blog.pleb.in

Life of Apps

A Cursory Look at Auth0

Auth0 provides an identity infrastructure for applications helping them authenticate users. Auth0 supports authentication using OAuth using social media providers, username/password and other means. Auth0 offers a free trial and supports signup using social media. I signed up using my github account. It offers good tutorials to setup the central dashboard that has a host of features, I only tried two basic features: setting up clients and APIs.

Setting up clients that would use Auth0 for authentication: I used single page webapps as they pointed to a node implementation. Native iOS apps and non-interactive apps are supported.

APIs can be protected using JWT and other means. These can be defined in the dashboard.

Users that want to use your app can signup using the Auth0 endpoint shared. The signing up as mentioned earlier would be primarily through social media accounts and username/password. The users signed up are displayed in the dashboard.

Auth0 supports both SAML and OAuth. It also supports OAuth using JWT. JWT or JSON Web Tokens offer a compact way to authenticate users and the flow is as follows:

  • User authenticates using username/password
  • Receives a JWT token 
  • Uses the JWT token until it expires for further server interaction by passing it in the header


JWT is more compact than SAML as SAML is more lengthy due it being XML based. I had initially thought of writing a post on JWT authentication but found that this post by Jonathan  explains it well.


Classy Promises with Arrows in Scope - Quick look at some ES6 features

Having seen some code with arrow functions all over and unable to understand it, I decided to spend some time and learn the new features in ES6. I attended Udacity's ES6 course, which had lots of examples and was helpful. Apart from arrow functions, the other features that I was keen on learning were variable scoping with const and let keywords, classes and promises. Here is a quick look at what I learnt.

Arrow Functions
My requirement was only to understand how to read code written with arrow functions as there were quite a few examples using them. Suffice to say, (parameters) => { statements }.

In the code snippet below, where I am using only a single line function, there is no need to encapsulate the code with curly braces. JavaScript: Arrow Functions for Beginners is a good article that describes the arrow functions well.


const and let
The const keyword fixes the value of the variable to what is assigned during declaration. This is useful when importing (requiring) libraries as they do not change in the course of the program. In the code snippet below, variables express and app are declared with const as their values do not change in this course of the program.


When a variable is defined with let, it makes the variable local to the block in which it is defined. In the code snippet above, isError's scope is limited to inside the getCustomer promise block only.

Classes
Coming from a Java background, I wanted to see ES6 classes more out of curiosity than anything else. Not being an expert in JavaScript ES5 helped here as it was easy to relate to Java classes (I did not have to relate it prototypes etc.). In the code snippet below, I create a customer class with attributes for id, name, level and since.


Promises
Finally, promises. I learnt promises from the ES6 Udacity course that I mentioned above and also looking at this useful article on scotch.io. A quick summary is in order. Promises are for best suited for avoidance of "pyramid of doom" that happens when you execute code with callbacks. In promises, there are four states:
  • success: resolved/fulfilled
  • failure: rejected
  • pending
  • complete

Creating promises
In the code creating the Promise, success is notified through a resolve function call and failure is notified through a reject function call. In the getCustomer promise below, I return an error through the reject function call if the variable isError is true. I return customer records for the success criteria through the resolve function.


Calling promises
In the arrow function code where the promise is invoked, the then method notifies us if the method executed successfully or failed. It also has a chained catch method that catches the exception/error. If we set isError to true in the code and return an error, the catch method will get executed.   




Compensation Logic using RabbitMQ

After listening to Caitie McCaffrey on the Saga pattern, I added basic compensation logic to the rudimentary order management flow described in this post.

  • To recap, the flow starts with an order being placed through a POST request
  • Then each microservice posts a message on a RabbitMQ Exchange (type: direct) with the completion status as the routing key 
  • The microservice that has to be executed next listens on the "topic" with the binding key for triggering it and starts executing on receipt of a matching message
  • On error, the microservice posts a message with the error text as the routing key e.g. "Order Processing Error". The message payload could contain further details about the error
  • Each microservice also listens on a "topic" with a binding key containing an error and on receipt of a message, it executes the compensation logic 

The complete flow with transaction is as follows:

1. Order Creation
- trigger: POST request
- success: order placed, check inventory
- failure: no order placed, inform and stop execution
- compensation: order cancel, inform and stop execution

2. Inventory Check
- trigger: check inventory message
- success: inventory available, notify shipment (or) inventory unavailable, notify stock replenishment
- failure: inventory unavailable and cannot be replenished notify order creation
- compensation: reset inventory, notify order creation

3. Stock Replenishment
- trigger: stock replenish message
- success: stock replenished, notify shipment
- failure: stock not replenished, notify inventory check
- compensation: none

4. Order Shipment
- trigger: ship order message
- success: order shipped, inform and stop execution
- failure: order not shipped, notify inventory check (for inventory reset)
- compensation: none

Full code is available here.

Node.js Utility Modules & Configuration

As I learn and understand Node.js better, I try to organize the code better. Some of the changes that I did to the code that does microservices orchestration are:

  • Organized helper code for RabbitMQ and HTTP methods into a separate module by following this useful article
  • Moved the URL details for RabbitMQ to a separate js file following this stackoverflow response
  • Closed RabbitMQ connections on process exit trapping kill & Ctrl-C signals using the morbidly titled npm module called death   

Understanding MicroServices Choreography using RabbitMQ & Node.js

A colleague and I had discussed on choreography of microservices a while ago and the topic came up for discussion again recently. In order to ensure that I understood the nuances correctly, I decided to write some code to implement the approach. Here are the tools/technologies that I chose:

  • Node.js for building the microservices 
  • Restify for exposing Restful APIs
  • CloudAMQP - a RabbitMQ as a service offering as the integration bus
  • amqp.node - a Node.js client library for RabbitMQ.  

CloudAMQP offers a free tier good enough for learning and trying things out. It also comes with an easy to use management console that gives good statistics. The tutorials and articles are useful too.

There is a host of options for the Node.js RabbitMQ client libraries. I tried a few and then settled with amqp.node as the RabbitMQ site had their tutorials on it. The library comes in two flavours, one with callbacks and the other with promises. Being comfortable with callbacks, I opted for it.

The approach that I followed was to mimic a part of the order management process where a POST method triggers the order creation service. The service processes the order, creates an entry in the order management database and sends a message to a RabbitMQ topic. Following is the code snippet.



Another service listens to the topic for a specific key that denotes that the order creation is complete and gets triggered when a message with that key is published. This service checks for inventory and either calls a service to replenish stock if it is low or calls an order shipment service if the stock is available. It too publishes a message on the topic with the respective keys to trigger the following services.  Following is the code snippet.

The code below publishes and consumes from a RabbitMQ topic. Apache Kafka can be used as an alternative to RabbitMQ as an event bus.

This approach will work while creating new microservices as they can be made to start on the basis of an event.

As can be seen from the code, it is heavily work in progress. I am hoping to do the following tasks:

  • Figuring out a good way of closing RabbitMQ connections Done:Updated the code to use npm module death to run a function on process kill to close RabbitMQ connections
  • Making modules out of some common code functions Done: moved the helper functions for HTTP methods and RabbitMQ to a module. 
  • Add compensation logic Done: this post explains the compensation logic 
  • Add an OpenAPI (Swagger) spec Done: added a spec for Order Creation here
  • Create Docker containers 
Full code is available here.


Node.js Code Organization

As mentioned in my previous post, I learnt Node.js and Restify through the Udemy course titled "A Simple Node.js/Mongo/Restify API in Less Than 3 Hours" by Jim Hlad. I made a copy of the Node.js API sample app that was taught in the course and called it Cwitiq. This app would manage reviews instead of users. 

A rough diagram of the code is depicted below. On the right, the directories for the various layers are shown. 


  • include (require) the restify, restify plugins, validator and mongoose modules
  • create a restify server using the createServer function
  • the config directory has the db connection and helper functions to provide responses (output, error etc.)
  • the models directory has the schema and model for storing the reviews in MongoDB using Mongoose
  • the business logic is in the reviewController that is present in the controllers directory along with setupController that utilizes Restify features to control APIs - authorization, whitelisting, throttling
I have been using this layout and code organization while creating other apps in Node.js.


Learning Node.js on Udemy


After a bit of a struggle, I finally would like to believe that I have become comfortable with Node.js. I had initially tried learning Node.js through the course titled "Learn and Understand NodeJS" on Udemy by Anthony Alicea. The course is a bit unconventional as it goes deep into the guts of Node.js right at the start instead of providing an overview. I lost interest in it after a few lectures and almost gave up learning Node.js.

After a while, I decided to look for courses of shorter duration and found a course titled "A Simple Node.js/Mongo/Restify API in Less Than 3 Hours" by Jim Hlad. The USP of this course is that the lectures are of a short duration ~5-7 min. This helps in assimilating the content learned easily. The instructor explains the concepts while coding, instead of talking theory first, making the lectures short and crisp.

This course helped me grasp the basics of Node.js and try out things such as Web Sockets using Socket.io. It would be nicer if the instructor offers this course with Express or other more popular libraries instead of Restify. Also, it is worth noting that this course is aimed at building APIs using Node.js rather than a complete application thereby skipping the UI layer.