Learn all the Nodes

Screencasts exploring, explaining, and expanding the world of Node.js

Latest Episode

(22 September 2014) When a site becomes as overwhelmingly successful as NodeSlash and your project are becoming, you'll need to take mind to keep it as secure as possible. While no amount of security will deter the most determined of attackers, there are a few things we can do that are the digital equivalent of not leaving the front door open with a big sign that says, "haxor me." In today's episode we're going to learn about an attack vector called cross-site request forgery and a means to deal with it.

Don't miss an episode!

Sign up for our mailing list to be notified when new episodes arrive and for other Node.js information.

34. Anatomy of a cross-site request forgery attack

(22 September 2014) When a site becomes as overwhelmingly successful as NodeSlash and your project are becoming, you'll need to take mind to keep it as secure as possible. While no amount of security will deter the most determined of attackers, there are a few things we can do that are the digital equivalent of not leaving the front door open with a big sign that says, "haxor me." In today's episode we're going to learn about an attack vector called cross-site request forgery and a means to deal with it.

33. An app-aware console

(15 September 2014) Sometimes when you're working on an app you need to be able to run arbitrary commands. You want to play with your app's modules without running a server. You just want to be able to execute arbitrary statements and immediately see the results. You want a REPL, or read-eval-print-loop that knows about your application. You can achieve this with the basic `node` command and a few `require` statements, but why stop there when you can get crazy with it? That's exactly what we do in this episode.

32. Why you should never use latest as your version

(2 September 2014) This episode is going to be a bit of a "how the sausage is made" episode. I had grand plans for one that paints me in a better light for this week, but due to a snafu, we get this one instead. In this episode we're going to be brief and we're going to talk about versions in your package file

31. nvm: Node Version Manager

(25 August 2014) So, we've already completedb 31 episodes, and I really have no idea how you've actually installed Node.js. When I started the series, I did so with that bird's-eye overview of how Node works. I figured you'd stop watching if we didn't get quickly into actually building *something* (even if it was ridiculous), with Node. In this episode, I'm going to show you how I installed Node and a fantastic tool for managing different Node versions. Node is under active development, so new versions come out pretty regularly. With today's episode, you'll be able to experiment with the new ones with ease.

30. Auto-restart your dev server with this one weird trick

(18 August 2014) So here we are at episode 30. We've seen a whole lot of node, and we've spent a lot of time restarting the server. Given how quickly our server restarts, that hasn't been terribly painful. But what if it could be better still? What if there were a way to have our server automatically pick up our changes without our manual effort? That's just the topic for this week's episode.

29. Upgrading an actual app to Express 4

(18 August 2014) In our last few episodes we highlighted some of the useful new features in Express 4, hoping to make the case for why you would want to upgrade an app to it. We also looked at some functionality we already knew about and how it changed in Express 4. We looked at all that in the context of a toy app that didn't do anything remotely useful. In this episode we take our knowledge of Express 4 and apply it to an actual application-- that web sensation NodeSlash. Why take the time for it? Well, new features are nice to learn in isolation, but businesses aren't built on toy apps. And the project you're working on probably isn't tailored just to show off what Express 4 can do. You work in real code, so you need to see how to upgrade real code.

28. Making values available to all views

(4 August 2014) In this episode we're going to cover something we've seen in passing in other episodes, but that we haven't really explicitly called out. It's a rather important technique, and I would find it sad if we just lost it in the cracks of everything else we're putting together. Today we explicitly call out how to make values available to all of our views without adding them at each `render` call.

27. What's New in Express 4 (Part 2: the router)

(28 July 2014) We continue this week with looking at the other major feature upgrade in Express 4: the router. It received a lot of work and believe it or not, the project maintainers gave us an even better router. What I find exciting about the new router is that it's going to help us modularize our code much more clearly than before, and it also makes it much clearer how the routes and middleware play together. Why? Because the router itself is now just a middleware. How we can use this for fun and profit is the topic of this episode.

26. What's new in Express 4 (Part 1 - the middleware)

(21 July 2014) Express has served us amazingly well. It's one of those "I can't imagine writing a Node app without this package" sort of package. Not all that long ago Express version 4 came out. As far as major version updates go, this is one of the less painful ones that we could do. In this episode we're going to have a high-level look at what Express 4 introduces.

25. Authorization (Part 2: Ensuring they have permission)

(14 July 2014) In our previous episodes with Passport we've set up a way to verify that a user is who the user claims to be. We can log users in, keep them away from pages that require them to be logged in, and we even convinced ourselves of that via Firebug and the Node console. Firebug and the Node console won't pacify our users much if nefarious actors are able to own their data in our apps. In this episode we're going to ensure that our users have the permissions they're claiming, and we do that with a package called "authorized".

24. Style tricks for the design impaired

(7 July 2014) Do you develop great backend systems but find that making a website look nice is a Dark Art? Do you ever wish there were some easy fixes for that problem? That totally describes me. Unfortunately, there's no way to make design easy or mechanical. But there are few tricks you can drop in to spruce up your struggling pages. We've already seen how Bootstrap can do wonders for us, but it doesn't stop there. In this week's episode we look at a few more tricks savvy developers can use to fake the appearance of design skills or that experienced design folks can use to save some initial setup.

23. Authorization with Passport (Part 1: Ensuring they're logged in)

(30 June 2014) Thus far with Passport we've created a sign-up form and submitted it to our server, and we responded appropriately based on whether or not our user sends us a valid email/password combination. And that's a good stepping stone, but it's not quite enough for an effective application. We need to prevent access to entire sections of our application based on whether or not the user is logged in. In addition to that, we want to remove visual oddities like having the sign out link show up even if the user isn't logged in. Also, we want to hide the sign *in* link if the user already is logged in. Well, sit right back, because these problems are exactly what we solve in this episode.

22. connect-flash

(23 June 2014) When you're writing a web app, often times your users are going to do things in the app for which you would like to display little notifications. These need to be independent of which page they're on, and they don't show up with every page load. These messages are sometimes referred to as flash messages, are no way related to the successful Adobe product, and are the topic of this week's episode.

21. Password Authentication in Node with Passport

(16 June 2014) Last time we did the overview of Passport. We installed it into NodeSlash and talked about how the various pieces fit together. That may not yet have helped you with your project. You didn't really learn how to set up and *use* Passport. You didn't end last week with code allowing you to log your users in. This week is different. Today we actually write the code that will let us log our users in and out.

20. Password Authentication in Node with Passport (the Overview)

(23 April 2014) We've actually created a sign in page. You may not remember it, because it's been a few episodes since we did that. And if we define "work" as we can submit a username and password and check against them, then yes, it definitely does "work". But we need more than this. We're going to have pages that we want to protect. We want to restrict access to authenticated users. We want that user authentication to last for more than a single page. We want our rag-tag adventurers to actually be able to *log in* and not just validate their username and password. That is exactly this episode's topic, and we solve this with a node package called passport.

19. Bootstrap and Node

(8 April 2014) Well, last, wee... episode, I mean, we integrated Less with NodeSlash, which we used to awesomely display a message in administrator blue. That was a fun start, but this time we're going to kick it into high gear by integrating with Twitter Bootstrap. Bootstrap's home page defines it as "The most popular front-end framework for developing responsive, mobile first projects on the web." What it boils down to is a CSS file and accompanying JavaScript files that provide a jumping off point for building a web UI. Rather than defining your own typesetting, margins, columns, grids, and so forth on your own, you can pull in Bootstrap's and get running faster on building your site or app.

18. Less is moar

(17 March 2014) When I show up at a homepage like how NodeSlash's currently is, I know I'm just itching to whip out my payment card and send that company some money. Everything about it screams professionalism and increases my trust factor. Oh wait. No, that's the exact opposite this homepage screams. We need to clean this up so that NodeSlash doesn't look like a complete wasteland, or worse, a warez site. Enter Less. Less is what we call a CSS pre-processor. Browsers for right now only understand CSS, yet writing raw CSS I think is a real pain sometimes. Especially as a developer. Let's have a look at some of the problems that Less solves.

17. Testing route handlers revisited

(10 March 2014) When we tested route handlers last week, we tested them in isolation. That's a useful way to test, but sometimes we also want to test exactly how a browser would. That means we need to simulate sending HTTP requests to our application rather than just running some functions. We do this with the Node module `supertest` which is built in part on `superagent`. Testing in this way will run our tests through our routing and middleware stacks, giving us test coverage that our strategy from last week did not.

16. Testing route handlers

(3 March 2014) I’m going to go out on a limb here and assume that the apps you want to write will respond to incoming HTTP requests. As such, you’ll likely want to make sure that those requests trigger the correct changes in your application state. Last week we wrote tests that made sure our data layer did it was supposed to, but wouldn’t it be nice to know that we had wired up our route handler the way we ought to have? Well, that’s exactly what we get into with today’s episode.

15. Testing in Node.js

(24 February 2014) A lot has been said about test-driven development over the years, and that has ranged from a deep understanding of it to simply repeating slogans. Writing tests, and especially writing them first, can have a lot of benefits, but testing is just a tool, and tools are no substitute for proper software design. Regardless, we can’t use tools without knowing how to use them, so in this week’s episode we dive into testing using Mocha. Mocha is a testing framework that provides us with a way to organize tests and group them together logically. Paired up with the `assert` module that's built right into Node, Mocha quite nearly takes care of all the framework we need to write tests. We won't get into testing our route handlers here, but this episode will give us the core that we need to start testing our domain layer.

14. Creating user accounts

(17 February 2014) We created users by asking them just for an email address. So, if you knew your friends' email addresses, you could log in, sell their loot at the auction house, and leave them stranded in an unfriendly location. Perhaps you wouldn't do that to your friends. Well, apps are serious business, and so we're going to add password protection to the accounts. The first rule of storing passwords is that you don't store passwords-- you store hashes of those passwords. In this episode we show how to use `bcrypt` and tie into Mongoose's middleware stack to slickly handle hashing user passwords.

13. Custom validations in Mongoose

(10 February 2014) If you’re willing to trust the input that you get from users, then I have a bridge in Brooklyn you might be interested in buying. In seriousness, we need to make sure that our users are supplying us valid input. One way of validating that input is to have our data objects define what is and isn't valid data. This is the approach that frameworks like Ruby on Rails (or more specifically ActiveRecord), and Mongoose provides the same capabilities. We'll look at using Mongoose's built-in validators as well as how to use our own custom ones. We'll even get to see a little gotcha, because there's always a gotcha.

12. Unique records in Mongoose

(3 February 2014) Databases can have repeat data in them, but there are some pretty obvious cases where we don’t want 2 different entries to have the same values. (Here’s looking at you, user authentication). If our users log in with their email address, then we certainly don’t want to have more than 1 user record having the same email address. So how do we enforce that with Mongoose? In this episode we'll see how to ensure uniqueness of values in our MongoDB records.

11. MongoDB + Node = Mongoose (an intro)

(27 January 2014) At long last we're going to see how to hook Node up to a database. While there are probably some apps that don't need to store their own data, it'll still expand the range of possibilities to learn how to hook our event-driven I/O to a database. We're going to use MongoDB, and we'll access MongoDB through the great ODM Mongoose. ODM stands for "Object-Document Mapper". If you've heard of an ORM before, an ODM is like that but for document-based stores like MongoDB. Mongoose will give us some convenient abstractions for working with our MongoDB objects. This is just a primer on Mongoose. Like a few of the other things we've covered, it's way too much to tackle in a single episode. So be sure to tune in next week too, when we get to more powerful features like using indexes and data validation.

10. More advanced Jade

(20 January 2014) We're going to round out or Jade knowledge with a look at its more advanced features. Have a list of things you need to iterate over? We've got you covered. Want to include Markdown in your template? There a filter for that. Do you want a style question to start a Twitter flame war over? It's all included in this very special double-digit episode. When you're done watching this, you'll have all the tools you need to write markup for your Node.js projects.

9. View templates in Node.js with Jade

(13 January 2014) Our days of writing inline HTML snippets inside our route handlers are over! You may have enjoyed dealing with files several hundred columns wide, and you're free to continue doing so, but that is not the direction this series is going to take. We're going to see how Express supports view template engines, and we'll look at the Jade template engine in particular. Jade is similar to HAML, if you've ever used that, and it is a sort of short-hand for writing HTML. It lets us get more HTML with less code by removing the need for closing tags (using indentation to indicate parent-child relationships), removing the need to ever type `div`, and other tricks. In addition, it also lets us embed JavaScript evaluation so that we can have dynamic content. This is 1 of a 2-part series on Jade, so be sure to come back next week as well for some more advanced features.

8. How to structure a Node app

(6 January 2014) A strength and weakness of Node is that it imposes no structure on your application. While this gives those very familiar with it a lot of freedom, it does give the newcomer a little difficulty when knowing how to get started. Express helped us a lot, but we're still having to come up with where to put files. This episode presents a solution, proposing an app structure that has successfully taken some apps from inception to production. We don't build a framework, per se; we just show a way of organizing our app so that everything has a place, and we know where to find what we're looking for. As a bonus, we get to see a judicious use of a global variable and how we define them. We also make the app more meta in that it becomes aware of itself.

7. Node code in other files

(30 December 2013) We've had lots of fun so far, but our application is getting out of hand. We've been cramming everything into a single file. It would sure be nice if we could put code into other files so that we don't have to look at everything all at once and get lost. Node certainly does have a mechanism for this, and it's the `require` function that we've already seen. But it isn't quite as straightforward as it may seem. There's more to `require` than meets the eye, and in this episode we demystify Node modules and how the `require` function works. We'll figure out where Node looks for files that you `require` as well as the difference between `exports` and `module.exports`. This is a longer episode, but this is a fundamental Node concept and well worth understanding properly.

6. Deep into custom middleware

(23 December 2013) After looking at some of the stock middleware Express gives us, we're ready for a deep dive into custom middleware of our own. But we don't stop there! Just in time for Christmas we have a real beefy episode that also shows how the order of routes and middleware matters. We'll see some really important gotchas to watch out for, setting you up to save hours in the future for mere minutes now. You'll also see how to deal with sessions in Express as well as how to render a custom 404 page and how to structure that in an app. We also look at how to set up middleware to catch server errors and how to separate concerns in dealing with those.

5. Middleware in Express

(16 December 2013) Express's middleware feature will make your apps easier to follow. That means you'll have fewer bugs, and when you come back to your code a few weeks later, you'll be much much more able to pick up where you left off. Express middleware is a method for modularizing your app and separating concerns. Why should your photo upload code care about loading in the current user? It shouldn't. It should just assume that if it gets invoked, then we have a current and valid user. Using middleware lets you get this sort of concern out of your business logic, keeping your request handlers straightforward. Express ships with a pretty rich body of middleware thanks to Connect, and in this episode we look at a few of those and how to hook them up.

4. Cleaning Up With Express Routing

(9 December 2013) Express is a fantastic framework that makes Node development much more enjoyable and provides a way to keep our code nice and maintained. One of its chief benefits is providing a robust routing mechanism. We're going to do more with Express routes than we did last time and start seeing how Express really does make Node development more enjoyable.

3. Beginning routing in Node.js

(2 December 2013) Our examples up to this point have only done 1 thing. Web apps tend to do more than 1 thing. In this episode we're going to look at how to route requests in vanilla Node.js. What we'll see quickly is that as we get more than just a couple of routes, it gets a little painful. To deal with this pain, we introduce Express, a minimalistic framework for Node web apps. Express is going to clean up our code and modularize it quite a bit. While we only get to see a little Express here, we get to see quite clearly all the pain that it solves. This way we know *why* we're using the framework and what things it is doing for us.

2. A Simple App

(25 November 2013) Continuing with our introduction to Node that we started last week, in this episode we actually get to see some Node code. We start with the interactive Node console and move on to an actual web application. You probably won't sell the application for $1 billion, but you will see the pieces that fit together to make a Node app.

1. What is Node.js?

Node.js has achieved buzzword status, but you might not know what it actually is. If you do know that it's a technology for writing network applications, you may not know what makes it different and how it operates. In this episode we seek to demystify what Node is by taking a high-level approach to it.