const express = require('express');
const app = express();

app.get('/', (req, res) => {
  res.send('Hello World!');
});

app.listen(3000, () => {
  console.log('Server running on port 3000');
});

ES Modules

import express from 'express';
const app = express();

Response Methods

Send text

res.send('Hello');

Send JSON

res.json({ message: 'Hello' });

Status code

res.status(404).send('Not Found');
res.status(201).json({ id: 1 });

Send file

res.sendFile('/path/to/file.html');

Download

res.download('/path/to/file.pdf');

Redirect

res.redirect('/new-url');
res.redirect(301, '/new-url');

Render view

res.render('index', { title: 'Home' });

Routing

HTTP Methods

GET

app.get('/users', (req, res) => {
  res.json(users);
});

POST

app.post('/users', (req, res) => {
  const user = req.body;
  res.status(201).json(user);
});

PUT

app.put('/users/:id', (req, res) => {
  // Update user
});

PATCH

app.patch('/users/:id', (req, res) => {
  // Partial update
});

DELETE

app.delete('/users/:id', (req, res) => {
  res.status(204).send();
});

All methods

app.all('/api/*', (req, res, next) => {
  // Handle all methods
  next();
});

Route Parameters

Path params

app.get('/users/:id', (req, res) => {
  const id = req.params.id;
  res.json({ id });
});

Multiple params

app.get('/users/:userId/posts/:postId', (req, res) => {
  const { userId, postId } = req.params;
});

Query strings

// GET /search?q=express&page=2
app.get('/search', (req, res) => {
  const { q, page } = req.query;
});

Optional param

app.get('/users/:id?', (req, res) => {
  // id is optional
});

Regex param

app.get('/users/:id(\\d+)', (req, res) => {
  // id must be digits
});

Router

Create router

const router = express.Router();

router.get('/', (req, res) => {
  res.json({ users: [] });
});

router.get('/:id', (req, res) => {
  res.json({ id: req.params.id });
});

module.exports = router;

Mount router

const usersRouter = require('./routes/users');
app.use('/users', usersRouter);

Router middleware

router.use((req, res, next) => {
  // Runs for all routes in this router
  next();
});

Middleware

Built-in Middleware

JSON body parser

app.use(express.json());

URL-encoded

app.use(express.urlencoded({ extended: true }));

Static files

app.use(express.static('public'));
app.use('/assets', express.static('public'));

Custom Middleware

Application-level

app.use((req, res, next) => {
  console.log(`${req.method} ${req.url}`);
  next();
});

Route-level

const auth = (req, res, next) => {
  if (req.headers.authorization) {
    next();
  } else {
    res.status(401).json({ error: 'Unauthorized' });
  }
};

app.get('/protected', auth, (req, res) => {
  res.send('Secret data');
});

Multiple middleware

app.get('/', middleware1, middleware2, (req, res) => {
  res.send('Hello');
});

Async middleware

const asyncHandler = fn => (req, res, next) => {
  Promise.resolve(fn(req, res, next)).catch(next);
};

app.get('/', asyncHandler(async (req, res) => {
  const data = await fetchData();
  res.json(data);
}));

Popular Middleware

CORS

const cors = require('cors');
app.use(cors());
app.use(cors({ origin: 'http://example.com' }));

Morgan (logging)

const morgan = require('morgan');
app.use(morgan('dev'));

Helmet (security)

const helmet = require('helmet');
app.use(helmet());

Compression

const compression = require('compression');
app.use(compression());

Cookie parser

const cookieParser = require('cookie-parser');
app.use(cookieParser());

Request Object

Request Properties

Body

req.body  // Parsed body (with body-parser)

Params

req.params  // Route parameters

Query

req.query  // Query string parameters

Headers

req.headers
req.get('Content-Type')
req.header('Authorization')

req.cookies  // With cookie-parser

Method

req.method  // GET, POST, etc.

URL/Path

req.url
req.path
req.originalUrl

req.ip
req.ips  // With trust proxy

Protocol

req.protocol  // http or https

Hostname

req.hostname

Error Handling

Error middleware

// Must have 4 parameters
app.use((err, req, res, next) => {
  console.error(err.stack);
  res.status(500).json({ error: 'Something went wrong' });
});

Throw error

app.get('/error', (req, res, next) => {
  const error = new Error('Not Found');
  error.status = 404;
  next(error);
});

Async error

app.get('/', async (req, res, next) => {
  try {
    const data = await fetchData();
    res.json(data);
  } catch (err) {
    next(err);
  }
});

404 handler

// Place after all routes
app.use((req, res) => {
  res.status(404).json({ error: 'Not Found' });
});

Template Engines

View Engines

Set view engine

app.set('view engine', 'ejs');
app.set('views', './views');

Render view

app.get('/', (req, res) => {
  res.render('index', { title: 'Home', user: req.user });
});

EJS template

<!-- views/index.ejs -->
<h1><%= title %></h1>
<% if (user) { %>
  <p>Welcome, <%= user.name %></p>
<% } %>

Pug template

//- views/index.pug
h1= title
if user
  p Welcome, #{user.name}

Session & Auth

Session

Setup session

const session = require('express-session');

app.use(session({
  secret: 'your-secret-key',
  resave: false,
  saveUninitialized: false,
  cookie: { secure: true, maxAge: 3600000 }
}));

Use session

// Set
req.session.userId = user.id;

// Get
const userId = req.session.userId;

// Destroy
req.session.destroy();

JWT Auth

Generate token

const jwt = require('jsonwebtoken');

const token = jwt.sign(
  { userId: user.id },
  process.env.JWT_SECRET,
  { expiresIn: '1h' }
);

Verify token

const authMiddleware = (req, res, next) => {
  const token = req.headers.authorization?.split(' ')[1];
  try {
    const decoded = jwt.verify(token, process.env.JWT_SECRET);
    req.user = decoded;
    next();
  } catch (err) {
    res.status(401).json({ error: 'Invalid token' });
  }
};