expressjs · crandmck · Nov 2, 2016 · Oct 6, 2016 · Oct 6, 2016 · Nov 2, 2016
@@ -39,9 +39,9 @@ Jekyll uses the [Liquid template engine](http://liquidmarkup.org/) for templatin
 You can use [http://kramdown.gettalong.org/parser/gfm.html](GFM) fenced code blocks for JavaScript; for example:
 
 ```js
-var express = require('express');
-var app = express();
-app.listen(3000);
+var express = require('express')
+var app = express()
+app.listen(3000)
 ```
 
 The default GitHub Pages syntax highlighting has been disabled in `_config.yml to allow highlighting with prism.js.

@@ -31,10 +31,10 @@ Here are some things you can do in your code to improve your application's perfo
 Gzip compressing can greatly decrease the size of the response body and hence increase the speed of a web app. Use the [compression](https://www.npmjs.com/package/compression) middleware for gzip compression in your Express app. For example:
 
 ```js
-var compression = require('compression');
-var express = require('express');
-var app = express();
-app.use(compression());
+var compression = require('compression')
+var express = require('express')
+var app = express()
+app.use(compression())
 ```
 
 For a high-traffic website in production, the best way to put compression in place is to implement it at a reverse proxy level (see [Use a reverse proxy](#proxy)). In that case, you do not need to use compression middleware. For details on enabling gzip compression in Nginx, see [Module ngx_http_gzip_module](http://nginx.org/en/docs/http/ngx_http_gzip_module.html) in the Nginx documentation.
@@ -96,15 +96,15 @@ This middleware function accepts a query field parameter named "params" that is
 app.get('/search', function (req, res) {
   // Simulating async operation
   setImmediate(function () {
-    var jsonStr = req.query.params;
+    var jsonStr = req.query.params
     try {
-      var jsonObj = JSON.parse(jsonStr);
-      res.send('Success');
+      var jsonObj = JSON.parse(jsonStr)
+      res.send('Success')
     } catch (e) {
-      res.status(400).send('Invalid JSON string');
+      res.status(400).send('Invalid JSON string')
     }
-  });
-});
+  })
+})
 ```
 
 However, try-catch works only for synchronous code. Because the Node platform is primarily asynchronous (particularly in a production environment), try-catch won't catch a lot of exceptions.
@@ -124,12 +124,12 @@ app.get('/', function (req, res, next) {
     .then(function (csv) {
       // handle csv
     })
-    .catch(next);
-});
+    .catch(next)
+})
 
 app.use(function (err, req, res, next) {
   // handle error
-});
+})
 ```
 
 Now all errors asynchronous and synchronous get propagated to the error middleware.
@@ -144,7 +144,7 @@ app.get('/', wrap(async (req, res, next) => {
   let company = await getCompanyById(req.query.id)
   let stream = getLogoStreamById(company.id)
   stream.on('error', next).pipe(res)
-}));
+}))
 ```
 
 For more information about error-handling by using promises, see:

@@ -58,10 +58,12 @@ $ npm install --save helmet
 Then to use it in your code:
 
 ```js
-...
-var helmet = require('helmet');
-app.use(helmet());
-...
+// ...
+
+var helmet = require('helmet')
+app.use(helmet())
+
+// ...
 ```
 
 ### At a minimum, disable X-Powered-By header
@@ -71,7 +73,7 @@ If you don't want to use Helmet, then at least disable the `X-Powered-By` header
 So, best practice is to to turn off the header with the `app.disable()` method:
 
 ```js
-app.disable('x-powered-by');
+app.disable('x-powered-by')
 ```
 
 If you use `helmet.js`, it takes care of this for you.
@@ -96,13 +98,12 @@ Using the default session cookie name can open your app to attacks.  The securit
 To avoid this problem, use generic cookie names; for example using [express-session](https://www.npmjs.com/package/express-session) middleware:
 
 ```js
-var session = require('express-session');
+var session = require('express-session')
 app.set('trust proxy', 1) // trust first proxy
-app.use( session({
-   secret : 's3Cur3',
-   name : 'sessionId',
-  })
-);
+app.use(session({
+  secret: 's3Cur3',
+  name: 'sessionId'
+}))
 ```
 
 ### Set cookie security options
@@ -118,22 +119,22 @@ Set the following cookie options to enhance security:
 Here is an example using [cookie-session](https://www.npmjs.com/package/cookie-session) middleware:
 
 ```js
-var session = require('cookie-session');
-var express = require('express');
-var app = express();
+var session = require('cookie-session')
+var express = require('express')
+var app = express()
 
-var expiryDate = new Date( Date.now() + 60 * 60 * 1000 ); // 1 hour
+var expiryDate = new Date(Date.now() + 60 * 60 * 1000) // 1 hour
 app.use(session({
   name: 'session',
   keys: ['key1', 'key2'],
-  cookie: { secure: true,
-            httpOnly: true,
-            domain: 'example.com',
-            path: 'foo/bar',
-            expires: expiryDate
-          }
-  })
-);
+  cookie: {
+    secure: true,
+    httpOnly: true,
+    domain: 'example.com',
+    path: 'foo/bar',
+    expires: expiryDate
+  }
+}))
 ```
 
 ## Ensure your dependencies are secure

@@ -13,32 +13,32 @@ Use the `app.engine(ext, callback)` method to create your own template engine. `
 The following code is an example of implementing a very simple template engine for rendering `.ntl` files.
 
 ```js
-var fs = require('fs'); // this engine requires the fs module
+var fs = require('fs') // this engine requires the fs module
 app.engine('ntl', function (filePath, options, callback) { // define the template engine
   fs.readFile(filePath, function (err, content) {
-    if (err) return callback(new Error(err));
+    if (err) return callback(err)
     // this is an extremely simple template engine
-    var rendered = content.toString().replace('#title#', '<title>'+ options.title +'</title>')
-    .replace('#message#', '<h1>'+ options.message +'</h1>');
-    return callback(null, rendered);
-  });
-});
-app.set('views', './views'); // specify the views directory
-app.set('view engine', 'ntl'); // register the template engine
+    var rendered = content.toString().replace('#title#', '<title>' + options.title + '</title>')
+    .replace('#message#', '<h1>' + options.message + '</h1>')
+    return callback(null, rendered)
+  })
+})
+app.set('views', './views') // specify the views directory
+app.set('view engine', 'ntl') // register the template engine
 ```
 
 Your app will now be able to render `.ntl` files. Create a file named `index.ntl` in the `views` directory with the following content.
 
-```js
+```text
 #title#
 #message#
 ```
 Then, create the following route in your app.
 
 ```js
 app.get('/', function (req, res) {
-  res.render('index', { title: 'Hey', message: 'Hello there!'});
-});
+  res.render('index', { title: 'Hey', message: 'Hello there!' })
+})
 ```
 When you make a request to the home page, `index.ntl` will be rendered as HTML.
 </div>
@@ -59,9 +59,9 @@ Custom trust implementation. Use this only if you know what you are doing.
 
 ```js
 app.set('trust proxy', function (ip) {
-  if (ip === '127.0.0.1' || ip === '123.123.123.123') return true; // trusted IPs
-  else return false;
-});
+  if (ip === '127.0.0.1' || ip === '123.123.123.123') return true // trusted IPs
+  else return false
+})
 ```
 </td>
     </tr>