Create, Read, Update, Delete. What's happen behind the scene. Part 3

This tutorial is focused on the development of a CRUD & RESTful  web application with MSSQL and ANGULAR-JS. 
Part 3 - JSON data request analysis

Node.js is a very cool platform to seriously consider also for our enterprise projects.

I have tried a lot of libraries to find an optimal setup to develop an enterprise application. This tutorial will guide you in the implementation of a strong and easily reusable platform.



[ Part 1 ] [ Part 2 ] [ Part 3 ] [ Part 4 ]

Crud methods

JSON data request 

The following sequence diagram show what happen, behind the scene,  for every application request:



[ Part 1 ] [ Part 2 ] [ Part 3 ] [ Part 4 ]

Cross-origin resource sharing and usage of Access-control-allow-origin. A production test bed. Part 4

This tutorial is focused on the development of a CRUD & RESTful  web application with MSSQL and ANGULAR-JS. . 
Part 4 - Cross-origin resource sharing and usage of Access-control-allow-origin. A production test bed.

Node.js is a very cool platform to seriously consider our enterprise projects.

I have tried a lot of libraries to find an optimal setup to develop an enterprise application. This tutorial will guide you in the implementation in a strong and easily reusable platform.

[ Part 1 ] [ Part 2 ] [ Part 3 ] [ Part 4 ]

How to set up a production environment

CORS and Access-Control-Allow-Origin
The examples seen in Part 1 and Part 2 are not usable in a production environment. Start with:

• Open core/server.js. You can see, on the top, the row:
•      resp.setHeader("Access-control-allow-origin", "*");
• Comment it, stop the data-server (app.js) and then start it. If we browse:
•      http://127.0.0.1:8080

No films are listed. Why?

In our test environment, we have two http server one is the web sever and respond on port 8000 and, the second one, is the data server and operates on port 8000. They are two different servers that reside in the same host. In a real environment, it's possible that the two servers operate in different hosts and they can also reside on different locations and/or domains.

This has a strong impacts in the security of our application. The methods GET, PUT, POST and DELETE of our data-server may be called from a hostile application that, for example, get - every day - the list of our films and then deletes them.

We need to manage the security and we can:

• apply authentication (the next post is about it);
• permit only to our web server to request data operation by methods GET, PUT, POST and DELETE;

By default Cross-Domain AJAX requests are forbidden. This is right when we need to assure that only our MovieApp can interact with the data-server. 

Sometime it's possible that we need different rules. For example, if we need to implement a new application to permit to everyone to access to our meteo-data, we can host an AJAX data service as public service available to every web server. In this case we can use exactly the same command that we have commented first:

     resp.setHeader("Access-control-allow-origin", "*");

It means: permit to every web site (or every web client) to consume our data-service.

Coming back to our MoviesApp, we have commented this row, so we have negate access to a different domain (in our example: different port). This because, without an explicit permission, it's applied the default rules of  CORS (Cross-Origin resource sharing) that negate access to an AJAX request. We can see it live! With our Chrome Browser activate the menu  MoreTools>DeveloperTool. We can see that in the console appear an error:

It says that the component XMLHttpRequest cannot access to our data service due it declares that our MovieApp web server is not allowed to access. Note that in the last row of the list of Network tab, the request for movies declare 200: there is not an http error! The data server respond correctly, but Chrome rises a CORS exception.

The test bed
It's time to simulate a production environment:

• open a text-editor as administrator;
• edit the hosts file (c:\windows\system32\drivers\etc), adding the following three rows:
• 127.0.0.1 www.mymoviesapp.com
• 127.0.0.1 www2.mymoviesapp.com
• 127.0.0.1 jsondata.mymoviesapp.com
• save it and verify whit the ping command that the three addresses are resolved correctly;
• now edit the file public/js/service.js and search/replace "http://127.0.0.1" with "http://jsondata.mymoviesapp.com". So we tell to MovieApp to obtain JSON data services from jsondata.mymoviesapp.com;
• now open the file core/sever.js and configure the data server to accept JSON requests from www.mymoviesapp.com. Modify, on the top of the code, so:
• resp.setHeader("Access-Control-Allow-Origin", "http://www.mymoviesapp.com:8080");
• restart our two node.js http servers

Now we can see that MoviesApp is working again. This environment setup uses Web and Data services in:

• two different hosts an location (simulated: in my environment they co-exist in the same physical PC, but you can try to separate them in two real physical environments);
• two different domains;
• two different ports.

In Internet there are a lot of very-simplified examples using the technologies used in this tutorial: node.js, Angular.js, MSSQL, etc. Following this post we have seen that when we try to implement them in a real production environment we must consider some different aspect to make a working app. We have seen what is "Access-Control-Allow-Origin" and how it may be set up. Googling technical forums you can see a lot of people that can't run node.js application due CORS constrains....  Cross-Origin resource sharing is not a complication, but a useful mechanism to help us to write reliable application with node.js. 

[ Part 1 ] [ Part 2 ] [ Part 3 ] [ Part 4 ]

Add a RESTful data service using MSSQL - Part 2

This tutorial is focused on the development of a CRUD & RESTful  web application with MSSQL and ANGULAR-JS. 
Part 2 - The RESTful data layer

Node.js is a very cool platform to seriously consider also for our enterprise projects.

I have tried a lot of libraries to find an optimal setup to develop an enterprise application. This tutorial will guide you in the implementation of a strong and easily reusable platform.



[ Part 1 ] [ Part 2 ] [ Part 3 ] [ Part 4 ]

Prerequisites

Download MSSQL Express2014 
(jump this paragraph if you have already a working instance of  MSSQL server)

Download MSSQL Express 2014 from Microsoft site. I suggest the SQLEXPRWT version, so there is also Visual Studio inside.

Install it with the default setup, choosing hybrid authentication.

Create the DB

Create the Movies database

Open visual studio and create a new DB named SampleDB.

Create the Movies database

Right-Click the new DB and create a new table SampleDB:

• CREATE TABLE [dbo].[SampleDB](
• [__v] [int] NOT NULL CONSTRAINT [DF_Movies___v]  DEFAULT ((0)),
• [_id] [int] IDENTITY(1,1) NOT NULL,
• [title] [nvarchar](max) NULL,
• [director] [nvarchar](max) NULL,
• [releaseYear] [nvarchar](max) NULL,
• [genre] [nvarchar](max) NULL
• ) ON [PRIMARY] TEXTIMAGE_ON [PRIMARY]

Add some records:

• USE [SampleDB]
• truncate table [dbo].[Movies]
• INSERT [dbo].[Movies] ([title], [director], [releaseYear], [genre]) VALUES ('Star Wars: Episode 4', 'George Lucas', '1977', 'epic space opera')
• INSERT [dbo].[Movies] ([title], [director], [releaseYear], [genre]) VALUES ('Back to the Future', 'Robert Zemeckis', '1985', 'science fiction adventure comedy')
• INSERT [dbo].[Movies] ([title], [director], [releaseYear], [genre]) VALUES ('Raiders of the Lost Ark ', 'George Lucas', '1981', 'entertainment franchise')

Note that the truncate table command is used only to obtain records with the _id enumerated 1, 2 and 3.

Enable protocols with the Sql Server Configuration Manager:

Set up the firewall for MSSQL protocols or temporarily disable it.

Our DB is ready and it's compatible with the attributes and datatype required by the MovieApp that we have seen in part 1 of this tutorial.

Create the data service layer

Use a template to accelerate

Goggling the web, I have found a very nice tutorial How to develop a complete REST service application using pure Node.js.
Read it to understand well the anatomy of a real RESTful service application.
Download the related example.
Open it and copy the entire content of SampleRest folder. Paste it inside our MyApp folder created inside the part 1 of this tutorial. The MyApp folder now contains:

Using the  console go inside our MyApp folder and type   npm install .
We have installed the library MSSQL.

Now we need to adapt the server to our entity movies.
Download these files from github.
Unzip and it and copy the content of folder MSSQL_CRUD_RESTful_ANGULARJS-master in our MyApp folder, replacing all preexisting files.

Now we need to change the password in the file settings.js replacing  mypassword with the password of user sa (system administrator) that you have chosen during MSSQL Express installation. Save it.

It's time to see our data server in action: open a new console and type   node app .
Now open Chrome and browse http://127.0.0.1:8000/movies .

It will show:

[{"__v":0,"_id":1,"title":"Star Wars: Episode 4',' A New Hope","director":"George Lucas","releaseYear":"1977","genre":"epic space opera"},{"__v":0,"_id":2,"title":"Back to the Future","director":"Robert Zemeckis","releaseYear":"1985","genre":"science fiction adventure comedy"},{"__v":0,"_id":3,"title":"Raiders of the Lost Ark ","director":"George Lucas","releaseYear":"1981","genre":"entertainment franchise"}]

That is the json content of our movies table in MSSQL.

Our data layer is working well. If not, double-check the exact sequence of operation of this paragraph.

Link the previous web app MovieApp to the local data server



Enjoy your MoviApp




If you see inside the service.js file the link to data server it's changed in http://127.0.0.1:8000/movies/:id.



This means that now we are disconnected from previous Internet data service and that we are ready to consume the local data service.



Launch the web server as seen in Part 1. Open a different console, go to the MovieApp folder and type . type   node WebServer.



Browse http://127.0.0.1:8000 and see your app in action:







Enjoy it and try every application button!




Read the tutorial  "How to develop a complete REST service application using pure Node.js" it explains how to use MSSQL sever to do basic CRUD operations, there is also a video for you.












We have created a complete local CRUD, RESTful and SPA application. In the next post I will show  how it's implemented and why it was necessary to respond to the OPTION request from our web application and then what is necessary to isolate the web server from the data server.



[ Part 1 ] [ Part 2 ] [ Part 3 ] [ Part 4 ]

MSSQL CRUD RESTful ANGULARJS app - Part 1

This tutorial is focused on the development of a CRUD & RESTful  web application with MSSQL and ANGULAR-JS. 
Part 1 - The user interface

Node.js is a very cool platform to seriously consider our enterprise projects.

I have tried a lot of libraries to find an optimal setup to develop an enterprise application. This tutorial will guide you in the implementation of a strong and easily reusable platform.


[ Part 1 ] [ Part 2 ] [ Part 3 ] [ Part 4 ]

Technologies

Choosing a DB

The first requirement that I have considered is the use of a relational database. A large part of enterprise data are normally stored in a relational database, I think that it's better to interact with it directly. I have choosen Microsoft Sql Server that is one of the most used DB (see also Gartner Quadrant). I appreciate a lot Mongo Db and I prefer it for a classic web site but, for an enterprise application, I prefer MSSQL. The next release of MSSQL-2016 will contain a native JSON implementation. This will simplify the usage with NodeJs, maintaining the advantages of stored procedures, powerful views, scheduler, SSIS and all the other tools and facilities available.

Choosing a UI platform

There are a lot of libraries that help the development of UI. One of the platform most used is AngularJs. It aims to simplify the development and the testing by providing a framework for client side MVM (Model View Control) and MVVM (Model-View-ViewModel) architecture. With angular we can develop a SPA (single page application) in a few minutes.

Choosing a Software Architecture Style

A lot of software engineering now use a CRUD & RESTful approach when they implements a new NodeJs application. This approach has a lot of advantages also if it is not so "instinctive" for traditional developers. This tutorial will guide you to write an application with a complete isolation between the web service and the data layer. I prefer to separate these two distinct layers because so  I can choose different components for the http server and also to enforce security. It's possible to assign these layer to a two different and specialized hosts; they may reside also in different geographical sites with a lot of vantages in deployment flexibility and security assurance.

User Interface: start from a good template

I've googled a lot the web to find a single tutorial with these requirements, but is not easy to find it. So I have selected two separate examples as the base of this tutorial.

The better AngularJs template that I have found is Movie App. It implements the MVM/MVVM components in a clear code and everything is described in a detailed tutorial (thanks to Sandeep for his job). We start from downloading it here:
create a folder MyApp in your work space
download the MovieApp from github, decompress it  and put the folder MovieApp inside MyApp
rename "MovieApp" as "public"

Now we need a web-server to play it in our local host. Express can help us to write a web server with five rows of code:
with the console, go inside MyApp and install express typing : 

node install express

with a text editor  edit:

• var express = require('express')  , app = express();
• app.use('/', express.static(_dirname + '/public'));
• app.listen(8080, function(){
•   console.log('web server listening on port 8080');
• });

save it as WebServer.js inside the folder MyApp

Our web server let the content of public folder to be available as static content.  It's time to play it:

launch our web server with the prompt command: 

node WebServer.js

. If you like to see a debug window of the web server, you can launch the webserver with:  

set DEBUG=express:* & node WebServer.js

 (using windows) or 

DEBUG=express:* node WebServer.js

 (using linux).
open Chrome and go the page: http://127.0.0.1:8080

We can see that the page is displayed, but no films are shown. In chrome select Tools > Developer Tools. We can see that an error is occurred. Why? It's simple: the CRUD application consumes a data service, but the address is wrong. No problem. Edit the file services.js (it's in the js folder) and change the address of rest service:

change fifth row with:

•     return $resource('http://movieapp-sitepointdemos.rhcloud.com/api/movies/:id',{id:'@_id'},{

The code is changed in:

Evidently the demo address is changed! Now try again and you can see that the app is ok.

Read the tutorial  "Creating a CRUD App in Minutes with Angular’s $resource" to enhance your skill in: Angular Js, rest app, spa, $resource; it's the best tutorial that i've found on the web.

We have installed a good example of a CRUD, RESTful and SPA application in our host and we have adapted it to consume a data service from an external demo site on the Internet. In the next post we will see how to provide the data layer with a local and isolated service.

[ Part 1 ] [ Part 2 ] [ Part 3 ] [ Part 4 ]