pakage -json

URL (Uniform Resource Locator)

• Definition: A URL is the address you type into your web browser to visit a website. It specifies the location of a resource on the internet.
• Components: A URL typically includes the protocol (e.g., http or https), the domain name (e.g., example.com), and the path to a specific resource (e.g., /page1).
• Usage: URLs are used to access web pages, images, videos, and other resources directly through a web browser.

API (Application Programming Interface)

• Definition: An API is a set of rules and protocols for building and interacting with software applications. It allows different software systems to communicate with each other.
• Components: An API endpoint often includes a URL, but it also defines the methods (e.g., GET, POST) and data formats (e.g., JSON, XML) used to interact with the resource.
• Usage: APIs are used by developers to enable applications to request and exchange data with other systems or services programmatically.

 

Environment Variables

• When you have to store sensitive data of the application and do not expose that data to the public repository. For example, if you want to store API keys, passwords, etc. then such data are stored in the .env file using environment variables, and the .env file is added to the gitignore file so that it is not exposed to the public repository when the code is pushed to GitHub.
• When you want to customize your application variables based on the environment your code is running on like a production environment, development environment, or staging environment.
• Environment variables can be accessed by a global process.env object.
• To use DotEnv, first install it using the command: npm i dotenv. Then in your app, require and configure the package like this: require('dotenv').config().
• The config method allows your application to get or set values in all files that are in the config directory.
• 
  

Why Use Axios in React

There are a number of different libraries you can use to make these requests, so why choose Axios?

Here are five reasons why you should use Axios as your client to make HTTP requests:

1. It has good defaults to work with JSON data. Unlike alternatives such as the Fetch API, you often don't need to set your headers. Or perform tedious tasks like converting your request body to a JSON string.
2. Axios has function names that match any HTTP methods. To perform a GET request, you use the .get() method.
3. Axios does more with less code. Unlike the Fetch API, you only need one .then() callback to access your requested JSON data.
4. Axios has better error handling. Axios throws 400 and 500 range errors for you. Unlike the Fetch API, where you have to check the status code and throw the error yourself.
5. Axios can be used on the server as well as the client. If you are writing a Node.js application, be aware that Axios can also be used in an environment separate from the browser.

JWT 

When should you use JSON Web Tokens?

• Authorization: This is the most common scenario for using JWT. Once the user is logged in, each subsequent request will include the JWT, allowing the user to access routes, services, and resources that are permitted with that token. Single Sign On is a feature that widely uses JWT nowadays, because of its small overhead and its ability to be easily used across different domains.

• Information Exchange: JSON Web Tokens are a good way of securely transmitting information between parties. Because JWTs can be signed—for example, using public/private key pairs—you can be sure the senders are who they say they are. Additionally, as the signature is calculated using the header and the payload, you can also verify that the content hasn't been tampered with.

• What is the JSON Web Token structure?

  In its compact form, JSON Web Tokens consist of three parts separated by dots (.), which are:

• Header
• Payload
• Signature

• Header

  The header typically consists of two parts: the type of the token, which is JWT, and the signing algorithm being used, such as HMAC SHA256 or RSA.

  For example:

  {
    "alg": "HS256",
    "typ": "JWT"
  }
  

  Then, this JSON is Base64Url encoded to form the first part of the JWT.

  Payload

  The second part of the token is the payload, which contains the claims. Claims are statements about an entity (typically, the user) and additional data. There are three types of claims: registered, public, and private claims.

  •  

  • Registered claims: These are a set of predefined claims which are not mandatory but recommended, to provide a set of useful, interoperable claims. Some of them are: iss (issuer), exp (expiration time), sub (subject), aud (audience), and others.

    Notice that the claim names are only three characters long as JWT is meant to be compact.

  • Public claims: These can be defined at will by those using JWTs. But to avoid collisions they should be defined in the IANA JSON Web Token Registry or be defined as a URI that contains a collision resistant namespace.

  • Private claims: These are the custom claims created to share information between parties that agree on using them and are neither registered or public claims.

  • Signature

    To create the signature part you have to take the encoded header, the encoded payload, a secret, the algorithm specified in the header, and sign that.

    For example if you want to use the HMAC SHA256 algorithm, the signature will be created in the following way:

  
  

kkkkkkkkkk

Body-parser
Body-parser is a middleware for Node.js that processes incoming HTTP requests. It extracts the request body and exposes it on the request object. This makes it easier to handle the request body, which can contain data such as form data, JSON, or file uploads.

Body-parser is often used to handle data sent in HTTP requests, such as form submissions or API requests. It allows you to access the data in your route handlers and use it to create or modify resources.

kkk

What is bcrypt?

The bcrypt hashing function allows us to build a password security platform that scales with computation power and always hashes every password with a salt.

Hashing a password

A hashing algorithm is a mathematical function that garbles data and makes it unreadable. 

Some common hashing algorithms include MD5, SHA-1, SHA-2, NTLM, and LANMAN. 

Salting a password

How password salting works

With password salting, a random piece of data is added to the password before it runs through the hashing algorithm, making it unique and harder to crack.

A salt is a random string. By hashing a plain text password plus a salt, the hash algorithm’s output is no longer predictable. The same password will no longer yield the same hash. The salt gets automatically included with the hash, so you do not need to store it in a database.

What is CORS?

CORS is an acronym for Cross-Origin Resource Sharing. As we know, all web applications have a front end & a back end and they communicate with each other via API's. In most cases, both the front end and the back end are hosted on the same origin. CORS in node.js helps to get resources from external servers. To better understand this, let's review the following analogy.

Consider our application to be a restaurant. The origin is the address of our restaurant. The front end is the dining area and the back end is the kitchen. Both the dining area and the kitchen are at the same address. This enables them to exchange food and service, or in our case, resources. Now, there could be a case where the guests are feeling sick and they request medicine which needs to be fetched from another address outside of the restaurant. In technical terms, the front end requesting to a back end outside of its origin. Thus, this mechanism where a front-end sends a request to a different back-end for some additional service or resource is known as Cross-Origin Resource Sharing.

Usually, the front end of an application is only able to make API calls to the back end in its origin. This is known as the Same-Origin Policy and is quite important from a security standpoint. All requests made from the front end of a different origin or to a back end of a different origin will be blocked by the browser. CORS allows us to bypass this policy in case of scenarios where accessing third-party resources becomes necessary.

Middleware

s.

• body-parser ,compression,connect-rid,cookie-parser,cookie-session, cors
• 
  
• Middleware functions are functions that have access to the request object (req), the response object (res), and the next middleware function in the application’s request-response cycle. The next middleware function is commonly denoted by a variable named next.
•  

Types of express middleware

• Application level middleware app.use
• Router level middleware router.use
• Built-in middleware express.static,express.json,express.urlencoded
• Error handling middleware app.use(err,req,res,next)
• Thirdparty middleware bodyparser,cookieparser

Application Level Middleware

Example 1 : Auth middleware