Power up your node.js REST API

Building micro services can be very exciting. The ease and speed of creating them using node.js has changed the way devs think. From requirement analysis to continuous integration, micro services can be developed within weeks and operate quite impressively.
Using node.js you can create very robust apps with asynchronous calls by design. Still though there are some times where you may add up a little more in that and make your application even stronger and harder to collapse on tough situations like an unpredictable request that destroys the process or too much concurrent requests or maybe a dos attack from a hacker.
With this post I want to present some node modules that will help you overcome problems like these.

Module 1) cluster. This module comes in handy when you want to overcome memory limitations and processing power when using a single process app. Apart from that, will give you the ability to respawn dead node processes (like pm2 does).
Useful links:
http://www.sitepoint.com/how-to-create-a-node-js-cluster-for-speeding-up-your-apps/
https://nodejs.org/api/cluster.html

Module 2) express.  It is one of the best modules for creating HTTP endpoints. Some people prefer other modules like restify – and this is quite ok. Just use the one you think it fits more to you. Just keep in mind that in terms of speed express might be the best one.

Module 3) ddos. This module will give you some basic dos protection against malicious users. Probably you will never need it but again why risking it? Note though that ddos module will only protect you against simple dos attacks. If you also want protection against ddos attacks you will need something more. Personally, I believe that this is the work of the load balancer. Those that using Haproxy read this: http://blog.haproxy.com/2012/02/27/use-a-load-balancer-as-a-first-row-of-defense-against-ddos/ .
Useful links:
https://github.com/rook2pawn/node-ddos

Module 4) toobusy-js. This is one of the many implementations of the original toobusy module. What it does? When receiving an http request instead of trying to execute it, it first checks the load of the process. If the process is overburdened it returns a 503 response telling that the server is busy at the moment. So instead of having too many failures with timeouts you will return on some requests service unavailable fast and serve the rest normally.
Useful links:
https://www.npmjs.com/package/toobusy-js
https://hacks.mozilla.org/2013/01/building-a-node-js-server-that-wont-melt-a-node-js-holiday-season-part-5/

Module 5) bunyan. Yes it is a logger but who can live without a logger. Just be very cautious with production environments to only log what is necessary. Also bunyan’s log rotation using cluster is buggy so you should better avoid it. You should anyway let the operating system do the job with logrotate.

For your convenience I have created a github repo here with a template project which uses all the previous modules. Feel free to clone it and use it as your as a skeleton for your new project
Have fun!

Useful links:

https://github.com/mdagis/api-template

Leave a Reply

Your email address will not be published. Required fields are marked *