears are turning. Currently, there is no forum for questions (other than stack overflow :D) and I've had a hard time figuring out its idioms on my own.
Despite all the struggles, I finally see the light and I'm starting to understand why Rendr is so powerful.
tl;dr - If you're willing to source dive and figure out your own workflow, I would suggest using Rendr. Otherwise, I would recommend going old school by writing a traditional client app with a more mature library. (is it too early to say that? =X)
Well given AirBnb is a successful commercial enterprise, there's some validation that the library works well enough for them. This question is probably best answered by watching their github commit log for breaking changes. Given backbone is 1.0 and essentially stable at this point, rendr will probably quickly stabilize, but honestly your fear of instability is probably unjustified. I think rendr looks compelling and although my current project is using a very similar home-grown solution, I would consider using rendr in a future project or even porting our code to rendr. "Stability" per say is much less important to the web development community compared to other situations like packaged or embedded software.
I used (tried to use) and Rendr on a project and gave up. There are just to many limitations (currently) and the lack of documentation doesn't help. I ended up need to rewrite the source code to accomplish some things I would consider trivial with other frameworks, such as passing multiple collections to a view. It just wasn't possible (at the time I used it) and that was a deal breaker. Not being able to pass a collection of categories and results to a page was to much of a limitation.
I have no doubt it will eventually be ready for production use, but right now I would say unless you are an engineer at AirBnb and know how to hack the source then no, it's not ready.
If you really want to know if it will work for your needs, take a look at the issue list on github. That will give you a good idea where the projects at.
I want to rewrite a complete community website in nodejs,express and
nowjs with mongodb. Its currently in php using the codeigniter
framework. It includes functionality such as your own profile page,
photoalbum, guestbook, internal messages, contacts and more. And im
going to add an im to it and some other things like a forum and so on.
Its a pretty big project.
I have to make a decision about which techniques to use in the
webapplication. So i did a little research and found, node, Expess and
nowjs.
Should i stick to finish the application in php( codeigniter ), mysql
and ajax, or can i do this in express, mongodb and nowjs?
Can anyone recommend this for use on a live production site? And if
so, are there any security issues one should know about? General
guidelines?
Help would be really appreciated so i can make up my mind and finish
the project
Regards
George
The problem with Nodejs being young is not that it's a half baked product or something but infact it's growing very fast and new developments are being done at breath taking place. So you need to keep up with them while developing.
Otherwise there are huge projects out there developed totally with node and express. Take a look at expressjs.com/applications to see what kind of commericial projects are built using it.
As far as security, sessions etc. are concerned. Unlike ASP/PHP , you don't get most of the features out of the box. You'll need to either write them yourselves or using open source frameworks. Both ways you and only you have to ensure that your application has all bases covered. With flexibility, comes complexity.
It should be noted that Nodejs is optimum for real time I/O. If you think this is something which is required at your end then I highly recommend to go for it.
What you describe does sound like a big project.
If you have the time to spare, I would suggest picking a small portion of it that deals with managing secure sessions (e.g. the profile page). Implement that in Express to get a sense of how it compares to the existing PHP. If you like it, keep going.
Particularly when security is at stake, always try to use existing components when they are available. Node's minimalism makes it tempting to 'roll your own,' but it's very easy to make a security mistake with anything less than expert knowledge.