FastAPI: Set a Response's HTTP Status Code
In FastAPI, set the success status code in the decorator, not the function. Use `status_code=201` in `@app.post()` to signal resource creation. The common footgun is placing `status_code` in the function signature instead of the decorator itself.
FastAPI: Validate Parameters with Query and Path
FastAPI's `Query` and `Path` objects let you declare rich validation rules directly in your function's signature. Enforce string lengths, regex patterns, or numeric ranges on URL parameters without writing manual checks.
FastAPI: Automatic Interactive API Docs
FastAPI turns your Python type hints into live, interactive API documentation. It generates an OpenAPI schema to power a UI where you can test endpoints directly from your browser, no extra work needed.
FastAPI: Pydantic for Robust Request Bodies
A Pydantic model is a contract for your API's request body. It tells FastAPI what data to expect, automatically converting incoming JSON into a typed Python object. Use this for any POST or PUT endpoint. The footgun is declaring path params in the body model.
Path Parameters: Turning URL Parts into Variables
Path parameters turn parts of a URL, like `/users/123`, into typed function arguments. FastAPI uses this to create endpoints for specific resources, like fetching a user by their ID. The footgun is forgetting type hints; without `int`, `123` is just a string.
FastAPI: Configure Endpoints with Decorators
FastAPI's path operation decorators configure an endpoint's metadata and behavior. Use them to set status codes (status_code=201), group endpoints with `tags`, or mark them as `deprecated`.
Accessing Python Type Annotations Safely
Accessing an object's type hints isn't just `obj.__annotations__`. Use `inspect.get_annotations()` in Python 3.10+ for safe access. This is key for tools like FastAPI that introspect your code.
Python's async/await: Concurrent, Not Parallel
async/await lets a single Python thread juggle multiple tasks, pausing one to work on another while it waits for I/O. It's ideal for network requests or database queries. The footgun: it won't speed up CPU-bound tasks, it only helps with waiting.
Python Coroutines: Functions You Can Pause and Resume
A Python coroutine is a function that can be paused and resumed. It yields control during I/O waits, allowing other tasks to run instead of blocking the program. The main footgun: calling an `async` function does nothing; you must `await` it to run it.
Python Enums: Give Names to Magic Numbers
Python's Enum gives meaningful names to "magic numbers" or strings. Use it for fixed sets of options like statuses or categories to make code self-documenting. The footgun: don't compare members to raw values; compare member to member for type safety.
Python Data Classes: Write Less Boilerplate
Python's @dataclass decorator writes boilerplate code like `__init__` and `__repr__` for you, turning a class with type hints into a data container. Use it for API payloads or simple records.
Python Type Hints: Documentation Your Linter Can Read
Type hints are labels for variables and function returns (`name: str`) that Python ignores at runtime. They enable static analysis tools and IDEs to catch errors before you run code.
Production Secret Management: Inject, Don't Store
Treat secrets like temporary credentials, injected at runtime, not stored with your code. This applies to database passwords and API keys in production. The biggest footgun is using .env files; they are a dev convenience, not a security model.
Sinon.JS: Isolate and Inspect Code for Unit Tests
Sinon.JS lets you replace real functions with test doubles to check *if* and *how* they were called. Use it to fake network requests or control timers. The biggest footgun is forgetting to restore fakes, which causes tests to leak state and fail unpredictably.
Passport.js: The Gatekeeper for Your Routes
Passport.js is a gatekeeper for your Node.js routes, authenticating requests before your application logic runs. It uses pluggable "strategies" for different login types, like local passwords or Google OAuth. The footgun is misconfiguring failure handling.
Cookie-Based Sessions: Server-Side State, Client-Side ID
Think of a session cookie as a coat check ticket, not the coat itself. The server stores your data and gives you a unique ID to carry in a cookie. This is how Express.js tracks user state across requests.
Docker Compose for Multi-Container Apps
Docker Compose is a conductor for your containers. Instead of running each service manually, you define your app and its database in one YAML file and launch them together. This is standard for local Node.js/Postgres development.
PM2: Zero-Downtime Reloads in Cluster Mode
PM2's `reload` command updates a clustered Node.js app without downtime by restarting processes one by one. Use this for live deployments. The footgun is using it on a stateful app, which will cause data loss unless state is externalized.
Health Check Endpoints: Reporting App Status
A health check is a dedicated endpoint that tells an orchestrator if your app is alive and ready for traffic. Systems like Kubernetes use it to decide whether to send traffic (readiness) or restart a container (liveness).
PM2 Cluster Mode: Scale Node.js Across All Cores
PM2's cluster mode lets your Node.js app run on every CPU core, multiplying its capacity. It's essential for scaling networked apps on a single machine, but requires a stateless design—storing sessions in memory will break things as requests hit different…