There are abundant of resources in the community which talk about hacking, server security-protection, and underground criminal white-blue collar activities; and cyber organized crime.

First,

have you been ever toying with the idea of security — Dont ever. Controlled Production never exists. Let us repeat “Controlled Production Environment Never Exists”.

Second,

let us come clean on ethics that there is nothing called as “ethical hacker”, unless the ethical hacker is your company’s server admin doing the positive, good, beneficial non-criminal work.

Third,

While the concept of crime and laws may change country to country, you do not need laws to comprehend and decipher insanity, abuse, and try to prove that something is wrongfully crossing the ethical borders and ethical limits of activities.

If it pains - there is and was a hurt.

Just because there is no law for a cyber crime activity it may not mean (cyber crime) something is right. It may be, can be, and will be accommodated into other available laws in every part of the world where laws are followed.

[1] Having said it, open your browser’s developer tools. If you a novice, right click on your browser and click the “inspect” link.

You will see the web page’s developer tools open up.

[2] Click on the “Application” Tab [check first and second image] in the developer tools. You will see list of storage sections [check second image].

This method of opening the developer fools is probably the same in the MS Edge and Chrome Browser.

Click on every tab option of Storage — localStorage, Session Storage, Web SQL, IndexDB, Cookies, Private State Tokens, Shared Storage, Cache Storage.

You are visiting a website that stores data can be hacked (simple as that), IF (AGAIN IF), you are able to

[a] read any text,

[b] comprehend any of it, and

[c] figure out what it is used for and how

A hacker with better tech skills may be someone who will do it easier, and will take the cookie and the cake.

Following content is to address the developer community.

Even if you are a non-developer, you can continue. You will understand what I am writing below. I will be very simple for you to understand every word (atleast most of it), including the code that is written or presented.

[1] For critical — sensitive data : encrypt-decrypt content

[2] For non-critical — non-sensitive data : encrypt-decrypt content as much as possible

[3] For frequently used data : encrypt-decrypt content as much as possible, probably, with following options — not rules*.

** If the frequently used data is not of a very big size (and has to be stored in the indexdb/ localstorage) consider storage as encrypted format.

** If working with data try using the data from the memory using probably memcache or just plain simple memory? Probably consider a simple solution to persist it during crucial interval times or using internal application controls

There is a definite cost to encrypt-decrypt but it is worth the time used. A definite logical trade off.

rules*: There are no rules for better cyber security other than lower end minimal security baselines

Let me now introduce a nodejs package hasher-apis that addresses Crypto usable in a simple manner.

• hasher-apis
• GitHub - ganeshkbhat/apis-hasher: Simple and flexible implementation Crypto Module functions to hash/ encrypt/ decrypt content and get SHA or other algorithm hashes of text or any data

The secure storage of data can be as simple as

let secure = require("hasher-apis");
let hash = secure.hashContent(data, salt);
// .hashContent(data, salt, algorithm, keyAlgorithm, digest, options)
let dehashed = secure.dehashContent(hash, salt);
// .dehashContent(data, salt, algorithm, keyAlgorithm, digest, options)

What stops you from using this? I am presuming at this moment, probably, 99% plus (or most of the websites including most fortune 500 applications — websites) of the website do not encrypt their browser data storage.

Update:

To ease the use of a encrypter and decrypter function, you can use the following package as a proof of concept for the same. It is browser compatible and nodejs environment compatible as well.

safecookies — npm (npmjs.com)

GitHub - ganeshkbhat/safe-cookies: Wrap most of the cookie libraries with a safer encrypt - decrypt function - should work with most libraries

import pkg from "safecookie";
const { encrypt, decrypt, cryptoencrypt, cryptodecrypt, getKeyFromPassword } = pkg;

let key = getKeyFromPassword("password", "testsalt");
let yourFnThatReturnsValue = (v) => { console.log(v.toString("base64")); return v; }

// 
// USAGE:
//  
//    encrypt(yourfunc, key_generated, value_arg_index, cryptoencrypt) 
//
//    encrypt(yourFnThatReturnsValue, key, 0, cryptoencrypt) 
// 
// if the value to be encrypted is argument index 0 then use 0 
//      else use the index of the value argument
// 
// if the value to be encrypted is argument index 1 then use 1 
//      else use the index of the value argument
// 
//      yourfunc(value) =======> index is 0
//      yourfunc(something, value) ========> index is 1
// 

let cryptedfn = encrypt(yourFnThatReturnsValue, key, 0, cryptoencrypt) 
let cryptedtext = cryptedfn("Testing new crypter"); 
console.log(cryptedtext.toString("base64"));

let decryptedfn = decrypt(yourFnThatReturnsValue, key, 0, cryptodecrypt)
let decryptedtext = decryptedfn(cryptedtext);
console.log(decryptedtext.toString());

It is irrespective of the fact whether

[a] the data is used by only their own site or not,

[b] the data is a cross domain single sign on shared cookie or not

[c] what ever kind of data the site is being used for

Encrypt-Decrypt local Storage, Session Storage, Web SQL, IndexDB, Cookies, Private State Tokens, Shared Storage, Cache Storage where possible.

SUBJECT: The per capita income and inflation calculation [and data] are bad. Please be inclusive, non-selective, realistic in sampling of data for such calculations

The basics of individual income [per capita income] and economic/ financial policies go sour and bad when percolation of monetary incentives do not seep to the individual levels as incomes affecting and effecting expenditures leading to bad baselines [income baselines, expenditures, pricing policies, inflation, public policies, farse quality of living standards] data.

This bad intensive hybrid [estimation : guess-timation] technique is well apart from the fact that “RBI rates, Other financial pointers, Industrial production and related Pricings, Agricultural commodities, Commodities, Stock market Capitalization, EXIM, and FDI” pointers have been “considered to be instrumental in deciding” related economic policies and strategies for the nation.

While most of the above mentioned pointers greatly impact the life basics [Electronic and Telecommunication/ Communication, Transportation, Energy, Petroleum (including Kitchen Gas, Petrol, and allied), Financial services, and many other essentials industries, retail (including processed foods)], the mentioned life basics pointers have generally been ignored for many financial pointers [including inflation, pricing, per capita, and related macro and micro economic policies at state and center level]; apart from agricultural and basic market commodities.

The US inflation pointers are derived from and with using more than 80000 items for calculations.

The inflation derivations in India may need to be inclusive, comprehensive, non-selective, and/ or realistic.

The per-capita income derivations may need to be comprehensive and inclusive.

We do not have a guidelines or associate policies to measure, monitor, curb, and risk mitigate pricing [inflationary] levels of “all the other” life essentials we use along with [already calculation accommodated] essentials used for determining pricing [inflationary] levels. Electronic and Telecommunications, Banking, Energy, Petrol, and Retailing is yet not considered an essential. Or are they really [and genuinely]?

India’s per capita income is approximately ₹2 lakh ($2500) in FY23.

Well, is it really the average income of the nation, the individual, or the family? I am yet to figure out.

REFERENCES:

How do you calculate per capita [per capita income]? Per capita is calculated by dividing the attribute of interest (such as income) by the number of people living in the area of interest. Per capita income is equal to the total income in that area divided by the number of people living in that area. Per capita income for a nation is calculated by dividing the country’s national income by its population. Per capita income includes all individuals, not just adults of working age.

Inflation is a decrease in the purchasing power of money, reflected in a general increase in the prices of goods and services in an economy. Inflation can occur when prices rise due to increases in production costs, such as raw materials and wages. A surge in demand for products and services can cause inflation as consumers are willing to pay more for the product. A few factors impacting inflation are Demand-pull, Cost-push, Increased money supply, Devaluation, Rising wages, Monetary and fiscal policies.

eBook: Finance Management [pointers using inflation] or Linkedin Project Management Post Link

A recommended change in the inclusive-ness, comprehensiveness in the data used for the pointers of per-capita/ inflation will see serious changes in baselines in your `base wages`, `planning commission recommendations`, `RBI recommendations and decisions`, and long term visions in the financial policies, and probably in your `next budget`.

Per capita income, Inflation, Stock Market, increased FDI inflows are not the true picture of the quality and standard of living of the nation.

Mitigate, Mitigate, Mitigate.

Again, the per-capita or incomes of lower [, lower-middle] class income families in the “lower end of the sigmoid curves” may not be really the “genuine, authentic, dependable” financial data case [Data which is free of selective [non-inclusion] bias, skewed data collection, and planning process of baselines nor good pointers for financial policies].

I do not consider per-capita income or inflation as a financial policy pointer as a serious budgeting factor is not true either. No finance auditor gives away to this; unless…

This skewness of data used for the per-capita and inflation pointers are critically true, especially, for the case of `individual incomes` and `inflation` pointers that relate to many `of and in` the unorganized sectors, many in sectors like retail, “micro” or “petty finances” [organized or unorganized] financial services, individual businesses, lower end SME businesses, and other essential service businesses. Well, yes, atleast at the moment.

Some other questions that make up for the greater challenges to these pointers to be better reference points are:

[A] Is per-capita income genuinely the right pointer case with right standard deviations that is being `accounted` for with all appropriations OR is this a skewed sample data used for pointer generation?

[B] Is the financial data collection sources, their calculations of per-capita and inflationreally authentic and not a not skewed or selective [bias] data sampling case?

[C] Does the entire India file taxes* irrespective of income source*?

[D] Do you expect a INR 10000 [15000] per month or below salaried labourer to file taxes?

[E] Is there a consideration of one member earning families in all sections of the society?

[F] Are the Employed, Partly Employed, Not Employed assumed [and right] into the data set? What is the source of the data set? Is it ethically and legally collected?

[G] Is Financial Data collected from the Banking, Financial filings not abusive or non-abusiveto the Financial Privacy ofIndividualsand Entities? There is no such individual comprehensive financial privacy protection policy nor a anti-abuse policy. More, the Data Privacy Policy Model is non-comprehensive, non-inclusive in (to) all sections in the victims, auditors [protectors of law], perpetuators, and the beneficiaries after a legal case.

[*, C] — including “all tax free” agriculture-ists [agriculture income source]

The baselines of `per-capita` [incomes] and `inflation` pointers go wrong, absolutely wrong, with the `lower end of sigmoid curve` becoming critical without any appropriate standard deviations ever being considered for most financial and upliftment policies; whether an organization nor the system.

While this [per-capita income pointer] is definitely the average pointer, it does not warranty that the `in the data sets` of `lower end of sigmoid curve` incomes are genuinely a part of average (or plus) incomes. This [per-capita income pointer] is part of a genuine major problem that `affects and effects` fair standard [quality] of living based incomes and essential’s based expenditures. But…

Do you really have a good standard of living?

Where does the capital oozing in expenditures go?

Is that monitored by the government comprehensively?

Anything not accepted as the problem, not tracked, not monitored cannot be changed. This is NOT sarcasm.

Ethical Percolation, Ethical Percolation, Ethical Percolation.

Fair Inclusion, Fair Inclusion, Fair Inclusion.

Do not block - It is not just courtesy, It is also the Law!

Free or Financial Infusions or SOPsto the masses or industries (majorly) may not be a long term effective solution to eradicating poverty nor changing of baselines of incomes, nor quality standard of living. Free or financial infusions are a definite effective short term policy or decision and, yes, it can be a industry [economy] saviour many times.

I did not say Free or Financial Infusions or SOPs may not be needed based on the economic situation. What I meant is a financially sound entity does not need free. Free then becomes the cream for the financially sound. Free and Financial Infusions frequently, as a `need`, along with non-inclusiveness and non-comprehensiveness may be a bad strategy and a real deterrent over a long term. It may not be a sustainable financial stability decision('s) over a period of time or long term; especially when it can become a dependency or may become an expectation or the expected.

A recommendation of introduction of filing taxes by the entire country irrespective of income tax slab.

While this recommendation may not be a promotion of business of the financial and financial services industry, assistance to file taxes by the `unprivileged` can be made available using already available state resources like National Banks like SBI or Aadhaar Centers, etc. While initial thrust may be great like `minimal charge filings support` it can be removed when the baselines change or can be made commercially viable source of income generation to the governments. There may be many other useful recommendations that may and will come by if there are genuine debates on this. My recommendations on support and need based on economic upliftment have been clean as mentioned before.

There is a need of Comprehensive, Inclusive Accountability and Responsibility model of Data Privacy Bill that includes victims, auditors, perpetuators, and government alike for `accountability and responsibility` (apart from `beneficiaries of proceedings` to be inclusive and comprehensive) on data privacy pointers, policies, bills, and rules for data collection from the governance even for finance department intents and larger intents.

The data privacy accountability and responsibility in [, for, by] the government or government associated entities for its end users or end beneficiaries of an governance activity and government [associated, public sector] entity now exists in the EU; even if in a lower form. The government and government services is for the people.

The above mitigates many lapses and issues related to data privacy. There is a need for accommodations of lapses and their mitigations across planning, execution, and implementation in entirety is needed and important including Planning, the Bills, and the Laws of the Land. We all are humans and that is why we need the courts, policing, and the governance . This is a need based citation not a recommendation. My 17 year’s story in one recommendation, and yours…?

However, wrong data, or biased data, or wrong [incomplete, selective] sampling data may be a bigger deterrent to fix real problems or take the right decisions on budgeting. More, the baseline pointers that lead to better financial decision making, pricing, and references to Pricing, Inflation, Incomes data are references not the solution by itself.

You do not even have a good standard deviations of lower-upper ends of sigmoids for Per Capita Income and other financial pointers.

How will the budgeting for organizations be right; leave away public policies?

How are the budgetings based on?

Have the budgeting basis been dependable or benefited a “few” in the real sense. Upper middle classes and below?

I, I, I, I, I, I, I does not help all. It is not the nation’s need nor some omkar.

Well, a Covid Emergency lockdown is not 1977 emergency lockdown. The needs, issues, decisions, affects, effects, policies do not match up apple to apple.

You may not agree, of course, macro-economics is all about situational decision making and right ethical leadership; without breaching laws with whims and fancies.

Adding a point of note to avoid misinterpretation:

It is very important to keep finances and budgeting out of divisive planning and policies even if they may play a important role in your Visions, Policies, Planning, Budgeting; owing to pro-, anti-, balanced- socialistic economic policies. Social factors play an important role in economics, viz-a-viz, the foundations of economics are people, who are social.

I have other half of the document that has not been published here that will go as a complaint. However, until then, pass the goodie… but let me know — to whome, to where, and how.

Many a times, accept the reality. The grass can be [and IS] greener on the other side.

I do not think CSs, CAs, Auditors, Financial Departments, RBI not understand this nor that this is a financial discovery.

This is a follow up article for

ExpressJS Series: How can I implement before and after middlewares?

1. While, I write this ExpressJS monkey patch article, let me change my dictionary a little and call the aftermiddlewares in this ExpressJS aftermiddlewares article to be “pseudo — aftermiddlewares”. I call them “pseudo aftermiddlewares” since they are executed when all the business logic has been performed but the aftermiddlewares are executed “before” the response from the server is sent.
2. A true aftermiddleware should execute or run after the response has been sent so that some clean up actions or after need activities can be performed; irrespective of what response was sent to the HTTP client.

Now let us implement a “true aftermiddleware” in ExpressJS.

While ExpressJS does not have true after middlewares that executes after the response has been sent, you may modify this res.send function using a patch like below to achieve the feature of true after middlewares that executes or runs after the response has been sent by the server.

The same result of after middlewares execution can be achieved for res.sendFile, res.json, res.jsonp functions.

The real expressjs response functions can be found in the link:

https://raw.githubusercontent.com/expressjs/express/master/lib/response.js

This is how the “original” res.send function looks like:

/**
 * Send a response.
 *
 * Examples:
 *
 *     res.send(Buffer.from('wahoo'));
 *     res.send({ some: 'json' });
 *     res.send('<p>some html</p>');
 *
 * @param {string|number|boolean|object|Buffer} body
 * @public
 */

// Line 111
res.send = function send(body) {
  var chunk = body;

// ...
// ...
// ...

// Line 235
  return this;
}

This is how the “original” res.send function should be patched:

/**
 * Send a response.
 *
 * Examples:
 *
 *     res.send(Buffer.from('wahoo'));
 *     res.send({ some: 'json' });
 *     res.send('<p>some html</p>');
 *
 * @param {string|number|boolean|object|Buffer} body
 * @public
 */

// Line 111
res.send = function send(body, callback = (response, ...args) => { console.log("Testing aftermiddlewares with my actions", Date.now()); }, ...args) {
  var chunk = body;

// ...
// ...
// ...

// Add to Line 234
  ((callback, response, ...args) => { callback(response, ...args) })(callback, this, ...args);

// Line 235
  return this;
}

This is how the complete/ full “patched” res.send function should look like after being patched:

//
// Note the changed parts
// Line 111
// Function send(body) was changed to send(body, callback, ...args)
//
// function send(body) {
//
// function send(body, callback = (response, timer, ...args) => { console.log("Testing aftermiddlewares", timer || Date.now()); }, ...args) {
//

res.send = function send(body, callback = (response, ...args) => { console.log("Testing aftermiddlewares", Date.now()); }, ...args) {
  var chunk = body;
  var encoding;
  var req = this.req;
  var type;

  // settings
  var app = this.app;

  // allow status / body
  if (arguments.length === 2) {
    // res.send(body, status) backwards compat
    if (typeof arguments[0] !== 'number' && typeof arguments[1] === 'number') {
      deprecate('res.send(body, status): Use res.status(status).send(body) instead');
      this.statusCode = arguments[1];
    } else {
      deprecate('res.send(status, body): Use res.status(status).send(body) instead');
      this.statusCode = arguments[0];
      chunk = arguments[1];
    }
  }

  // disambiguate res.send(status) and res.send(status, num)
  if (typeof chunk === 'number' && arguments.length === 1) {
    // res.send(status) will set status message as text string
    if (!this.get('Content-Type')) {
      this.type('txt');
    }

    deprecate('res.send(status): Use res.sendStatus(status) instead');
    this.statusCode = chunk;
    chunk = statuses.message[chunk]
  }

  switch (typeof chunk) {
    // string defaulting to html
    case 'string':
      if (!this.get('Content-Type')) {
        this.type('html');
      }
      break;
    case 'boolean':
    case 'number':
    case 'object':
      if (chunk === null) {
        chunk = '';
      } else if (Buffer.isBuffer(chunk)) {
        if (!this.get('Content-Type')) {
          this.type('bin');
        }
      } else {
        return this.json(chunk);
      }
      break;
  }

  // write strings in utf-8
  if (typeof chunk === 'string') {
    encoding = 'utf8';
    type = this.get('Content-Type');

    // reflect this in content-type
    if (typeof type === 'string') {
      this.set('Content-Type', setCharset(type, 'utf-8'));
    }
  }

  // determine if ETag should be generated
  var etagFn = app.get('etag fn')
  var generateETag = !this.get('ETag') && typeof etagFn === 'function'

  // populate Content-Length
  var len
  if (chunk !== undefined) {
    if (Buffer.isBuffer(chunk)) {
      // get length of Buffer
      len = chunk.length
    } else if (!generateETag && chunk.length < 1000) {
      // just calculate length when no ETag + small chunk
      len = Buffer.byteLength(chunk, encoding)
    } else {
      // convert chunk to Buffer and calculate
      chunk = Buffer.from(chunk, encoding)
      encoding = undefined;
      len = chunk.length
    }

    this.set('Content-Length', len);
  }

  // populate ETag
  var etag;
  if (generateETag && len !== undefined) {
    if ((etag = etagFn(chunk, encoding))) {
      this.set('ETag', etag);
    }
  }

  // freshness
  if (req.fresh) this.statusCode = 304;

  // strip irrelevant headers
  if (204 === this.statusCode || 304 === this.statusCode) {
    this.removeHeader('Content-Type');
    this.removeHeader('Content-Length');
    this.removeHeader('Transfer-Encoding');
    chunk = '';
  }

  // alter headers for 205
  if (this.statusCode === 205) {
    this.set('Content-Length', '0')
    this.removeHeader('Transfer-Encoding')
    chunk = ''
  }

  // this.set("server-time", Date.now().toString());

  if (req.method === 'HEAD') {
    // skip body for HEAD
    this.end();
  } else {
    // respond
    this.end(chunk, encoding);
  }

//
// Line 234
// Add following line
//
  ((callback, response, ...args) => { callback(response, ...args) })(callback, this, ...args);

  return this;
};

Update:

When talking to the expressjs team for the above pull request, they also mentioned that you can run a callback after the response has been sent like this below. I was not aware of this nor had I seen this in lot or most of the codes ever, so I wanted you all to know this.

Again, for a “partial (pseudo) before and after middlewares” that is executed or run before the response is sent, use this article in this link:

https://medium.com/@ganeshsurfs/expressjs-series-how-can-i-implement-before-and-after-middlewares-13da90892d72

Happy Coding and after middlewares. Run your true DevOps like workflow activities behind a HTTP/S server using a HTTP based REST/ GraphQL.

This before and after middlewares ExpressJS article cover what I call a pseudo aftermiddlewares. It uses the following design:

Request -> Before Middleware -> APILogic -> After Middleware -> Response

However, this article provides implementation of true after middlewares. It follows following design:

Request -> Before Middleware -> APILogic -> Response -> After Middleware

To summarize:

This application pattern of using middlewares both before and after helps you with better code segregation for responsibilities, response manipulation (removal of clutter in such cases), cleaner code, and more importantly allowing you to do something after the response has been created or sent; whatever, the scenario.

ExpressJS Series All Blogs: https://medium.com/@ganeshsurfs/expressjs-series-links-9e038be8d78b

Let me know how I did, and if you learnt something new. Do leave your comments, and dont forget to like the article.

BACKGROUND:

The love affair of PHP developers trying to integrate and/ or run PHP Scripts into all languages has been an interesting one.

Well, did someone just say all languages have been trying to have an affair of trying to integrate and/ or run their languages in other stacks? Yes. They have been.

As expected, many love affairs fail without appropriate love and care.

On a lighter note: C/ C++ has been a leader integrator and does the job well. But no one knows to work that out that weeeeell enough. Java does not care, it does it all. Python is looking AI/ML. Nodejs/ Javascript looks to be everywhere.

PHPCGIJS:

Let me introduce a new javascript/ node.js library in the npmjs environment — phpcgijs.

The library takes two core routes while integrating other scripts like PHP into node.js — run the script via shell to get a stdout response, or proxy response from an PHP web application server.

Can running a PHP Script be as simple as

const express = require("express");
const php = require("phpcgijs");
const path = require("path");
var app = express();
//
// Express Route
//
// app.use(
//         "/",
//         php.cgi(
//                 path_to_phpscript,
//                { 
//                   cgi_path: "path_to_/usr/bin/_php_cgi_executable",
//                   options: { "-c": "path_to_php.ini_file" } 
//                }
//          )
//        );
//
app.use("/", php.cgi(p, { path.join("test/php"), cgi_path: "/usr/bin/", options: { "-c": "/etc/php.ini" } }));
app.use("/phpdynamic", php.cgi( "/path/to/phpscript.php", { "cgi_path":"to/php/cgi/path/php-cgi", "options": {"-c": "/to/php/ini/path/php.ini"} } ));
// Listen Express Server
app.listen(9090, "127.0.0.1");

Yes. With the phpcgijs library, it is as simple as this.

The phpcgijs library comes with multiple features that can run PHP Scripts in multiple architecture modes/ routes to capture and integrate the script responses as per your needs.

Either (a) use the stdout/ file serve responses into your node.js express middleware/ application, (b) use your php web application server’s response into your webserver using a proxy, (c) use the cgi executable’s stdout responses into your application/ server

1. Express Middleware

use the stdout responses into your node.js express middleware application

require("phpcgijs").cgi()

2. Running PHP Script as a file via the shell

require("phpcgijs").cgijs.cgiServe()

3. Remote Proxy

use your php web application response into your application/ server using a proxy of a PHP web application server

require("phpcgijs").cgijs.proxy();

4. Process Execute

use the executable stdout responses directly into your application/ server

require("phpcgijs").cgijs.process();

A sample usage of the cgi express middleware can be seen as follows:

const express = require("express");
const php = require("phpcgijs");
const path = require("path");
var app = express();
//
// Express Route
//
// app.use(
//         "/",
//         php.cgi(
//                 path_to_phpscript,
//                { 
//                   cgi_path: "path_to_/usr/bin/_php_cgi_executable",
//                   options: { "-c": "path_to_php.ini_file" } 
//                }
//          )
//        );
//
app.use("/", php.cgi(p, { path.join("test/php"), cgi_path: "/usr/bin/", options: { "-c": "/etc/php.ini" } }));
app.use("/phpdynamic", php.cgi( "/path/to/phpscript.php", { "cgi_path":"to/php/cgi/path/php-cgi", "options": {"-c": "/to/php/ini/path/php.ini"} } ));
// Listen Express Server
app.listen(9090, "127.0.0.1");

A sample usage of the proxy module can be seen as follows:

const express = require('express');
const URL = require('url');
const fs = require('fs');
const os = require('os');
const path = require("path");
const cgijs = require("cgijs");

var app = express();
const ostype = os.type();
var configuration;

if (ostype === "Linux") {
    configuration = JSON.parse(fs.readFileSync('./demo/demo-app/config-linux.json'));
} else if (ostype === "Windows_NT") {
    configuration = JSON.parse(fs.readFileSync('./demo/demo-app/config-win.json'));
} else if (ostype === "Darwin") {
    configuration = JSON.parse(fs.readFileSync('./demo/demo-app/config-mac.json'));
}

let php = configuration.php.script.path;
let sport = 9090, shost = '127.0.0.1';

let config = {
    "options": {
        "target": {
            "protocol": "http:",
            "host": "127.0.0.1",
            "port": 9001,
            "pfx": null,
            "passphrase": ""
        },
        "ws": false,
        "secure": false,
        "xfwd": true,
        "toProxy": true,
        "prependPath": true,
        "ignorePath": false,
        "changeOrigin": false,
        "preserveHeaderKeyCase": true,
        "auth": ":",
        "hostRewrite": true,
        "protocolRewrite": null,
        "cookieDomainRewrite": false,
        "cookiePathRewrite": false,
        "headers": {},
        "proxyTimeout": 10000,
        "timeout": 10000,
        "selfHandleResponse": false,
        "buffer": null,
        "ssl": {
            "key": null,
            "cert": null
        }
    },
    "listenPort": 8001,
    "stream": false,
    "modify": false,
    "runtime": false
};

function remoteWebProxy(port) {
    var remoteproxy = express();
    remoteproxy.use("/sub", function (req, res, next) { res.status(200).send("Path //sub"); });
    remoteproxy.use("/", function (req, res, next) { res.status(200).send("Path //"); });
    let srv = remoteproxy.listen(port);
    return { proxy: remoteproxy, server: srv };
}

var remoteProxy = remoteWebProxy(configuration.options.target.port);

function proxyHandler(handler, configuration) {
    handler.proxy.setup("proxyone", configuration, {})
    let proxy = handler.proxy.serve("proxyone");
    return function (req, res, next) {
        proxy.proxy.web(req, res)
    }
}

let h = cgijs.proxy();
app.use("/proxyone", proxyHandler(h, config));

app.use("*", (req, res) => res.send("Testing Server"));

app.listen(sport, shost, function () {
    console.log(`Server listening at ${sport}!`);
});

A sample usage of the process execute method can be seen as follows:

const obj = require("phpcgijs").cgijs.process();

var proc = obj.process.executeProcess(
    {
        name: "phptest", exe: "php-cgi", os: "win32", 
        // options in child_process.exec(command, options) 
        options: {
            stdio: 'inherit',
            shell: true
        },
        // COMMAND .cmds list to execute
        cmds: { "generic": { usage: "", args: ["./www/php/index.php"] } },
        other: {
            osPaths: { conf: "", exe: "" },
            executetype: "",
            // COMMAND .cmds to execute in the above list
            command: "generic",
            serverType: ""
        }
    },
    (error, stdout, stderr) => {
        // EXEC STDOUT STDERR HANDLER FUNCTION
        console.log("CB: Callback function Invoking for dataHandler");
        console.log("CB: Stdout: ", stdout);
        console.log("CB: Stderr: ", stderr);
        console.log("CB: Error: ", error);
    },
    (options, prc) => {
        // EXIT HANDLER FUNCTION
        console.log("Exit Handler options for cleanup handler", options);
        console.log("Exit Handler process", prc.pid);
    },
    (data, code) => {
        // CALLBACK FUNCTION 
        console.log("CB: Callback function Invoking for handler");
    }
);

I will cover each of the modules in detail in the upcoming blogs.

While these architectures look very easy, there have been issues when working and capturing the executable’s shell output which is the most dependable if what you are trying to integrate is a script or a file (and not really a web application).

The PHPCGIJS npmjs package is going through an architectural overhaul that

(a) makes use of lesser dependencies,

(b) works with multiple protocols of proxy’ing including http, https, websockets, udp, tcp, sockets (socks)

(c) making the file module phpcgijs.cgijs.file module’s .cgiServe execution tailored to PHP and other scripts.

(d) making the process module work with the phpcgijs.cgijs.process phpcgijs.cgijs.file module’s child_process.exec, child_process.fork, child_process.spawn execution tailored to PHP and other scripts/ executables/ processes.

(e) more testing of code and real use cases

However, if you are interested to use, or have questions, or want to contribute, you can connect with me here or by raising an issue in the following repositories:

PHPCGIJS

GitHub - cgi-js/node-php-cgi: Run and Execute PHP, JS, Ruby, Python 2, Python 3, ASPX, JSP, and CGI in CGI mode / Shell mode / nodejs server using node.js npm package / module phpcgijs: npm install phpcgijs --save

CGIJS

GitHub - cgi-js/cgi-js: Run cgi / interpreted script files that supports command line execution, or connect to cgi / other server proxies : npm install cgijs --save

I am looking for any feedback and feature request under the earth for this library to ease and unblock any of your language integration needs in this problem area. I am looking to make phpcgijs and cgijs a one stop package for multiple tech stack integration.

Note: The library is in active development and is platform/ framework agnostic/ independant.

I am also blogging about Expressjs along with Nodejs.

https://medium.com/@ganeshsurfs

Let me know how I did, and if you learnt something new. Do leave your comments, and dont forget to like the article.

Background:

Basic mathematics were never so interesting for me. As for that matter even history classes. I was too busy with my friends and childhood. But as I started choosing my profession and proceeded in life, I had to go back to history, math, chemistry, and biology as much as I hated studying them.

Having said that: Let children enjoy childhood with studies and play like they should; without stress and with the right focus of what makes them successful in your geolocation (important).

Context:

Dechiphering primes is something I never thought I would write about. There were so few libraries and a little need of the same in normal development work. Anything needed as a math library needed is freely available on the internet. No need to work on algorithms, especially, in the current age of AI/ML. The experts, both commercial and opensource teams, have done the work for you. Your need is to implement them.

But then I was asked to write a prime number check in one of my historical interviews and I wrote this library for you all.

Fast Prime:

fast-prime is a library that is written in Javascript (for browsers), Nodejs, Python, Java, Typescript, PHP. I intend to write it for Go, and C/C++ as well.

You can find the repository here: https://github.com/ganeshkbhat/fastprimenumbers

It has three basic implementations —

1. Conventional Iteration,
2. Square root (AKS - Mersenne primes - Fermat's little theorem) Iteration,
3. Fast, innovative, and new implementation — fast-prime.

Check this code out. This may be the fastest prime calculations, checks, and implementation as of 11th March 2022 based on the number of iterations and the way it checks for primes or generates primes. If someone testifies the performance checks, I will add/submit this for a publication — on a serious note. Help invited.

The library and code only has a special give me credit and notify me proprietory license

Here are the complete codebase and the package repository.

• fastprimenumbers/primes_alternate.js at main · ganeshkbhat/fastprimenumbers
• fastprimenumbers/primes.js at main · ganeshkbhat/fastprimenumbers

The package allows you to:

1. check is a number is prime (in different ways — Conventional Iteration, Square root (AKS — Mersenne primes — Fermat’s little theorem) Iteration, and Fast innovative — fast-prime),
2. generate a single or range or counts of prime,
3. generate summation and factorials of range/ count of primes
4. has a generator function for primes generation,
5. random primes generation, and
6. pre-calculated primes (< 10000, < 100000, < 1000000).

I am also blogging about Expressjs along with Nodejs.

https://medium.com/@ganeshsurfs

Let me know how I did, and if you learnt something new. Do leave your comments, and dont forget to like the article.

I am writing this, right now, near a spiritual place where “some” people are worshiping for money; rather than for peace and solace.

Let not — not being able to find out whether a code is commonjs script, commonjs module, or esm module be a solace.

There are a few ways you can check (as of 30thSeptember 2022) whether a code is a commonjs script, commonjs module, esm module:

1. Package.json —key type used as “type” : “module”
2. File extension — whether .js, .cjs, .mjs
3. Check if require object is globally present
4. Check if import is supported
5. Check the version of Node.js you are using

While doing all the checks above can be cumbersome, I am introducing a module called check-esm (https://www.npmjs.com/package/check-esm) that does all the jobs above for you in one simple function “_isESCode”.

Let us look at how to use it:

1. Install the package https://www.npmjs.com/package/check-esm using the command “npm i check-esm” in your package
2. Use the functions in the following code examples as a demo.

How difficult was that? Please let a feedback, or pull request, or an issue in the github repository here: https://github.com/ganeshkbhat/isesm or https://www.npmjs.com/package/check-esm

There are other script APIs you may wish to explore that includes the following:

_checkModuleImports, _requiresObject, _requireRegex, _importRegex, _importESRegex, _importRegexExtended, _isESMFileExtension, _isESMCodeBase, _isCJSCodeBase, _isESCode, _isModuleInPackageJson

The APIs have now been updated in the newer version to have normalized naming as below:

checkModuleImports, requiresObject, requireRegex, importRegex, importESRegex, importRegexExtended, isESMFileExtension, isNodeCompatibleFileExtension, isESMCodeBase, isCJSCodeBase, isModuleInPackageJson, isESCode

I am also blogging about Expressjs along with Nodejs.

https://medium.com/@ganeshsurfs

Let me know how I did, and if you learnt something new. Do leave your comments, and dont forget to like the article.

Most times, it may bloat the application size and that may not be a real side effect that you may need. Let us look at another way of working with the application. This concept may not be completely new. But, probably, technology variation of the Donot Repeat Yourself (DRY) principle.

I call this a “configuration based application route generation”. You call it what you want. The routes can be created in simple JSON file or as a JSON Object in a JS file. Let us have a look at what I have been working with since sometime now and I found it to be simple to work with.

Please take a look at the config.json, index.js files below:

Please feel free to add your own parameters to config.json like for overriding response functions, etc.

Please feel free to make changes to index.js as per need to manage your middlewares/ callbackHandler functions and their import ways based on project structure or other requirements. Probably, manipulate it for adding callback or middleware functions imported from some folder mentioned in config.json

Well, you can also automate function template’s (like above) creation and config file generation using a cli javascript script. Take a try at it.

To summarize:

This application routing technique makes it easy to implement just route handlers and route specific middlewares in an easier way without having to handle multiple changes in your applications’ routing, controller, middleware, and/or configuration system.

A simple addition of the route handler, middlewares, route method, and path suffices the creation of an entire new routing for the application without a lot of efforts. This process is easier automated “than” other modes of automation or code creation automation.

Did I say simplest “serverless” model?

Now, lets go RAD on REST APIs and GraphQL APIs.

ExpressJS Series All Blogs: https://medium.com/@ganeshsurfs/expressjs-series-links-9e038be8d78b

Let me know how I did, and if you learnt something new. Do leave your comments, and dont forget to like the article.

Triggering a middleware before the response is great. However, there are scenarios where you might want logging after response has been completed. You can achieve this in the responseHandler or by adding a afterMiddleware after our responseHandler in the ExpressJS route implementation. Lets look at the code below:

Note:

Trying to manipulate the response or headers in the afterMiddleware function will fetch us an application error — warning us that the response has been sent to the client.

However, there are a lot of scenarios where you might want to either manipulate the response after the responseHandler has been triggered, or you might want to perform other tasks after the response has been created. These may include advanced logging for analytics before response is sent, response validation, response sanitation, or just ACL based response manipulation.

It is important to note that when you use .send() function in ExpressJS, you cannot manipulate the headers nor the response. It is possible to do other activities (other than header or response manipulation) after the response is sent. This may be anything from logging, triggering schedulers, emailing, or some pub-sub action. However, again the headers nor the response can be manipulated since the response has been sent to the client already.

This creates a couple of use cases. May be once the response has been created, you might want to check if the response object variables or data to be sent is actually valid, authorised, and if not you may want to restrict it or remove that response data. Second, you may just want to log it off somewhere for analytics purposes, response sanitation, or just ACL based response manipulation, or just initiate a pub-sub application’s action after the response has been created/”supposedly” sent.

Lets create the code that will behave so. Instead of using the .send() we will create a .send() manipulator function called .response (function) attached to the ExpressJS response object that will allow us to trigger after middlewares (after responseHandler function trigger) in our ExpressJS application. Once all the after response middlewares have been triggered, we will use a final handler function that will take the pre-created response / after-middlewares-manipulated response and send it to the client. Lets look at the code below:

If you notice, the beforeAfterInjection function is the one that allows us to use a .response(obj) function. This is one of the most important functions and is always triggered first in the middleware list. The signification of the function is that it separates the logic of storing the response from the actual response handler function.

The next middleware in the implementation is the beforeMiddleware function which is a normal middleware that we have all been using before in ExpressJS.

Then comes a quite important middleware implementation where our application’s response handler resides. Notice that we have not used the responseHandler directly but we have actually wrapped this in a wrapper function that triggers the responseHandler function and then calls next() to pass the triggers to then next middleware — actually our after middlewares implementation — afterMiddleware. Do notice here that our implementation of afterMiddleware does not come at the cost of sending the response to the client. The response is yet stored in the request object as a req.res property rather than being sent to client. This afterMiddleware implementation allows us to do ACL checks, validation, sanitation, and all that you can think of in a cleaner and single-responsibility fashion from within the application. Instead of a single function taking care of all the work in the responseHandler, we are now delegating the tasks to other middlewares.

But, again, what happens if I use the .send() function instead of .response() function created by us to manipulate the framework for this kind of pattern? Well, actually, the response will be sent to the client even though the afterMiddleware is triggered. This can be nasty if you have business logic that needs the response to client to be held back for manipulation in the after middlewares. A .send() implementation instead of .response() implementation in this case results in an “application error” when trying to manipulate the response or headers; warning us that the response has been sent to the client. However, there may be cases where you might not need the response to the client to be held back; like say logging or sending a email trigger, etc. Such cases, you can actually use the .send() trigger of ExpressJS. The client will receive the response faster (rather on time) without having to worry about delays due to your application’s after response action’s logic. Lets have a look at such implementation below, again:

Now, you have a choice to for your implementation — using this application pattern or all other ways that you have implemented your business logic after the response has been created. However, testing can be a challenge like it is for your normal responseHandlers which needs a request, response, and next arguments to be passed while testing. You may be better off on performing API end tests in such cases, or segregating common logic from your middlewares to test. Choose one that you like, is more testable, or one that fits your needs more.

For a true aftermiddleware implementation in ExpressJS for usage in devops or workflow automation use cases use this link:

ExpressJS Series: True After Middlewares for ExpressJS

This article cover what I call a pseudo aftermiddlewares. It uses the following design:

Request -> Before Middleware -> APILogic -> After Middleware -> Response

However, this link provides implementation of true aftermiddlewares. It follows following design:

Request -> Before Middleware -> APILogic -> Response -> After Middleware

To summarize:

This application pattern of using middlewares both before and after helps you with better code segregation for responsibilities, response manipulation (removal of clutter in such cases), cleaner code, and more importantly allowing you to do something after the response has been created or sent; whatever, the scenario.

ExpressJS Series All Blogs: https://medium.com/@ganeshsurfs/expressjs-series-links-9e038be8d78b

Let me know how I did, and if you learnt something new. Do leave your comments, and dont forget to like the article.

There are three different types of application responses that serve some content:

1. Static Application (serving static assets like HTML, CSS, etc)
2. Template based application (dynamic pages processed and responses served as pages by the application)
3. REST / SOAP based Server application responses with a client either HTML or an Single Page Application

All the three are used today in the market extensively, depending on project needs. The way to serve responses from an ExpressJS application is also the same. This is apart from the fact that project structure, application architecture, coding patterns, testing and its ways, and deployment “may” differ for all the three ways of serving a response from the server.

Let us take the first, Static responses. These are response where where static files like HTML, CSS, Images, fonts, etc are served. One of the job’s of the server is that it serves static content. Now, this may be an entire site or just some assets of your application or site.

NodeJS and the ExpressJS framework by default does not expose any folder publicly. You have to do it explicitly. Let us do it.

ExpressJS provides a method called as .static that allows you to expose a static folder publicly. You can apply this as an middleware later.

Usage:

express.static(root, [options])

Let us create a folder called as public and put any file called styles.css in it. Second, let us create a folder client and then assets within it. Finally, let us add the middleware that servers the static folder. Take a look at the code snippet below:

We see that there are three ways of serving :

1. Same name exposed: The public folder inside our project folder basicsrv is served with the same name publicly.
2. Different name exposed with relative path: The ‘client/assets’ folder in line 12 is exposed as /assets publicly. This allows us to keep the system path names hidden (if not all secure).
3. Different name exposed with complete path: The ‘client/assets’ folder in line 20 is exposed as /assets publicly. But this time it uses the complete path of the OS rather than a relative path.

A point to note is that response object res in the route handler also provides us an option to send files. You can use the method .sendFile in the res object after the .status method like below:

That is all to serving static files and responses from the application.

There are two other ways of sending a response to the client.

1. We have looked at one way before by means of sending a JSON file using the .send method. The .send method applies for not just sending response as JSON but also for XML.
2. But, for a template engine based response you have to use the .render method. This has to be in the route handler after we set the view folder and templating engine details using the .set method of express app.

Before setting the template engine to our app, let us have a look at the code below for sending json/xml type responses:

Dont forget to install xml2js to send xml as a response.

npm install -S xml2js

To send a dynamic template engine based response, we will have to add a middleware informing our ExpressJS Application that we are going to use a specific templating engine. Commonly used templating engines are Jade (now pug), Pug, ejs, Mustache, etc.

ExpressJS uses Pug/Jade as the default. If you are coming from other backend programming languages then you might like ejs since it used variable binding based templates. However, if you like HAML, then Pug/Jade is for you.

Lets install pug.

npm install pug -S

Now, lets create a view folder in the basicsrv folder and inform express about what templating engine we are going to use:

Lets create the template file called as views/index.pug as below:

Add this code in your file, and run the file. The try accessing the path http://127.0.0.1:9001/template . You will see the template rendered. If you wish to change the templating engine to something else then you will have to set your new templating engine in the ExpressJS application.

Thats it. We covered the bare bone basics of ExpressJS.

To summarize, along the post we touched:

• Rendering files from a static pulic folder in three different ways.
• Sending JSON, and XML response.
• Sending a server processed html page processed from a pug template

ExpressJS Series All Blogs: https://medium.com/@ganeshsurfs/expressjs-series-links-9e038be8d78b

Let me know how I did, and if you learnt something new. Do leave your comments, and dont forget to like the article.

In this post, we will focus on applying Content Security Policy, Cross Site Scripting, Cross Site Request Forgery, and Rate limit safe guards. All this will be done in a very simple manner with just few libraries and few code lines additions.

1. helmet
2. express-rate-limit or/and express-brute or/and node-rqate-limiter-flexible
3. cors
4. Others

If you are overwhelmed by the incomplete details above and what we are trying to achieve, have a quick look at the security best practices brief in the ExpressJS documentation before starting.

1. CSP, CORS: Have you ever wondered what would happen if your site was open to requests from everyone and people start hacking attacks?
2. Sanitization, CSRF, XSS: What if someone fills a form or comment and enters a (creepy) javascript snippet in a post of forum hosted on your site which gets displayed/loaded (because your did not sanitise for safety of HTML before rendering it in the forum post or comment)?
3. Sanitization, XSS, CSRF: What happens if that creepy javascript posted in a unsanitized (uncleaned) document rendering starts capturing security tokens off cookies, taking off localstorage data, or just starts putting unending popping messages from that external script?
4. Sanitization, XSS, CSRF: What if, that creepy javascript posted in a unsanitized (uncleaned) document rendering loads a heavy unnecessary javascript files, image, file, or infected file from a third party location?
5. Sanitization, CSRF: What if, they save your site’s form and start sending form submits from local system? What if, this process gets automated by the hacker?
6. Secure Protocol: What if, the hacker intercepted your client’s insecure requests during login or form submits or browsing in general?
7. CORS, Rate Limiting, DDOS: What if, just to be noticed after hacking failure, they start annoying your server with huge amount of requests your server is not able to handle?
8. CORS, Rate Limiting, DDOS: What if, they keep a automated agent or spider that makes constant 1Million or X requests every hour consistently for next one month or perennially? More, if your server is able to handle those requests, wont your cloud billing or resources get blocked or wasted?
9. CORS, Rate Limiting, DDOS, CSRF, Targeted Vulnerability Attacks: What if, such requests are brute force (and automated request randomizer) attacks targeted at a very important section of the application because the hacker knows the vulnerabilities of the server or the application’s functioning (development vulnerability)?

There are more that we have not spoken about. The hacker never has the best interest and intentions for you. A protector safeguards by risk mitigation, not by teaching a lesson through cyber crimes. As an developer or an infrastructure or an security professional, you owe a lot of accountability, responsibility, and risk mitigation to your users and organisation to safeguarding their assets from hacks; and incase things go wrong then your response to it.

These packages address the risk mitigation part of security. They help you set up a bare basic standard protection against known vulnerabilities (in the least tedious manner).

Note that all these packages are ExpressJS middlewares. You can either apply them to all routes or a single route/group of routes based on need and security strictness.

HELMET

Helmet is a middleware that clubs many libraries together to give a comprehensive support against a few common attacks/known vulnerabilities. It may not cover all the use cases but it is one of the best packages I have seen that implements protection against these issues. With just few lines, it gives you a set of default security implemented for your server. This makes the ExpressJS server more secure out of the box.

Let use install it in our project:

npm install helmet -S

Let us add helmet() as a middleware. Look at the code in Line3 and Line 8:

It adds default security using libraries below (read more here) by default:

contentSecurityPolicy for setting Content Security Policy (CSP)
expectCt for handling Certificate Transparency
dnsPrefetchControl controls browser DNS prefetching ✓
frameguard to prevent clickjacking ✓
hidePoweredBy to remove the X-Powered-By header ✓
hpkp for HTTP Public Key Pinning
hsts for HTTP Strict Transport Security ✓
ieNoOpen sets X-Download-Options for IE8+ ✓
noCache to disable client-side caching
noSniff to keep clients from sniffing the MIME type ✓
referrerPolicy to hide the Referer header
xssFilter adds some small XSS protections ✓

I recommend you to add Content Security Policy (CSP) for your contents in your application by means of configurations like the code below (change based on your needs). The below code can be quite a standard but might need tweaks based on your requirement.

npm install helmet-csp -S

Change code like in lines below:

Lines 4, 12–26, 46–53

Whenever there is a violation, it will report to /report-violation using HTTP request by modern browsers. Read more about CSP in the Helmet CSP documentation here.

CORS

Let us implement Cross Origin Resource Sharing support using CORS npm package:

npm install cors -S

Add the support as in lines 30–36 below:

You can also use a logic instead of the origin option to enable whitelist identification for domains or IPs like below (taken from ExpressJS documentation and replacing line 31–34 above):

More, this whitelist may be a dynamic one coming from a database rather than just hard coded. The above is just an example of how it works.

CROSS SITE REQUEST FORGERY (CSURF)

If you have a lot of forms in your site or application, it will be wise to set up not just a captcha but also CSRF protection. You do not want forms being submitted from a external site or from a local machine when you are not expecting any (for security or resource utilisation purposes).

You can do that with csurf package. The package allows you to create a token using req.csrfToken() method; and then validating the token when a form request is made from the client. The documentation for the module resides here. I will not be implementing the csurf module now but will do that when we work on forms and use this package along with multer module.

EXPRESS RATE LIMIT

I definitely dont want DDOS — huge number of persistent attacks on my system. I dont wish my server to get choked, crashed, or be hacked by a randomizer. Let us install the express-rate-limit package using the command below:

npm install -S express-rate-limit

Changed lines 6, 39–47

Our ExpressJS Server implementation now has a simple standard security configuration implementation for:

Cross Origin Resource Sharing (CORS), Content Security Policies (CSP), Cross Site Scripting (XSS), Rate Limiting, No sniff for MIME Sniffing, Click jacking (frameguard), Hiding the Application Server for targeted attacks (X-Powered-By), Upgrading HTTP requests to HTTPS.

We will build on this. But for now, it is definitely a basic safeguard. These configurations and implementations do not guarantee “no hack attacks” from culprits but ensures you are ready atleast with the basic safeguards.

Note: Two other important aspects to ensure safety of your servers are

• strong server/infrastructure access plus logging policy (for risk mitigation, and post risk occurrence postmortems/response), and
• organisational data security policy for associated or non-associated actors to avoid human errors.

The last one is the cause of majority of cyber crimes.

A lot of concepts are associated with this post; and it is sanely not possible to cover all in a single post. Once we understand how to serve files and send a response from our ExpressJS server in the next posts, we will start touching these one by one; possibly each might require multiple posts. Do leave comments if you have a specific need/information to be covered.

In the next post we will understand how to serve a response (files, json, xml, etc) from the application/server.

What I need to know about serving a response: https://medium.com/@ganeshsurfs/expressjs-series-what-i-need-to-know-about-serving-a-response-b8964a0ff13

ExpressJS Series All Blogs: https://medium.com/@ganeshsurfs/expressjs-series-links-9e038be8d78b

Let me know how I did, and if you learnt something new. Do leave your comments, and dont forget to like the article.