Patterns and variables in Express Routes

Before Thanksgiving, we began talking about Node.js and Express.js.
For Express, we gave a single app that matched a route against a fixed path.
The love.js app below demonstrates several more sophisticated ways of doing routing.

var express = require('express');
var app = express();
app.get('/', function (req, res) {
    res.setHeader('Server', 'My-Lovely-Server');//send a HTTP sresponse header
    res.send('The Love Web App');
});
// routes can match a string expressions involving *, ? (, )
app.get('/*love*', function (req, res) {
    res.send('There are many routes to love.<br />' +
        'Yours was ' + req.path);
});
// You can also use regular expressions
app.get(/l(u|a)+v(e)?$/, function (req, res) {
    res.send('Your route ends with ' + req.path + "<br />"+
        'Your regex capture groups were [0]=>' +   req.params[0] +
        " [1] =>"+ req.params[1]);
    console.log(req);
});
// this example shows getting req parameter from a pattern
app.get('/luv/:from-:to', function (req, res) {
    var from =  (typeof req.params.from !== 'undefined')
        ? req.params.from : "Everyone";
    var to =  (typeof req.params.to !== 'undefined') ?
        req.params.to : "someone";
    res.send(from + ' sends their love to ' + to);
});
// You can specify a sequence of handlers each as separate arguments
app.get('/lost', function (req, res, next) {
        console.log(req.ip + " seems lost in love!");
        next()
    }, function (req, res) {
       console.log("Redirecting love to a more fruitful place...");
       res.redirect(301,'/love'); 
    }
);
// Or you can specify an array of functions
var lust1 = function (req, res, next) {
    console.log(req.ip + " has confused lust for /love");
    next(); // call the next handler
}
var lust2 = function (req, res) {
       console.log("Redirecting lust to love");
       res.redirect(301,'/love'); 
    }
app.get('/lust', [lust1, lust2]);
//You can combine requests to the same url path but different methods as
app.route('/form').get(function(req,res) {
    res.send('<form method="post"><button>Submit</button></form>');
}).post(function(req, res) {
    res.send('You submitted the love form');
});
//start app listening
app.listen(8888, function () {
    console.log('Server up!')
});

More on Router Modules

We next look at how we can create an express router module. In a file my_routes1.js, suppose we have:

var express = require('express');
var my_routes1 = express.Router();
my_routes1.get('/a_route', function (req, res) {
  res.send('a route for my_routes1');
})
//...define more routes
module.exports = my_routes1;

then use it in our express app.js via:

var my_route = require('./my_routes1');
app.use('/my_path', my_route);

module is a Node reference to the currently being defined module. You can think of its exports property as the object it returns.
The magic of how things get set up occurs in the require() call.
When app handles a GET request beginning with "/my_path", it then looks for path continuations in my_route1, and handles them by how my_route1 would.
So, for example, if app gets a request for /my_path/a_route, the application would send, "a route for my_routes1".

More on Modules

If we want to create a config.js module in Node we could do something simple like:

var config = {
    prop1: 'value1',
    prop2: 'value2',
    // ...
}
module.exports = config;

We can then use it our app as:

var config = require('./config');
console.log(config.prop1); // or use it in a more interesting way

Express Middleware

An Express middleware function is a function that has access to the request, response, and the next functions in an Node application's request-response cycle.
Middleware functions can be useful to process request, response, next info before its gets processed by a Router.

For example, we might use Middleware to do logging:

var express = require('express');
var app = express();
var logger = function (req, res, next) {
  req.logger_name = "Super Logger";
  console.log((new Date()).toISOString() + ": " + req.method);
  next()
}
app.use(logger);
// notice logger gets called before the callbacks below
app.get('/', function (req, res) {
  res.send('This is an express app using route ' + req.path +
    '<br /> Logger in use ' + req.logger_name);
});
app.listen(8888, function () {
  console.log('Server up!')
})

Quiz

Which of the following statements is true?

The Secure Socket Layer was developed to prevent target blank attacks.
Varnish is kind of CDN.
Asynchronous I/O can be used to alleviate the C10k Problem.

Node Database Integration

Node can be used to connect with a variety of database management systems.
The Express Database Integration Page has a good set of links to the modules available.
These modules can be used with Express or in just Node-only projects.
For example, to use Mysql within a Node project, we can switch to the project folder and type:
```
npm install mysql --save
```
remembering --save adds it to our list of dependencies.
...

Node Database Integration - continued

We can then connect to a database use code such as:

var mysql = require('mysql')
// set-up and connect
var connection = mysql.createConnection({
  host     : 'localhost',
  user     : 'root',
  password : 'root'
  // could also add a database property
});
connection.connect();
// Now issue some commands against the database 
connection.query('DROP DATABASE IF EXISTS FOO', 
    function (error, results, fields) {
        if (error) throw error;
        // we should do something more interesting for errors
    }
);
/*  
    These query calls are non blocking, 
    so in theory we should nest them. As is, this
    might have a race condition.
 */
connection.query('CREATE DATABASE FOO',
     function (error, results, fields) {
          if (error) throw error;
     }
);
connection.query('USE FOO', function (error, results, fields) {
   if (error) throw error;
});  
connection.query('CREATE TABLE IF NOT EXISTS TEST(ID INTEGER)',
    function (error, results, fields) {
        if (error) throw error;
    }
);
// Just to illustrate a wqay to escape strings in this module:
var escaped_1 = connection.escape("1");
// Now do an insert 
connection.query('INSERT INTO TEST VALUES (' + escaped_1 +
    '), (2), (3), (4), (5)',
    function (error, results, fields) {
        if (error) throw error;
    }
);
/* close the connection.
   makes sure all queries terminate before closing connection
 */
connection.end(function(err) {
});
console.log("Database Created!");

Remarks on Database Code

Notice this code could be in a file create_db.js which we had in our project folder, and run with a line like:
```
node create_db.js
```
As we can see from the presented code, we don't need to make a Node program make a server.
Notice also, the above program does not use express.

Prepared Statements

Just like PHP's mysql interface has a notion of prepared statement, there is a similar notion for Node...
Unlike PHP's it is less clear it is actually using the DBMS's prepare statement, and so it likely to be slower and less safe than PHPs
Nevertheless, we illustrate Node's variant with the following simple example.
Notice we use the process global to get access to command line arguments.
The process object is a Node global. It can also be used to read and write to or from stdin and stdout and to terminate a node application.

var mysql = require('mysql')
// set-up and connect
var connection = mysql.createConnection({
  host     : 'localhost',
  user     : 'root',
  password : 'root',
  database : 'FOO'
});
if (typeof process.argv[2] === 'undefined') {
    console.log('This command should be run with a line like:\n' +
        'node prepare_db.js some_number');
    process.exit();
}

connection.connect();
/* For strings we can use ?? if we want the formatter to escape them
   If we have a variable and we want it interpolated with the same type,
   without escaping, we use ?.
 */
var first_out = parseInt(process.argv[2])
var sql = mysql.format('SELECT ?? FROM TEST LIMIT ?',
    ["ID", first_out]);
connection.query(sql,
    function (error, results, fields) {
        if (error) throw error;
        console.log(results); // the complete result set
    }
);
/*
  Like many node object, a query also generates events when
  things happen, such as a single row in the results has been received.
  We can handle these using the "on" method.
  Notice below we also skip the mysql.format step
 */
var query = connection.query('SELECT ID FROM TEST LIMIT ?', [first_out]);
query.on('result', function(row) {
    // Pause so can do I/O without more events
    connection.pause();
    for (var elt in row) {
        console.log( elt + ":" + row[elt]);
    }
    connection.resume();
}).on('end', function() {
    connection.end();
});

setTimeout, setInterval, setImmediate

When we were talking about client-side Javascript, we showed how to schedule task at some point in the future using setInterval (for repeating tasks), and setTimeout (for one time tasks).
This same idea still works for any Node application.
Below is a simple example using Express.

var express = require('express');
var app = express();

app.get('/', function (req, res) {
  res.send('Default landing page')
})
// set up rest of app routes

app.listen(8888, function () {
  console.log('Server up!')
});

// background task that gets 
setInterval(function() {
    console.log("Hi there, I'm the cool background task!\n");
}, 5000);

There is also a setImmediate function in Node, which queues the callback for immediate execution (i.e., like setTimeout with 0 delay).

Sending Email

It is often useful to collect a person's e-mail address with a form.
By mailing, a person a special code that allows them to complete a registration process, one can verify that one has a real e-mail address of a real person.

In PHP, the simplest way to do this is to use the mail() command:

$message = "Here is a mail message";
mail("Someone@somewhere.com",
     "Here is the title", 
     $message, 
     "From: cpollett@somewhereelse.com");

In Node.js, we can do this by installing the nodemailer module:

npm install nodemailer --save

the following is short node program that demonstrates its use:

var nodemailer = require('nodemailer');

/* using transport for general smtp server
   nodemailer also has ones for common servers like gmail
*/
var transporter = nodemailer.createTransport({
    host: 'pollett.org',
    port: 587,
    secure: false, // whether to use TLS
    auth: {
        user: 'cpollett',
        pass: 'somepassword'
    }
});

var options = {
    from: 'chris@pollett.org', // sender address
    to: 'chris.pollett@sjsu.edu, cpollett@yahoo.com', // list of receivers
    subject: 'Hey Other Chris', // Subject line
    text: 'This is an email from yourself', // plain text body
    html: 'This is an email from yourself' // html body
};

transporter.sendMail(options, function(error, info) {
    if (error) {
        return console.log(error);
    }
    console.log('Message Sent. Id: %s Res: %s', info.messageId, info.response);
});

Credit Card Transactions

Frequently, when one runs an online business one would like to collect credit card or other payment information online.
One can often do credit card processing through your bank, but usually this requires setting up the correct kind of account.
Alternatively, you can use an online payment gateway to charge transactions.
We next look at how to charge a credit card, with one such service: Stripe.

Stripe

Stripe was created in 2010 by John and Patrick Collison.
Initially, it got seed money from Y Combinator, then later Sequoia Capitol.
It has the advantage that it is relatively easy to use and has stable REST API that and tools for a variety of languages.
It supports a variety of payment methods: credit card, Paypal, Bitcoin, Apple Pay, etc.
It supports a variety of currencies: dollars, euros, yen, etc.
In the API, the person carrying out the charge never actually handles a user's credit card information, so the people carrying out the charge don't have to worry about storing, etc this sensitive info.
The Stripe Documentation is thorough. Before making your code live, you can test using testing keys and Stripe Test Card Numbers.

Stripe Example - Project Structure

I gave an example of the stripe code in PHP last semester.

Project was created in a folder credit_app via commands:

mkdir credit_app
cd credit_app
mkdir views
npm init
npm install express --save
npm install body-parser --save
npm install path --save
npm install request --save
npm install ejs --save

The request module let's our app make HTTP request of the Stripe site on the server.
The ejs is for Embedded Javascript. It is a templating system very close to PHP, so given our background this semester probably the easiest template system to use.
Our final project structure we made is:

app.js
config.js
node_modules 
    | stuff installed via npm
package.json
views
    | index.ejs
    | message.ejs

Stripe Example -- Intuition

Our example will consist of a post form where a user can enter a charge amount and credit card details.
When the form is submitted, Javascript makes an XHR request to Stripe with the Publishable Key and the credit card info.
If the credit card is okay, an authorization token is inserted into the credit_token hidden variable on the form and the form is sent to the /charge route on the node server.
The /charge route handler then makes a request to Stripe using the token, the amount to be charged, and the charge description.
If this is approved, the charge will go through, the end user will see a message, and the owner of the credit_app can see the amount paid in their Stripe dashboard.

Stripe Example - index.ejs

Embedded JS templates look like standard HTML.
We escape into Javascript using: <% /*javascript code %>
To echo a Javascript property's value from the render call, we use <%=property_name %> (escaped) or <%-property_name %> (unescaped)
To include one template in another <% include('some_other_template_name') %>

<!DOCTYPE html>
<html>
<head><title>Credit Card Test</title></head>
<body>
<form id="purchase-stuff-form" method="post" action="/charge">
<input type="hidden" id="credit-token"  name="credit_token" value="" />
<p><label for="amount">Amount:</label><input type="text" id="amount"
    size="2" name="amount" /></p>
<p><label for="card-number">Card Number:</label><input type="text"
    id="card-number" size="20" data-stripe='number'
    name="card-number" /></p>
<p><label for="cvc">CVC:</label><input type="text" id="cvc" size="4"
    data-stripe='cvc' name="cvc" /></p>
<p><label for="exp-month">Expiration Month:</label><input type="text"
    id="exp-month" size="2" data-stripe='exp-month' name="exp-month" /></p>
<p><label for="exp-year">Expiration Year:</label><input type="text"
    id="exp-year" size="2" data-stripe='exp-year' name="exp-year" /></p>
<p><input type="submit" id="purchase" name="Purchase" value="Purchase"></p>
</form>
<script>
function elt(id)
{
    return document.getElementById(id);
}
elt('purchase').onclick = function(event) {
    var purchase_form = elt('purchase-stuff-form');
    elt('purchase').disabled = true; // prevent additional clicks
    Stripe.card.createToken(purchase_form, tokenResponseHandler);
    event.preventDefault(); //prevent form submitting till get all clear
}
function tokenResponseHandler(status, response) 
{
    var purchase_form = elt('purchase-stuff-form');
    if (response.error) {
        alert(response.error.message);
        elt('purchase').disabled = false;
    } else {
        elt('credit-token').value = response.id;
        purchase_form.submit();
    }
}
</script>
<script src="https://js.stripe.com/v2/"  ></script>
<script>
Stripe.setPublishableKey('<%=PUBLISHABLE_KEY %>');
</script>
</body>
</html>

Stripe Example - message.ejs

<!DOCTYPE html>
<html>
<head><title>Credit Card Test - <%=message %></title></head>
<body>
<h1><%=message %></h1>
</body>
</html>

Stripe Example - config.js

var config = {
    "SECRET_KEY": "sk_test_key",
    "PUBLISHABLE_KEY": "pk_test_key",
    "CHARGE_URL": "https://api.stripe.com/v1/charges",
    "CHARGE_CURRENCY": "usd",
    "CHARGE_DESCRIPTION": "Buyer sees this on their statement",
    "CHARGE_USERAGENT": "CreditCardTester",
    "TIMEOUT": 20
}
module.exports = config;

Stripe Example - app.js

var express = require('express');

var body_parser = require('body-parser'); //to handle posted data
var path = require('path'); // for directory paths
var config = require(path.join(__dirname, 'config')); // has our keys
var request = require('request'); // to make backend requests to stripe

var app = express();
app.use(body_parser.urlencoded({extended: true}));

// view engine setup
app.set('views', path.join(__dirname, 'views'));
app.set('view engine', 'ejs');

app.get('/', function(req, res) {
  res.render('index', { 'PUBLISHABLE_KEY': config.PUBLISHABLE_KEY });
});
app.post('/charge', function(req, res) {
    /*here we use the request module to make a stripe request using
      the token we received from our form*/
    request.post({
        url:config.CHARGE_URL, 
        form: {
            //swipe charges in cents * 100 to convert to dollars
            "amount": req.body.amount * 100,
            "currency": config.CHARGE_CURRENCY,
            "source": req.body.credit_token,
            "description": config.CHARGE_DESCRIPTION
            },
        auth: {
            'user': config.SECRET_KEY,
            'pass': ''
            }
        },
        function(err, http_response, body) {
            stripe_result = JSON.parse(body);
            if (typeof stripe_result.status === 'undefined') {
                if (typeof stripe_result.message === 'undefined') {
                    res.render('message', { 'message': req.body.amount +
                        "charge did not do through!<br />" +
                        stripe_result.credit_message});
                }
            } else if (stripe_result.status == 'succeeded') {
                res.render('message', { 'message': req.body.amount +
                    "charged" });
            }
        }
    );
});
app.listen(8888, function () {
    console.log('Credit Server up!')
})

Express Routers, Middleware, Databases, Credit Cards

Outline