Category: Nodejs

Categories
Hapi

Server-Side Development with Hapi.js — Login and Cookie Auth

white and brown long coated small dog lying on white textile

Hapi.js is a small Node framework for developing back end web apps.

In this article, we’ll look at how to create back end apps with Hapi.js.

Cookie

We can add cookie authentication easily with a few lines of code.

For example, we can write:

const Bcrypt = require('bcrypt');
const Hapi = require('@hapi/hapi');

const users = [{
  username: 'john',
  password: '$2a$10$iqJSHD.BGr0E2IxQwYgJmeP3NvhPrXAeLSaGCj6IR/XU5QtjVu5Tm',
  name: 'John Doe',
  id: '1'
}];

const start = async () => {

  const server = Hapi.server({
    port: 4000,
    host: '0.0.0.0'
  });

  await server.register(require('@hapi/cookie'));

  server.auth.strategy('session', 'cookie', {
    cookie: {
      name: 'sid-example',
      password: '!wsYhFA*C2U6nz=Bu^%A@^F#SF3&kSR6',
      isSecure: false
    },
    redirectTo: '/login',
    validateFunc: async (request, session) => {
      const account = await users.find(
        (user) => (user.id === session.id)
      );

      if (!account) {
        return {
          valid: false
        };
      }

      return {
        valid: true,
        credentials: account
      };
    }
  });

  server.auth.default('session');

  server.route([{
      method: 'GET',
      path: '/',
      handler (request, h) {
        return 'Welcome to the restricted home page!';
      }
    },
    {
      method: 'GET',
      path: '/login',
      handler (request, h) {
        return `<html>
            <head>
                <title>Login page</title>
            </head>
            <body>
                <h3>Please Log In</h3>
                <form method="post" action="/login">
                    Username: <input type="text" name="username"><br>
                    Password: <input type="password" name="password"><br>
                <input type="submit" value="Login"></form>
            </body>
        </html>`;
      },
      options: {
        auth: false
      }
    },
    {
      method: 'POST',
      path: '/login',
      handler: async (request, h) => {

        const {
          username,
          password
        } = request.payload;
        const account = users.find(
          (user) => user.username === username
        );

        if (!account || !(await Bcrypt.compare(password, account.password))) {
          return h.view('/login');
        }

        request.cookieAuth.set({
          id: account.id
        });

        return h.redirect('/');
      },
      options: {
        auth: {
          mode: 'try'
        }
      }
    }
  ]);

  await server.start();
  console.log('server running at: ' + server.info.uri);
};

start();

We have the users array with the user data.

password is the hash of the password. It’s 'secret' in plain text.

The start function has the code for our app.

The Hapi.server function creates the server.

We register the @hapi/cookie module with:

await server.register(require('@hapi/cookie'));

Then we add the user authentication fucntion with:

server.auth.strategy('session', 'cookie', {
  cookie: {
    name: 'sid-example',
    password: '!wsYhFA*C2U6nz=Bu^%A@^F#SF3&kSR6',
    isSecure: false
  },
  redirectTo: '/login',
  validateFunc: async (request, session) => {
    const account = await users.find(
      (user) => (user.id === session.id)
    );

    if (!account) {
      return {
        valid: false
      };
    }

    return {
      valid: true,
      credentials: account
    };
  }
});

We call the server.auth.strategy method to add authentication.

'session' is the name. 'cookie' is the strategy.

The object has the validation logic. cookie sets the cookie secret.

redirect adds the redirect when auth fails.

validateFunc has the logic to validate the credentials.

We check if the user has a valid cookie with:

const account = await users.find(
  (user) => (user.id === session.id)
);

We return an object with the valid property to indicate whether the credentials are valid.

credentials has the credentials for the account.

Then we call server.route to add the routes. The GET / route is the restricted route.

GET /login displays the login form.

We set options.auth to false to let us access the page without authentication.

The POST /login route lets us search for the user with the given username and password.

We validate the password with Bcrypt.compare .

And then we call h.redirect to the route we want to access if the username and password are valid.

Otherwise, we redirect to the login route.

Conclusion

We can create an app with a login page and cookie authentication easily with Hapi.

Categories
Hapi

Getting Started with Server-Side Development with Hapi.js

closeup photo of yellow Labrador retriever puppy

Hapi.js is a small Node framework for developing back end web apps.

In this article, we’ll look at how to create back end apps with Hapi.js.

Getting Started

We can start by creating a project folder, go into it, and run:

npm install @hapi/hapi

to install the package.

Creating a Server

Once we installed the package, we can create a simple back end app by writing:

const Hapi = require('@hapi/hapi');

const init = async () => {
  const server = Hapi.server({
    port: 3000,
    host: '0.0.0.0'
  });

  server.route({
    method: 'GET',
    path: '/',
    handler: (request, h) => {
      return 'Hello World!';
    }
  });

await server.start();
  console.log('Server running on %s', server.info.uri);
};

process.on('unhandledRejection', (err) => {
  console.log(err);
  process.exit(1);
});

init();

We require the hapi package.

Then we run the Hapi.server method to create the server.

host is set to '0.0.0.0' to listen for request from all IP addresses.

And then to create a route, we call the server.route method.

The method is the request method.

handler is the request handler function.

Then we call server.start to start the server.

Next, we add the unhandledRejection error handler to exit the app gracefully when the app crashes.

Authentication

We can add authentication to our app with a few lines of code.

For instance, we can write:

const Bcrypt = require('bcrypt');
const Hapi = require('@hapi/hapi');

const users = {
  john: {
    username: 'john',
    password: '$2a$10$iqJSHD.BGr0E2IxQwYgJmeP3NvhPrXAeLSaGCj6IR/XU5QtjVu5Tm',
    name: 'John Doe',
    id: '1'
  }
};

const validate = async (request, username, password) => {
  const user = users[username];
  if (!user) {
      return { credentials: null, isValid: false };
  }

const isValid = await Bcrypt.compare(password, user.password);
  const credentials = { id: user.id, name: user.name };
  return { isValid, credentials };
};

const start = async () => {
  const server = Hapi.server({ port: 4000 });
  await server.register(require('@hapi/basic'));
  server.auth.strategy('simple', 'basic', { validate });
  server.route({
    method: 'GET',
    path: '/',
    options: {
        auth: 'simple'
    },
    handler(request, h) {
      return 'welcome';
    }
  });
  await server.start();
  console.log('server running at: ' + server.info.uri);
};

start();

to add simple authentication with the bcrypt and the hapi-basic modules.

The users object has the user data.

The validate function gets the request data from the request parameter.

We get the user by the username .

Then we call Bcrypt.compare to compare the password we entered with the hash we stored in the users object’s password property.

Then we have:

server.auth.strategy('simple', 'basic', { validate });

to add the basic authentication strategy.

And we define our route with the server.route .

The options.auth property is set to the name of the authentication strategy we added.

Now when we go to the / route, we see the login dialog box.

And when we enter john for username and secret for password, we see the welcome response.

Conclusion

We can create a simple app with authentication with Hapi.

Categories
Fastify

Server-Side Development with Fastify — Errors and Body Parser

black short coated dog on persons hand

Fastify is a small Node framework for developing back end web apps.

In this article, we’ll look at how to create back end apps with Fastify.

Errors

We can throw various kinds of errors in our Fastify app.

For example, we can write:

const fastify = require('fastify')({})

fastify.get('/' ,async () => {
  throw new Error('error')
})

const start = async () => {
  try {
    await fastify.listen(3000, '0.0.0.0')
  } catch (err) {
    fastify.log.error(err)
    process.exit(1)
  }
}
start()

Then when we go to / , we get a 500 response.

Fastify includes the following errors codes:

  • FST_ERR_BAD_URL — The router received an invalid URL.
  • FST_ERR_CTP_ALREADY_PRESENT — The parser for this content type was already registered.
  • FST_ERR_CTP_INVALID_TYPE — The Content-Type should be a string.
  • FST_ERR_CTP_EMPTY_TYPE — The content type cannot be an empty string.
  • FST_ERR_CTP_INVALID_HANDLER — An invalid handler was passed for the content type.
  • FST_ERR_CTP_INVALID_PARSE_TYPE — The provided parse type is not supported. Accepted values are string or buffer.
  • FST_ERR_CTP_BODY_TOO_LARGE — The request body is larger than the provided limit.
  • FST_ERR_CTP_INVALID_MEDIA_TYPE — The received media type is not supported (i.e. there is no suitable Content-Type parser for it).
  • FST_ERR_CTP_INVALID_CONTENT_LENGTH — Request body size did not match Content-Length.
  • FST_ERR_DEC_ALREADY_PRESENT — A decorator with the same name is already registered.
  • FST_ERR_DEC_MISSING_DEPENDENCY — The decorator cannot be registered due to a missing dependency.
  • FST_ERR_HOOK_INVALID_TYPE — The hook name must be a string.
  • FST_ERR_HOOK_INVALID_HANDLER — The hook callback must be a function.
  • FST_ERR_LOG_INVALID_DESTINATION — The logger accepts either a ‘stream’ or a ‘file’ as the destination.
  • FST_ERR_REP_ALREADY_SENT — A response was already sent.
  • FST_ERR_SEND_INSIDE_ONERR — You cannot use send inside the onError hook.
  • FST_ERR_REP_INVALID_PAYLOAD_TYPE — Reply payload can either be a string or a Buffer.
  • FST_ERR_SCH_MISSING_ID — The schema provided does not have $id property.
  • FST_ERR_SCH_ALREADY_PRESENT — A schema with the same $id already exists.
  • FST_ERR_SCH_VALIDATION_BUILD — The JSON schema provided for validation to a route is not valid.
  • FST_ERR_SCH_SERIALIZATION_BUILD — The JSON schema provided for serialization of a route response is not valid.
  • FST_ERR_PROMISE_NOT_FULLFILLED — A promise may not be fulfilled with undefined when statusCode is not 204.
  • FST_ERR_SEND_UNDEFINED_ERR — Undefined error has occurred.

Content-Type Parser

We can add parsers for different content types.

For instance, we can write:

const fastify = require('fastify')({})

fastify.addContentTypeParser('application/json', { parseAs: 'string' }, function (req, body, done) {
  try {
    const json = JSON.parse(body)
    done(null, json)
  } catch (err) {
    err.statusCode = 400
    done(err, undefined)
  }
})

fastify.post('/', async () => {
  return 'success'
})

const start = async () => {
  try {
    await fastify.listen(3000, '0.0.0.0')
  } catch (err) {
    fastify.log.error(err)
    process.exit(1)
  }
}
start()

to add our own JSON request body parser.

We call fastify.addContentTypeParser with the 'application/json' argument to set the JSON.

Then we parse the JSON with JSON.parse .

We can also add a catch-all body parser with the '*' argument.

For example, we can write:

const fastify = require('fastify')({})

fastify.addContentTypeParser('application/json', { parseAs: 'string' }, function (req, body, done) {
  try {
    const json = JSON.parse(body)
    done(null, json)
  } catch (err) {
    err.statusCode = 400
    done(err, undefined)
  }
})

fastify.addContentTypeParser('*', function (request, payload, done) {
  let data = ''
  payload.on('data', chunk => { data += chunk })
  payload.on('end', () => {
    done(null, data)
  })
})

fastify.post('/', async () => {
  return 'success'
})

const start = async () => {
  try {
    await fastify.listen(3000, '0.0.0.0')
  } catch (err) {
    fastify.log.error(err)
    process.exit(1)
  }
}
start()

to get the data chunks and concatenate it to the data .

Conclusion

We can throw errors in route handlers and add our own body parser into our own Fastify app.

Categories
Fastify

Server-Side Development with Fastify — Async and Await and Requests

short-coated white and beige puppy on the floor

Fastify is a small Node framework for developing back end web apps.

In this article, we’ll look at how to create back end apps with Fastify.

Async-Await and Promises

We can use async functions with our route handlers and send responses with it.

For example, we can write:

const fastify = require('fastify')({})
const { promisify } = require('util');
const delay = promisify(setTimeout)

fastify.get('/', async function (request, reply) {
  await delay(200)
  return { hello: 'world' }
})

const start = async () => {
  try {
    await fastify.listen(3000, '0.0.0.0')
  } catch (err) {
    fastify.log.error(err)
    process.exit(1)
  }
}
start()

We use an async function as our route handler, so we can await promises.

Then we just return the response body to send the response.

We can throw responses with an Error instance.

For instance, we can write:

const fastify = require('fastify')({})
const { promisify } = require('util');
const delay = promisify(setTimeout)

fastify.get('/', async function (request, reply) {
  const err = new Error()
  err.statusCode = 418
  err.message = 'short and stout'
  throw err
})

const start = async () => {
  try {
    await fastify.listen(3000, '0.0.0.0')
  } catch (err) {
    fastify.log.error(err)
    process.exit(1)
  }
}
start()

We can also throw an object by writing:

const fastify = require('fastify')({})
const { promisify } = require('util');
const delay = promisify(setTimeout)

fastify.get('/', async function (request, reply) {
  throw { statusCode: 418, message: 'short and stout' }
})

const start = async () => {
  try {
    await fastify.listen(3000, '0.0.0.0')
  } catch (err) {
    fastify.log.error(err)
    process.exit(1)
  }
}
start()

Request

The request object has various properties.

They include:

  • query – the parsed query string
  • body – the body
  • params – the params matching the URL
  • headers – the headers
  • raw – the incoming HTTP request from Node core
  • id – the request ID
  • log – the logger instance of the incoming request
  • ip – the IP address of the incoming request
  • ips – an array of the IP addresses in the X-Forwarded-For header of the incoming request. It’s available only when the trustProxy option is enabled
  • hostname – the hostname of the incoming request
  • protocol – the protocol of the incoming request (https or http)
  • method – the method of the incoming request
  • url – the URL of the incoming request
  • routerMethod – the method defined for the router that is handling the request
  • routerPath – the path pattern defined for the router that is handling the request
  • is404true if the request is being handled by 404 handlers, false if it is not
  • socket – the underlying connection of the incoming request

We can access them by sitting:

const fastify = require('fastify')({})
const { promisify } = require('util');
const delay = promisify(setTimeout)

fastify.post('/:params', options, function (request, reply) {
  console.log(request.body)
  console.log(request.query)
  console.log(request.params)
  console.log(request.headers)
  console.log(request.raw)
  console.log(request.id)
  console.log(request.ip)
  console.log(request.ips)
  console.log(request.hostname)
  console.log(request.protocol)
  request.log.info('some info')
})

const start = async () => {
  try {
    await fastify.listen(3000, '0.0.0.0')
  } catch (err) {
    fastify.log.error(err)
    process.exit(1)
  }
}
start()

Conclusion

We can send responses and get request data with Fastify.

Categories
Fastify

Server-Side Development with Fastify — Sending Responses

yellow Labrador retriever lying on sofa

Fastify is a small Node framework for developing back end web apps.

In this article, we’ll look at how to create back end apps with Fastify.

Strings Responses

We can send a string response with the reply.send method:

const fastify = require('fastify')({})

fastify.get('/', function(req, reply) {
  reply.send('plain string')
})

const start = async () => {
  try {
    await fastify.listen(3000, '0.0.0.0')
  } catch (err) {
    fastify.log.error(err)
    process.exit(1)
  }
}
start()

Stream Response

We can send a stream response with reply.send .

For instance, we can write:

index.js

const fastify = require('fastify')({})

fastify.get('/', function(req, reply) {
  const fs = require('fs')
  const stream = fs.createReadStream('some-file', 'utf8')
  reply.send(stream)
})

const start = async () => {
  try {
    await fastify.listen(3000, '0.0.0.0')
  } catch (err) {
    fastify.log.error(err)
    process.exit(1)
  }
}
start()

some-file

foo

Then we see foo as our response when we go to the / route.

Buffer Response

We can send a buffer response with the fs.readFile method.

For example, we can write:

const fastify = require('fastify')({})

fastify.get('/', function(req, reply) {
  fs.readFile('some-file', (err, fileBuffer) => {
    reply.send(err || fileBuffer)
  })
})

const start = async () => {
  try {
    await fastify.listen(3000, '0.0.0.0')
  } catch (err) {
    fastify.log.error(err)
    process.exit(1)
  }
}
start()

to send the buffer response in the fs.readFile callback.

Errors

We can send errors with the http-errors library.

For instance, we can write:

const fastify = require('fastify')({})
const httpErrors = require('http-errors')

fastify.get('/', function(req, reply) {
  reply.send(httpErrors.Gone())
})

const start = async () => {
  try {
    await fastify.listen(3000, '0.0.0.0')
  } catch (err) {
    fastify.log.error(err)
    process.exit(1)
  }
}
start()

to send the 410 HTTP gone status code.

We can also add an error handler to check for the type of error raised and then send a response.

For instance, we can write:

const fastify = require('fastify')({})
const httpErrors = require('http-errors')

fastify.setErrorHandler(function (error, request, reply) {
  request.log.warn(error)
  const statusCode = error.statusCode >= 400 ? error.statusCode : 500
  reply
    .code(statusCode)
    .type('text/plain')
    .send(statusCode >= 500 ? 'Internal server error' : error.message)
})

fastify.get('/', function(req, reply) {
  reply.send(httpErrors.Gone())
})

const start = async () => {
  try {
    await fastify.listen(3000, '0.0.0.0')
  } catch (err) {
    fastify.log.error(err)
    process.exit(1)
  }
}
start()

We get the error status code with the error.statusCode property.

Then we call reply.code to set the status code.

type sets the content type. send sends the response with the content of the argument.

We can also write:

const fastify = require('fastify')({})
const httpErrors = require('http-errors')

fastify.setNotFoundHandler(function (request, reply) {
  reply
    .code(404)
    .type('text/plain')
    .send('a custom not found')
})

fastify.get('/', function(req, reply) {
  reply.callNotFound()
})

const start = async () => {
  try {
    await fastify.listen(3000, '0.0.0.0')
  } catch (err) {
    fastify.log.error(err)
    process.exit(1)
  }
}
start()

to send the response.

We call callNotFound to call the not found handler.

Conclusion

We can send various kinds of HTTP responses with Fastify.