I want to know if there's many people request URL on a port (exam. 7000) it will handle on a request in a order, right?
And connect to a database through my API server.
So the client post to my API server through URL: Port and then my API sever connect my database and then return data to client though API server by response JSON Format and next it gonna continue do the same right?
So if it’s in a process others request has to wait until it finish a process that I mention above, right?
Short Answer
No
Server will not wait for the database operation to complete and therefore keep accepting the other request.
The flow of execution will be as follow:
request ──> make database request
request ──> make database request
request ──> make database request
database request complete ──> send response
database request complete ──> send response
database request complete ──> send response
Read this answer for precise and simple explanation.
This is possible because of following concepts and I recommend you to read about it more to understand how Node.js works
Event Loop
Asynchronous Nature of Node.js
Node.js internally use libuv to handle I/O operation.
Related
I have an azure function, running locally. it sends out a post request to a remote endpoint that looks something like https://organization-name.somesoftware.com/api/v1.3 it seem to be captured by fiddler but i can not look at the request header or the body payload. I am not sure whether the request is intercepted correctly by fiddler
here is the screenshot from fiddler
The issue is due to Azure Function Execution timeout, by the time fiddler receives and starts debugging the request the Azure Functions gets timeout. You can solve this by increasing the Azure Function time out.
You can check the following document for more information and to increase the timeout.
Azure Function Timeout.
Alternatively, you can try moving to different hosting plan for the Azure Function and also increase the time out at the same time.
Azure Function Premium Plan.
Azure Function Dedicated Plan.
WinHttp library provides WinHttpSetTimeouts function to set timeouts for different stages of sending/receiving an HTTP request/response. The requirement is to set an overall timeout for the whole process from the time we obtain a session handle, open the request, connect to the server, send the request, and receive the response, etc.
Is there any API or approach to set a timeout for the whole overall stages of sending an HTTP request via WinHttp?
I am building a single page react app that uses redux as state manager and an express node js as backend server, but I don't know what is the best way to authorize my users in the application!
If it was a php or express-js website, I could use PHPSESSION or express-session to manage users sessions data but now the single page web application is separated from the backend and I can't manage sessions like before!
My idea is to make a session id for each new web request, then save it for client in local storage, then in the server store all needed informations in a database and when application have an API call, send that id in request header. Then we can check authorizations by using that implemented session.
But I thought if there was a simpler way to handle this problem that has no need to make a session implementation by myself.
(I don't want to use third party services like firebase or okta or save all session data in client part like JWT.)
At the end i implemented a custom session manager ( SessionMush ) so the client send a request to server and get a token id then use it to access its session in server.
Each session should be accessible by an identification token ( here knows as sid ) so the application can save that token to access and use that session. A server side state for your application can be use for saving clients auth state or any temporarily data about clients that you want to use them on server side so in your application you will save that identification token and then with each request you will send it in http headers then the server will know who you are and what was you did before on the application based on that saved session data in database (server side state for that id) so it can serve the needed information for you based on the client identity and it's state on the server. It created to be used as a express middleware and mongodb as data store.
When your application have no session and it loaded for the first time it sends a request to the server to gain an identity for itself When the request received to the server, server analyze the request and it'll find out that there is not exist any session id (sid) so it will make a new one for this request and add it to response header part so when the server decide to send the response it will send that created session informations too. The client should save that informations to use that session for its other requests. it can send that id in the request header part to show its identification. A session can be expire too when it doesn't used for a threshold time. so when the server get wrong or expired session it will behave to it like a request without any session so it will create a session for that request and send its informations like what we explained before.
This is technically a csrf attack but this time I am trying to prevent the requests from the user no matter if they are unintentional or not.
I have a cloud storage service where a user can perform CRUD operations on files. I would like to exclusive limit this functionality to my site. So that they could not say, forge a request via postman or cURL and use the service through those methods.
If you send a token with every request and require the token to be returned on the next request, you will make it much more difficult for people to harm your site.
The general approach is to create a token, store it in a session variable, send it to the client, and then test for the token and value on the next request.
We are developing a REST API and, in addition to various resources which developers can access, our application sends information to listener scripts on client servers.
Our API documentation lists all of the "Resources" which client applications can access. That part is easy.
But how should we list the various %???% in which our application will POST content to client listener scripts?
As developers, how would you expect these %???% to be named?
Thanks
Note 1: I've used %???% because I don't know what to call them.
Note 2: First time I post to stackoverflow, so apologies if I've failed to follow protocol.
EDIT
Sorry for the lack of clarity.
Our API receives requests from clients. It also sends requests to clients.
For example, when the client receives a message, we will send that message to their server. Or when the status of one of the messages they sent earlier have been updated, we send the update to their server.
Or, to use Twitter as example (imagining we were Twitter), that when you were mentioned in a tweet, we sent the details of that tweet to your server
When a client sends a request to our API, that is being described as "Accessing a Resource" and the documentation lists "Resources".
But what do we call it when our API sends a request to a client? e.g. API-Originated Method?
Parameters?
I don't care how they are named as long as there is some convention to it!