Custom Error Classes: Beyond Generic Errors
Create specific error types, like `NotFoundError`, instead of generic ones. This lets your code react differently to different failures, like sending a 404 for a missing user vs. a 500 for a database outage.
The Refresh Token Pattern: Stay Logged In Securely
A refresh token is like a key to a key-making machine; it mints new access tokens without re-prompting the user. This pattern keeps users logged in to web and mobile apps. The footgun: a leaked refresh token can grant an attacker indefinite access.
Passport.js: The Local Strategy for Username/Password Auth
Passport's Local Strategy is the bouncer for traditional username/password logins in Node.js. You provide the logic to verify credentials against your database, and Passport handles the session management.
Mongoose Population: Linking Documents Across Collections
Mongoose's `populate()` acts like a client-side JOIN, replacing document IDs with actual documents from other collections. It's ideal for linking related data, like a blog post's author.
Mongoose Validation: Your Schema's Built-in Guard
Mongoose validation is a guard at the application layer, ensuring data conforms to schema rules before hitting the database. Use it for required fields, lengths, and ranges. The `unique` option is for database indexes, not a Mongoose validation rule.
Mongoose Middleware (Hooks): Intercepting Database Operations
Mongoose middleware (hooks) lets you intercept database operations. Think of them as "before" or "after" scripts for actions like `save` or `find`. Use them to hash passwords before saving a user.
Idempotency in REST APIs: Safe to Retry?
An idempotent API request means sending it once or 100 times has the same effect on the server's state. GET, PUT, and DELETE are idempotent, making them safe to retry. POST is not, so retrying can create duplicates.
API Pagination: Serving Big Datasets in Chunks
API pagination breaks large result sets into smaller chunks to prevent server overload. It's essential for any endpoint returning many records, like a list of users or products.
Mongoose: Schemas are Blueprints, Models are Factories
A Mongoose Schema is the blueprint for your data, defining its shape and types. A Model is the factory that uses this blueprint to create, query, and save documents in MongoDB. The common footgun is trying to query the blueprint instead of the factory.
HTTP Status Codes: The Server's Signal
HTTP status codes are the server's signal for a request's outcome: success, client error, or server error. You see them when fetching data (200 OK), hitting a bad link (404), or when a server fails (500). Footgun: Don't just check for 'not 200'.
cookie-parser: From Header String to Usable Object
The cookie-parser middleware translates the raw Cookie header string into a usable `req.cookies` object. It's used in Express apps to read session IDs or user preferences.
Morgan: One-Line Request Logging for Express
Morgan is a plug-and-play stenographer for your Express app, automatically logging every incoming HTTP request. Use its predefined formats for quick debugging or create custom formats for production access logs.
CORS Middleware: Unlocking Cross-Origin Requests in Express
The `cors` middleware tells browsers which external websites can read your Express API's responses. Use it when a frontend on one domain needs to fetch data from your API on another.
Express Middleware: Intercepting Requests Before Your Route Handler
Express middleware is like a bouncer for your routes, running code before your main handler. Use it for logging, authentication, or parsing request bodies. The biggest footgun is forgetting to call `next()` or send a response, which leaves requests hanging.
Express Error Middleware: Your App's Safety Net
Express error middleware is a safety net that intercepts unhandled errors, preventing crashes. It's used to centralize logging and format consistent error responses. The biggest footgun is placement: it must be defined *after* all other routes and middleware.
Scaffold an Express App with `express-generator`
The `express-generator` CLI is a blueprint for new Express apps, instantly creating a standard folder structure and boilerplate files. Use it to skip tedious setup of routes and views.
Express Middleware: The Chain of Command for Requests
Express middleware is a chain of functions a request passes through. Each function can inspect, modify, or stop the request, useful for logging, auth, or body parsing.
Express.js: Basic Request Routing
Express routing connects a request's path and HTTP method (like GET `/`) to a specific handler function. This is the core of any Express app, used to define API endpoints or handle form submissions. A common mistake is using the wrong method for a request.
Creating Your First Express Server
Think of an Express app as three steps: require the library, create an instance, and listen on a port. This is the foundation for any Express-based API or web server.
Promise.any(): Get the Fastest Successful Result
Promise.any() is a race where only finishers count. It returns the value of the first promise to succeed, ignoring any that fail. Use it to query redundant endpoints and take the first successful response.