Week 8 — One more class in the books!

This week we created a bucket in Google Cloud and linked an app to host it on their server!

Can you explain the purpose of each type of HTTP Request when using a RESTful web service? | HTTP verb use in a RESTful system is generally as follows:

• POST: Create a new instance of a resource. Typically returning an Id representing the unique identifier for the created resource.
• GET: Fetch a specified resource, usually by Id.
• PUT: Update or replace a specific resource, generally by ID. This verbs behavior in a RESTful system should usually be idempotent.
• DELETE: Used to remove or mark a resource inactive. In either case the end result for a subsequent GET on the target resource will produce a “not found” error.
• OPTIONS: This is most times for your pre flight requests for server/client content negotiation and sometimes used to set various e-tags and prepare caching.
• PATCH: Probably the least used verb in a HTTP API system. Used to update or modify a resource, however due to the PUT method being idempotent it is often preferred over PATCH due to often being considered “safer” in many architectures.

What’s a test pyramid? How can you implement it when talking about HTTP APIs? | A test pyramid describes that when writings test cases there should be a lot more low-level unit tests than high level end-to-end tests. Implement it by using:

• a lot of low-level unit tests for your models
• less integration tests, where your test how your models interact with each other
• a lot less acceptance tests, where you test the actual HTTP endpoints

What is the “demultiplexer”? | The demultiplexer is a combinational logic circuit designed to switch one common input line to one of several separate output lines.

What’s the difference between “blocking” and ‘non-blocking’ functions?| Blocking and synchronous mean the same thing: you call the API, it hangs up the thread until it has some kind of answer and returns it to you.Non-blocking means that if an answer can’t be returned rapidly, the API returns immediately with an error and does nothing else. So there must be some related way to query whether the API is ready to be called (that is, to simulate a wait in an efficient way, to avoid manual polling in a tight loop).

What are the main security implementations within NodeJS? |

• Use parameterized inputs to prevent injection attacks.
• Use multi-factor authentication to prevent automated attacks.
• Discard sensitive data after use.
• Patch old XML processors.
• Enforce access control on every request.
• Create fluid build pipelines for security patches.
• Sanitize all incoming inputs.
• Scan application for vulnerabilities regularly.
• Secure deserialization.
• Sufficient logging and monitoring.

Explain the “path” module in NodeJS? | NodeJS path module is used for handling and transforming file paths. This module can be imported using the following syntax. var path = require(“path”)