In this article you find a demonstration of the xml parser. type in some xml and see the resulting data as JSON. The xml is parsed on every keystroke and still you will see that the result is generated very fast.

You can also try to break your XML to see the error tollerance of this parser. select the simplefied mode, to see how the result will be affected.(it is the same result as in PHPs SimpleXMLParser). It you like it, install it from npm.

simplefy

Recently I had a great idea for a node-module to develop. So, first the idea: In tmysqlpromisedao, I have the concept for loading data from related tables by using related DAOs. The new module should generalize that idea and make it awailable for other dao libraries that follow the tDao conventions.I created the github project, pushed an initial, empty project to npm and started to implement the “dao-registry”. In my suprise I was done in 3 lines of code. That was basicly a function returning a new empty object. That was a useless module, so as quick as I can, I deleted the project.

But still, I want to embrase the idea. In the next version of tmysqlpromisedao you will be able to provide a registry object as a parameter. That will allow you to seemlessly mashup datasources.

For example, your application might store users in mysql, but blogposts+comments in couchdb. As a prove of concept, I will soon implement a dao library for lowdb, that will be working together with mysql and the dao2koa API generator.

XML is loosing traction, it seems that every new API uses JSON or alike. But still there are big datasets only available in XML. As I already had a great XML-parser, that is extreamly fast, has a clean API and provides an AST/DOM, I had to fill the last important feature missing for that parser. Until now it was only possible to parse about 10-40 Megabyte strings.

I thought long and I started a few times implementing a parser that is still very fast and has all the features and on top of that is able to parse though large files. Such as a Wikipedia-dump or the openStreetMap-world file. But now about at the fived try, I found a solution to handle streams. I solved it by taking assomptions about the shape of large xml-files. Large XML files usually consist of a root element, containing a long list of items. The new parser is going to provide items one by one. It uses a nodejs-Streams. That makes it possible to use a stream reader for compressed files and use the plane-data stream for the xml-parser.

Each item provided from the xml is an ast on its own and can easily be simplefied by the framework. That makes working with xml-files not just much faster then ever before in JS it is also much more convenient. Developer have an API they are propable already familiar with.

If I would be you and have to work with XML data, I would definetly use tXml!!! If can realy choose, I would use JSON.

Currently I am an intensive user of visual studio code. It is an editor, developed by microsoft, that is extendable with many plugins. My favorit feature is the typescript integreation and its intelisence.

Recently it supports type recognition based on JSdoc comments. reason enough to look deeper into JSdoc. And I found it awefull to defined types. That is so much to type and by that error prone. Below you find a tool, that let you generate some JSdoc comment, from a JSON object. That is usefull for database or API responses.

Restful is a pattern to provide an API to manage resources on a server, providing a uniform deal to create, access and change data. In a previouse post I have shown the json-sever. With that server, I made serveral tests and even extended its API. The json-server takes a JSON-file and proide an access through a auto-generated API.

But I never made a complete app using that server, until recently. Because every time I meet some issues that would require a lot of coding that I was not willing to spend for small side projects. But I could not get RESTapis out of my mind, so I studied studied some resources to answer all questions that are open. In this small series of posts I want to talk about some.

The first is this one, about Authentication, it is the one you are currently reading. The next will be about actual designs, means about how parameter and responses should look. It will also provide good resources with good API-definitions and actual implementations. After that, I will actially take a look of implementing a restAPI in nodejs and autogenerated APIs, with additional feature: how objects will be validated, security guarantied and business rules applied.

Authentitation

Often I had the question, how should I do authentication and how does resources look, that are related to the current user. Messages to me, messages from me, my photos, my results, orders, what ever. On top of that, I was asking myself how should a restful API actually look like. The JSON-Server is so simple that it is instantly fun to play with it. But quickly I reached serveral points, that throw questions that need to be answered but for the small sideprojects they are to big.

Login

First was the authentication, is making a session actually restful? My answer to that is actually yes. Many people come to different opinions, but it is not to important. The important thing is that you know how to do authentication. Typically I had some auth-module that has provided an RPC method for login and an other to get information about the current session.

For my first complete restful app, I actually provided a kind of a virtual resource. Many frameworks would name that a Controller or API-Handler. The Controller that I made received login information through a POST-request and provided the current session information to the GET and the DELETE for logout.

token + signatures

When the API is not meaned to be called by a browser, working with sessions is not comfortable and when using web-APIs I never saw that. So the authentitation is send on every request. Depending on the importants of that API, there was just a token. So the provider can monitor my request and limit the results and number of requests. Sometimes it is fine to just use https for encryption. But because many http implementations do not validate the certificates APIs require to add a signature to a request.

implementation

Using nodejs with express, both types of authentication can be ensured using middlewhare that is runing before the middlewhare for the actual API is executed. No metter if you are using sails.js, JSON-server or an other rest-API providing framework, you can use standard middlewhare such as express-session, curf or express-body-parser. With your applications specific authentication middleware you only need to invest once and the authentication will be solved.