Where are HTTP Status Codes first available in the IIS Pipeline ? - iis

Does anyone have any information on where the HTTP Status Codes (200, 404, 500, etc) are first available in the IIS Pipeline? I'm trying to write a series of http modules and handlers for error handling purposes and I don't particularly want to duplicate requests/responses to get the values.

Take a look at any of the events here, and take your pick :)
http://msdn.microsoft.com/en-us/library/ms693685(v=vs.90).aspx
Theoretically, the status code can be changed by any of the http modules in the pipeline; it just depends on which events they are subscribed to.
For example, an authorization module may subscribe to the OnAuthorizeRequest method, and perform its logic at that time, and change the status code if needed. In another case, a classic ASP app may run as a handler, and you won't be able to determine if the status code is 500 until OnPostExecuteRequestHandler. Finally, an error in a logging module may generate a 500, which doesn't occur until the request processing is nearly finished (OnLogRequest)
Further complicating matters, some handlers may spit out unbuffered data during execution, so it could be in any of the OnSendResponse events, which don't come in any particular order, and the status code could have changed between responses.
So, it really depends on what you're trying to achieve in order to approach this effectively. If you could provide more detail, perhaps we could formulate a solution.

Related

Is ending responses in Express with a status code always necessary or recommended?

I'm confused about this. I have seen a lot of people ending responses with just res.send();. At the same time, some tend to include a status code, like res.status(422).send();. I understand that this is useful when a user, for example, has sent a request to /log-in/ with data that represents a type different from the one needed and appropriate. In such cases, I'm ending my responses with res.status(422).send();. If I'm expecting a username, but I instead receive an array, it seems to me that such an approach is appropriate. However, if everything is technically alright and the user has just entered a username that does not exist, do I need to include a status code? When such a thing happens, a message under the form will be displayed instead. And res.send("This username does not exist."); is the function I would call. Should I call res.status(401).send("This username does not exist."); instead?
Technically you are not forced to use status codes however it's recommended to follow the best practices.
When the user does not exist return 404 not 401. 401 is unauthorized
When user input is not expected, that's validation error(bad request) and return 400 instead of 422. 422 is used in slightly different scenarios.
Read more about it 400 vs 422
More details about http status codes
Yes, status codes are very important as a good practice I would prefer 404 instead of 401 in your case res.status(404).send("This username does not exist.");
stackOverflowAnswer
Why do we use the status code?
To make your debug life easy/ better error handling and to log the error in production to know the severity of the error your application has in case it crashes.
How to Specify statusCode in Node.js
When to use what status code
By default, Express answer all endpoints with 200 unless you didn't specified an endpoint, in this case it will automatically reply with 404.
by the way, Express also has res.sendStatus() function that ends the request and sending status
This has to do with your api design. Generally you would be publishing your api specs (Api specification) and there would mention how your client can find out if something is going wrong or going fine.
HTTP Response code are some of easiest way to inform client about outcome of request. So they don't have to go inside the payload of response to check what was outcome. Since most of codes are well know and there is consensus you will write more standard code which works with network elements like proxies, load-balancer etc and understandable developers.
Advantages of status codes

Correct reporting on RESTful-APIs

A part of Application insights, is where it shows the 4xx errors and of course it makes sense for example when a page or media has been requested but it doesn't exists. But when it comes to logic of your application, it becomes annoying.
For instance, lets say the one has to validate title of a post to make sure it follows some rules (like not having curse words, not being duplicate, etc.).
I will implement this as a service "VerifyTitle" and return corresponding 4xx response with a message to Front-end and they need to just check for 4xx and show the message.
The code is simple and works perfectly fine and the user will see the expected behavior on the page, but in the application insights I have 100 Failures :\
You can't blame Application Insights for not being able to distinguish logical errors build in by the developer from real world (connectivity) issues.
That said, you might be able to exclude them using custom telemetry filters, see the docs. But then you should provide a way to tell the differences. You can use the request path for example to exclude certain endpoint or something else.

Node.js: Should I discard request on error?

When I build server using Node.js. Requests can sometimes fail. For example, there can be error in parsing POST data. When any error happens:
should I continue handling the request and risk that some of those POST data may be corrupt or missing and respond as if nothing happened (or respond and notify the user, that some error happened)?
try to reparse POST data (and if it fails for, let's say, 3 times, stop trying, add error to error log and show error page to user)?
stop the request handling immediately and throw 500 error?
What is the best way?
The key questions to ask yourself in this situation are IMO:
do I know why the error happened;
can I recover from it?
The answers depend solely on your application. Generally, retrying something only makes sense if you can expect a different outcome with the next attempt. This typically applies to various unexpected errors when integrating with external systems. On the other hand, if the error that you get clearly states that it received e.g. a bad request, or that a file does not exist, then this is probably not going to change no matter how many times you retry the same operation.
If your business rules allow you to continue the operation while ignoring the error entirely, then do so. If your business rules allow you to carry out the request partially and you're able to report the partial failure - then do so. If the error prevents any processing of the request whatsoever, then you'll have to terminate it and report back to the user.
It seems to me that you had a particular situation in mind, so let me address request body re-parsing. In a proper system doing this should be utterly pointless - if you expect different outcomes, then there is something fundamentally wrong with your setup because the body of a request should not change once it's received. Your application should never modify request data in any way.
As a more general rule - if you expect that something unexpected might happen in your application, but you have no idea when, why or how, then there is something wrong with how the application is structured / executed. You should own your code and know exactly what it does.

Trouble making a request to an API after the last 'session/end'

I'm currently working on a custom reporter that sends test results to Sauce Labs. The current version of the reporter can be found here.
The problem with it is that it doesn't send the data after the last session. For instance, if I have 2 browsers to test on, it will only send the results for the first browser tested, stopping before sending the second one.
The request is made at the 'session/end' topic from the ones available. From what I can tell the entire thing stops before the last request is made.
I made a more isolated custom reporter to show off the problem using setTimeout() instead of a request. See it here.
Thanks!
The Intern process exits explicitly immediately after all sessions are complete (after /runner/end is published), so an asynchronous operation like that is unlikely to have enough time to complete successfully.
Intern 1.2 will contain an improvement so it will wait until any outstanding operations complete, and this will work as you expect it to.

I need to validate and send feedback to a participating server. How can we add Netty request code channel.write() within handler code?

I am coding for a Netty based Notifying Server, which takes in Message Buffer many hundreds at a second from a Server(A) through RPC, and then sends it to an Http Real Time Server, after checking for the validity(the validation consists of checking for a tag ID and its value). If the validation is not successful, the System needs to send an error feedback back to the Server(A) with an Error Code.
I intend to write the validation logic inside a handler, but how do we make the handler to send the feedback if message is found to be invalid?
Can we include database code also into a handler, so I can persist the validation specific details to a Database? Will adding this DB code handicap the Netty performance? If Yes, what's the better way of using a Database (insert) code inside a handler?
Please can anyone guide me? Can I write the DB code inside an Executor?
Kindly excuse me if I am asking a too basic questions. I am still on Learning phase.
Let me try to answer the questions.
1) I think it does not not matter if you want to send an ERROR or SUCCESS response. Just use Channel.write(..) to write it and have an encoder that can handle the encoding to a ChannelBuffer. There is not difference here
2) You should add an ExecutionHandler in front to make sure your db calls do not block the IO-Thread. See [1].
[1] http://netty.io/docs/stable/api/org/jboss/netty/handler/execution/ExecutionHandler.html

Resources