Back to Home
Node.js logoNode.js v4.18INTERMEDIATE

Express.js

Build web applications and APIs with Express.js framework

9 min read
expressnodejsbackendapirestmiddleware
Official Docs

Setup & Basics

Initialize and configure Express applications

Application Setup

Create and configure Express app

javascript
💡 Use environment variables for configuration
✅ Set up middleware early in the app
⚡ Use compression in production

Routing

Define routes and handle HTTP methods

Route Handling

Define and organize routes

javascript
💡 Use routers to organize routes
✅ Order matters - specific routes first
⚡ Use route parameters for dynamic paths

Middleware

Process requests with middleware functions

Middleware Patterns

Create and use middleware

javascript
💡 Middleware executes in order
✅ Always call next() or send response
⚠️ Error middleware needs 4 parameters

Request & Response

Handle request data and send responses

Request/Response Handling

Work with req and res objects

javascript
💡 res.json() automatically sets Content-Type
✅ Always set appropriate status codes
⚡ Use streaming for large files

Database Integration

Connect and work with databases

Database Operations

Integrate databases with Express

javascript
💡 Use connection pooling for production
✅ Always handle database errors
⚡ Use indexes for better query performance

Authentication & Security

Secure Express applications

Security Implementation

Authentication and security best practices

javascript
🔒 Always hash passwords with bcrypt
✅ Use HTTPS in production
⚠️ Implement rate limiting for all endpoints

Error Handling

Error Handling Middleware

Catch and handle errors gracefully in your Express application

javascript
💡 Error middleware needs 4 parameters (err, req, res, next)
⚠️ Must be defined after all other middleware
✅ Use async wrapper to catch Promise rejections
🔒 Don't expose stack traces in production

CORS & Security

CORS Configuration

Enable Cross-Origin Resource Sharing for API access from browsers

javascript
💡 CORS is required for browser-based API calls
⚠️ Don't use wildcard (*) origin in production
🔒 Set credentials: true for cookie support
✅ Configure specific origins for security

Security Headers

Add security headers to protect against common vulnerabilities

javascript
🔒 Helmet adds various security headers
⚡ Rate limiting prevents abuse
💡 Sanitize inputs to prevent injection
✅ Use HTTPS in production always

Request Validation

Input Validation

Validate and sanitize user input to ensure data integrity

javascript
💡 Always validate user input
✅ Sanitize data to prevent XSS
⚠️ Return clear validation error messages
🔒 Never trust client-side validation alone

Configuration

Environment Variables

Manage configuration and secrets using environment variables

javascript
💡 Never commit .env files to version control
🔒 Use different secrets for each environment
✅ Validate environment variables on startup
⚡ Use dotenv for local development

More Node.js Cheat Sheets

Node.js Core Modules

INTERMEDIATE15 min

Express.js REST API

INTERMEDIATE18 min