Syed Waheed

So, we can provide authentication and authorization by using a middleware. So using a middleware, we can check whether the request, whatever is coming from the client side, we can authenticate whether it's a proper user or not and based on that we can process the request and even in case of an authorized, when we process, suppose in case of a login scenario, if a user is entering his credentials and when he tries to log in, so to authenticate whether the user is correct or not, it goes to the middleware and it will check whether it will go to the middleware and it will go to the controller function and after that it will create a, if it's a valid user, based on his credentials and based on everything, it will create a token by using a, by using a payload and a security and everything. So, yeah, basically it is a JWT token and once it's created, it will get back from the response and whenever a user tries to access anything, so he will access through the token. So by using a middleware, we can authorize whether it's a valid token or not and we can process his request. So SALT is something like that, when we create an encrypted token. So by using the SALT, the encryption mechanism will become much stronger, so the decryption will not happen to it. So no one can decrypt it by using this, by using this SALT.

What is course configuration? So initially, course means cost origin resource sharing. So whenever any it'll, uh, you know, we try to access any resource which is running on any different resource, so we we should get this course error. So to to handle these errors, we need to configure this course. We need to add a course by using we have a course module where we can add, uh, use in our, uh, project, use in our server. So if we import a course module and we if we use it as a middleware, then and as well as we can for suppose for if we want to provide a access only for some particular white label, uh, resources, so we can, uh, we can do it. We can configure that. We can, uh, we can provide the headers. We can provide a we can provide the app, uh, access permission to the particular resources by passing by adding a header store. So, uh, these are the few configuration course configuration to handle course errors.

Whatever usage often we will get, we should use. So yeah. So middleware, uh, I can say middleware is a like a middleware. So whenever we get a request from the client and if when it goes to the server, in between, we'll have a middleman. So whenever we can, uh, suppose in meeting, we have a meeting to check, uh, whatever the request is coming. Is it a proper request? And do this request have a session? And the the user who is client user, like, first, which is coming from the client, he's a valid user, he's a authorized user, or not. To check this situation, we can use a meeting here. Is a one use case we got. So what we can do when, uh, we write a logic in a middleware to find whether the request which is coming from the client is a party value is a valid request or not based on his headers, based on his security token. And apart from this, we can also write a meeting where to handle the errors handler error. Suppose in case, we got any exception or any error, we can handle by using a try catch. In case of a dynamic error handling, create in every way. And whenever we throw up an exception or an error, instead of sending back a response directly from here, if you, uh, process this to the next if you use the next, we have a next function, uh, along with our request object a request and response object. We process this request to the next function. So what we do so as as this response will go back to the clientele, while going back to the if this instead of sending directly response from the cache, instead of that, if you send our, uh, send to this middleware and based on the error and then send the status what the kind of error, you can send the proper, meaningful error along with status code to the client so that client can understand what happened within this case, what happened at the service. These are the few use case of the hidden case.

What are the log levels? Yeah. In the project, we used a Winston model where which can help to generate the loggers can generate the loggers, and we can write these logs to the files. So there we have men use 3 levels of a log. 1 is to print all the errors. 1 is to print the information of we can print the information what we need, and we can even, uh, add a one more level as a. And I think if there's a one more level called as a warnings, uh, it in place, but I'm listening. It is you can even use to print even a warnings. So what we can do, we can, uh, maintain a separate log files for each of the for each log levels. Like, for, uh, errors, we can have a different log file. For info, we can have a different log file. For debug, we can have a different log file. So, yeah, for warning, even we can have a different log file. If you and then we can make a sing uh, single log file where we can have even all this, all, uh, errors, infos, warnings, debugs, everything. Yeah. I spoke, uh, and covered, uh, both log levels. Yeah. So these logs basically can print, uh, these log loggers, we can, uh, use to print server back and server side logs. So for a client side, we can have a logs at the browser. Even there, we have a console log, get a console log, info, console log, uh, time also, console time. Yeah. It's also one type of a log. To find out, uh, the time of log can help to check the code execution.

Yeah. So mode is a single threaded, and it's a non blocking. So as it is a non blocking, so it will handle conferencing. So, uh, whenever we have a multiple functions let's say we have a multiple, uh, uh, API first which need to do, suppose, in this case, what we can do, we can create by using the promises. By using the promises, you can create a each promise for each API. And using promise dot all, we can process all these promises concurrently, all these processes. So we can get a single output from it once once everything is done. And as well as we can even if you want to handle anything, any operations confidently, you can even create a child process of a main process. So, uh, we can start a child process panel so that the whole process will run parallel to each other. Uh, even in this way, we can handle, uh, even we can handle options concurrently. These are the couple of ways, and we can use even callbacks and a way to handle conference.

Okay. We can run it infinite. Can we run infinite? If we if we run a, uh, infinite loop based on the situation, if, uh, if that loop, uh, accessing any memory, then infinite loop will let us do errors. Uh, the stack, uh, memory get filled up, and it may crash our server. And what we can do, uh, suppose if there is a no memory usage and if we and suppose in case of it, it's taking consider of any event loop, which will run same time. And what happens is event, it will check the event queue, and it will, uh, notify it will image the event which are going to commit which are going to complete in the event queue, and it will push to the stack call stack. So this is also one loop which is struggling infinitely without stop and checking the event queue and then emitting the events to the call stack. What we use if and if it's in a method? I think based on the situation, if we are consuming a memory, then infinite will fail. If not, for an example, this event loop sorry. For the for an example of this event loop, what we do, we can just check the event queue and monitor the event queue and it will image the event. So in this way, we don't use any memory, so it won't work.

Okay. When an error is thrown from a method and if we don't handle that error, in such cases, it will crash our server. It will stop our server from the processing. And the controller, where does control goes? This control will goes to the for an example, let's take you're processing any file, and the the function is to process a file, 3 day file or write a file. But you don't handle any you're not handling anything in that situation. And the file is also not present, but you are trying to read that file. It will save, And the error will goes to, I guess, to the main process, to the the main process, and from there, it will get from, uh, it will goes from the function, and it will raise to the main process, and it will stop it.

Design patterns are something that we can use to create a code, to write a code in a proper way, so which will lead us to avoid unexpected errors and something like that. So I have used singleton design pattern, suppose. So this is much helpful. So if you want to create a, if you want to, there is some class which gives you a single instance every time whenever you are trying to, even you are trying to create a new instance, it will just return the same instance for you. So with this, what happened, you don't have a multiple duplicate instances on it. And another is I have used model pattern where what we can do, we can encapsulate a few things like the private things inside a module and can provide only those which are needed to access outside. And as well as we can have a dependency injection design pattern where we can create a service in case of an algorithm, we have a dependency injection pattern. So what you can create a service based on the logic, based on the requirement, you can write a logic on it and which have a components and if you need to run that logic or if you need that service, then you can inject to the particular component or even if it is a needed, suppose that state can be created a logger as a separate service, which is needed at a root level, then we can inject this at a root level. If not, if there is some particular service, which is only needed for a particular function then we can inject to that particular function.

Why do we use async and await? So async and await, uh, is used for the asynchronous program. So suppose let's take an example of fetching a data from third party APIs. So in that case, what actual behavior of the node case is asynchronous. So it won't wait until you get a fetch. You fetch a complete data from the gateway. So as soon as it will go to that function and it will execute function, It's come out of that, and it will goes to another function. It won't wait there. So we want to wait there. We want to wait until it to get the data. Then only we need to go forward. In this case, we use this async and await. So we are mentioning to the function to wait until to get any complete data by using await keyword so that the execution, uh, will stop there and it won't process further. And it will fetch complete data from the third party API. And once, uh, it you get complete response, then it goes to the next process.

Deepak logging in production. So in production, we can usually, in production, we print flaw, uh, error logs. And if needed, we can use debug logs, but mostly, we use an error logs. But if anything went wrong at the production to find out, debug blocker is beneficial, but I think it is used to find out the root cause of what happened, why we got the data. I think we can use it to find out the root cause of it.

So which all promises we can use for parallel request processing? Yeah. For a parallel request processing, you can use a promise dot all. So all the promises, we can pass it as a form of an array in array so that all the process all the promises will process parallel to each other. And once you all the prompt processes completed, you will you will get the final result from the promise all function. In case if any promise get failed, then you won't be having, uh, the promise all will be stopped, and it will print an error.

So to achieve join in MongoDB, We can join by using the fields by by checking the field condition so we can join the 2 collections by using the field. And in case of a message where you can join by using the conditions on the column, but in MongoDB, you can choose, uh, fields and make a condition, and there's only a few can join the 2 documents 2 collections.

Can we recommend a secure authentication flow for a micro service setup? The Node. Js application using click on Amazon. Yeah. Uh, so for a microservices, if you want to set up application, then, um, what we can do, we can throw in an API gateway. We can add a one more, uh, we can add a middle there. So whenever the request comes to the API gateway, we can, uh, authenticate, uh, we can authenticate the, uh, function. We can authenticate that request by using as a JWT token, and we can process the request. Uh, we can process the request to the particular microservice. So in this way, we can secure our, uh, application. We can secure our, uh, microservices in add even, uh, add even so many things to secure in case of a cyber attacks, like, k, that's another. Yeah. So this is by using a middle bit. We can secure our roads. We can secure our request by using the JWT token. So we can, uh, verify the token is a valid or not by using the secret keys. And then you can forward a request to a particular microservices based on this route.

So to ensure a code quality for a large scale note, yes, code base. Actually, using JavaScript. So what we can do, we can implement a unit test cases to our functions and to our APIs. So by this, what happened? So we can avoid, uh, any errors in a in a production or in in a production. So it makes our code, uh, quality really strong so that we can have a 100% assurance that our code will present produce such errors, such, uh, low level errors, I can say. So we can assure that the API will be the API's function the functions and everything what we have to do should pass all the test cases, uh, those 2 test cases and the negative test cases, all the test case scenarios. So this will ensure so code quality should be there, and we can even If possible if possible, try to split, uh, this large scale applications in case of a monolithic possible microservice architecture. So we can have a PCS software services. We can have a different different services for the different different feature. So, uh, even this will be helpful. So the main application load will be distributed along with these services.