Code journal 7/29/14 — Socket.io, Javascript’s call() and apply() function methods

by admcee

>Primarily I need to determine if my server-side emits must occur within the socket.on(‘connection’,function(){/*..*/} call. Also, how to pass my twitter stream to my socket, and if I can have my twitter stream within app.js w/out blocking (I think so, because the function/method calls are all asynch – so that should be fine…

Socket.io Resources 

http://psitsmike.com/2011/09/node-js-and-socket-io-chat-tutorial/
https://github.com/LearnBoost/Socket.IO-node
-https://github.com/Automattic/socket.i
http://howtonode.org/websockets-socketio
http://stackoverflow.com/questions/4094350/good-beginners-tutorial-to-socket-io
http://danielnill.com/nodejs-tutorial-with-socketio/
http://sideeffect.kr:8005/
http://vijayannadi.wordpress.com/tutorials/sample-chat-app-using-nodejs-socketio/
http://javaguirre.net/2014/02/11/twitter-streaming-api-with-node-socket-io-and-reactjs/

Serving Static content in Express

>Here is a good overview of how Express handles static content, from directory structure to the standard middleware used for caching/compression. Concise and useful.

>Express.static appears to set what Express uses as the root directory when searching for static content. Node’s path module is invoked as the parameter for express.static(). Path is used ‘for handling and transforming file paths’, as the Node.js documentation says. And path.join is used to join strings together to form a file path – path.join(‘/foo’,’bar’) returns ‘/foo/bar’ – note the slashes added by the join() function.

The relevant app.js’s command – app.use(express.static(path.join(__dirname,’public’)) takes advantage of Node’s global variable __dirname, which returns the path to the root directory of the currently executing script (http://docs.nodejitsu.com/articles/getting-started/globals-in-node-js). This means we take the root directory app.js is in -i.e. our project directory, and append to it ‘/public’, and set this in the Express middleware as the first place to use as ‘root’ when looking for static content. So for ‘/Users/dev/www/mysite’(yes I’m on a Mac:)…

app.use(express.static(path.join(__dirname,’public’)) — this sets ‘/Users/dev/www/mysite/public’ as the root when looking for static content (not sure if I’ve described the ‘relative root’ correctly but hopefully you get the idea!). Good stuff. I am appreciating Node more and more.

FUN FACTS
-A reference of escape sequence for customizing your Bash shell prompt

-Javascript’s apply() method. I encountered it in a basic example of how to use web sockets. I am actually going to start by explaining call(), because it is simpler and understanding call() helped me understand apply(). I’m also going to crib pretty heavily from the excellent explanation here.

EXPLANATION TIME…

>So….first, functions in javascript are just object. And all functions come with some built-in messages, such as toString(), call(), and apply(). Furthermore, there is a ‘global’ object. So the following code (unashamedly copied), does…

var x = 10;

function f(){
alert(this.x);
}

f();

>a) This confused me @ first because f() _is_not_called_through_the_instance_of_an_object, and, if it was, I believe we’d get undefined. When we call f(), ‘this’ refers to the ‘global object’ — the big scope, which is where x is defined. So all is good. call() allows us to assign the this pointer for the function in question. So, as in the tutorial, if we added to our code…

var o = {x: 15};

f.call(o);

>…Now, we get the value 15 because call() has assigned the this pointer to ‘o’. Call() allows us to supply arguments to the function in question. Apply() is just like call(), except apply()’s arguments must be an array.

>Here is the code of the example from O’Reilly’s ‘Javascript Web Applications’:

var rpc = {
test: function(arg1,arg2){/* …. */}
};

socket.onmessage = function(data){
//parse JSON
var msg = JSON.parse(data);

//invoke rpc func
rpc[msg.method].apply(rpc,msg.args);
};

…and the JSON sent was: {“method”: “test”, “args”:[1,2]}

… What this gives us, security-wise is

a)We’ve set ‘this’ for our rpc method call to the rpc object, thus limiting the scope of any code that runs and so ensuring any malicious code can’t access anything (hopefully, I’m no security expert…) outside the rpc object.
b) If the data passed us invokes a method which we haven’t pre-defined, nothing happens. Similarly, we do not run a method on incorrectly formatted data. This may not be as crucial, security-wise as item a), but it also gives us some flexibility.

Advertisements