Node express now - node.js

I want to rewrite a complete community website in nodejs,express and
nowjs with mongodb. Its currently in php using the codeigniter
framework. It includes functionality such as your own profile page,
photoalbum, guestbook, internal messages, contacts and more. And im
going to add an im to it and some other things like a forum and so on.
Its a pretty big project.
I have to make a decision about which techniques to use in the
webapplication. So i did a little research and found, node, Expess and
nowjs.
Should i stick to finish the application in php( codeigniter ), mysql
and ajax, or can i do this in express, mongodb and nowjs?
Can anyone recommend this for use on a live production site? And if
so, are there any security issues one should know about? General
guidelines?
Help would be really appreciated so i can make up my mind and finish
the project
Regards
George

The problem with Nodejs being young is not that it's a half baked product or something but infact it's growing very fast and new developments are being done at breath taking place. So you need to keep up with them while developing.
Otherwise there are huge projects out there developed totally with node and express. Take a look at expressjs.com/applications to see what kind of commericial projects are built using it.
As far as security, sessions etc. are concerned. Unlike ASP/PHP , you don't get most of the features out of the box. You'll need to either write them yourselves or using open source frameworks. Both ways you and only you have to ensure that your application has all bases covered. With flexibility, comes complexity.
It should be noted that Nodejs is optimum for real time I/O. If you think this is something which is required at your end then I highly recommend to go for it.

What you describe does sound like a big project.
If you have the time to spare, I would suggest picking a small portion of it that deals with managing secure sessions (e.g. the profile page). Implement that in Express to get a sense of how it compares to the existing PHP. If you like it, keep going.
Particularly when security is at stake, always try to use existing components when they are available. Node's minimalism makes it tempting to 'roll your own,' but it's very easy to make a security mistake with anything less than expert knowledge.

Related

Guidance for C++ / Python developer to understand the web dev world [closed]

Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 2 years ago.
Improve this question
I am programming since quite some years now.
Until now I was mainly focused on writing "normal" applications which run inside a console or with a GUI, sometimes also applications which interact with hardware components such as sensors / actors / ...
During this time I got to know a lot of cool programming principles and tools such as object orientation, modularization, unit-testing, test-driven-development, desing-patterns, code-analysis, ..
Also I have some first experience with hosting a wordpress blog, running static web-sites on a nginx webserver, and writing some small php-forms. But I feel like there is still too much magic in all these web-development topics. And I would like to fill this gap and learn a bit more about all these connected scripting / programming languages and technologies. (Because I hate, when I don't understand how things are working :D :D )
I started with some online "Web-development bootcamp" course at udemy to get a rough overview. This took quite some days now and I think HTML, CSS and Javascript for DOM manipulation / animations are clear to me now. Also I heard a lot about NodeJS and all it's derivate languages and databases like Mongo-DB. But still I feel like there is a lot of things unclear to me.
To get to a better understanding I wanted to development some small web-application. Nothing very special, just some website where you have to login to, are able to generate some data and this data is then persisted into a database and once you login again you are able to see the data again.
I first started with developing some classes in Javascript to represent the data in the browser while you are logged in. But I very soon realized that the Javascript which can run inside the browser is very limited and already for unit-testing and modularization into separate files that include each other I actually needed to do some crazy work-arounds or use other server-side languages like nodejs / php / ... .
After some time coding I decided to take one step back, trying to understand the basic design patterns of web-applications and not running for a long time into the wrong direction.
My questions are:
Is there some typical way to go / best practice while developing web-applications?
What are the typical key players? I know there is the difference between front-end, back-end and databases.
But are there some do's and don't's that good WebDev's follow?
For example:
which code is usually written in back-end / server-side languages?
What is usually done in the front-end? (Only desing and animations?)
Do I have to move all business logic into the back-end, also for security reasons or is this maybe also a bad idea because of peformance reasons?
What programming languages are more or less dead and not to be used in the future?
What things are typically reused from frameworks, for example authentication and session handling?
Also I felt like some things I know from other programming languages are not so easy in languages like javascript / nodejs. I am willing to spend time and effort into learning all these things but I would also like to keep the quality standards that I know from C++ /
Python. On the other side I also wondered if these patterns that I have in my head are maybe just boundaries that are completely useless in modern web-development? (e.g. typing, object orientation, modularization / splitting the code to be very reusable )
What do you think am I on the wrong track here, or do I maybe simply use the wrong languages?
I hope the long text is not knocking everyone down / keeping everyone from answering me :o
I would really appreciate your help and guidance to understand everything a bit better and to not repeat the things already a lot of others have done wrong ;)
BR, mezorian
First off, most of the questions are very opionated (at least the answers are) and your question will probably be closed for that reason. So I will post my answer before completing it and expand on it after.
First off a good roadmap to become a web developer. I like it mainly because it shows the crazyness the web development world has come to (don't be shocked!): https://levelup.gitconnected.com/the-2020-web-developer-roadmap-76503ddfb327
Trying to answer some of your question (answers are my opinion):
Is there some typical way to go / best practice while developing web-applications?
I'm tempted to say there are as many ways to do web development as there are web-developers in the world, but that might be a bit exaggerated. If you want some guidelines, I'd pick one of the major web frameworks and learn the way they do web development. With web frameworks I mean all kinds of frameworks starting with JS-frameworks all the way to static site generators, etc. They all have their ecosystem and their own rules.
What are the typical key players? I know there is the difference between front-end, back-end and databases.
(personal opinion) I work with Go in the backend. I love it because it brings back some simplicity in the crazy world of choices being a web developer. Since you know C, Go will probably be easy for you. It has static typing, structs, etc, but no need to manually manage your memory. It is also much faster than most other backend languages used in web development (Python, NodeJS, PHP, Ruby, etc).
In the front-end I have used native JS, jQuery, React, Vue, etc. I'm still waiting for something that makes things easy again. Flutter seems to be something that has a good approach, but is not really a web front framework (yet). (Don't do public websites with Flutter! They are not indexable.) We'll see where it goes.
Databases I will not go into here as that is another huge topic. Let's just say that I'm more a fan of using multiple databases for their specific strengths rather than a big one that is supposed to be good at anything.
which code is usually written in back-end / server-side languages?
Even this depends largely on your choices (framework and preference). One thing for sure has to be in the backend and that is security related stuff. Anything you put in frontend code is visible to an experienced user.
Apart from that there are some ecosystems where you don't write any backend code but talk to a (cloud) service that is basically like a database with a web endpoint on top with secured login. (for example https://firebase.google.com/.) Here the security related stuff is baked into the service.
If you do both, keeping business logic in the backend is probably a good idea. If the frontend calculates something (for quick response), the backend should double check that (e.g. calculating the total in a cart). But this is too general. There can always be use cases where some business logic needs to be implemented in the front-end.
Do I have to move all business logic into the back-end, also for security reasons or is this maybe also a bad idea because of performance reasons?
Performance can be a problem, but mostly because the roundtrip time to the server and back. If you do that for every tiny information, the UI will become sluggish. You might want to think about doing e.g. a calculation client-side.
JS-Frameworks like React, Vue don't request html from the backend, but data and build the html based on that data client-side. I'd use them if I have a very data driven website / webapp, especially if it is user-dependent. Transferring only the data and building the html for every site from it in the browser based on user settings and data, saves a lot of roundtrips.
If you are worried about server performance: For the server to hit its limit, you'd need heavy usage of your website for that to become an issue (at least with Go). If you get there you can still use horizontal scaling (multiple instances of you server) to solve that. Unless you are working for a large company with millions of users daily, I'd not worry about scaling for now.
What programming languages are more or less dead and not to be used in the future?
Warning: Very opionated!
I'd say PHP is dead. Many headhunters I've spoken with agree with me. Companies are desperately looking for PHP developers, because many developers are moving on from PHP to something "cooler". You'll definitely find a job with PHP, but might not be so happy with your job. For me it is also a sign of how modern a company really is (if PHP is not it's main backend language (any more)).
Python currently has a big boom. Mostly because of AI development. I'm not sure if that boom is also in the web development, but I'd say not. I used Python before Go (5+ years ago) and before that PHP (8+ years ago). I rarely get Python web developer job offers (at least compared to PHP and Go).
Go is the language of the cloud. It is perfect for concurrent programming which is an essential part in web development (every http call should be handled concurrently). It is fast and light weight and doesn't need anything installed on the server to run (compiles to a single binary without dependencies).
NodeJS: Haven't used. I'm not a fan of Javascript (but it was (and kind of still is) the only option in the browser), so I never liked the idea of using it also in the backend.
TypeScript: might be an alternative to JavaScript (thinking of frontend here) if you like a more structured language.
It sounded like you want to build a user baser web app with data being managed by each user. This is what I would (probably) do in that case:
Backend in Go
Go serves static files (start html, css, js, images, etc.)
Go server has an api endpoint that serves data (e.g. REST style)
Vue (or React) in the frontend
Vue requests data from the api to build the user-specific content

Content management system

I'd like to ask is it smart enough to ship a web service/product without creating any CMS?
I mean in order to ship it faster and get some feedback from users it will be smart from my point of view to ship it w/out CMS and build it as you go but Im afraid from technical point of view - would it create any big problem that would be painful to solve?
Tnx.
Well, it depends on what you expect from the website. Should it be only a one-time web presentation, I think it might be okay to ship it without a CMS. I would also consider it fine if you didn't want to run a database for whatever reason (as most of the CMSs use database).
If the product is meant to be more complicated, it's definitely easier to start with CMS than to hack it in the product later.
However, if you decided for the latter way, you might find CouchCMS interesting. Though I haven't tested it myself, it looks very promising and easy to inject into an existing website.

how stable is AirBnB node.js rendr?

I wanted to know if anyone has been using AirBnB Rendr and is it stable and ok to use in commercial projects or is it still changing a lot?
I'm developing a website which can run both client and server based, this mean I need to be able to render pages and widgets server and client based.
The server is running Node.js, dust.js and has custom server based code to render the pages and widgets on the server side. I need to pick how to handle it on the client side.
Naturally I want to try and not repeat code, but obviously the client is different I can:
Keep my current page based server rendering and develop custom
client side code.
Use backbone.js on client side and keep my server based code the
same.
Use AirBnB rendr that is based on Node.js and backbone to use the
same code on client and o server. AirBnB Rendr Library
I like the 3rd idea very much, but I'm looking for some input from you guys.
Has anyone used it? any experience with it in terms of stability and/or how often their api changes etc?
I've just started playing around with Rendr. If I ignore the learning curve and oboarding friction, I like it a lot and I plan to write my next large production app using Rendr.
Unfortunately, as bababa listed above, the documentation needs a lot of work. There is an explanation of how Rendr works in its README and the example app's README but beyond that you'll need to source dive in order to figure out how the gears are turning. Currently, there is no forum for questions (other than stack overflow :D) and I've had a hard time figuring out its idioms on my own.
Despite all the struggles, I finally see the light and I'm starting to understand why Rendr is so powerful.
tl;dr - If you're willing to source dive and figure out your own workflow, I would suggest using Rendr. Otherwise, I would recommend going old school by writing a traditional client app with a more mature library. (is it too early to say that? =X)
Well given AirBnb is a successful commercial enterprise, there's some validation that the library works well enough for them. This question is probably best answered by watching their github commit log for breaking changes. Given backbone is 1.0 and essentially stable at this point, rendr will probably quickly stabilize, but honestly your fear of instability is probably unjustified. I think rendr looks compelling and although my current project is using a very similar home-grown solution, I would consider using rendr in a future project or even porting our code to rendr. "Stability" per say is much less important to the web development community compared to other situations like packaged or embedded software.
I used (tried to use) and Rendr on a project and gave up. There are just to many limitations (currently) and the lack of documentation doesn't help. I ended up need to rewrite the source code to accomplish some things I would consider trivial with other frameworks, such as passing multiple collections to a view. It just wasn't possible (at the time I used it) and that was a deal breaker. Not being able to pass a collection of categories and results to a page was to much of a limitation.
I have no doubt it will eventually be ready for production use, but right now I would say unless you are an engineer at AirBnb and know how to hack the source then no, it's not ready.
If you really want to know if it will work for your needs, take a look at the issue list on github. That will give you a good idea where the projects at.

Development Platform for Small application

I will soon be developing an application to log and priorities worker shifts. It only needs to be small, and simple, but I am wondering what framework to use. All that needs to happen is boxes with names are in 3 lists, and the user can switch these around at will. It must log the times, which I will need access to in real time.
Im new to application development of this sort, and would like any suggestions. I have time to learn new technologies / languages.
Portability / device independence would also be useful. Should I consider a Web Application in Javascript? or something more like Python.
Thanks.
Even if your application is going to be simple that does not mean that whole system will be simple too. I can imagine that your app will serve only as a front end to something much bigger. If that is a case and you really have freedom to choose what language you will develop your app with consider choosing something that you will feel comfortable to work with. But before you will make your decision I would go to whoever gave you that task and try to get as much information about it as you can because expected features can help in choosing technology.
First of all, it seems that it is up to you to decide if it should be web or desktop app. In my opinion it is completely wrong situation. You should get clear requirements on what kind of application customer expects and in what environment it should work. And I would not move a finger towards a code before somebody gave me that information. You write that portability and device independence would be useful but is it actual requirement or you just think it would be nice feature to deliver?
EDITED (to answer a question in comment)
Probably there is as much possible solutions as people that would answer you so in the end you will have to make your own choices.
One way of doing it (considering that you want to learn something new and have a challenge :) would be implement WCF service that would act as a data provider from your database (so every GetUsers(), GetVacationDays() methods would be in it) and it would take care of some business logic (for example CalculateMaxValidWorkingTime() or whatever). That service would be a real power horse of your system. Since you don't have clear requirement whether it should be desktop or web app you could satisfy both possibilities by creating thin clients that would communicate with your service and they would be just a pretty front ends. And if you keep in mind that you can consume webservices practically with everything from C++ to .NET (C#/VB) to Javascript to Python to PHP after you done with service you would not be constrained with one particular technology/language.
Regarding databases I won't advice because personally I hate dealing with them and it always was somebody else's task to provide me with pretty API :)

best language / framework for a web CRUD app with roles on Linux

I have a Linux web server and I'd like to make some database tables (currently in Access) available on the web for CRUD. There needs to role-based security. What's the quickest path to develop this?
Also, which database would be best? I already have mySQL running on that box if it makes any difference.
I agree with Chuck, the question shouldn't really be about the language, but about the framework you choose.
I did something similar to you a while back, and ended up using Ruby on Rails, and the activescaffold plugin (http://www.activescaffold.com/) to provide a pretty front end. The actual code I ended up writing was extremely minimal. There are other plugins for Rails which provide role based security too (which I didn't bother with, I just had "you're either logged in and have write access, or you're not logged in and you don't") and which also mean you don't have to write much stuff yourself.
So put me in the camp for Rails come the religious war ;)
Edit: MySQL is a perfect database to use, so you don't have to worry there.
This will turn into a religious war between the Ruby on Rails camp and the Python camp, with a good smattering of the PHP and Perl. You should evaluate the langauges yourself and decide what is best for you. There are, of course, other choices, however listing those would just elicit mroe religious battles. Although, I would say all of those I listed would be reasonable choices. You can usually create a good design in spite of any shortcommings your chosen language may have.
I don't think language is the question you should be asking. There's no language particularly well-suited to CRUD Web apps. There are many frameworks designed for that sort of thing, though, in many different languages, and those are probably what you'll want to look at.
I think Rails is the best in general, and that's what I use for most projects. It's very well-suited to CRUD apps (to the point where it allows you to create a simple one without writing any code at all). But if there really were an undisputed "best" choice, you'd probably already know about it. Instead, some apps are made with Rails, some with Django, some with Cake, and so on and so forth.
If you want a solid, clean, stable CRUD web app that can be maintained and expanded for years to come, stick with the standards: PHP, Perl, JavaScript, CSS, and HTML. Learn those roots languages well. Take the time to do it right and focus on good coding habits like clarity, consistency, and organization. Practice good reuse of code, good naming, good commenting, and good database design. Test, document, and refactor. Take pride in the craftsmanship of your CRUD app. Learn it inside and out. Set the stage so you can later maintain and expand it. Your goal is to build something that will work well, last a long time, and make a great return on the business investment. Someone once said that it takes 10 years to become a good coder.
As for frameworks, plugins, and external libraries, that's wonderful icing to put on your cake. But never confuse the icing with the cake. If you want to learn to code, take the time to learn it right. If you're not comfortable coding a simple CRUD app, you'll be even less comfortable trying to navigate the framework-generated code. Coding is a wonderful gig. But never mistake the sizzle for the steak.

Resources