5.x API
-{% include admonitions/caution.html content="This is early beta documentation that may be incomplete and is still under development." %} +{% capture node-version %} -{% include admonitions/note.html content="Express 5.0 requires Node.js 18 or higher." %} +``` +Express 5.0 requires Node.js 18 or higher. +``` + +{% endcapture %} + +{% include admonitions/note.html content=node-version %} {% include api/en/5x/express.md %} {% include api/en/5x/app.md %} diff --git a/de/advanced/best-practice-performance.md b/de/advanced/best-practice-performance.md old mode 100755 new mode 100644 index 559c1ec354..3c638a17ca --- a/de/advanced/best-practice-performance.md +++ b/de/advanced/best-practice-performance.md @@ -4,30 +4,36 @@ title: Leistungsspezifische Best Practices für Express-Anwendungen in Produktio description: Discover performance and reliability best practices for Express apps in production, covering code optimizations and environment setups for optimal performance. menu: advanced lang: de +redirect_from: " " --- # Best Practices in Produktionsumgebungen: Leistung und Zuverlässigkeit -## Überblick - In diesem Beitrag werden Best Practices in Bezug auf Leistung und Zuverlässigkeit für Express-Anwendungen behandelt, die in der Produktionsumgebung bereitgestellt werden. Dieses Thema gehört sicherlich zur "DevOps"-Welt und deckt traditionelle Entwicklungs- und Betriebsprozesse ab. Entsprechend sind die Informationen hier in zwei Teile unterteilt: -* [Empfehlungen für Maßnahmen an Ihrem Code](#code) (Entwicklung). -* [Empfehlungen für Maßnahmen an Ihrer Umgebung/Ihrem Setup](#env) (Betrieb). - - - -## Empfehlungen für Maßnahmen an Ihrem Code +- Things to do in your code (the dev part): + - Für statische Dateien Middleware verwenden + - Keine synchronen Funktionen verwenden + - [Do logging correctly](#do-logging-correctly) + - [Handle exceptions properly](#handle-exceptions-properly) +- Things to do in your environment / setup (the ops part): + - NODE_ENV auf "production" festlegen + - Automatischen Neustart Ihrer Anwendung sicherstellen + - Anwendung in einem Cluster ausführen + - Anforderungsergebnisse im Cache speichern + - Load Balancer verwenden + - Reverse Proxy verwenden + +## Things to do in your code {#in-code} Dies sind einige Beispiele für Maßnahmen, die Sie an Ihrem Code vornehmen können, um die Anwendungsleistung zu verbessern: -* GZIP-Komprimierung verwenden -* Keine synchronen Funktionen verwenden -* Für statische Dateien Middleware verwenden -* Auf ordnungsgemäße Protokollierung achten -* Ausnahmebedingungen ordnungsgemäß handhaben +- Für statische Dateien Middleware verwenden +- Keine synchronen Funktionen verwenden +- [Do logging correctly](#do-logging-correctly) +- [Handle exceptions properly](#handle-exceptions-properly) ### GZIP-Komprimierung verwenden @@ -37,6 +43,7 @@ Mit der GZIP-Komprimierung lässt sich die Größe des Antworthauptteils deutlic const compression = require('compression') const express = require('express') const app = express() + app.use(compression()) ``` @@ -48,19 +55,11 @@ Synchrone Funktionen und Methoden belasten den Ausführungsprozess, bis sie zur Auch wenn Node und viele andere Module synchrone und asynchrone Versionen ihrer Funktionen bieten, sollten Sie in Produktionsumgebungen immer die asynchrone Version verwenden. Nur beim ersten Systemstart ist die Verwendung einer synchronen Funktion begründet. -Wenn Sie Node.js 4.0 und höher oder io.js 2.1.0 und höher verwenden, können Sie über das Befehlszeilenflag `--trace-sync-io` eine Warnung und einen Stack-Trace ausgeben, wenn Ihre Anwendung eine synchrone API verwendet. Auch wenn Sie diese natürlich nicht in der Produktionsumgebung verwenden werden, soll dadurch trotzdem sichergestellt werden, dass Ihr Code in der Produktionsumgebung eingesetzt werden kann. Weitere Informationen hierzu siehe [Wöchentliches Update für io.js 2.1.0](https://nodejs.org/en/blog/weekly-updates/weekly-update.2015-05-22/#2-1-0). - -### Für statische Dateien Middleware verwenden - -Bei der Entwicklung können Sie [res.sendFile()](/{{ page.lang }}/4x/api.html#res.sendFile) für statische Dateien verwenden. Dies gilt jedoch nicht für die Produktionsumgebung, da diese Funktion bei jeder Dateianforderung aus dem Dateisystem lesen muss. Dadurch kommt es zu deutlichen Latenzen, die sich negativ auf die Gesamtleistung der Anwendung auswirken. Beachten Sie, dass `res.sendFile()` *nicht* mit dem Systemaufruf [sendfile](http://linux.die.net/man/2/sendfile) implementiert wird, wodurch dieser deutlich effizienter wäre. +You can use the `--trace-sync-io` command-line flag to print a warning and a stack trace whenever your application uses a synchronous API. Auch wenn Sie diese natürlich nicht in der Produktionsumgebung verwenden werden, soll dadurch trotzdem sichergestellt werden, dass Ihr Code in der Produktionsumgebung eingesetzt werden kann. Weitere Informationen hierzu siehe [Wöchentliches Update für io.js 2.1.0](https://nodejs.org/en/blog/weekly-updates/weekly-update.2015-05-22/#2-1-0). -Verwenden Sie stattdessen die Middleware [serve-static](https://www.npmjs.com/package/serve-static) (oder etwas Vergleichbares), die für die Bereitstellung von Dateien für Express-Anwendungen optimiert ist. +### Do logging correctly -Die bessere Option wäre, für statische Dateien einen Reverse Proxy zu verwenden. Weitere Informationen siehe [Reverse Proxy verwenden](#proxy). - -### Auf ordnungsgemäße Protokollierung achten - -Im Allgemeinen gibt es für die Protokollierung Ihrer Anwendung zwei Gründe: 1) Debugging und 2) Protokollierung von Anwendungsaktivitäten (im Wesentlichen alles andere, außer Debugging). Die Verwendung von`console.log()` oder `console.err()` zur Ausgabe von Protokollnachrichten an das Terminal ist in der Entwicklung gängige Praxis. [Diese Funktionen sind jedoch synchron](https://nodejs.org/api/console.html#console_console_1), wenn das Ziel ein Terminal oder eine Datei ist. Sie sind also für Produktionsumgebungen nicht geeignet, es sei denn, Sie leiten die Ausgabe per Pipe zu einem anderen Programm um. +Im Allgemeinen gibt es für die Protokollierung Ihrer Anwendung zwei Gründe: 1) Debugging und 2) Protokollierung von Anwendungsaktivitäten (im Wesentlichen alles andere, außer Debugging). Die Verwendung von`console.log()` oder `console.err()` zur Ausgabe von Protokollnachrichten an das Terminal ist in der Entwicklung gängige Praxis. But [these functions are synchronous](https://nodejs.org/api/console.html#console) when the destination is a terminal or a file, so they are not suitable for production, unless you pipe the output to another program. #### Für Debuggingzwecke @@ -68,43 +67,29 @@ Wenn Sie die Protokollierung für Debuggingzwecke nutzen, sollten Sie statt `con #### Für Anwendungsaktivitäten -Wenn Sie Anwendungsaktivitäten protokollieren (z. B. den Datenverkehr oder API-Aufrufe aufzeichnen), sollten Sie statt `console.log()` eine Protokollierungsbibliothek wie [Winston](https://www.npmjs.com/package/winston) oder [Bunyan](https://www.npmjs.com/package/bunyan) verwenden. Einen ausführlichen Vergleich dieser beiden Bibliotheken finden Sie im StrongLoop-Blogbeitrag [Vergleich von Winston und Bunyan für die Node.js-Protokollierung](https://web.archive.org/web/20240000000000/https://strongloop.com/strongblog/compare-node-js-logging-winston-bunyan/). - - +If you're logging app activity (for example, tracking traffic or API calls), instead of using `console.log()`, use a logging library like [Pino](https://www.npmjs.com/package/pino), which is the fastest and most efficient option available. ### Ausnahmebedingungen ordnungsgemäß handhaben -Node-Anwendungen stürzen ab, wenn eine nicht abgefangene Ausnahmebedingung vorkommt. Wenn diese Ausnahmebedingungen nicht behandelt und entsprechende Maßnahmen eingeleitet werden, stürzt Ihre Express-Anwendung ab und geht offline. Wenn Sie dem nachfolgenden Rat in [Sicherstellen, dass Ihre Anwendung automatisch neu gestartet wird](#restart) folgen, wird Ihre Anwendung nach einem Absturz wiederhergestellt. Glücklicherweise haben Express-Anwendungen nur eine kurze Initialisierungszeit. Nichtsdestotrotz sollten Sie in erster Linie solche Abstürze vermeiden. Und hierzu müssen Sie Ausnahmebedingungen ordnungsgemäß handhaben. +Node-Anwendungen stürzen ab, wenn eine nicht abgefangene Ausnahmebedingung vorkommt. Wenn diese Ausnahmebedingungen nicht behandelt und entsprechende Maßnahmen eingeleitet werden, stürzt Ihre Express-Anwendung ab und geht offline. Wenn Sie dem nachfolgenden Rat in [Sicherstellen, dass Ihre Anwendung automatisch neu gestartet wird](#restart) folgen, wird Ihre Anwendung nach einem Absturz wiederhergestellt. Glücklicherweise haben Express-Anwendungen nur eine kurze Initialisierungszeit. Nevertheless, you want to avoid crashing in the first place, and to do that, you need to handle exceptions properly. Mit folgenden Verfahren stellen Sie sicher, dass alle Ausnahmebedingungen gehandhabt werden: -* ["try-catch" verwenden](#try-catch) -* ["Promises" verwenden](#promises) +- ["try-catch" verwenden](#try-catch) +- ["Promises" verwenden](#promises) Um näher auf diese Themen eingehen zu können, müssen Sie sich ein grundlegendes Verständnis der Fehlerbehandlung in Node und Express aneignen: Verwendung von Error-first-Callbacks und Propagieren von Fehlern in Middleware. Node verwendet die Konvention "Error-first-Callback" für die Rückgabe von Fehlern von asynchronen Funktionen, bei denen der erste Parameter zur Callback-Funktion das Fehlerobjekt ist, gefolgt von Ergebnisdaten in den nachfolgenden Parametern. Um anzugeben, dass kein Fehler vorliegt, müssen Sie "null" als ersten Parameter übergeben. Die Callback-Funktion muss der Konvention "Error-first-Callback" folgen, um den Fehler sinnvoll bearbeiten zu können. In Express hat sich bewährt, die Funktion "next()" zu verwenden, um Fehler über die Middleware-Chain zu propagieren. Weitere Informationen zu den Grundlagen der Fehlerbehandlung siehe: -* [Fehlerbehandlung in Node.js](https://www.tritondatacenter.com/node-js/production/design/errors) -* [Aufbau leistungsfähiger Node-Anwendungen: Fehlerbehandlung](https://web.archive.org/web/20240000000000/https://strongloop.com/strongblog/robust-node-applications-error-handling/) (StrongLoop-Blog) - -#### Was Sie unterlassen sollten - -Sie sollten *auf keinen* Fall per Listener das Ereignis `uncaughtException` überwachen, das ausgegeben wird, wenn eine Ausnahmebedingung bis zurück zur Ereignisschleife bestehen bleibt. Durch das Hinzufügen eines Ereignislisteners für `uncaughtException` verändert sich das Standardverhalten des Prozesses, über das eine Ausnahmebedingung festgestellt wird. Der Prozess läuft dann trotz der Ausnahmebedingung weiter. Dies mag sich vielleicht gut anhören, um einem Absturz Ihrer Anwendung vorzubeugen. Das Ausführen einer Anwendung nach einer nicht abgefangenen Ausnahmebedingung ist aber eine durchaus riskante Vorgehensweise und wird nicht empfohlen, da der Prozessstatus störanfällig und unvorhersehbar wird. - -Außerdem wird die Verwendung von `uncaughtException` offiziell als [grobes Vorgehen](https://nodejs.org/api/process.html#process_event_uncaughtexception) angesehen, sodass es den [Vorschlag](https://github.com/nodejs/node-v0.x-archive/issues/2582) gibt, die Funktion aus dem Kern zu entfernen. Das Überwachen von `uncaughtException` per Listener ist also keine gute Idee. Daher empfehlen wir Dinge wie Mehrfachprozesse und Supervisoren: Ein Absturz und anschließender Neustart ist häufig die zuverlässigste Art der Fehlerbehebung. - -Zudem empfehlen wir, [domains](https://nodejs.org/api/domain.html) nicht zu verwenden. Mit diesem Modul, das zudem veraltet ist, lässt sich das Problem in der Regel nicht lösen. - - +- [Fehlerbehandlung in Node.js](https://www.tritondatacenter.com/node-js/production/design/errors) #### "try-catch" verwenden "try-catch" ist ein JavaScript-Sprachkonstrukt, mit dem Sie Ausnahmebedingungen in synchronem Code abfangen können. Verwenden Sie "try-catch" beispielsweise, um JSON-Parsing-Fehler wie unten gezeigt zu bearbeiten. -Verwenden Sie ein Tool wie [JSHint](http://jshint.com/) oder [JSLint](http://www.jslint.com/), um implizite Ausnahmebedingungen wie [Referenzfehler bei nicht definierten Variablen](http://www.jshint.com/docs/options/#undef) zu finden. - -Dies ist ein Beispiel zur Verwendung von "try-catch", um eine potenzielle "process-crashing"-Ausnahmebedingung zu handhaben. Diese Middlewarefunktion akzeptiert einen Abfragefeldparameter mit dem Namen "params", der ein JSON-Objekt ist. +Dies ist ein Beispiel zur Verwendung von "try-catch", um eine potenzielle "process-crashing"-Ausnahmebedingung zu handhaben. +Diese Middlewarefunktion akzeptiert einen Abfragefeldparameter mit dem Namen "params", der ein JSON-Objekt ist. ```js app.get('/search', (req, res) => { @@ -123,85 +108,70 @@ app.get('/search', (req, res) => { "try-catch" funktioniert jedoch nur in synchronem Code. Da die Node-Plattform primär asynchron ist (insbesondere in einer Produktionsumgebung), lassen sich mit "try-catch" nicht besonders viele Ausnahmebedingungen abfangen. - - #### "Promises" verwenden -Mit "Promises" werden alle Ausnahmebedingungen (explizite und implizite) in asynchronen Codeblöcken gehandhabt, die `then()` verwenden. Sie müssen nur `.catch(next)` am Ende der Promises-Ketten hinzufügen. Beispiel: +When an error is thrown in an `async` function or a rejected promise is awaited inside an `async` function, those errors will be passed to the error handler as if calling `next(err)` ```js -app.get('/', (req, res, next) => { - // do some sync stuff - queryDb() - .then((data) => makeCsv(data)) // handle data - .then((csv) => { /* handle csv */ }) - .catch(next) +app.get('/', async (req, res, next) => { + const data = await userData() // If this promise fails, it will automatically call `next(err)` to handle the error. + + res.send(data) }) app.use((err, req, res, next) => { - // handle error + res.status(err.status ?? 500).send({ error: err.message }) }) ``` -Jetzt werden alle asynchronen und synchronen Fehler zur Middleware "error" propagiert. - -Es gibt jedoch zwei Vorbehalte: - -1. Der gesamte asynchrone Code muss "Promises" zurückgeben (außer Emitter). Wenn eine bestimmte Bibliothek keine "Promises" zurückgibt, müssen Sie das Basisobjekt mit einer Helper-Funktion wie [Bluebird.promisifyAll()](http://bluebirdjs.com/docs/api/promise.promisifyall.html) konvertieren. -2. Ereignisemitter (wie Streams) können nach wie vor nicht abgefangene Ausnahmebedingungen verursachen. Sie müssen also sicherstellen, dass Sie das Fehlerereignis ordnungsgemäß handhaben. Beispiel: +Also, you can use asynchronous functions for your middleware, and the router will handle errors if the promise fails, for example: ```js -const wrap = fn => (...args) => fn(...args).catch(args[2]) +app.use(async (req, res, next) => { + req.locals.user = await getUser(req) -app.get('/', wrap(async (req, res, next) => { - const company = await getCompanyById(req.query.id) - const stream = getLogoStreamById(company.id) - stream.on('error', next).pipe(res) -})) + next() // This will be called if the promise does not throw an error. +}) ``` -Weitere Informationen zur Fehlerbehandlung mithilfe von "Promises" siehe: +Best practice is to handle errors as close to the site as possible. So while this is now handled in the router, it’s best to catch the error in the middleware and handle it without relying on separate error-handling middleware. -* [Asynchrone Fehlerbehandlung in Express mit "Promises", Generatoren und ES7](https://web.archive.org/web/20240000000000/https://strongloop.com/strongblog/async-error-handling-expressjs-es7-promises-generators/) -* ["Promises" in Node.js mit Q – eine Alternative zu Callbacks](https://web.archive.org/web/20240000000000/https://strongloop.com/strongblog/promises-in-node-js-with-q-an-alternative-to-callbacks/) +#### What not to do - +Sie sollten _auf keinen_ Fall per Listener das Ereignis `uncaughtException` überwachen, das ausgegeben wird, wenn eine Ausnahmebedingung bis zurück zur Ereignisschleife bestehen bleibt. Durch das Hinzufügen eines Ereignislisteners für `uncaughtException` verändert sich das Standardverhalten des Prozesses, über das eine Ausnahmebedingung festgestellt wird. Das Ausführen einer Anwendung nach einer nicht abgefangenen Ausnahmebedingung ist aber eine durchaus riskante Vorgehensweise und wird nicht empfohlen, da der Prozessstatus störanfällig und unvorhersehbar wird. -## Empfehlungen für Maßnahmen an Ihrer Umgebung/Ihrem Setup +Außerdem wird die Verwendung von `uncaughtException` offiziell als [grobes Vorgehen](https://nodejs.org/api/process.html#process_event_uncaughtexception) angesehen, sodass es den [Vorschlag](https://github.com/nodejs/node-v0.x-archive/issues/2582) gibt, die Funktion aus dem Kern zu entfernen. Das Überwachen von `uncaughtException` per Listener ist also keine gute Idee. Daher empfehlen wir Dinge wie Mehrfachprozesse und Supervisoren: Ein Absturz und anschließender Neustart ist häufig die zuverlässigste Art der Fehlerbehebung. -Dies sind einige Beispiele für Maßnahmen, die Sie an Ihrer Systemumgebung vornehmen können, um die Anwendungsleistung zu verbessern: +Zudem empfehlen wir, [domains](https://nodejs.org/api/domain.html) nicht zu verwenden. Mit diesem Modul, das zudem veraltet ist, lässt sich das Problem in der Regel nicht lösen. -* NODE_ENV auf "production" festlegen -* Automatischen Neustart Ihrer Anwendung sicherstellen -* Anwendung in einem Cluster ausführen -* Anforderungsergebnisse im Cache speichern -* Load Balancer verwenden -* Reverse Proxy verwenden +## Things to do in your environment / setup -### NODE_ENV auf "production" festlegen +{#in-environment} -In der Umgebungsvariablen NODE_ENV wird die Umgebung angegeben, in der eine Anwendung ausgeführt wird (in der Regel ist dies die Entwicklungs- oder Produktionsumgebung). Am einfachsten lässt sich die Leistung verbessern, indem NODE_ENV auf "production" festgelegt wird. +Dies sind einige Beispiele für Maßnahmen, die Sie an Ihrer Systemumgebung vornehmen können, um die Anwendungsleistung zu verbessern: -Durch das Festlegen von NODE_ENV auf "production" führt Express Folgendes aus: +- NODE_ENV auf "production" festlegen +- Automatischen Neustart Ihrer Anwendung sicherstellen +- Anwendung in einem Cluster ausführen +- Anforderungsergebnisse im Cache speichern +- Load Balancer verwenden +- Reverse Proxy verwenden -* Speichern von Anzeigevorlagen im Cache. -* Speichern von CSS-Dateien, die aus CSS-Erweiterungen generiert wurden, im Cache. -* Generieren von weniger ausführlichen Fehlernachrichten. +### NODE_ENV auf "production" festlegen -[Tests deuten darauf hin](http://apmblog.dynatrace.com/2015/07/22/the-drastic-effects-of-omitting-node_env-in-your-express-js-applications/), dass alleine dadurch die Anwendungsleistung um den Faktor 3 verbessert werden kann! +In der Umgebungsvariablen NODE_ENV wird die Umgebung angegeben, in der eine Anwendung ausgeführt wird (in der Regel ist dies die Entwicklungs- oder Produktionsumgebung). One of the simplest things you can do to improve performance is to set NODE_ENV to `production`. -Wenn Sie umgebungsspezifischen Code schreiben müssen, können Sie den Wert von NODE_ENV mit `process.env.NODE_ENV` überprüfen. Beachten Sie, dass die Überprüfung des Werts seiner Umgebungsvariablen eine leistungsbezogene Penalisierung nach sich zieht. Sie sollten also sehr sparsam damit umgehen. +Durch das Festlegen von NODE_ENV auf "production" führt Express Folgendes aus: -In einer Entwicklungsumgebung wird die Umgebungsvariable in der Regel in Ihrer interaktiven Shell festgelegt, indem Sie beispielsweise `export` oder Ihre Datei `.bash_profile` verwenden. Im Allgemeinen sollten Sie dies nicht auf dem Produktionsserver vornehmen. Verwenden Sie stattdessen das Init-System (systemd oder Upstart) Ihres Betriebssystems. Der nächste Abschnitt enthält weitere Details zur Verwendung des Init-Systems im Allgemeinen. Die Festlegung von NODE_ENV ist jedoch für das Leistungsverhalten so wichtig (und so einfach durchzuführen), dass hier besonders darauf eingegangen wird. +- Speichern von Anzeigevorlagen im Cache. +- Speichern von CSS-Dateien, die aus CSS-Erweiterungen generiert wurden, im Cache. +- Generieren von weniger ausführlichen Fehlernachrichten. -Verwenden Sie bei Upstart das Schlüsselwort `env` in Ihrer Jobdatei. Beispiel: +[Tests indicate](https://www.dynatrace.com/news/blog/the-drastic-effects-of-omitting-node-env-in-your-express-js-applications/) that just doing this can improve app performance by a factor of three! -```sh -# /etc/init/env.conf - env NODE_ENV=production -``` +Wenn Sie umgebungsspezifischen Code schreiben müssen, können Sie den Wert von NODE_ENV mit `process.env.NODE_ENV` überprüfen. Beachten Sie, dass die Überprüfung des Werts seiner Umgebungsvariablen eine leistungsbezogene Penalisierung nach sich zieht. -Weitere Informationen hierzu siehe [Upstart Intro, Cookbook and Best Practices](http://upstart.ubuntu.com/cookbook/#environment-variables). +In einer Entwicklungsumgebung wird die Umgebungsvariable in der Regel in Ihrer interaktiven Shell festgelegt, indem Sie beispielsweise `export` oder Ihre Datei `.bash_profile` verwenden. But in general, you shouldn't do that on a production server; instead, use your OS's init system (systemd). Der nächste Abschnitt enthält weitere Details zur Verwendung des Init-Systems im Allgemeinen. Die Festlegung von NODE_ENV ist jedoch für das Leistungsverhalten so wichtig (und so einfach durchzuführen), dass hier besonders darauf eingegangen wird. Verwenden Sie bei systemd die Anweisung `Environment` in Ihrer Einheitendatei. Beispiel: @@ -210,16 +180,14 @@ Verwenden Sie bei systemd die Anweisung `Environment` in Ihrer Einheitendatei. B Environment=NODE_ENV=production ``` -Weitere Informationen siehe [Umgebungsvariablen in systemd-Einheiten verwenden](https://coreos.com/os/docs/latest/using-environment-variables-in-systemd-units.html). - -Wenn Sie StrongLoop Process Manager verwenden, können Sie auch die [Umgebungsvariable festlegen, wenn Sie StrongLoop Process Manager als Service installieren](https://docs.strongloop.com/display/SLC/Setting+up+a+production+host#Settingupaproductionhost-Setenvironmentvariables). +For more information, see [Using Environment Variables In systemd Units](https://www.flatcar.org/docs/latest/setup/systemd/environment-variables/). ### Automatischen Neustart Ihrer Anwendung sicherstellen In der Produktionsumgebung sollte die Anwendung nie offline sein. Das bedeutet, dass Sie sicherstellen müssen, dass die Anwendung bei einem Absturz der Anwendung oder des Servers immer wieder neu gestartet wird. Auch wenn man hofft, das keines dieser Ereignisse jemals eintritt, muss man doch mit beiden Möglichkeiten rechnen und: -* einen Prozessmanager verwenden, um die Anwendung (und Node) bei einem Absturz neu zu starten. -* das Init-System Ihres Betriebssystems verwenden, um den Prozessmanager bei einem Absturz des Betriebssystems neu zu starten. Außerdem kann das Init-System auch ohne einen Prozessmanager verwendet werden. +- einen Prozessmanager verwenden, um die Anwendung (und Node) bei einem Absturz neu zu starten. +- das Init-System Ihres Betriebssystems verwenden, um den Prozessmanager bei einem Absturz des Betriebssystems neu zu starten. Außerdem kann das Init-System auch ohne einen Prozessmanager verwendet werden. Node-Anwendungen stürzen ab, wenn eine nicht abgefangene Ausnahmebedingung auftritt. Als Erstes müssen Sie in einem solchen Fall sicherstellen, dass Ihre Anwendung ausreichend getestet wurde und in der Lage ist, alle Ausnahmebedingungen zu handhaben (weitere Informationen siehe [Ausnahmebedingungen ordnungsgemäß handhaben](#exceptions)). Die sicherste Maßnahme ist jedoch, einen Mechanismus zu implementieren, über den bei einem Absturz der Anwendung ein automatischer Neustart der Anwendung ausgeführt wird. @@ -229,54 +197,35 @@ In Entwicklungumgebungen wird die Anwendung einfach über die Befehlszeile mit ` Neben einem Neustart der Anwendung nach einem Absturz bietet ein Prozessmanager noch weitere Möglichkeiten: -* Einblicke in die Laufzeitleistung und die Ressourcennutzung -* Dynamische Änderung der Einstellungen zur Verbesserung des Leistungsverhaltens -* Steuerung des Clustering (StrongLoop PM und PM2) +- Einblicke in die Laufzeitleistung und die Ressourcennutzung +- Dynamische Änderung der Einstellungen zur Verbesserung des Leistungsverhaltens +- Control clustering (pm2). -Die gängigsten Prozessmanager für Node sind: - -* [StrongLoop Process Manager](http://strong-pm.io/) -* [PM2](https://github.com/Unitech/pm2) -* [Forever](https://www.npmjs.com/package/forever) - -Einen Vergleich der Features und Funktionen dieser Prozessmanager finden Sie hier: [http://strong-pm.io/compare/](http://strong-pm.io/compare/). - -Die Verwendung eines dieser Prozessmanager reicht aus, um Ihre Anwendung betriebsbereit zu halten, selbst wenn sie hin und wieder abstürzt. - -StrongLoop PM verfügt jedoch über zahlreiche Features und Funktionen, die sich speziell auf Implementierungen in der Produktionsumgebung beziehen. Sie können diesen Prozessmanager und die zugehörigen StrongLoop-Tools für folgende Zwecke verwenden: - -* Lokales Erstellen und Packen Ihrer Anwendung mit anschließender sicherer Bereitstellung auf Ihrem Produktionssystem -* Automatischer Neustart Ihrer Anwendung nach einem Absturz aus irgendeinem Grund -* Verwaltung Ihrer Cluster über Fernzugriff -* Anzeige von CPU-Profilen und Heapspeichermomentaufnahmen (Heap-Snapshots) zur Optimierung der Leistung und Diagnose von Speicherlecks -* Anzeige von Leistungsmessdaten für Ihre Anwendung -* Einfache Skalierung auf mehrere Hosts mit integrierter Steuerung für Nginx Load Balancer - -Wie unten beschrieben, erfolgt ein automatischer Neustart beim Systemwiederanlauf, wenn Sie StrongLoop Process Manager über Ihr Init-System als Betriebssystemservice installieren. Dadurch bleiben Ihre Anwendungsprozesse und Cluster dauerhaft betriebsbereit. +Historically, it was popular to use a Node.js process manager like [PM2](https://github.com/Unitech/pm2). See their documentation if you wish to do this. However, we recommend using your init system for process management. #### Init-System verwenden -Als nächste Ebene der Zuverlässigkeit müssen Sie sicherstellen, dass Ihre Anwendung bei einem Serverneustart neu gestartet wird. Systeme können immer wieder aus verschiedenen Gründen abstürzen. Um sicherzustellen, dass Ihre Anwendung bei einem Serverabsturz neu gestartet wird, können Sie das in Ihr Betriebssystem integrierte Init-System verwenden. Die beiden wichtigsten Init-Systeme sind aktuell [systemd](https://wiki.debian.org/systemd) und [Upstart](http://upstart.ubuntu.com/). +Als nächste Ebene der Zuverlässigkeit müssen Sie sicherstellen, dass Ihre Anwendung bei einem Serverneustart neu gestartet wird. Systeme können immer wieder aus verschiedenen Gründen abstürzen. Um sicherzustellen, dass Ihre Anwendung bei einem Serverabsturz neu gestartet wird, können Sie das in Ihr Betriebssystem integrierte Init-System verwenden. The main init system in use today is [systemd](https://wiki.debian.org/systemd). Es gibt zwei Möglichkeiten, Init-Systeme mit Ihrer Express-Anwendung zu verwenden: -* Ausführung Ihrer Anwendung in einem Prozessmanager und Installation des Prozessmanagers als Service mit dem Init-System. Der Prozessmanager wird neu gestartet, wenn Ihre Anwendung abstürzt. Das Init-System startet dann den Prozessmanager neu, sobald das Betriebssystem neu gestartet wird. Dies ist die empfohlene Vorgehensweise. -* Ausführung Ihrer Anwendung (und von Node) direkt mit dem Init-System. Diese Vorgehensweise ist zwar etwas einfacher, Sie profitieren jedoch nicht von den zusätzlichen Vorteilen des Einsatzes eines Prozessmanagers. +- Ausführung Ihrer Anwendung in einem Prozessmanager und Installation des Prozessmanagers als Service mit dem Init-System. Der Prozessmanager wird neu gestartet, wenn Ihre Anwendung abstürzt. Dies ist die empfohlene Vorgehensweise. +- Ausführung Ihrer Anwendung (und von Node) direkt mit dem Init-System. Diese Vorgehensweise ist zwar etwas einfacher, Sie profitieren jedoch nicht von den zusätzlichen Vorteilen des Einsatzes eines Prozessmanagers. ##### systemd "systemd" ist ein Linux-System und Service-Manager. Die meisten wichtigen Linux-Distributionen haben "systemd" als Init-Standardsystem übernommen. -Eine "systemd"-Servicekonfigurationsdatei wird als *Einheitendatei* bezeichnet, die die Endung ".service" hat. Dies ist ein Beispiel für eine Einheitendatei zur direkten Verwaltung einer Node-Anwendung (ersetzen Sie den Text in Fettdruck durch Werte für Ihr System und Ihre Anwendung): +Eine "systemd"-Servicekonfigurationsdatei wird als _Einheitendatei_ bezeichnet, die die Endung ".service" hat. Dies ist ein Beispiel für eine Einheitendatei zur direkten Verwaltung einer Node-Anwendung (ersetzen Sie den Text in Fettdruck durch Werte für Ihr System und Ihre Anwendung): Replace the values enclosed in `${options.message}
`) return callback(null, rendered) }) @@ -33,10 +35,13 @@ Ihre Anwendung ist jetzt in der Lage, `.ntl`-Dateien auszugeben. Erstellen Sie i #title# #message# ``` + Erstellen Sie dann in Ihrer Anwendung die folgende Route. + ```js app.get('/', (req, res) => { res.render('index', { title: 'Hey', message: 'Hello there!' }) }) ``` -Wenn Sie eine Anforderung zur Homepage einleiten, wird `index.ntl` im HTML-Format ausgegeben. + +Wenn Sie eine Anforderung zur Homepage einleiten, wird `index.ntl` im HTML-Format ausgegeben. \ No newline at end of file diff --git a/de/advanced/healthcheck-graceful-shutdown.md b/de/advanced/healthcheck-graceful-shutdown.md new file mode 100644 index 0000000000..34085a504f --- /dev/null +++ b/de/advanced/healthcheck-graceful-shutdown.md @@ -0,0 +1,34 @@ +--- +layout: page +title: Health Checks and Graceful Shutdown +description: Learn how to implement health checks and graceful shutdown in Express apps to enhance reliability, manage deployments, and integrate with load balancers like Kubernetes. +menu: advanced +lang: de +redirect_from: " " +--- + +# Health Checks and Graceful Shutdown + +## Graceful shutdown + +When you deploy a new version of your application, you must replace the previous version. The process manager you're using will first send a SIGTERM signal to the application to notify it that it will be killed. Once the application gets this signal, it should stop accepting new requests, finish all the ongoing requests, clean up the resources it used, including database connections and file locks then exit. + +### Beispiel + +```js +const server = app.listen(port) + +process.on('SIGTERM', () => { + debug('SIGTERM signal received: closing HTTP server') + server.close(() => { + debug('HTTP server closed') + }) +}) +``` + +## Health checks + +A load balancer uses health checks to determine if an application instance is healthy and can accept requests. For example, [Kubernetes has two health checks](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/): + +- `liveness`, that determines when to restart a container. +- `readiness`, that determines when a container is ready to start accepting traffic. When a pod is not ready, it is removed from the service load balancers. \ No newline at end of file diff --git a/de/advanced/security-updates.md b/de/advanced/security-updates.md old mode 100755 new mode 100644 index ec7bab2ba3..3b573ae521 --- a/de/advanced/security-updates.md +++ b/de/advanced/security-updates.md @@ -4,6 +4,7 @@ title: Express-Sicherheitsupdates description: Review the latest security updates and patches for Express.js, including detailed vulnerability lists for different versions to help maintain a secure application. menu: advanced lang: de +redirect_from: " " --- # Sicherheitsupdates @@ -15,32 +16,73 @@ Schwachstellen bei Node.js wirken sich direkt auf Express aus. Daher sollten Sie Die folgende Liste enthält die Express-Schwachstellen, die im angegebenen Versionsupdate behoben wurden. +{% capture security-policy %} +If you believe you have discovered a security vulnerability in Express, please see +[Security Policies and Procedures](/{{page.lang}}/resources/contributing.html#security-policies-and-procedures). +{% endcapture %} + +{% include admonitions/note.html content=security-policy %} + ## 4.x - * 4.11.1 - * Offenlegungsgefahr beim Rootpfad in `express.static`, `res.sendfile` und `res.sendFile` behoben. - * 4.10.7 - * Offene Umadressierungsschwachstelle in `express.static` ([Empfehlung](https://npmjs.com/advisories/35), [CVE-2015-1164](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1164)) behoben. - * 4.8.8 - * Schwachstellen durch Directory-Traversal-Technik in `express.static` ([Empfehlung](http://npmjs.com/advisories/32) , [CVE-2014-6394](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6394)) behoben. - * 4.8.4 - * Node.js 0.10 kann in bestimmten Situationen Lecks bei `fd` aufweisen, die sich auf `express.static` und `res.sendfile` auswirken. Böswillige Anforderungen können zu Lecks bei `fd` führen und letztendlich `EMFILE`-Fehler nach sich ziehen und bewirken, dass Server nicht antworten. - * 4.8.0 - * Sparse-Arrays mit extrem hohen Indizes in der Abfragezeichenfolge können bewirken, dass für die Prozessausführung nicht genügend Arbeitsspeicher zur Verfügung steht und es zu einem Serverabsturz kommt. - * Extrem verschachtelte Abfragezeichenfolgenobjekte können bewirken, dass der Prozess blockiert und der Server dadurch vorübergehend nicht antwortet. +- 4.21.2 + - The dependency `path-to-regexp` has been updated to address a [vulnerability](https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-rhx6-c78j-4q9w). +- 4.21.1 + - The dependency `cookie` has been updated to address a [vulnerability](https://github.com/jshttp/cookie/security/advisories/GHSA-pxg6-pf52-xh8x), This may affect your application if you use `res.cookie`. +- 4.20.0 + - Fixed XSS vulnerability in `res.redirect` ([advisory](https://github.com/expressjs/express/security/advisories/GHSA-qw6h-vgh9-j6wx), [CVE-2024-43796](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43796)). + - The dependency `serve-static` has been updated to address a [vulnerability](https://github.com/advisories/GHSA-cm22-4g7w-348p). + - The dependency `send` has been updated to address a [vulnerability](https://github.com/advisories/GHSA-m6fv-jmcg-4jfg). + - The dependency `path-to-regexp` has been updated to address a [vulnerability](https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-9wv6-86v2-598j). + - The dependency `body-parser` has been updated to addres a [vulnerability](https://github.com/advisories/GHSA-qwcr-r2fm-qrc7), This may affect your application if you had url enconding activated. +- 4.19.0, 4.19.1 + - Fixed open redirect vulnerability in `res.location` and `res.redirect` ([advisory](https://github.com/expressjs/express/security/advisories/GHSA-rv95-896h-c2vc), [CVE-2024-29041](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29041)). +- 4.17.3 + - The dependency `qs` has been updated to address a [vulnerability](https://github.com/advisories/GHSA-hrpp-h998-j3pp). This may affect your application if the following APIs are used: `req.query`, `req.body`, `req.param`. +- 4.16.0 + - The dependency `forwarded` has been updated to address a [vulnerability](https://npmjs.com/advisories/527). This may affect your application if the following APIs are used: `req.host`, `req.hostname`, `req.ip`, `req.ips`, `req.protocol`. + - The dependency `mime` has been updated to address a [vulnerability](https://npmjs.com/advisories/535), but this issue does not impact Express. + - The dependency `send` has been updated to provide a protection against a [Node.js 8.5.0 vulnerability](https://nodejs.org/en/blog/vulnerability/september-2017-path-validation/). This only impacts running Express on the specific Node.js version 8.5.0. +- 4.15.5 + - The dependency `debug` has been updated to address a [vulnerability](https://snyk.io/vuln/npm:debug:20170905), but this issue does not impact Express. + - The dependency `fresh` has been updated to address a [vulnerability](https://npmjs.com/advisories/526). This will affect your application if the following APIs are used: `express.static`, `req.fresh`, `res.json`, `res.jsonp`, `res.send`, `res.sendfile` `res.sendFile`, `res.sendStatus`. +- 4.15.3 + - The dependency `ms` has been updated to address a [vulnerability](https://snyk.io/vuln/npm:ms:20170412). This may affect your application if untrusted string input is passed to the `maxAge` option in the following APIs: `express.static`, `res.sendfile`, and `res.sendFile`. +- 4.15.2 + - The dependency `qs` has been updated to address a [vulnerability](https://snyk.io/vuln/npm:qs:20170213), but this issue does not impact Express. Updating to 4.15.2 is a good practice, but not required to address the vulnerability. +- 4.11.1 + - Offenlegungsgefahr beim Rootpfad in `express.static`, `res.sendfile` und `res.sendFile` behoben. +- 4.10.7 + - Offene Umadressierungsschwachstelle in `express.static` ([Empfehlung](https://npmjs.com/advisories/35), [CVE-2015-1164](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1164)) behoben. +- 4.8.8 + - Schwachstellen durch Directory-Traversal-Technik in `express.static` ([Empfehlung](http://npmjs.com/advisories/32) , [CVE-2014-6394](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6394)) behoben. +- 4.8.4 + - Node.js 0.10 kann in bestimmten Situationen Lecks bei `fd` aufweisen, die sich auf `express.static` und `res.sendfile` auswirken. Böswillige Anforderungen können zu Lecks bei `fd` führen und letztendlich `EMFILE`-Fehler nach sich ziehen und bewirken, dass Server nicht antworten. +- 4.8.0 + - Sparse-Arrays mit extrem hohen Indizes in der Abfragezeichenfolge können bewirken, dass für die Prozessausführung nicht genügend Arbeitsspeicher zur Verfügung steht und es zu einem Serverabsturz kommt. + - Extrem verschachtelte Abfragezeichenfolgenobjekte können bewirken, dass der Prozess blockiert und der Server dadurch vorübergehend nicht antwortet. ## 3.x - * 3.19.1 - * Offenlegungsgefahr beim Rootpfad in `express.static`, `res.sendfile` und `res.sendFile` behoben. - * 3.19.0 - * Offene Umadressierungsschwachstelle in `express.static` ([Empfehlung](https://npmjs.com/advisories/35), [CVE-2015-1164](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1164)) behoben. - * 3.16.10 - * Schwachstellen durch Directory-Traversal-Technik in `express.static` behoben. - * 3.16.6 - * Node.js 0.10 kann in bestimmten Situationen Lecks bei `fd` aufweisen, die sich auf `express.static` und `res.sendfile` auswirken. Böswillige Anforderungen können zu Lecks bei `fd` führen und letztendlich `EMFILE`-Fehler nach sich ziehen und bewirken, dass Server nicht antworten. - * 3.16.0 - * Sparse-Arrays mit extrem hohen Indizes in der Abfragezeichenfolge können bewirken, dass für die Prozessausführung nicht genügend Arbeitsspeicher zur Verfügung steht und es zu einem Serverabsturz kommt. - * Extrem verschachtelte Abfragezeichenfolgenobjekte können bewirken, dass der Prozess blockiert und der Server dadurch vorübergehend nicht antwortet. - * 3.3.0 - * Die Antwort 404 bei einem nicht unterstützten Überschreibungsversuch war anfällig gegen Cross-Site Scripting-Attacken. +
+ **Express 3.x WIRD NICHT MEHR GEWARTET**
+
+Bekannte und unbekannte Probleme bei Sicherheit und Leistung in 3.x wurden seit dem letzten Update (1. August 2015) noch nicht behoben. Es wird dringend empfohlen, die aktuelle Version von Express zu verwenden.
+
+If you are unable to upgrade past 3.x, please consider [Commercial Support Options](/{{ page.lang }}/support#commercial-support-options).
+
+
+
+- 3.19.1
+ - Offenlegungsgefahr beim Rootpfad in `express.static`, `res.sendfile` und `res.sendFile` behoben.
+- 3.19.0
+ - Offene Umadressierungsschwachstelle in `express.static` ([Empfehlung](https://npmjs.com/advisories/35), [CVE-2015-1164](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1164)) behoben.
+- 3.16.10
+ - Schwachstellen durch Directory-Traversal-Technik in `express.static` behoben.
+- 3.16.6
+ - Node.js 0.10 kann in bestimmten Situationen Lecks bei `fd` aufweisen, die sich auf `express.static` und `res.sendfile` auswirken. Böswillige Anforderungen können zu Lecks bei `fd` führen und letztendlich `EMFILE`-Fehler nach sich ziehen und bewirken, dass Server nicht antworten.
+- 3.16.0
+ - Sparse-Arrays mit extrem hohen Indizes in der Abfragezeichenfolge können bewirken, dass für die Prozessausführung nicht genügend Arbeitsspeicher zur Verfügung steht und es zu einem Serverabsturz kommt.
+ - Extrem verschachtelte Abfragezeichenfolgenobjekte können bewirken, dass der Prozess blockiert und der Server dadurch vorübergehend nicht antwortet.
+- 3.3.0
+ - Die Antwort 404 bei einem nicht unterstützten Überschreibungsversuch war anfällig gegen Cross-Site Scripting-Attacken.
\ No newline at end of file
diff --git a/de/api.md b/de/api.md
old mode 100755
new mode 100644
index 1891b944f7..1b091208fc
--- a/de/api.md
+++ b/de/api.md
@@ -1,26 +1,21 @@
---
-layout: 4x-api
-title: Express 4.x - API-Referenz
+layout: api
+version: 5x
+title: Express 5.x - API-Referenz
description: Access the API reference for Express.js detailing all modules, methods, and properties for building web applications with this version.
lang: de
+redirect_from: " "
---
-
-
-
-Die Festlegung eines anderen `trust proxy`-Werts als `false` resultiert in drei wichtigen Änderungen:
+Enabling `trust proxy` will have the following impact:
4.x-API
- - - {% include api/en/4x/express.md %} +
+
diff --git a/th/changelog/index.md b/de/changelog/index.md
similarity index 80%
rename from th/changelog/index.md
rename to de/changelog/index.md
index fdee9ae1b5..4bd4edc3ab 100644
--- a/th/changelog/index.md
+++ b/de/changelog/index.md
@@ -2,105 +2,171 @@
layout: page
title: Express changelog
description: Stay updated with the release changelog for Express.js, detailing new features, bug fixes, and important changes across versions.
-menu: changelog
-lang: th
-redirect_from:
- - "th/changelog/4x.html"
+lang: de
sitemap: false
+redirect_from:
+ - " "
+ - " "
---
+
+
+5.x API
+ {% include api/en/5x/express.md %} - {% include api/en/4x/app.md %} - + {% include api/en/5x/app.md %} - {% include api/en/4x/req.md %} - + {% include api/en/5x/req.md %} - {% include api/en/4x/res.md %} - + {% include api/en/5x/res.md %} - {% include api/en/4x/router.md %} - + {% include api/en/5x/router.md %}
+
# Release changelog
All the latest updates, improvements, and fixes to Express
-## 5.0.1 - Release date: 2024-10-08
+## Express v5
+
+{: id="5.x"}
+
+### 5.1.0 - Release date: 2025-03-31
+
+{: id="5.0.1"}
+
+The 5.1.0 minor release includes some new features and improvements:
+
+- Support for sending responses as Uint8Array
+- Added support for ETag option in `res.sendFile()`
+- Added support for adding multiple links with the same rel with `res.links()`
+- Performance: Use loop for acceptParams
+- [body-parser@2.2.0](https://github.com/expressjs/body-parser/releases/tag/v2.2.0)
+ - Remove legacy node.js support checks for Brotli & `AsyncLocalStorage`
+ - Remove `unpipe` & `destroy`
+- [router@2.2.0](https://github.com/pillarjs/router/releases/tag/v2.2.0)
+ - Restore `debug`. Now with the `router` scope instead of `express`.
+ - Remove legacy node.js support checks for `setImmediate`
+ - Deprecate non-native promise support
+ - Remove `after`, `safe-buffer`, `array-flatten`, `setprotoypeof`, `methods`, `utils-merge`
+- [finalhandler@2.1.0](https://github.com/pillarjs/finalhandler/releases/tag/v2.1.0)
+ - Remove legacy node.js support checks for `headersSent`, `setImmediate`, & http2 support
+ - Remove `unpipe`
+- Transitioned all remaining dependencies to use `^` ranges instead of locked versions
+- Add package.json funding field to highlight our OpenCollective
+- See [Changelog v5.1.0](https://github.com/expressjs/express/releases/tag/v5.1.0)
+
+### 5.0.1 - Release date: 2024-10-08
+
{: id="5.0.1"}
The 5.0.1 patch release includes one security fix:
-* Update [jshttps/cookie](https://www.npmjs.com/package/cookie) to address a [vulnerability](https://github.com/advisories/GHSA-pxg6-pf52-xh8x).
+- Update [jshttps/cookie](https://www.npmjs.com/package/cookie) to address a [vulnerability](https://github.com/advisories/GHSA-pxg6-pf52-xh8x).
+
+### 5.0.0 - Release date: 2024-09-09
-## 5.0.0 - Release date: 2024-09-09
{: id="5.0.0"}
-Check the [migration guide]({{page.lang}}/guide/migrating-5.html) with all the changes in this new version of Express.
+Check the [migration guide](/{{page.lang}}/guide/migrating-5.html) with all the changes in this new version of Express.
+
+## Express v4
+
+{: id="4.x"}
+
+### 4.21.2 - Release date: 2024-11-06
+
+{: id="4.21.2"}
+
+The 4.21.2 patch release includes one security fix:
+
+- Update [pillajs/path-to-regexp](https://www.npmjs.com/package/path-to-regexp) to address a [vulnerability](https://github.com/advisories/GHSA-rhx6-c78j-4q9w).
+
+### 4.21.1 - Release date: 2024-10-08
-## 4.21.1 - Release date: 2024-10-08
{: id="4.21.1"}
The 4.21.1 patch release includes one security fix:
-* Update [jshttps/cookie](https://www.npmjs.com/package/cookie) to address a [vulnerability](https://github.com/advisories/GHSA-pxg6-pf52-xh8x).
+- Update [jshttps/cookie](https://www.npmjs.com/package/cookie) to address a [vulnerability](https://github.com/advisories/GHSA-pxg6-pf52-xh8x).
+
+### 4.21.0 - Release date: 2024-09-11
-## 4.21.0 - Release date: 2024-09-11
{: id="4.21.0"}
The 4.21.0 minor release includes one new feature:
-* Deprecate `res.location("back")` and `res.redirect("back")` magic string
+- Deprecate `res.location("back")` and `res.redirect("back")` magic string
+
+### 4.20.0 - Release date: 2024-09-10
-## 4.20.0 - Release date: 2024-09-10
{: id="4.20.0"}
The 4.20.0 minor release includes bug fixes and some new features, including:
-* The [`res.clearCookie()` method](/{{ page.lang }}/4x/api.html#res.clearCookie) deprecates `options.maxAge` and `options.expires` options.
-* The [`res.redirect()` method](/{{ page.lang }}/4x/api.html#res.redirect) removes HTML link rendering.
-* The [`express.urlencoded()` method](/{{ page.lang }}/4x/api.html#express.urlencoded) method now has a depth level of `32`, whereas it was previously `Infinity`.
-* Adds support for named matching groups in the routes using a regex
-* Removes encoding of `\`, `|`, and `^` to align better with URL spec
+- The [`res.clearCookie()` method](/{{ page.lang }}/4x/api.html#res.clearCookie) deprecates `options.maxAge` and `options.expires` options.
+- The [`res.redirect()` method](/{{ page.lang }}/4x/api.html#res.redirect) removes HTML link rendering.
+- The [`express.urlencoded()` method](/{{ page.lang }}/4x/api.html#express.urlencoded) method now has a depth level of `32`, whereas it was previously `Infinity`.
+- Adds support for named matching groups in the routes using a regex
+- Removes encoding of `\`, `|`, and `^` to align better with URL spec
For a complete list of changes in this release, see [History.md](https://github.com/expressjs/express/blob/master/History.md#4200--2024-09-10)
-## 4.19.2 - Release date: 2024-03-25
+### 4.19.2 - Release date: 2024-03-25
+
{: id="4.19.2"}
-* Improved fix for open redirect allow list bypass
+- Improved fix for open redirect allow list bypass
For a complete list of changes in this release, see [History.md](https://github.com/expressjs/express/blob/master/History.md#4192--2024-03-25)
-## 4.19.1 - Release date: 2024-03-20
+### 4.19.1 - Release date: 2024-03-20
+
{: id="4.19.1"}
-* Allow passing non-strings to res.location with new encoding handling checks
+- Allow passing non-strings to res.location with new encoding handling checks
For a complete list of changes in this release, see [History.md](https://github.com/expressjs/express/blob/master/History.md#4191--2024-03-20)
-## 4.19.0 - Release date: 2024-03-20
+### 4.19.0 - Release date: 2024-03-20
+
{: id="4.19.0"}
-* Prevent open redirect allow list bypass due to encodeurl
-* deps: cookie@0.6.0
+- Prevent open redirect allow list bypass due to encodeurl
+- deps: cookie@0.6.0
For a complete list of changes in this release, see [History.md](https://github.com/expressjs/express/blob/master/History.md#4190--2024-03-20)
-## 4.18.3 - Release date: 2024-02-29
+### 4.18.3 - Release date: 2024-02-29
+
{: id="4.18.3"}
The 4.18.3 patch release includes the following bug fix:
The [`res.sendFile()` method](/{{ page.lang }}/4x/api.html#res.sendFile) now accepts two new options: `acceptRanges` and `cacheControl`.
- - `acceptRanges` (defaut is `true`), enables or disables accepting ranged requests. When disabled, the response does not send the `Accept-Ranges` header and ignores the contents of the `Range` request header.
+- `acceptRanges` (defaut is `true`), enables or disables accepting ranged requests. When disabled, the response does not send the `Accept-Ranges` header and ignores the contents of the `Range` request header.
- - `cacheControl`, (default is `true`), enables or disables the `Cache-Control` response header. Disabling it will ignore the `maxAge` option.
+- `cacheControl`, (default is `true`), enables or disables the `Cache-Control` response header. Disabling it will ignore the `maxAge` option.
+
+- `res.sendFile` has also been updated to handle `Range` header and redirections better.
- - `res.sendFile` has also been updated to handle `Range` header and redirections better.
@@ -513,15 +598,23 @@ The 4.14.0 minor release includes bug fixes, security update, performance improv
The [jshttp/cookie module](https://www.npmjs.com/package/cookie) (in addition to a number of other improvements) has been updated and now the [`res.cookie()` method](/{{ page.lang }}/4x/api.html#res.cookie) supports the `sameSite` option to let you specify the [SameSite cookie attribute](https://tools.ietf.org/html/draft-west-first-party-cookies-07).
-
- {% include admonitions/note.html content="This attribute has not yet been fully standardized, may change in the future, and many clients may ignore it." %}
- The possible value for the `sameSite` option are:
+{% capture note-4-14-0 %}
+
+```
+This attribute has not yet been fully standardized, may change in the future, and many clients may ignore it.
+```
+
+{% endcapture %}
+{% include admonitions/note.html content=note-4-14-0 %}
+
+The possible value for the `sameSite` option are:
+
+- `true`, which sets the `SameSite` attribute to `Strict` for strict same site enforcement.
+- `false`, which does not set the `SameSite` attribute.
+- `'lax'`, which sets the `SameSite` attribute to `Lax` for lax same site enforcement.
+- `'strict'`, which sets the `SameSite` attribute to `Strict` for strict same site enforcement.
- - `true`, which sets the `SameSite` attribute to `Strict` for strict same site enforcement.
- - `false`, which does not set the `SameSite` attribute.
- - `'lax'`, which sets the `SameSite` attribute to `Lax` for lax same site enforcement.
- - `'strict'`, which sets the `SameSite` attribute to `Strict` for strict same site enforcement.
@@ -538,3 +631,5 @@ The 4.14.0 minor release includes bug fixes, security update, performance improv
For a complete list of changes in this release, see [History.md](https://github.com/expressjs/express/blob/master/History.md#4140--2016-06-16).
+
+
diff --git a/de/guide/behind-proxies.md b/de/guide/behind-proxies.md
old mode 100755
new mode 100644
index 22e81dda3b..6e8dfbcdcb
--- a/de/guide/behind-proxies.md
+++ b/de/guide/behind-proxies.md
@@ -4,33 +4,41 @@ title: Express hinter Proxys
description: Learn how to configure Express.js applications to work correctly behind reverse proxies, including using the trust proxy setting to handle client IP addresses.
menu: guide
lang: de
+redirect_from: " "
---
# Express hinter Proxys
-Bei der Ausführung einer Express-Anwendung hinter einem Proxy legen Sie die Anwendungsvariable `trust proxy` (mithilfe von [app.set()](/{{ page.lang }}/4x/api.html#app.set)) auf einen der in der folgenden Tabelle enthaltenen Werte fest:
+When running an Express app behind a reverse proxy, some of the Express APIs may return different values than expected. In order to adjust for this, the `trust proxy` application setting may be used to expose information provided by the reverse proxy in the Express APIs. The most common issue is express APIs that expose the client's IP address may instead show an internal IP address of the reverse proxy.
- - Fix routing requests without method. ([commit](https://github.com/expressjs/express/commit/74beeac0718c928b4ba249aba3652c52fbe32ca8)) - + Fix routing requests without method. ([commit](https://github.com/expressjs/express/commit/74beeac0718c928b4ba249aba3652c52fbe32ca8)) +
- - Fix regression routing a large stack in a single route. ([commit](https://github.com/expressjs/express/commit/7ec5dd2b3c5e7379f68086dae72859f5573c8b9b)) - + Fix regression routing a large stack in a single route. ([commit](https://github.com/expressjs/express/commit/7ec5dd2b3c5e7379f68086dae72859f5573c8b9b)) +
-Auch wenn die Anwendungsausführung nicht fehlschlägt, wenn die Anwendungsvariable `trust proxy` nicht festgelegt wurde, wird die IP-Adresse des Proxys nicht ordnungsgemäß als Client-IP-Adresse eingetragen, es sei denn, `trust proxy` wurde konfiguriert.
+When configuring the `trust proxy` setting, it is important to understand the exact setup of the reverse proxy. Since this setting will trust values provided in the request, it is important that the combination of the setting in Express matches how the reverse proxy operates.
+Bei der Ausführung einer Express-Anwendung hinter einem Proxy legen Sie die Anwendungsvariable `trust proxy` (mithilfe von [app.set()](/{{ page.lang }}/4x/api.html#app.set)) auf einen der in der folgenden Tabelle enthaltenen Werte fest:
+
| Typ | Wert | |
|---|---|---|
| Boolesch | --Wenn `true` angegeben wird, wird die IP-Adresse des Clients als der äußerst rechte Eintrag im Header `X-Forwarded-*` interpretiert. + | Wenn `true` angegeben wird, wird die IP-Adresse des Clients als der äußerst rechte Eintrag im Header `X-Forwarded-*` interpretiert.
+
Wenn `false` angegeben wird, wird die Anwendung als direkte Verbindung zum Internet gesehen. Die IP-Adresse des Clients wird dann von `req.connection.remoteAddress` abgeleitet. Dies ist die Standardeinstellung.
+
+
+When setting to `true`, it is important to ensure that the last reverse proxy trusted is removing/overwriting all of the following HTTP headers: `X-Forwarded-For`, `X-Forwarded-Host`, and `X-Forwarded-Proto`, otherwise it may be possible for the client to provide any value.
+
|
| IP-Adressen | +IP addresses | -Eine einzelne IP-Adresse, ein Teilnetz oder ein Array von IP-Adressen und Teilnetzen, denen vertraut werden kann. Die folgende Liste zeigt die vorkonfigurierten Teilnetznamen: -* loopback - `127.0.0.1/8`, `::1/128` -* linklocal - `169.254.0.0/16`, `fe80::/10` -* uniquelocal - `10.0.0.0/8`, `172.16.0.0/12`, `192.168.0.0/16`, `fc00::/7`. +An IP address, subnet, or an array of IP addresses and subnets to trust as being a reverse proxy. The following list shows the pre-configured subnet names: + +- loopback - `127.0.0.1/8`, `::1/128` +- linklocal - `169.254.0.0/16`, `fe80::/10` +- uniquelocal - `10.0.0.0/8`, `172.16.0.0/12`, `192.168.0.0/16`, `fc00::/7` Sie können IP-Adressen wie folgt festlegen: @@ -41,19 +49,24 @@ app.set('trust proxy', 'loopback, linklocal, uniquelocal') // specify multiple s app.set('trust proxy', ['loopback', 'linklocal', 'uniquelocal']) // specify multiple subnets as an array ``` -Sobald die Werte angegeben wurden, werden die betreffenden IP-Adressen und Teilnetze aus dem Adressfeststellungsprozess ausgeschlossen. Die nicht vertrauenswürdige IP-Adresse, die am nächsten zum Anwendungsserver liegt, wird als IP-Adresse des Clients festgelegt. +Sobald die Werte angegeben wurden, werden die betreffenden IP-Adressen und Teilnetze aus dem Adressfeststellungsprozess ausgeschlossen. Die nicht vertrauenswürdige IP-Adresse, die am nächsten zum Anwendungsserver liegt, wird als IP-Adresse des Clients festgelegt. This works by checking if `req.socket.remoteAddress` is trusted. If so, then each address in `X-Forwarded-For` is checked from right to left until the first non-trusted address. + |
| Zahl |
-Dem `n`-ten Hop vom Proxy-Server soll als Client vertraut werden.
+Use the address that is at most `n` number of hops away from the Express application. `req.socket.remoteAddress` is the first hop, and the rest are looked for in the `X-Forwarded-For` header from right to left. A value of `0` means that the first untrusted address would be `req.socket.remoteAddress`, i.e. there is no reverse proxy.
+
+
+When using this setting, it is important to ensure there are not multiple, different-length paths to the Express application such that the client can be less than the configured number of hops away, otherwise it may be possible for the client to provide any value.
+
|
|
| Funktion | +Function | -Individuell angepasste, vertrauenswürdige Implementierung. Dies sollten Sie nur verwenden, wenn Sie genau wissen, was Sie tun. +Custom trust implementation. ```js app.set('trust proxy', (ip) => { @@ -61,16 +74,16 @@ app.set('trust proxy', (ip) => { else return false }) ``` + |
-
-
- Der Wert für [req.hostname](/{{ page.lang }}/api.html#req.hostname) wird vom Wert abgeleitet, der im Header `X-Forwarded-Host` festgelegt wurde. Dieser Wert kann vom Client oder Proxy festgelegt werden. - +
- Der Wert für [req.hostname](/{{ page.lang }}/api.html#req.hostname) wird vom Wert abgeleitet, der im Header `X-Forwarded-Host` festgelegt wurde. Dieser Wert kann vom Client oder Proxy festgelegt werden.
- `X-Forwarded-Proto` kann vom Reverse Proxy festgelegt werden, um der Anwendung mitzuteilen, ob es sich um `https` oder `http` oder sogar um einen ungültigen Namen handelt. Dieser Wert wird durch [req.protocol](/{{ page.lang }}/api.html#req.protocol) abgebildet.
- Als Werte für [req.ip](/{{ page.lang }}/api.html#req.ip) und [req.ips](/{{ page.lang }}/api.html#req.ips) wird die Liste der Adressen aus `X-Forwarded-For` herangezogen.
diff --git a/de/guide/database-integration.md b/de/guide/database-integration.md
old mode 100755
new mode 100644
index 068ff957c2..f02a7bfee5
--- a/de/guide/database-integration.md
+++ b/de/guide/database-integration.md
@@ -4,211 +4,264 @@ title: Datenbankintegration in Express
description: Discover how to integrate various databases with Express.js applications, including setup examples for MongoDB, MySQL, PostgreSQL, and more.
menu: guide
lang: de
+redirect_from: " "
---
# Datenbankintegration
Die Herstellung einer Verbindung zwischen Datenbanken und Express-Anwendungen erfolgt einfach durch Laden eines geeigneten Node.js-Treibers für die Datenbank in Ihre Anwendung. In diesem Dokument wird in Kurzform beschrieben, wie einige der gängigsten Node.js-Module für Datenbanksysteme Ihrer Express-Anwendung hinzugefügt und verwendet werden:
-* [Cassandra](#cassandra)
-* [CouchDB](#couchdb)
-* [LevelDB](#leveldb)
-* [MySQL](#mysql)
-* [MongoDB](#mongo)
-* [Neo4j](#neo4j)
-* [Oracle](#oracle)
-* [PostgreSQL](#postgres)
-* [Redis](#redis)
-* [SQLite](#sqlite)
-* [ElasticSearch](#elasticsearch)
+- [Cassandra](#cassandra)
+- [Couchbase](#couchbase)
+- [CouchDB](#couchdb)
+- [LevelDB](#leveldb)
+- [MySQL](#mysql)
+- [MongoDB](#mongo)
+- [Neo4j](#neo4j)
+- [Oracle](#oracle)
+- [PostgreSQL](#postgres)
+- [Redis](#redis)
+-
+- [SQLite](#sqlite)
+- [ElasticSearch](#elasticsearch)
Diese Datenbanktreiber sind neben zahlreichen anderen Treibern verfügbar. Weitere Optionen finden Sie auf der [npm](https://www.npmjs.com/)-Site.- - ## Cassandra **Modul**: [cassandra-driver](https://github.com/datastax/nodejs-driver) **Installation** +### Installation + ```bash $ npm install cassandra-driver ``` -**Beispiel** +### Beispiel + +```js +const cassandra = require('cassandra-driver') +const client = new cassandra.Client({ contactPoints: ['localhost'] }) + +client.execute('select key from system.local', (err, result) => { + if (err) throw err + console.log(result.rows[0]) +}) +``` + +## Couchbase + +**Module**: [couchnode](https://github.com/couchbase/couchnode) + +### Installation -
-
+### Beispiel - +```js +const couchbase = require('couchbase') +const bucket = (new couchbase.Cluster('http://localhost:8091')).openBucket('bucketName') + +// add a document to a bucket +bucket.insert('document-key', { name: 'Matt', shoeSize: 13 }, (err, result) => { + if (err) { + console.log(err) + } else { + console.log(result) + } +}) + +// get all documents with shoe size 13 +const n1ql = 'SELECT d.* FROM `bucketName` d WHERE shoeSize = $1' +const query = N1qlQuery.fromString(n1ql) +bucket.query(query, [13], (err, result) => { + if (err) { + console.log(err) + } else { + console.log(result) + } +}) +``` ## CouchDB **Modul**: [nano](https://github.com/dscape/nano) **Installation** +### Installation + ```bash $ npm install nano ``` -**Beispiel** +### Beispiel --var cassandra = require('cassandra-driver'); -var client = new cassandra.Client({ contactPoints: ['localhost']}); +```bash +$ npm install couchbase +``` -client.execute('select key from system.local', function(err, result) { - if (err) throw err; - console.log(result.rows[0]); -}); ---
- - +// Get a list of all books +books.list((err, body) => { + if (err) { + console.log(err) + } else { + console.log(body.rows) + } +}) +``` ## LevelDB **Modul**: [levelup](https://github.com/rvagg/node-levelup) **Installation** +### Installation + ```bash $ npm install level levelup leveldown ``` -**Beispiel** - --var nano = require('nano')('http://localhost:5984'); -nano.db.create('books'); -var books = nano.db.use('books'); +```js +const nano = require('nano')('http://localhost:5984') +nano.db.create('books') +const books = nano.db.use('books') -//Insert a book document in the books database -books.insert({name: 'The Art of war'}, null, function(err, body) { - if (!err){ - console.log(body); +// Insert a book document in the books database +books.insert({ name: 'The Art of war' }, null, (err, body) => { + if (err) { + console.log(err) + } else { + console.log(body) } -}); +}) -//Get a list of all books -books.list(function(err, body){ - console.log(body.rows); -}); ---
+ db.get('name', (err, value) => { + if (err) return console.log('Ooops!', err) - + console.log(`name=${value}`) + }) +}) +``` ## MySQL **Modul**: [mysql](https://github.com/felixge/node-mysql/) **Installation** +### Installation + ```bash $ npm install mysql ``` -**Beispiel** +### Beispiel --var levelup = require('levelup'); -var db = levelup('./mydb'); +### Beispiel -db.put('name', 'LevelUP', function (err) { +```js +const levelup = require('levelup') +const db = levelup('./mydb') - if (err) return console.log('Ooops!', err); - db.get('name', function (err, value) { - if (err) return console.log('Ooops!', err); - console.log('name=' + value); - }); +db.put('name', 'LevelUP', (err) => { + if (err) return console.log('Ooops!', err) -}); ---
+ console.log('The solution is: ', rows[0].solution) +}) - +connection.end() +``` ## MongoDB **Modul**: [mongodb](https://github.com/mongodb/node-mongodb-native) **Installation** +### Installation + ```bash $ npm install mongodb ``` -**Beispiel** +### Example (v2.\*) --var mysql = require('mysql'); -var connection = mysql.createConnection({ - host : 'localhost', - user : 'dbuser', - password : 's3kreee7' -}); +```js +const mysql = require('mysql') +const connection = mysql.createConnection({ + host: 'localhost', + user: 'dbuser', + password: 's3kreee7', + database: 'my_db' +}) -connection.connect(); +connection.connect() -connection.query('SELECT 1 + 1 AS solution', function(err, rows, fields) { - if (err) throw err; - console.log('The solution is: ', rows[0].solution); -}); +connection.query('SELECT 1 + 1 AS solution', (err, rows, fields) => { + if (err) throw err -connection.end(); ---
+MongoClient.connect('mongodb://localhost:27017/animals', (err, db) => { + if (err) throw err -Wenn Sie nach einem Objektmodelltreiber für MongoDB suchen, schauen Sie unter [Mongoose](https://github.com/LearnBoost/mongoose) nach. + db.collection('mammals').find().toArray((err, result) => { + if (err) throw err - + console.log(result) + }) +}) +``` + +### Example (v3.\*) + +```js +const MongoClient = require('mongodb').MongoClient + +MongoClient.connect('mongodb://localhost:27017/animals', (err, client) => { + if (err) throw err + + const db = client.db('animals') + + db.collection('mammals').find().toArray((err, result) => { + if (err) throw err + + console.log(result) + }) +}) +``` + +Wenn Sie nach einem Objektmodelltreiber für MongoDB suchen, schauen Sie unter [Mongoose](https://github.com/LearnBoost/mongoose) nach. ## Neo4j -**Modul**: [apoc](https://github.com/hacksparrow/apoc) -**Installation** +**Module**: [neo4j-driver](https://github.com/neo4j/neo4j-javascript-driver) + +### Installation ```bash -$ npm install apoc +$ npm install neo4j-driver ``` -**Beispiel** +### Beispiel --var MongoClient = require('mongodb').MongoClient; +```js +const MongoClient = require('mongodb').MongoClient -MongoClient.connect('mongodb://localhost:27017/animals', function(err, db) { - if (err) { - throw err; - } - db.collection('mammals').find().toArray(function(err, result) { - if (err) { - throw err; - } - console.log(result); - }); -}); ---
+const session = driver.session() - +session.readTransaction((tx) => { + return tx.run('MATCH (n) RETURN count(n) AS count') + .then((res) => { + console.log(res.records[0].get('count')) + }) + .catch((error) => { + console.log(error) + }) +}) +``` ## Oracle @@ -256,129 +309,182 @@ async function getEmployee (empId) { getEmployee(101) ``` - - ## PostgreSQL **Modul**: [pg-promise](https://github.com/vitaly-t/pg-promise) **Installation** +### Installation + ```bash $ npm install pg-promise ``` -**Beispiel** - --var apoc = require('apoc'); +```js +const neo4j = require('neo4j-driver') +const driver = neo4j.driver('neo4j://localhost:7687', neo4j.auth.basic('neo4j', 'letmein')) -apoc.query('match (n) return n').exec().then( - function (response) { - console.log(response); - }, - function (fail) { - console.log(fail); - } -); ---
+### Beispiel - +```js +const pgp = require('pg-promise')(/* options */) +const db = pgp('postgres://username:password@host:port/database') + +db.one('SELECT $1 AS value', 123) + .then((data) => { + console.log('DATA:', data.value) + }) + .catch((error) => { + console.log('ERROR:', error) + }) +``` ## Redis **Modul**: [redis](https://github.com/mranney/node_redis) **Installation** +### Installation + ```bash $ npm install redis ``` -**Beispiel** +### Beispiel --var pgp = require("pg-promise")(/*options*/); -var db = pgp("postgres://username:password@host:port/database"); - -db.one("SELECT $1 AS value", 123) - .then(function (data) { - console.log("DATA:", data.value); - }) - .catch(function (error) { - console.log("ERROR:", error); - }); ---
+## SQL Server - +**Module**: [tedious](https://github.com/tediousjs/tedious) + +### Installation + +```bash +$ npm install tedious +``` + +### Beispiel + +```js +const Connection = require('tedious').Connection +const Request = require('tedious').Request + +const config = { + server: 'localhost', + authentication: { + type: 'default', + options: { + userName: 'your_username', // update me + password: 'your_password' // update me + } + } +} + +const connection = new Connection(config) + +connection.on('connect', (err) => { + if (err) { + console.log(err) + } else { + executeStatement() + } +}) + +function executeStatement () { + request = new Request("select 123, 'hello world'", (err, rowCount) => { + if (err) { + console.log(err) + } else { + console.log(`${rowCount} rows`) + } + connection.close() + }) + + request.on('row', (columns) => { + columns.forEach((column) => { + if (column.value === null) { + console.log('NULL') + } else { + console.log(column.value) + } + }) + }) + + connection.execSql(request) +} +``` ## SQLite **Modul**: [sqlite3](https://github.com/mapbox/node-sqlite3) **Installation** +### Installation + ```bash $ npm install sqlite3 ``` -**Beispiel** - --var client = require('redis').createClient(); +```js +const redis = require('redis') +const client = redis.createClient() -client.on('error', function (err) { - console.log('Error ' + err); -}); +client.on('error', (err) => { + console.log(`Error ${err}`) +}) -client.set('string key', 'string val', redis.print); -client.hset('hash key', 'hashtest 1', 'some value', redis.print); -client.hset(['hash key', 'hashtest 2', 'some other value'], redis.print); +client.set('string key', 'string val', redis.print) +client.hset('hash key', 'hashtest 1', 'some value', redis.print) +client.hset(['hash key', 'hashtest 2', 'some other value'], redis.print) -client.hkeys('hash key', function (err, replies) { +client.hkeys('hash key', (err, replies) => { + console.log(`${replies.length} replies:`) - console.log(replies.length + ' replies:'); - replies.forEach(function (reply, i) { - console.log(' ' + i + ': ' + reply); - }); + replies.forEach((reply, i) => { + console.log(` ${i}: ${reply}`) + }) - client.quit(); + client.quit() +}) +``` -}); ---
- - +db.close() +``` ## ElasticSearch **Modul**: [elasticsearch](https://github.com/elastic/elasticsearch-js) **Installation** +### Installation + ```bash $ npm install elasticsearch ``` -**Beispiel** +### Beispiel --var sqlite3 = require('sqlite3').verbose(); -var db = new sqlite3.Database(':memory:'); +### Beispiel -db.serialize(function() { +```js +const sqlite3 = require('sqlite3').verbose() +const db = new sqlite3.Database(':memory:') - db.run('CREATE TABLE lorem (info TEXT)'); - var stmt = db.prepare('INSERT INTO lorem VALUES (?)'); +db.serialize(() => { + db.run('CREATE TABLE lorem (info TEXT)') + const stmt = db.prepare('INSERT INTO lorem VALUES (?)') - for (var i = 0; i < 10; i++) { - stmt.run('Ipsum ' + i); + for (let i = 0; i < 10; i++) { + stmt.run(`Ipsum ${i}`) } - stmt.finalize(); + stmt.finalize() - db.each('SELECT rowid AS id, info FROM lorem', function(err, row) { - console.log(row.id + ': ' + row.info); - }); -}); + db.each('SELECT rowid AS id, info FROM lorem', (err, row) => { + console.log(`${row.id}: ${row.info}`) + }) +}) -db.close(); ---
+}).then((response) => { + const hits = response.hits.hits +}, (error) => { + console.trace(error.message) +}) +``` diff --git a/de/guide/debugging.md b/de/guide/debugging.md old mode 100755 new mode 100644 index ff1879d7ee..49d8f7d47d --- a/de/guide/debugging.md +++ b/de/guide/debugging.md @@ -4,6 +4,7 @@ title: Debugging bei Express description: Learn how to enable and use debugging logs in Express.js applications by setting the DEBUG environment variable for enhanced troubleshooting. menu: guide lang: de +redirect_from: " " --- # Debugging bei Express @@ -17,7 +18,7 @@ $ DEBUG=express:* node index.js Verwenden Sie unter Windows den entsprechenden Befehl. ```bash -> set DEBUG=express:* & node index.js +> $env:DEBUG = "express:*"; node index.js ``` Die Ausführung dieses Befehls für die durch [express generator](/{{ page.lang }}/starter/generator.html) generierte Standardanwendung resultiert in folgender Ausgabe: @@ -58,11 +59,11 @@ $ DEBUG=express:* node ./bin/www express:router:layer new / +1ms express:router use /users router +0ms express:router:layer new /users +0ms - express:router use / <anonymous> +0ms + express:router use / <anonymous> +0ms express:router:layer new / +0ms - express:router use / <anonymous> +0ms + express:router use / <anonymous> +0ms express:router:layer new / +0ms - express:router use / <anonymous> +0ms + express:router use / <anonymous> +0ms express:router:layer new / +0ms ``` @@ -90,6 +91,8 @@ Wenn Sie nur die Protokolle von der Routerimplementierung sehen wollen, legen Si ## Von `express` generierte Anwendungen +An application generated by the `express` command uses the `debug` module and its debug namespace is scoped to the name of the application. + Beispiel: Wenn Sie die Anwendung mit `$ express sample-app` generiert haben, können Sie die Debuganweisungen mit dem folgenden Befehl aktivieren: ```bash @@ -101,3 +104,27 @@ Sie können mehrere Debug-Namespaces in einer durch Kommas getrennten Namenslist ```bash $ DEBUG=http,mail,express:* node index.js ``` + +## Advanced options + +When running through Node.js, you can set a few environment variables that will change the behavior of the debug logging: + +| Name | Purpose | +| ------------------- | ----------------------------------------------------------------- | +| `DEBUG` | Enables/disables specific debugging namespaces. | +| `DEBUG_COLORS` | Whether or not to use colors in the debug output. | +| `DEBUG_DEPTH` | Object inspection depth. | +| `DEBUG_FD` | File descriptor to write debug output to. | +| `DEBUG_SHOW_HIDDEN` | Shows hidden properties on inspected objects. | + +{% capture debug-text %} + +The environment variables beginning with `DEBUG_` end up being +converted into an Options object that gets used with `%o`/`%O` formatters. +See the Node.js documentation for +[`util.inspect()`](https://nodejs.org/api/util.html#util_util_inspect_object_options) +for the complete list. + +{% endcapture %} + +{% include admonitions/note.html content=debug-text %} diff --git a/de/guide/error-handling.md b/de/guide/error-handling.md old mode 100755 new mode 100644 index 5e01345df9..dc3fde4319 --- a/de/guide/error-handling.md +++ b/de/guide/error-handling.md @@ -4,11 +4,185 @@ title: Fehlerbehandlung in Express description: Understand how Express.js handles errors in synchronous and asynchronous code, and learn to implement custom error handling middleware for your applications. menu: guide lang: de +redirect_from: " " --- # Fehlerbehandlung +_Error Handling_ refers to how Express catches and processes errors that +occur both synchronously and asynchronously. Express comes with a default error +handler so you don't need to write your own to get started. + +## Catching Errors + +It's important to ensure that Express catches all errors that occur while +running route handlers and middleware. + +Errors that occur in synchronous code inside route handlers and middleware +require no extra work. If synchronous code throws an error, then Express will +catch and process it. Beispiel: + +```js +app.get('/', (req, res) => { + throw new Error('BROKEN') // Express will catch this on its own. +}) +``` + Middlewarefunktionen für die Fehlerbehandlung werden in derselben Weise definiert wie andere Middlewarefunktionen, nur, dass Fehlerbehandlungsfunktionen vier anstatt drei Argumente aufweisen: +`(err, req, res, next)`. Beispiel: + +```js +app.get('/', (req, res, next) => { + fs.readFile('/file-does-not-exist', (err, data) => { + if (err) { + next(err) // Pass errors to Express. + } else { + res.send(data) + } + }) +}) +``` + +Middleware für die Fehlerbehandlung wird ganz zuletzt nach allen anderen `app.use()`- und Weiterleitungsaufrufen definiert. +Beispiel: + +```js +app.get('/user/:id', async (req, res, next) => { + const user = await getUserById(req.params.id) + res.send(user) +}) +``` + +If `getUserById` throws an error or rejects, `next` will be called with either +the thrown error or the rejected value. If no rejected value is provided, `next` +will be called with a default Error object provided by the Express router. + +Wenn Sie Übergaben an die Funktion `next()` vornehmen (außer die Zeichenfolge `'route'`), sieht Express die aktuelle Anforderung als Fehler an und überspringt alle verbleibenden fehlerfreien Behandlungsroutinen und Middlewarefunktionen. + +If the callback in a sequence provides no data, only errors, you can simplify +this code as follows: + +```js +app.get('/', [ + function (req, res, next) { + fs.writeFile('/inaccessible-path', 'data', next) + }, + function (req, res) { + res.send('OK') + } +]) +``` + +In the above example, `next` is provided as the callback for `fs.writeFile`, +which is called with or without errors. If there is no error, the second +handler is executed, otherwise Express catches and processes the error. + +Bei einem Routenhandler mit mehreren Callback-Funktionen können Sie den Parameter `route` verwenden, um den nächsten Routenhandler zu überspringen. Beispiel: + +```js +app.get('/', (req, res, next) => { + setTimeout(() => { + try { + throw new Error('BROKEN') + } catch (err) { + next(err) + } + }, 100) +}) +``` + +The above example uses a `try...catch` block to catch errors in the +asynchronous code and pass them to Express. If the `try...catch` +block were omitted, Express would not catch the error since it is not part of the synchronous +handler code. + +Use promises to avoid the overhead of the `try...catch` block or when using functions +that return promises. Beispiel: + +```js +app.get('/', (req, res, next) => { + Promise.resolve().then(() => { + throw new Error('BROKEN') + }).catch(next) // Errors will be passed to Express. +}) +``` + +Since promises automatically catch both synchronous errors and rejected promises, +you can simply provide `next` as the final catch handler and Express will catch errors, +because the catch handler is given the error as the first argument. + +You could also use a chain of handlers to rely on synchronous error +catching, by reducing the asynchronous code to something trivial. Beispiel: + +```js +app.get('/', [ + function (req, res, next) { + fs.readFile('/maybe-valid-file', 'utf-8', (err, data) => { + res.locals.data = data + next(err) + }) + }, + function (req, res) { + res.locals.data = res.locals.data.split(',')[1] + res.send(res.locals.data) + } +]) +``` + +The above example has a couple of trivial statements from the `readFile` +call. If `readFile` causes an error, then it passes the error to Express, otherwise you +quickly return to the world of synchronous error handling in the next handler +in the chain. Then, the example above tries to process the data. If this fails, then the +synchronous error handler will catch it. If you had done this processing inside +the `readFile` callback, then the application might exit and the Express error +handlers would not run. + +Whichever method you use, if you want Express error handlers to be called in and the +application to survive, you must ensure that Express receives the error. + +## Die Standardfehlerbehandlungsroutine (Default Error Handler) + +Express ist bereits mit einer integrierten Fehlerbehandlungsroutine ausgestattet, mit der alle in der Anwendung festgestellten Fehler gehandhabt werden können. Diese Middleware für die Fehlerbehandlung wird am Ende des Middleware-Funktionsstack hinzugefügt. + +Wenn Sie einen Fehler an `next()` übergeben und diesen nicht mit einem Error-Handler bearbeiten, wird dieser über den integrierten Error-Handler bearbeitet. Der Fehler wird mit dem Stack-Trace zum Client geschrieben. Der Stack-Trace ist in der Produktionsumgebung nicht verfügbar. + +-var elasticsearch = require('elasticsearch'); -var client = elasticsearch.Client({ +```js +const elasticsearch = require('elasticsearch') +const client = elasticsearch.Client({ host: 'localhost:9200' -}); +}) client.search({ index: 'books', @@ -391,10 +497,9 @@ client.search({ } } } -}).then(function(response) { - var hits = response.hits.hits; -}, function(error) { - console.trace(error.message); -}); --+Legen Sie die Umgebungsvariable `NODE_ENV` auf `production` fest, um die Anwendung im Produktionsmodus auszuführen. ++ +When an error is written, the following information is added to the +response: + +- The `res.statusCode` is set from `err.status` (or `err.statusCode`). If + this value is outside the 4xx or 5xx range, it will be set to 500. +- The `res.statusMessage` is set according to the status code. +- The body will be the HTML of the status code message when in production + environment, otherwise will be `err.stack`. +- Any headers specified in an `err.headers` object. + +Wenn `next()` mit einem Fehler aufgerufen wird, nachdem Sie mit dem Schreiben der Antwort begonnen haben (z. B., wenn Sie beim Streamen der Antwort zum Client einen Fehler feststellen), schließt die Standardfehlerbehandlungsroutine in Express die Verbindung, und die Anforderung schlägt fehl. + +Wenn Sie also einen angepassten Error-Handler hinzufügen, empfiehlt es sich, eine Delegierung zur Standardfehlerbehandlungsroutine in Express vorzunehmen, wenn die Header bereits an den Client gesendet wurden: + +```js +function errorHandler (err, req, res, next) { + if (res.headersSent) { + return next(err) + } + res.status(500) + res.render('error', { error: err }) +} +``` + +Note that the default error handler can get triggered if you call `next()` with an error +in your code more than once, even if custom error handling middleware is in place. + +Other error handling middleware can be found at [Express middleware](/{{ page.lang }}/resources/middleware.html). + +## Writing error handlers + +Define error-handling middleware functions in the same way as other middleware functions, +except error-handling functions have four arguments instead of three: `(err, req, res, next)`. Beispiel: ```js @@ -18,13 +192,16 @@ app.use((err, req, res, next) => { }) ``` -Middleware für die Fehlerbehandlung wird ganz zuletzt nach allen anderen `app.use()`- und Weiterleitungsaufrufen definiert. Beispiel: +You define error-handling middleware last, after other `app.use()` and routes calls; for example: ```js const bodyParser = require('body-parser') const methodOverride = require('method-override') -app.use(bodyParser()) +app.use(bodyParser.urlencoded({ + extended: true +})) +app.use(bodyParser.json()) app.use(methodOverride()) app.use((err, req, res, next) => { // logic @@ -39,7 +216,10 @@ Für organisatorische Zwecke (und Frameworks der höheren Ebene) können Sie meh const bodyParser = require('body-parser') const methodOverride = require('method-override') -app.use(bodyParser()) +app.use(bodyParser.urlencoded({ + extended: true +})) +app.use(bodyParser.json()) app.use(methodOverride()) app.use(logErrors) app.use(clientErrorHandler) @@ -57,6 +237,8 @@ function logErrors (err, req, res, next) { In diesem Beispiel wird `clientErrorHandler` wie folgt definiert. In diesem Fall wird der Fehler explizit an den nächsten Error-Handler übergeben: +Notice that when _not_ calling "next" in an error-handling function, you are responsible for writing (and ending) the response. Otherwise, those requests will "hang" and will not be eligible for garbage collection. + ```js function clientErrorHandler (err, req, res, next) { if (req.xhr) { @@ -66,6 +248,7 @@ function clientErrorHandler (err, req, res, next) { } } ``` + Die `errorHandler`-Funktion "catch-all" kann wie folgt implementiert werden: ```js @@ -75,17 +258,16 @@ function errorHandler (err, req, res, next) { } ``` -Wenn Sie Übergaben an die Funktion `next()` vornehmen (außer die Zeichenfolge `'route'`), sieht Express die aktuelle Anforderung als Fehler an und überspringt alle verbleibenden fehlerfreien Behandlungsroutinen und Middlewarefunktionen. Wenn Sie den Fehler bearbeiten wollen, müssen Sie (wie im nächsten Abschnitt beschrieben) eine Fehlerbehandlungsweiterleitung erstellen. - -Bei einem Routenhandler mit mehreren Callback-Funktionen können Sie den Parameter `route` verwenden, um den nächsten Routenhandler zu überspringen. Beispiel: +If you have a route handler with multiple callback functions, you can use the `route` parameter to skip to the next route handler. Beispiel: ```js app.get('/a_route_behind_paywall', (req, res, next) => { if (!req.user.hasPaid) { - // continue handling this request next('route') + } else { + next() } }, (req, res, next) => { PaidContent.find((err, doc) => { @@ -94,32 +276,9 @@ app.get('/a_route_behind_paywall', }) }) ``` -In diesem Beispiel wird der Handler `getPaidContent` übersprungen. Alle verbleibenden Handler in `app` für `/a_route_behind_paywall` werden jedoch weiter ausgeführt. - --Aufrufe zu `next()` und `next(err)` geben an, dass der aktuelle Handler abgeschlossen ist und welchen Status er aufweist. Durch `next(err)` werden alle verbleibenden Handler in der Kette übersprungen. Ausgenommen hiervor sind die Handler, die konfiguriert sind, um Fehler wie oben beschrieben zu behandeln. -- -## Die Standardfehlerbehandlungsroutine (Default Error Handler) - -Express ist bereits mit einer integrierten Fehlerbehandlungsroutine ausgestattet, mit der alle in der Anwendung festgestellten Fehler gehandhabt werden können. Diese Middleware für die Fehlerbehandlung wird am Ende des Middleware-Funktionsstack hinzugefügt. -Wenn Sie einen Fehler an `next()` übergeben und diesen nicht mit einem Error-Handler bearbeiten, wird dieser über den integrierten Error-Handler bearbeitet. Der Fehler wird mit dem Stack-Trace zum Client geschrieben. Der Stack-Trace ist in der Produktionsumgebung nicht verfügbar. +In diesem Beispiel wird der Handler `getPaidContent` übersprungen. Alle verbleibenden Handler in `app` für `/a_route_behind_paywall` werden jedoch weiter ausgeführt.-Legen Sie die Umgebungsvariable `NODE_ENV` auf `production` fest, um die Anwendung im Produktionsmodus auszuführen. +Aufrufe zu `next()` und `next(err)` geben an, dass der aktuelle Handler abgeschlossen ist und welchen Status er aufweist. Durch `next(err)` werden alle verbleibenden Handler in der Kette übersprungen. Ausgenommen hiervor sind die Handler, die konfiguriert sind, um Fehler wie oben beschrieben zu behandeln.- -Wenn `next()` mit einem Fehler aufgerufen wird, nachdem Sie mit dem Schreiben der Antwort begonnen haben (z. B., wenn Sie beim Streamen der Antwort zum Client einen Fehler feststellen), schließt die Standardfehlerbehandlungsroutine in Express die Verbindung, und die Anforderung schlägt fehl. - -Wenn Sie also einen angepassten Error-Handler hinzufügen, empfiehlt es sich, eine Delegierung zur Standardfehlerbehandlungsroutine in Express vorzunehmen, wenn die Header bereits an den Client gesendet wurden: - -```js -function errorHandler (err, req, res, next) { - if (res.headersSent) { - return next(err) - } - res.status(500) - res.render('error', { error: err }) -} -``` diff --git a/de/guide/migrating-4.md b/de/guide/migrating-4.md old mode 100755 new mode 100644 index 8131f3dddc..04936b7501 --- a/de/guide/migrating-4.md +++ b/de/guide/migrating-4.md @@ -4,6 +4,7 @@ title: Migration auf Express 4 description: A guide to migrating your Express.js applications from version 3 to 4, covering changes in middleware, routing, and how to update your codebase effectively. menu: guide lang: de +redirect_from: " " --- # Wechsel zu Express 4 @@ -25,15 +26,16 @@ In diesem Beitrag werden folgende Themen behandelt: In Express 4 wurden einige signifikante Änderungen vorgenommen:-
-
- Änderungen am Express-Core- und Middlewaresystem. Die Abhängigkeiten bei Connect und der integrierten Middleware wurden entfernt. Sie müssen also Middleware selbst hinzufügen. +
- Changes to Express core and middleware system. The dependencies on Connect and built-in middleware were removed, so you must add middleware yourself. +
- Änderungen am Weiterleitungssystem (Routingsystem).
- Weitere Änderungen.
Änderungen am Express-Core- und Middlewaresystem
@@ -49,7 +51,7 @@ Ohne integrierte Middleware müssen Sie explizit alle Middlewarefunktionen hinzu In der folgenden Tabelle sind Express 3-Middlewarefunktionen und deren Entsprechungen in Express 4 aufgelistet.-
+ Hier finden Sie die [komplette Liste](https://github.com/senchalabs/connect#middleware) der Express 4-Middleware. @@ -89,25 +91,28 @@ In den meisten Fällen können Sie einfach nur die Middleware der alten VersionExpress 3 Express 4 Express 3 Express 4 express.bodyParserbody-parser + multer serve-index express.staticserve-static
-In Version 4 können Sie über einen Variablenparameter den Pfad definieren, in den Middlewarefunktionen geladen werden. Dann können Sie den Wert des Parameters aus dem Routenhandler laden. Beispiel: +In Version 4 können Sie über einen Variablenparameter den Pfad definieren, in den Middlewarefunktionen geladen werden. Dann können Sie den Wert des Parameters aus dem Routenhandler laden. +Beispiel: ```js -app.use('/book/:id', function (req, res, next) { +app.use('/book/:id', (req, res, next) => { console.log('ID:', req.params.id) next() }) ``` +app.useakzeptiert Parameter.Das Routingsystem
Anwendungen laden nun implizit Routing-Middleware. Sie müssen sich also keine Gedanken mehr über die Reihenfolge machen, in der die Middleware in Bezug auf die `router`-Middleware geladen wird. -Die Art und Weise, wie Weiterleitungen (Routen) definiert werden, bleibt unverändert. Das Routingsystem verfügt jedoch über zwei neue Funktionen, die beim Organisieren Ihrer Weiterleitungen helfen: +Das Routingsystem verfügt jedoch über zwei neue Funktionen, die beim Organisieren Ihrer Weiterleitungen helfen: {: .doclist } -* Die neue Methode `app.route()` zum Erstellen verkettbarer Routenhandler für einen Weiterleitungspfad -* Die neue Klasse `express.Router` zum Erstellen modular einbindbarer Routenhandler + +- Die neue Methode `app.route()` zum Erstellen verkettbarer Routenhandler für einen Weiterleitungspfad +- Die neue Klasse `express.Router` zum Erstellen modular einbindbarer RoutenhandlerDie Methode
@@ -117,13 +122,13 @@ Dies ist ein Beispiel für verkettete Routenhandler, die mit der Funktion `app.r ```js app.route('/book') - .get(function (req, res) { + .get((req, res) => { res.send('Get a random book') }) - .post(function (req, res) { + .post((req, res) => { res.send('Add a book') }) - .put(function (req, res) { + .put((req, res) => { res.send('Update the book') }) ``` @@ -141,16 +146,16 @@ var express = require('express') var router = express.Router() // middleware specific to this router -router.use(function timeLog (req, res, next) { +router.use((req, res, next) => { console.log('Time: ', Date.now()) next() }) // define the home page route -router.get('/', function (req, res) { +router.get('/', (req, res) => { res.send('Birds home page') }) // define the about route -router.get('/about', function (req, res) { +router.get('/about', (req, res) => { res.send('About birds') }) @@ -162,7 +167,7 @@ Laden Sie dann das Routermodul in die Anwendung: ```js var birds = require('./birds') -/// ... +// ... app.use('/birds', birds) ``` @@ -175,7 +180,7 @@ Weitere Änderungen In der folgenden Tabelle sind andere kleinere, aber trotzdem wichtige Änderungen in Express 4 aufgeführt:app.route()-
++ Objekt Beschreibung -Die Funktion `app.configure()` wurde entfernt. Verwenden Sie die Funktion `process.env.NODE_ENV` oder `app.get('env')`, um die Umgebung zu erkennen und die Anwendung entsprechend zu konfigurieren. +Die Funktion `app.configure()` wurde entfernt. Verwenden Sie die Funktion `process.env.NODE_ENV` oder `app.get('env')`, um die Umgebung zu erkennen und die Anwendung entsprechend zu konfigurieren. @@ -281,11 +286,12 @@ Entfernt. Die Funktionalität ist nun auf die Einstellung des Basis-Cookiewerts begrenzt. Verwenden Sie `res.cookie()`, um weitere Funktionalität zu erhalten. -Beispiel für eine Anwendungsmigration
-Dies ist ein Beispiel für die Migration einer Express 3-Anwendung auf Express 4. Die dabei interessanten Dateien sind `app.js` und `package.json`. +Dies ist ein Beispiel für die Migration einer Express 3-Anwendung auf Express 4. +Die dabei interessanten Dateien sind `app.js` und `package.json`.Anwendung der Version 3 @@ -324,7 +330,7 @@ if (app.get('env') === 'development') { app.get('/', routes.index) app.get('/users', user.list) -http.createServer(app).listen(app.get('port'), function () { +http.createServer(app).listen(app.get('port'), () => { console.log('Express server listening on port ' + app.get('port')) }) ``` @@ -361,11 +367,12 @@ $ npm install serve-favicon morgan method-override express-session body-parser m Nehmen Sie an `app.js` die folgenden Änderungen vor: 1. Die integrierten Express-Middlewarefunktionen `express.favicon`, - `express.logger`, `express.methodOverride`, - `express.session`, `express.bodyParser` und - `express.errorHandler` sind im Objekt `express` nicht mehr verfügbar. Sie müssen deren Alternativen manuell installieren und in die Anwendung laden. + `express.logger`, `express.methodOverride`, + `express.session`, `express.bodyParser` und + `express.errorHandler` sind im Objekt `express` nicht mehr verfügbar. Sie müssen deren Alternativen manuell installieren und in die Anwendung laden. -2. Sie müssen die Funktion `app.router` nicht mehr laden. Sie ist kein gültiges Express 4-Anwendungsobjekt. Entfernen Sie also den Code `app.use(app.router);`. +2. Sie müssen die Funktion `app.router` nicht mehr laden. + Sie ist kein gültiges Express 4-Anwendungsobjekt. Entfernen Sie also den Code `app.use(app.router);`. 3. Stellen Sie sicher, dass die Middlewarefunktionen in der richtigen Reihenfolge geladen werden – laden Sie `errorHandler` nach dem Laden der Anwendungsweiterleitungen. @@ -388,7 +395,7 @@ Durch Ausführung des Befehls `npm` wird `package.json` wie folgt aktualisiert: "errorhandler": "^1.1.1", "express": "^4.8.0", "express-session": "^1.7.2", - "pug": "^2.0.0-beta6", + "pug": "^2.0.0", "method-override": "^2.1.2", "morgan": "^1.2.2", "multer": "^0.1.3", @@ -449,11 +456,10 @@ server.listen(app.get('port'), () => { }) ``` -
-Wenn Sie nicht direkt mit dem Modul `http` arbeiten müssen (socket.io/SPDY/HTTPS), ist das Laden des Moduls nicht erforderlich. Die Anwendung kann dann einfach wie folgt gestartet werden: +Wenn Sie nicht direkt mit dem Modul `http` arbeiten müssen (socket.io/SPDY/HTTPS), ist das Laden des Moduls nicht erforderlich. Die Anwendung kann dann einfach wie folgt gestartet werden: ```js -app.listen(app.get('port'), function () { +app.listen(app.get('port'), () => { console.log('Express server listening on port ' + app.get('port')) }) ``` @@ -483,6 +489,7 @@ $ npm uninstall -g express ``` Abhängig davon, wie Ihre Datei- und Verzeichnissberechtigungen konfiguriert sind, müssen Sie diesen Befehl möglicherweise mit `sudo` ausführen. + Installieren Sie nun den neuen Generator: ```bash @@ -491,7 +498,6 @@ $ npm install -g express-generator Abhängig davon, wie Ihre Datei- und Verzeichnissberechtigungen konfiguriert sind, müssen Sie diesen Befehl möglicherweise mit `sudo` ausführen. - Nun wird der Befehl `express` auf Ihrem System auf den Express 4 App Generator aktualisiert.Änderungen am App Generator
@@ -499,9 +505,10 @@ Nun wird der Befehl `express` auf Ihrem System auf den Express 4 App Generator a Befehlsoptionen und -nutzung bleiben größtenteils unverändert. Es gelten jedoch folgende Ausnahmen: {: .doclist } -* Option `--sessions` wurde entfernt. -* Option `--jshtml` wurde entfernt. -* Option `--hogan` wurde hinzugefügt, um [Hogan.js](http://twitter.github.io/hogan.js/) zu unterstützen. + +- Option `--sessions` wurde entfernt. +- Option `--jshtml` wurde entfernt. +- Option `--hogan` wurde hinzugefügt, um [Hogan.js](http://twitter.github.io/hogan.js/) zu unterstützen.Beispiel
@@ -532,7 +539,7 @@ Um das Verzeichnis `www` zu löschen und alles im "Express 3-Stil" zu belassen, ```js app.set('port', process.env.PORT || 3000) -var server = app.listen(app.get('port'), function () { +var server = app.listen(app.get('port'), () => { debug('Express server listening on port ' + server.address().port) }) ``` diff --git a/de/guide/migrating-5.md b/de/guide/migrating-5.md old mode 100755 new mode 100644 index de972e1f78..689fae62fc --- a/de/guide/migrating-5.md +++ b/de/guide/migrating-5.md @@ -4,6 +4,7 @@ title: Migration auf Express 5 description: A comprehensive guide to migrating your Express.js applications from version 4 to 5, detailing breaking changes, deprecated methods, and new improvements. menu: guide lang: de +redirect_from: " " --- # Wechsel zu Express 5 @@ -12,19 +13,33 @@ lang: de Express 5.0 befindet sich noch in der Beta-Release-Phase. Hier finden Sie jedoch bereits eine Vorschau zu den Änderungen in diesem Release und zur Migration Ihrer Express 4-Anwendung auf Express 5. -Express 5 unterscheidet sich nicht allzu sehr von Express 4: Die Änderungen an der API sind nicht so signifikant wie von 3.0 zu 4.0. Auch wenn die Basis-API unverändert bleibt, wird es doch einige grundlegende Veränderungen geben. In anderen Worten: Ein vorhandenes Express 4-Programm funktioniert möglicherweise nicht mehr, wenn Sie es für Express 5 aktualisieren. +To install this version, you need to have a Node.js version 18 or higher. Then, execute the following command in your application directory: -Zum Installieren der aktuellen Alpha-Version und zur Vorschau von Express 5 geben Sie den folgenden Befehl im Stammverzeichnis Ihrer Anwendung ein: - -```bash -$ npm install "express@5" --save +```sh +npm install "express@5" ``` Sie können Ihre automatisierten Tests ausführen, um zu sehen, was fehlschlägt, und Probleme gemäß den folgenden Updates beheben. Nachdem Sie alle Testfehler behoben haben, führen Sie Ihre Anwendung aus, um zu sehen, welche Fehler noch auftreten. Sie werden sofort feststellen, ob die Anwendung Methoden oder Eigenschaften verwendet, die nicht unterstützt werden. -Änderungen in Express 5
+## Express 5 Codemods + +To help you migrate your express server, we have created a set of codemods that will help you automatically update your code to the latest version of Express. + +Run the following command for run all the codemods available: + +```sh +npx @expressjs/codemod upgrade +``` + +If you want to run a specific codemod, you can run the following command: + +```sh +npx @expressjs/codemod name-of-the-codemod +``` -Nachfolgend finden Sie eine Liste mit Änderungen (Stand: Alpha-2-Release), die sich auf Sie als Express-Benutzer auswirken werden. Siehe hierzu auch die [Pull-Anforderung](https://github.com/expressjs/express/pull/2237) mit einer Liste aller geplanten Features und Funktionen. +You can find the list of available codemods [here](https://github.com/expressjs/codemod?tab=readme-ov-file#available-codemods). + +Änderungen in Express 5
**Entfernte Methoden und Eigenschaften** @@ -36,26 +51,40 @@ Nachfolgend finden Sie eine Liste mit Änderungen (Stand: Alpha-2-Release), die- req.param(name)
- res.json(obj, status)
- res.jsonp(obj, status)
+- res.redirect('back') and res.location('back')
+- res.redirect(url, status)
- res.send(body, status)
- res.send(status)
- res.sendfile()
+- router.param(fn)
+- express.static.mime
+- express:router debug logs
-**Geändert** +**Verbesserungen**-
+
- Path route matching syntax +
- Rejected promises handled from middleware and handlers +
- express.urlencoded +
- app.listen
- app.router +
- req.body
- req.host
- req.query +
- res.clearCookie +
- res.status +
- res.vary
Entfernte Methoden und Eigenschaften
+### Entfernte Methoden und Eigenschaften Wenn Sie eine dieser Methoden oder Eigenschaften in Ihrer Anwendung verwenden, stürzt die Anwendung ab. Sie müssen also Ihre Anwendung ändern, wenn Sie auf Version 5 umgestellt haben. @@ -63,21 +92,75 @@ Wenn Sie eine dieser Methoden oder Eigenschaften in Ihrer Anwendung verwenden, s Express 5 unterstützt die Funktion `app.del()` nicht mehr. Wenn Sie diese Funktion verwenden, wird ein Fehler ausgelöst. Für die Registrierung von HTTP DELETE-Weiterleitungen verwenden Sie stattdessen die Funktion `app.delete()`. -Anfänglich wurde `del` statt `delete` verwendet, weil `delete` in JavaScript ein reserviertes Schlüsselwort ist. Ab ECMAScript 6 jedoch können `delete` und andere reservierte Schlüsselwörter legal als Eigenschaftsnamen verwendet werden. Lesen hier auch die Diskussion, die zur Einstellung der Unterstützung der Funktion `app.del` geführt hat. +Anfänglich wurde `del` statt `delete` verwendet, weil `delete` in JavaScript ein reserviertes Schlüsselwort ist. Ab ECMAScript 6 jedoch können `delete` und andere reservierte Schlüsselwörter legal als Eigenschaftsnamen verwendet werden. + +{% capture codemod-deprecated-signatures %} +You can replace the deprecated signatures with the following command: + +```plain-text +npx @expressjs/codemod v4-deprecated-signatures +``` + +{% endcapture %} + +{% include admonitions/note.html content=codemod-deprecated-signatures %} + +```js +// v4 +app.del('/user/:id', (req, res) => { + res.send(`DELETE /user/${req.params.id}`) +}) + +// v5 +app.delete('/user/:id', (req, res) => { + res.send(`DELETE /user/${req.params.id}`) +}) +```app.param(fn)
-Die Signatur `app.param(fn)` wurde für die Änderung der Verhaltensweise der Funktion `app.param(name, fn)` verwendet. Seit v4.11.0 wurde sie nicht mehr verwendet. In Express 5 wird sie überhaupt nicht mehr unterstützt. +Die Signatur `app.param(fn)` wurde für die Änderung der Verhaltensweise der Funktion `app.param(name, fn)` verwendet. Seit v4.11.0 wurde sie nicht mehr verwendet. In Express 5 wird sie überhaupt nicht mehr unterstützt.Pluralisierte Methodennamen
Die folgenden Methodennamen wurden pluralisiert. In Express 4 wurde bei Verwendung der alten Methoden eine Warnung zur Einstellung der Unterstützung ausgegeben. Express 5 unterstützt diese Methoden nicht mehr. +`req.acceptsLanguage()` wird durch `req.acceptsLanguages()` ersetzt. + `req.acceptsCharset()` wird durch `req.acceptsCharsets()` ersetzt. `req.acceptsEncoding()` wird durch `req.acceptsEncodings()` ersetzt. -`req.acceptsLanguage()` wird durch `req.acceptsLanguages()` ersetzt. +{% capture codemod-pluralized-methods %} +You can replace the deprecated signatures with the following command: + +```plain-text +npx @expressjs/codemod pluralized-methods +``` + +{% endcapture %} + +{% include admonitions/note.html content=codemod-pluralized-methods %} + +```js +// v4 +app.all('/', (req, res) => { + req.acceptsCharset('utf-8') + req.acceptsEncoding('br') + req.acceptsLanguage('en') + + // ... +}) + +// v5 +app.all('/', (req, res) => { + req.acceptsCharsets('utf-8') + req.acceptsEncodings('br') + req.acceptsLanguages('en') + + // ... +}) +```Führender Doppelpunkt (:) im Namen für app.param(name, fn)
@@ -89,42 +172,334 @@ Dies dürfte keine Auswirkungen auf Ihren Code haben, wenn Sie die Express 4-Dok Dieses potenziell verwirrende und durchaus riskante Verfahren des Abrufens von Formulardaten wurde entfernt. Sie müssen nun ganz speziell nach dem übergebenen Parameternamen im Objekt `req.params`, `req.body` oder `req.query` suchen. +{% capture codemod-req-param %} +You can replace the deprecated signatures with the following command: + +```plain-text +npx @expressjs/codemod req-param +``` + +{% endcapture %} + +{% include admonitions/note.html content=codemod-req-param %} + +```js +// v4 +app.post('/user', (req, res) => { + const id = req.param('id') + const body = req.param('body') + const query = req.param('query') + + // ... +}) + +// v5 +app.post('/user', (req, res) => { + const id = req.params.id + const body = req.body + const query = req.query + + // ... +}) +``` +res.json(obj, status)
Express 5 unterstützt die Signatur `res.json(obj, status)` nicht mehr. Stattdessen müssen Sie den Status festlegen und diesen dann mit `res.json()`-Methoden wie dieser verketten: `res.status(status).json(obj)`. +{% include admonitions/note.html content=codemod-deprecated-signatures %} + +```js +// v4 +app.post('/user', (req, res) => { + res.json({ name: 'Ruben' }, 201) +}) + +// v5 +app.post('/user', (req, res) => { + res.status(201).json({ name: 'Ruben' }) +}) +``` +res.jsonp(obj, status)
Express 5 unterstützt die Signatur `res.jsonp(obj, status)` nicht mehr. Stattdessen müssen Sie den Status festlegen und diesen dann mit `res.jsonp()`-Methoden wie dieser verketten: `res.status(status).jsonp(obj)`. -res.send(body, status)
+{% include admonitions/note.html content=codemod-deprecated-signatures %} + +```js +// v4 +app.post('/user', (req, res) => { + res.jsonp({ name: 'Ruben' }, 201) +}) + +// v5 +app.post('/user', (req, res) => { + res.status(201).jsonp({ name: 'Ruben' }) +}) +``` + +res.redirect(url, status)
Express 5 unterstützt die Signatur `res.send(obj, status)` nicht mehr. Stattdessen müssen Sie den Status festlegen und diesen dann mit `res.send()`-Methoden wie dieser verketten: `res.status(status).send(obj)`. +{% include admonitions/note.html content=codemod-deprecated-signatures %} + +```js +// v4 +app.get('/user', (req, res) => { + res.redirect('/users', 301) +}) + +// v5 +app.get('/user', (req, res) => { + res.redirect(301, '/users') +}) +``` + +res.redirect('back') and res.location('back')
+ +Express 5 no longer supports the magic string `back` in the `res.redirect()` and `res.location()` methods. Instead, use the `req.get('Referrer') || '/'` value to redirect back to the previous page. In Express 4, the res.`redirect('back')` and `res.location('back')` methods were deprecated. + +{% capture codemod-magic-redirect %} +You can replace the deprecated signatures with the following command: + +```plain-text +npx @expressjs/codemod magic-redirect +``` + +{% endcapture %} + +{% include admonitions/note.html content=codemod-magic-redirect %} + +```js +// v4 +app.get('/user', (req, res) => { + res.redirect('back') +}) + +// v5 +app.get('/user', (req, res) => { + res.redirect(req.get('Referrer') || '/') +}) +``` + +res.send(body, status)
+ +Express 5 no longer supports the signature `res.send(obj, status)`. Instead, set the status and then chain it to the `res.send()` method like this: `res.status(status).send(obj)`. + +{% include admonitions/note.html content=codemod-deprecated-signatures %} + +```js +// v4 +app.get('/user', (req, res) => { + res.send({ name: 'Ruben' }, 200) +}) + +// v5 +app.get('/user', (req, res) => { + res.status(200).send({ name: 'Ruben' }) +}) +``` +res.send(status)
-Express 5 unterstützt die Signaturres.send(status), nicht mehr, wobei *`status`* für eine Zahl steht. Verwenden Sie stattdessen die Funktion `res.sendStatus(statusCode)`, mit der der Statuscode für den HTTP-Antwort-Header festgelegt und die Textversion des Codes gesendet wird: "Not Found" (Nicht gefunden), "Internal Server Error" (Interner Serverfehler) usw. Wenn Sie eine Zahl senden und hierfür die Funktion `res.send()` verwenden müssen, müssen Sie die Zahl in Anführungszeichen setzen, um diese in eine Zeichenfolge zu konvertieren. Dadurch interpretiert Express diese Zahl nicht als Versuch, die nicht mehr unterstützte alte Signatur zu verwenden. +Express 5 unterstützt die Signaturres.send(status), nicht mehr, wobei _`status`_ für eine Zahl steht. Verwenden Sie stattdessen die Funktion `res.sendStatus(statusCode)`, mit der der Statuscode für den HTTP-Antwort-Header festgelegt und die Textversion des Codes gesendet wird: "Not Found" (Nicht gefunden), "Internal Server Error" (Interner Serverfehler) usw. +Wenn Sie eine Zahl senden und hierfür die Funktion `res.send()` verwenden müssen, müssen Sie die Zahl in Anführungszeichen setzen, um diese in eine Zeichenfolge zu konvertieren. Dadurch interpretiert Express diese Zahl nicht als Versuch, die nicht mehr unterstützte alte Signatur zu verwenden. + +{% include admonitions/note.html content=codemod-deprecated-signatures %} + +```js +// v4 +app.get('/user', (req, res) => { + res.send(200) +}) + +// v5 +app.get('/user', (req, res) => { + res.sendStatus(200) +}) +```res.sendfile()
Die Funktion `res.sendfile()` wurde durch eine Version in Camel-Schreibweise von `res.sendFile()` in Express 5 ersetzt. +{% include admonitions/note.html content=codemod-deprecated-signatures %} + +```js +// v4 +app.get('/user', (req, res) => { + res.sendfile('/path/to/file') +}) + +// v5 +app.get('/user', (req, res) => { + res.sendFile('/path/to/file') +}) +``` + +router.param(fn)
+ +The `router.param(fn)` signature was used for modifying the behavior of the `router.param(name, fn)` function. Seit v4.11.0 wurde sie nicht mehr verwendet. In Express 5 wird sie überhaupt nicht mehr unterstützt. + +express.static.mime
+ +In Express 5, `mime` is no longer an exported property of the `static` field. +Use the [`mime-types` package](https://github.com/jshttp/mime-types) to work with MIME type values. + +```js +// v4 +express.static.mime.lookup('json') + +// v5 +const mime = require('mime-types') +mime.lookup('json') +``` + +express:router debug logs
+ +In Express 5, router handling logic is performed by a dependency. Therefore, the +debug logs for the router are no longer available under the `express:` namespace. +In v4, the logs were available under the namespaces `express:router`, `express:router:layer`, +and `express:router:route`. All of these were included under the namespace `express:*`. +In v5.1+, the logs are available under the namespaces `router`, `router:layer`, and `router:route`. +The logs from `router:layer` and `router:route` are included in the namespace `router:*`. +To achieve the same detail of debug logging when using `express:*` in v4, use a conjunction of +`express:*`, `router`, and `router:*`. + +```sh +# v4 +DEBUG=express:* node index.js + +# v5 +DEBUG=express:*,router,router:* node index.js +``` +Geändert
+Path route matching syntax
+ +Path route matching syntax is when a string is supplied as the first parameter to the `app.all()`, `app.use()`, `app.METHOD()`, `router.all()`, `router.METHOD()`, and `router.use()` APIs. The following changes have been made to how the path string is matched to an incoming request: + +- The wildcard `*` must have a name, matching the behavior of parameters `:`, use `/*splat` instead of `/*` + +```js +// v4 +app.get('/*', async (req, res) => { + res.send('ok') +}) + +// v5 +app.get('/*splat', async (req, res) => { + res.send('ok') +}) +``` + +{% capture note_wildcard %} +`*splat` matches any path without the root path. If you need to match the root path as well `/`, you can use `/{*splat}`, wrapping the wildcard in braces. + +```js +// v5 +app.get('/{*splat}', async (req, res) => { + res.send('ok') +}) +``` + +{% endcapture %} +{% include admonitions/note.html content=note_wildcard %} + +- The optional character `?` is no longer supported, use braces instead. + +```js +// v4 +app.get('/:file.:ext?', async (req, res) => { + res.send('ok') +}) + +// v5 +app.get('/:file{.:ext}', async (req, res) => { + res.send('ok') +}) +``` + +- Regexp characters are not supported. Beispiel: + +```js +app.get('/[discussion|page]/:slug', async (req, res) => { + res.status(200).send('ok') +}) +``` + +should be changed to: + +```js +app.get(['/discussion/:slug', '/page/:slug'], async (req, res) => { + res.status(200).send('ok') +}) +``` + +- Some characters have been reserved to avoid confusion during upgrade (`()[]?+!`), use `\` to escape them. +- Parameter names now support valid JavaScript identifiers, or quoted like `:"this"`. + +Rejected promises handled from middleware and handlers
+ +Request middleware and handlers that return rejected promises are now handled by forwarding the rejected value as an `Error` to the error handling middleware. This means that using `async` functions as middleware and handlers are easier than ever. When an error is thrown in an `async` function or a rejected promise is `await`ed inside an async function, those errors will be passed to the error handler as if calling `next(err)`. + +Details of how Express handles errors is covered in the [error handling documentation](/en/guide/error-handling.html). + +express.urlencoded
+ +The `express.urlencoded` method makes the `extended` option `false` by default. + +app.listen
+ +In Express 5, the `app.listen` method will invoke the user-provided callback function (if provided) when the server receives an error event. In Express 4, such errors would be thrown. This change shifts error-handling responsibility to the callback function in Express 5. If there is an error, it will be passed to the callback as an argument. +Beispiel: + +```js +const server = app.listen(8080, '0.0.0.0', (error) => { + if (error) { + throw error // e.g. EADDRINUSE + } + console.log(`Listening on ${JSON.stringify(server.address())}`) +}) +``` +app.router
Das Objekt `app.router`, das in Express 4 entfernt wurde, ist in Express 5 wieder verfügbar. In der neuen Version fungiert dieses Objekt nur als Referenz zum Express-Basisrouter – im Gegensatz zu Express 3, wo die Anwendung dieses Objekt explizit laden musste. +req.body
+ +The `req.body` property returns `undefined` when the body has not been parsed. In Express 4, it returns `{}` by default. +req.host
In Express 4 übergab die Funktion `req.host` nicht ordnungsgemäß eine eventuell vorhandene Portnummer. In Express 5 wird die Portnummer beibehalten.req.query
-In Express 4.7 und ab Express 5 kann die Abfrageparser-Option `false` akzeptieren, um das Parsing von Abfragezeichenfolgen zu deaktivieren, wenn Sie Ihre eigene Funktion für die Parsinglogik bei Abfragezeichenfolgen verwenden wollen. +The `req.query` property is no longer a writable property and is instead a getter. The default query parser has been changed from "extended" to "simple". -Verbesserungen
+res.clearCookie
+ +The `res.clearCookie` method ignores the `maxAge` and `expires` options provided by the user. + +res.status
+ +The `res.status` method only accepts integers in the range of `100` to `999`, following the behavior defined by Node.js, and it returns an error when the status code is not an integer. + +res.vary
+ +The `res.vary` throws an error when the `field` argument is missing. In Express 4, if the argument was omitted, it gave a warning in the console + +### Verbesserungenres.render()
Diese Methode erzwingt nun asynchrones Verhalten für alle View-Engines, sodass durch View-Engines mit synchroner Implementierung verursachte Fehler vermieden werden, durch die die empfohlene Schnittstelle nicht verwendet werden konnte. + +Brotli encoding support
+ +Express 5 supports Brotli encoding for requests received from clients that support it. diff --git a/id/guide/overriding-express-api.md b/de/guide/overriding-express-api.md similarity index 95% rename from id/guide/overriding-express-api.md rename to de/guide/overriding-express-api.md index 48e8f4e11a..128fc5aa18 100644 --- a/id/guide/overriding-express-api.md +++ b/de/guide/overriding-express-api.md @@ -1,12 +1,10 @@ --- layout: page title: Overriding the Express API +description: Discover how to customize and extend the Express.js API by overriding methods and properties on the request and response objects using prototypes. menu: guide -lang: id -description: Discover how to customize and extend the Express.js API by overriding - methods and properties on the request and response objects using prototypes. +lang: de --- -# Overriding the Express API @@ -73,4 +71,3 @@ Unless necessary, it is recommended that this be done only at the application le Object.setPrototypeOf(Object.getPrototypeOf(app.request), FakeRequest.prototype) Object.setPrototypeOf(Object.getPrototypeOf(app.response), FakeResponse.prototype) ``` -diff --git a/de/guide/routing.md b/de/guide/routing.md old mode 100755 new mode 100644 index 70bf497067..da4871a7a6 --- a/de/guide/routing.md +++ b/de/guide/routing.md @@ -4,11 +4,24 @@ title: Weiterleitung in Express description: Learn how to define and use routes in Express.js applications, including route methods, route paths, parameters, and using Router for modular routing. menu: guide lang: de +redirect_from: " " --- # Weiterleitung (Routing) -Der Begriff *Weiterleitung* (Routing) bezieht sich auf die Definition von Anwendungsendpunkten (URIs) und deren Antworten auf Clientanforderungen. Eine Einführung in dieses Routing siehe [Basisrouting](/{{ page.lang }}/starter/basic-routing.html). +Der Begriff _Weiterleitung_ (Routing) bezieht sich auf die Definition von Anwendungsendpunkten (URIs) und deren Antworten auf Clientanforderungen. +Eine Einführung in dieses Routing siehe [Basisrouting](/{{ page.lang }}/starter/basic-routing.html). + +You define routing using methods of the Express `app` object that correspond to HTTP methods; +for example, `app.get()` to handle GET requests and `app.post` to handle POST requests. For a full list, +see [app.METHOD](/{{ page.lang }}/5x/api.html#app.METHOD). You can also use [app.all()](/{{ page.lang }}/5x/api.html#app.all) to handle all HTTP methods and [app.use()](/{{ page.lang }}/5x/api.html#app.use) to +specify middleware as the callback function (See [Using middleware](/{{ page.lang }}/guide/using-middleware.html) for details). + +These routing methods specify a callback function (sometimes called "handler functions") called when the application receives a request to the specified route (endpoint) and HTTP method. In other words, the application "listens" for requests that match the specified route(s) and method(s), and when it detects a match, it calls the specified callback function. + +In fact, the routing methods can have more than one callback function as arguments. +With multiple callback functions, it is important to provide `next` as an argument to the callback function and then call `next()` within the body of the function to hand off control +to the next callback. Der folgende Code ist ein Beispiel für ein sehr einfaches Basisrouting. @@ -40,15 +53,10 @@ app.post('/', (req, res) => { }) ``` -Express unterstützt die folgenden Weiterleitungsmethoden, die den HTTP-Methoden entsprechen: `get`, `post`, `put`, `head`, `delete`, `options`, `trace`, `copy`, `lock`, `mkcol`, `move`, `purge`, `propfind`, `proppatch`, `unlock`, `report`, `mkactivity`, `checkout`, `merge`, `m-search`, `notify`, `subscribe`, `unsubscribe`, `patch`, `search` und `connect`. - --Verwenden Sie zum Weiterleiten von Methoden, die zu den JavaScript-Variablennamen führen, die Notation "Eckige Klammer". Beispiel: `app['m-search']('/', function ...` -+Express supports methods that correspond to all HTTP request methods: `get`, `post`, and so on. +For a full list, see [app.METHOD](/{{ page.lang }}/5x/api.html#app.METHOD). -Es gibt eine spezielle Weiterleitungsmethode, `app.all()`, die nicht von einer HTTP-Methode abgeleitet wird. Diese Methode wird zum Laden von Middlewarefunktionen bei einem Pfad für alle Anforderungsmethoden verwendet. - -Im folgenden Beispiel wird der Handler für Anforderungen zur Weiterleitung "/secret" ausgeführt, um herauszufinden, ob Sie GET-, POST-, PUT-, DELETE- oder andere HTTP-Anforderungsmethoden verwenden, die im [HTTP-Modul](https://nodejs.org/api/http.html#http_http_methods) unterstützt werden. +Es gibt eine spezielle Weiterleitungsmethode, `app.all()`, die nicht von einer HTTP-Methode abgeleitet wird. Diese Methode wird zum Laden von Middlewarefunktionen bei einem Pfad für alle Anforderungsmethoden verwendet. Im folgenden Beispiel wird der Handler für Anforderungen zur Weiterleitung "/secret" ausgeführt, um herauszufinden, ob Sie GET-, POST-, PUT-, DELETE- oder andere HTTP-Anforderungsmethoden verwenden, die im [HTTP-Modul](https://nodejs.org/api/http.html#http_http_methods) unterstützt werden. ```js app.all('/secret', (req, res, next) => { @@ -61,15 +69,32 @@ app.all('/secret', (req, res, next) => { Über Weiterleitungspfade werden in Kombination mit einer Anforderungsmethode die Endpunkte definiert, bei denen Anforderungen erfolgen können. Weiterleitungspfade können Zeichenfolgen, Zeichenfolgemuster oder reguläre Ausdrücke sein. --Express verwendet für den Abgleich der Weiterleitungspfade [path-to-regexp](https://www.npmjs.com/package/path-to-regexp). In der Dokumentation zu "path-to-regexp" finden Sie alle Möglichkeiten zum Definieren von Weiterleitungspfaden. [Express Route Tester](http://forbeslindesay.github.io/express-route-tester/) ist ein handliches Tool zum Testen von Express-Basisweiterleitungen, auch wenn dieses Tool keine Musterabgleiche unterstützt. -+{% capture caution-character %} In express 5, the characters `?`, `+`, `*`, `[]`, and `()` are handled differently than in version 4, please review the [migration guide](/{{ page.lang }}/guide/migrating-5.html#path-syntax) for more information.{% endcapture %} --Abfragezeichenfolgen sind nicht Teil des Weiterleitungspfads. -+{% include admonitions/caution.html content=caution-character %} -Dies sind einige Beispiele für Weiterleitungspfade auf Basis von Zeichenfolgen. +{% capture note-dollar-character %}In express 4, regular expression characters such as `$` need to be escaped with a `\`. +{% endcapture %} + +{% include admonitions/caution.html content=note-dollar-character %} + +{% capture note-path-to-regexp %} + +Express uses [path-to-regexp](https://www.npmjs.com/package/path-to-regexp) for matching the route paths; see the path-to-regexp documentation for all the possibilities in defining route paths. [Express Route Tester](http://forbeslindesay.github.io/express-route-tester/) ist ein handliches Tool zum Testen von Express-Basisweiterleitungen, auch wenn dieses Tool keine Musterabgleiche unterstützt. + +{% endcapture %} + +{% include admonitions/note.html content=note-path-to-regexp %} + +{% capture query-string-note %} + +Query strings are not part of the route path. + +{% endcapture %} + +{% include admonitions/warning.html content=query-string-note %} + +### Route paths based on strings Dieser Weiterleitungspfad gleicht Weiterleitungsanforderungen zum Stammverzeichnis (`/`) ab. @@ -95,7 +120,11 @@ app.get('/random.text', (req, res) => { }) ``` -Dies sind einige Beispiele für Weiterleitungspfade auf Basis von Zeichenfolgemustern. +### Route paths based on string patterns + +{% capture caution-string-patterns %} The string patterns in Express 5 no longer work. Please refer to the [migration guide](/{{ page.lang }}/guide/migrating-5.html#path-syntax) for more information.{% endcapture %} + +{% include admonitions/caution.html content=caution-string-patterns %} Dieser Weiterleitungspfad gleicht `acd` und `abcd` ab. @@ -105,7 +134,7 @@ app.get('/ab?cd', (req, res) => { }) ``` -Dieser Weiterleitungspfad gleicht `abcd`, `abbcd`, `abbbcd` usw. ab. +Dies sind einige Beispiele für Weiterleitungspfade auf Basis von Zeichenfolgemustern. ```js app.get('/ab+cd', (req, res) => { @@ -113,7 +142,7 @@ app.get('/ab+cd', (req, res) => { }) ``` -Dieser Weiterleitungspfad gleicht `abcd`, `abxcd`, `abRABDOMcd`, `ab123cd` usw. ab. +Dies sind einige Beispiele für Weiterleitungspfade auf Basis von Zeichenfolgen. ```js app.get('/ab*cd', (req, res) => { @@ -129,11 +158,7 @@ app.get('/ab(cd)?e', (req, res) => { }) ``` --Die Zeichen ?, +, * und () sind Subsets ihrer Entsprechungen in regulären Ausdrücken. Der Bindestrich (-) und der Punkt (.) werden von zeichenfolgebasierten Pfaden förmlich interpretiert. -- -Beispiele für Weiterleitungspfade auf Basis regulärer Ausdrücke: +### Route paths based on regular expressions Dieser Weiterleitungspfad gleicht alle Weiterleitungsnamen ab, die den Buchstaben "a" enthalten. @@ -143,7 +168,7 @@ app.get(/a/, (req, res) => { }) ``` -Dieser Weiterleitungspfad gleicht `butterfly` und `dragonfly`, jedoch nicht `butterflyman`, `dragonfly man` usw. ab. +Dieser Weiterleitungspfad gleicht `butterfly` und `dragonfly`, jedoch nicht `butterflyman`, `dragonfly man` usw. ```js app.get(/.*fly$/, (req, res) => { @@ -151,6 +176,71 @@ app.get(/.*fly$/, (req, res) => { }) ``` +Route parameters
+ +Route parameters are named URL segments that are used to capture the values specified at their position in the URL. The captured values are populated in the `req.params` object, with the name of the route parameter specified in the path as their respective keys. + +``` +Route path: /users/:userId/books/:bookId +Request URL: http://localhost:3000/users/34/books/8989 +req.params: { "userId": "34", "bookId": "8989" } +``` + +To define routes with route parameters, simply specify the route parameters in the path of the route as shown below. + +```js +app.get('/users/:userId/books/:bookId', (req, res) => { + res.send(req.params) +}) +``` + ++The name of route parameters must be made up of "word characters" ([A-Za-z0-9_]). ++ +Since the hyphen (`-`) and the dot (`.`) are interpreted literally, they can be used along with route parameters for useful purposes. + +``` +Route path: /flights/:from-:to +Request URL: http://localhost:3000/flights/LAX-SFO +req.params: { "from": "LAX", "to": "SFO" } +``` + +``` +Route path: /plantae/:genus.:species +Request URL: http://localhost:3000/plantae/Prunus.persica +req.params: { "genus": "Prunus", "species": "persica" } +``` + +{% capture warning-regexp %} +In express 5, Regexp characters are not supported in route paths, for more information please refer to the [migration guide](/{{ page.lang }}/guide/migrating-5.html#path-syntax).{% endcapture %} + +{% include admonitions/caution.html content=warning-regexp %} + +To have more control over the exact string that can be matched by a route parameter, you can append a regular expression in parentheses (`()`): + +``` +Route path: /user/:userId(\d+) +Request URL: http://localhost:3000/user/42 +req.params: {"userId": "42"} +``` + +{% capture escape-advisory %} + +Because the regular expression is usually part of a literal string, be sure to escape any `\` characters with an additional backslash, for example `\\d+`. + +{% endcapture %} + +{% include admonitions/warning.html content=escape-advisory %} + +{% capture warning-version %} + +In Express 4.x, the `*` character in regular expressions is not interpreted in the usual way. As a workaround, use `{0,}` instead of `*`. This will likely be fixed in Express 5. + +{% endcapture %} + +{% include admonitions/warning.html content=warning-version %} +Routenhandler (Weiterleitungsroutinen)
Sie können mehrere Callback-Funktionen angeben, die sich wie [Middleware](/{{ page.lang }}/guide/using-middleware.html) verhalten, um eine Anforderung zu verarbeiten. Die einzige Ausnahme hierbei ist, dass diese Callbacks möglicherweise `next('route')` aufrufen, um die verbleibenden Weiterleitungs-Callbacks zu umgehen. Mit diesem Verfahren können Sie Vorabbedingungen für eine Weiterleitung festlegen und dann die Steuerung an nachfolgende Weiterleitungen übergeben, wenn kein Grund vorliegt, mit der aktuellen Weiterleitung fortzufahren. @@ -175,6 +265,7 @@ app.get('/example/b', (req, res, next) => { res.send('Hello from B!') }) ``` + Ein Array von Callback-Funktionen kann eine Weiterleitung verarbeiten. Beispiel: ```js @@ -220,21 +311,22 @@ app.get('/example/d', [cb0, cb1], (req, res, next) => { Über die Methoden für das Antwortobjekt (`res`) in der folgenden Tabelle kann eine Antwort an den Client gesendet und der Anforderung/Antwort-Zyklus beendet werden. Wenn keine dieser Methoden über einen Routenhandler aufgerufen wird, bleibt die Clientanforderung im Status "blockiert". -| Methode | Beschreibung -|----------------------|-------------------------------------- -| [res.download()](/{{ page.lang }}/4x/api.html#res.download) | Gibt eine Eingabeaufforderung zum Herunterladen einer Datei aus. -| [res.end()](/{{ page.lang }}/4x/api.html#res.end) | Beendet den Prozess "Antwort". -| [res.json()](/{{ page.lang }}/4x/api.html#res.json) | Sendet eine JSON-Antwort. -| [res.jsonp()](/{{ page.lang }}/4x/api.html#res.jsonp) | Sendet eine JSON-Antwort mit JSONP-Unterstützung. -| [res.redirect()](/{{ page.lang }}/4x/api.html#res.redirect) | Leitet eine Anforderung um. -| [res.render()](/{{ page.lang }}/4x/api.html#res.render) | Gibt eine Anzeigevorlage aus. -| [res.send()](/{{ page.lang }}/4x/api.html#res.send) | Sendet eine Antwort mit unterschiedlichen Typen. -| [res.sendFile](/{{ page.lang }}/4x/api.html#res.sendFile) | Sendet eine Datei als Oktett-Stream. -| [res.sendStatus()](/{{ page.lang }}/4x/api.html#res.sendStatus) | Legt den Antwortstatuscode fest und sendet dessen Zeichenfolgedarstellung als Antworthauptteil. +| Methode | Beschreibung | +| ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------- | +| [res.download()](/{{ page.lang }}/4x/api.html#res.download) | Gibt eine Eingabeaufforderung zum Herunterladen einer Datei aus. | +| [res.end()](/{{ page.lang }}/4x/api.html#res.end) | End the response process. | +| [res.json()](/{{ page.lang }}/4x/api.html#res.json) | Sendet eine JSON-Antwort. | +| [res.jsonp()](/{{ page.lang }}/4x/api.html#res.jsonp) | Sendet eine JSON-Antwort mit JSONP-Unterstützung. | +| [res.redirect()](/{{ page.lang }}/4x/api.html#res.redirect) | Leitet eine Anforderung um. | +| [res.render()](/{{ page.lang }}/4x/api.html#res.render) | Render a view template. | +| [res.send()](/{{ page.lang }}/4x/api.html#res.send) | Sendet eine Antwort mit unterschiedlichen Typen. | +| [res.sendFile](/{{ page.lang }}/4x/api.html#res.sendFile) | Sendet eine Datei als Oktett-Stream. | +| [res.sendStatus()](/{{ page.lang }}/4x/api.html#res.sendStatus) | Legt den Antwortstatuscode fest und sendet dessen Zeichenfolgedarstellung als Antworthauptteil. |app.route()
-Sie können mithilfe von `app.route()` verkettbare Routenhandler für einen Weiterleitungspfad erstellen. Da der Pfad an einer einzelnen Position angegeben wird, ist das Erstellen modularer Weiterleitungen hilfreich, da Redundanzen und Schreibfehler reduziert werden. Weitere Informationen zu Weiterleitungen finden Sie in der Dokumentation zu [Router()](/{{ page.lang }}/4x/api.html#router). +Sie können mithilfe von `app.route()` verkettbare Routenhandler für einen Weiterleitungspfad erstellen. +Da der Pfad an einer einzelnen Position angegeben wird, ist das Erstellen modularer Weiterleitungen hilfreich, da Redundanzen und Schreibfehler reduziert werden. Weitere Informationen zu Weiterleitungen finden Sie in der Dokumentation zu [Router()](/{{ page.lang }}/4x/api.html#router). Dies ist ein Beispiel für verkettete Routenhandler, die mit der Funktion `app.route()` definiert werden. @@ -264,10 +356,12 @@ const express = require('express') const router = express.Router() // middleware that is specific to this router -router.use((req, res, next) => { +const timeLog = (req, res, next) => { console.log('Time: ', Date.now()) next() -}) +} +router.use(timeLog) + // define the home page route router.get('/', (req, res) => { res.send('Birds home page') @@ -285,9 +379,15 @@ Laden Sie dann das Routermodul in die Anwendung: ```js const birds = require('./birds') -/// ... +// ... app.use('/birds', birds) ``` Die Anwendung kann nun Anforderungen an die Pfade `/birds` und `/birds/about` bearbeiten und ruft die Middlewarefunktion `timeLog` auf, die speziell für diese Weiterleitung bestimmt ist. + +But if the parent route `/birds` has path parameters, it will not be accessible by default from the sub-routes. To make it accessible, you will need to pass the `mergeParams` option to the Router constructor [reference](/{{ page.lang }}/5x/api.html#app.use). + +```js +const router = express.Router({ mergeParams: true }) +``` diff --git a/de/guide/using-middleware.md b/de/guide/using-middleware.md old mode 100755 new mode 100644 index bf3db710c6..2f4d7a5e91 --- a/de/guide/using-middleware.md +++ b/de/guide/using-middleware.md @@ -4,32 +4,34 @@ title: Express-Middleware verwenden description: Learn how to use middleware in Express.js applications, including application-level and router-level middleware, error handling, and integrating third-party middleware. menu: guide lang: de +redirect_from: " " --- # Middleware verwenden Express ist ein Weiterleitungs- und Middleware-Web-Framework, das selbst nur minimale Funktionalität aufweist: Eine Express-Anwendung besteht im Wesentlichen aus einer Reihe von Middlewarefunktionsaufrufen. -*Middlewarefunktionen* sind Funktionen, die Zugriff auf das [Anforderungsobjekt](/{{ page.lang }}/4x/api.html#req) (`req`), das [Antwortobjekt](/{{ page.lang }}/4x/api.html#res) (`res`) und die nächste Middlewarefunktion im Anforderung/Antwort-Zyklus der Anwendung haben. Die nächste Middlewarefunktion wird im Allgemeinen durch die Variable `next` bezeichnet. +_Middlewarefunktionen_ sind Funktionen, die Zugriff auf das [Anforderungsobjekt](/{{ page.lang }}/4x/api.html#req) (`req`), das [Antwortobjekt](/{{ page.lang }}/4x/api.html#res) (`res`) und die nächste Middlewarefunktion im Anforderung/Antwort-Zyklus der Anwendung haben. Die nächste Middlewarefunktion wird im Allgemeinen durch die Variable `next` bezeichnet. Über Middlewarefunktionen lassen sich die folgenden Tasks ausführen: -* Ausführen von Code -* Vornehmen von Änderungen an der Anforderung und an Antwortobjekten -* Beenden des Anforderung/Antwort-Zyklus -* Aufrufen der nächsten Middlewarefunktion im Stack +- Ausführen von Code +- Vornehmen von Änderungen an der Anforderung und an Antwortobjekten +- End the request-response cycle. +- Aufrufen der nächsten Middlewarefunktion im Stack Wenn über die aktuelle Middlewarefunktion der Anforderung/Antwort-Zyklus nicht beendet werden kann, muss `next()` aufgerufen werden, um die Steuerung an die nächste Middlewarefunktion zu übergeben. Andernfalls geht die Anforderung in den Status "Blockiert" über. Eine Express-Anwendung kann die folgenden Middlewaretypen verwenden: - - [Middleware auf Anwendungsebene](#middleware.application) - - [Middleware auf Routerebene](#middleware.router) - - [Middleware für die Fehlerbehandlung](#middleware.error-handling) - - [Integrierte Middleware](#middleware.built-in) - - [Middleware anderer Anbieter](#middleware.third-party) +- [Middleware auf Anwendungsebene](#middleware.application) +- [Middleware auf Routerebene](#middleware.router) +- [Middleware für die Fehlerbehandlung](#middleware.error-handling) +- [Integrierte Middleware](#middleware.built-in) +- [Middleware anderer Anbieter](#middleware.third-party) -Sie können Middleware auf Anwendungsebene und Routerebene mit einem optionalen Mountpfad laden. Sie können auch eine Reihe von Middlewarefunktionen zusammen laden. Dadurch wird ein Sub-Stack des Middlewaresystems am Mountpunkt erstellt. +Sie können Middleware auf Anwendungsebene und Routerebene mit einem optionalen Mountpfad laden. +Sie können auch eine Reihe von Middlewarefunktionen zusammen laden. Dadurch wird ein Sub-Stack des Middlewaresystems am Mountpunkt erstellt.Middleware auf Anwendungsebene
@@ -38,6 +40,7 @@ Binden Sie Middleware auf Anwendungsebene zu einer Instanz des [Anwendungsobjekt Dieses Beispiel zeigt eine Middlewarefunktion ohne Mountpfad. Die Funktion wird immer dann ausgeführt, wenn die Anwendung eine Anforderung erhält. ```js +const express = require('express') const app = express() app.use((req, res, next) => { @@ -63,7 +66,8 @@ app.get('/user/:id', (req, res, next) => { }) ``` -Dies ist ein Beispiel zum Laden einer Reihe von Middlewarefunktionen an einem Mountpunkt mit einem Mountpfad. Das Beispiel veranschaulicht einen Middleware-Stack, über den Anforderungsinformationen zu einer HTTP-Anforderung zum Pfad `/user/:id` ausgegeben werden. +Dies ist ein Beispiel zum Laden einer Reihe von Middlewarefunktionen an einem Mountpunkt mit einem Mountpfad. +Das Beispiel veranschaulicht einen Middleware-Stack, über den Anforderungsinformationen zu einer HTTP-Anforderung zum Pfad `/user/:id` ausgegeben werden. ```js app.use('/user/:id', (req, res, next) => { @@ -89,11 +93,19 @@ app.get('/user/:id', (req, res, next) => { // handler for the /user/:id path, which prints the user ID app.get('/user/:id', (req, res, next) => { - res.end(req.params.id) + res.send(req.params.id) }) ``` -Wenn Sie den Rest der Middlewarefunktionen eines Weiterleitungs-Middleware-Stack überspringen wollen, rufen Sie `next('route')` auf, um die Steuerung an die nächste Weiterleitung zu übergeben. **HINWEIS**: `next('route')` funktioniert nur in Middlewarefunktionen, die über die Funktionen `app.METHOD()` oder `router.METHOD()` geladen wurden. +Wenn Sie den Rest der Middlewarefunktionen eines Weiterleitungs-Middleware-Stack überspringen wollen, rufen Sie `next('route')` auf, um die Steuerung an die nächste Weiterleitung zu übergeben. + +{% capture next-function %} + +`next('route')` will work only in middleware functions that were loaded by using the `app.METHOD()` or `router.METHOD()` functions. + +{% endcapture %} + +{% include admonitions/note.html content=next-function %} Dieses Beispiel zeigt einen Middleware-Sub-Stack, über den GET-Anforderungen zum Pfad `/user/:id` verarbeitet werden. @@ -102,15 +114,36 @@ app.get('/user/:id', (req, res, next) => { // if the user ID is 0, skip to the next route if (req.params.id === '0') next('route') // otherwise pass the control to the next middleware function in this stack - else next() // + else next() }, (req, res, next) => { - // render a regular page - res.render('regular') + // send a regular response + res.send('regular') }) -// handler for the /user/:id path, which renders a special page +// handler for the /user/:id path, which sends a special response app.get('/user/:id', (req, res, next) => { - res.render('special') + res.send('special') +}) +``` + +Middleware can also be declared in an array for reusability. + +Dies ist ein Beispiel zur Verwendung der Middlewarefunktion `express.static` mit einem ausführlich dargestellten Optionsobjekt: + +```js +function logOriginalUrl (req, res, next) { + console.log('Request URL:', req.originalUrl) + next() +} + +function logMethod (req, res, next) { + console.log('Request Type:', req.method) + next() +} + +const logStuff = [logOriginalUrl, logMethod] +app.get('/user/:id', logStuff, (req, res, next) => { + res.send('User Info') }) ``` @@ -121,10 +154,13 @@ Middleware auf Routerebene funktioniert in der gleichen Weise wie Middleware auf ```js const router = express.Router() ``` + Laden Sie Middleware auf Routerebene über die Funktionen `router.use()` und `router.METHOD()`. + Der folgende Beispielcode repliziert das Middlewaresystem, das oben für die Middleware auf Anwendungsebene gezeigt wird, durch Verwendung von Middleware auf Routerebene. ```js +const express = require('express') const app = express() const router = express.Router() @@ -148,7 +184,7 @@ router.get('/user/:id', (req, res, next) => { // if the user ID is 0, skip to the next router if (req.params.id === '0') next('route') // otherwise pass control to the next middleware function in this stack - else next() // + else next() }, (req, res, next) => { // render a regular page res.render('regular') @@ -163,6 +199,33 @@ router.get('/user/:id', (req, res, next) => { // mount the router on the app app.use('/', router) ``` + +To skip the rest of the router's middleware functions, call `next('router')` +to pass control back out of the router instance. + +Dieses Beispiel zeigt einen Middleware-Sub-Stack, über den GET-Anforderungen zum Pfad `/user/:id` verarbeitet werden. + +```js +const express = require('express') +const app = express() +const router = express.Router() + +// predicate the router with a check and bail out when needed +router.use((req, res, next) => { + if (!req.headers['x-auth']) return next('router') + next() +}) + +router.get('/user/:id', (req, res) => { + res.send('hello, user!') +}) + +// use the router and 401 anything falling through +app.use('/admin', router, (req, res) => { + res.sendStatus(401) +}) +``` +Middleware für die Fehlerbehandlung
@@ -184,52 +247,11 @@ Details zu Middleware für die Fehlerbehandlung siehe [Fehlerbehandlung](/{{ pag Seit Version 4.x bestehen bei Express keine Abhängigkeiten zu [Connect](https://github.com/senchalabs/connect) mehr. Mit Ausnahme von `express.static` befinden sich nun alle Middlewarefunktionen, die bisher in Express enthalten waren, in separaten Modulen. Sehen Sie sich hierzu auch die [Liste der Middlewarefunktionen](https://github.com/senchalabs/connect#middleware) an. -express.static(root, [options])
- -Die einzige integrierte Middlewarefunktion in Express ist `express.static`. Diese Funktion basiert auf [serve-static](https://github.com/expressjs/serve-static) und ist zuständig für die statischen Assets einer Express-Anwendung. - -Das Argument `root` gibt das Stammverzeichnis an, von dem aus statische Assets bedient werden. - -Das optionale Objekt `options` kann folgende Eigenschaften aufweisen: - -| Eigenschaft | Beschreibung | Typ | Standard | -|---------------|-----------------------------------------------------------------------|-------------|-----------------| -| `dotfiles` | Option für Dateien mit Punkterweiterung (dotfiles). Mögliche Werte sind "allow", "deny" und "ignore" | Zeichenfolge | "ignore" | -| `etag` | Aktiviert oder inaktiviert die etag-Generierung. | Boolesch | `true` | -| `extensions` | Legt Dateierweiterungs-Fallbacks fest. | Bereich | `[]` | -| `index` | Sendet die verzeichnissspezifische indexierte Datei. Bei `false` wird die Verzeichnisindexierung inaktiviert. | Gemischt | "index.html" | - `lastModified` | Legt den Header `Last-Modified` auf das Datum der letzten Änderung der Datei im Betriebssystem fest. Mögliche Werte sind`true` und `false`. | Boolesch | `true` | -| `maxAge` | Legt die Eigenschaft "max-age" des Headers "Cache-Control" in Millisekunden oder als Zeichenfolge im [ms-Format](https://www.npmjs.org/package/ms) fest. | Zahl | 0 | -| `redirect` | Umleitung zu einem abschließenden "/", wenn der Pfadname ein Verzeichnis ist. | Boolesch | `true` | -| `setHeaders` | Funktion zum Festlegen von HTTP-Headern für die Datei. | Funktion | | - -Dies ist ein Beispiel zur Verwendung der Middlewarefunktion `express.static` mit einem ausführlich dargestellten Optionsobjekt: - -```js -const options = { - dotfiles: 'ignore', - etag: false, - extensions: ['htm', 'html'], - index: false, - maxAge: '1d', - redirect: false, - setHeaders: function (res, path, stat) { - res.set('x-timestamp', Date.now()) - } -} - -app.use(express.static('public', options)) -``` - -Es sind mehrere statische Verzeichnisse pro Anwendung möglich: - -```js -app.use(express.static('public')) -app.use(express.static('uploads')) -app.use(express.static('files')) -``` +Die einzige integrierte Middlewarefunktion in Express ist `express.static`. -Details zur Funktion `serve-static` und deren Optionen finden Sie in der Dokumentation zu [serve-static](https://github.com/expressjs/serve-static). +- [express.static](/en/4x/api.html#express.static) serves static assets such as HTML files, images, and so on. +- [express.json](/en/4x/api.html#express.json) parses incoming requests with JSON payloads. **NOTE: Available with Express 4.16.0+** +- [express.urlencoded](/en/4x/api.html#express.urlencoded) parses incoming requests with URL-encoded payloads. **NOTE: Available with Express 4.16.0+**Middleware anderer Anbieter
diff --git a/de/guide/using-template-engines.md b/de/guide/using-template-engines.md old mode 100755 new mode 100644 index b8a308fbe0..7100c0aec1 --- a/de/guide/using-template-engines.md +++ b/de/guide/using-template-engines.md @@ -4,14 +4,22 @@ title: Template-Engines in Express verwenden description: Discover how to integrate and use template engines like Pug, Handlebars, and EJS with Express.js to render dynamic HTML pages efficiently. menu: guide lang: de +redirect_from: " " --- # Template-Engines in Express verwenden -Bevor über Express Vorlagendateien ausgegeben werden können, müssen die folgenden Anwendungseinstellungen festgelegt werden: +A _template engine_ enables you to use static template files in your application. At runtime, the template engine replaces +variables in a template file with actual values, and transforms the template into an HTML file sent to the client. +This approach makes it easier to design an HTML page. -* `views`, das Verzeichnis, in dem sich die Vorlagendateien befinden. Beispiel: `app.set('views', './views')` -* `view engine`, die zu verwendende Template-Engine. Beispiel: `app.set('view engine', 'pug')` +The [Express application generator](/{{ page.lang }}/starter/generator.html) uses [Pug](https://pugjs.org/api/getting-started.html) as its default, but it also supports [Handlebars](https://www.npmjs.com/package/handlebars), and [EJS](https://www.npmjs.com/package/ejs), among others. + +To render template files, set the following [application setting properties](/{{ page.lang }}/4x/api.html#app.set), in the default `app.js` created by the generator: + +- `views`, das Verzeichnis, in dem sich die Vorlagendateien befinden. Beispiel: `app.set('views', './views')` + This defaults to the `views` directory in the application root directory. +- `view engine`, die zu verwendende Template-Engine. Beispiel: `app.set('view engine', 'pug')` Installieren Sie dann das entsprechende npm-Paket für die Template-Engine: @@ -19,8 +27,10 @@ Installieren Sie dann das entsprechende npm-Paket für die Template-Engine: $ npm install pug --save ``` --Express-konforme Template-Engines wie Pug exportieren eine Funktion namens `__express(filePath, options, callback)`, die über die Funktion `res.render()` aufgerufen wird, um den Vorlagencode ausgeben zu können. Einige Template-Engines folgen dieser Konvention nicht. Die Bibliothek [Consolidate.js](https://www.npmjs.org/package/consolidate) folgt dieser Konvention, indem alle gängigen Node.js-Template-Engines zugeordnet werden. Daher ist eine reibungslose Funktion in Express gewährleistet. +-Express-konforme Template-Engines wie Pug exportieren eine Funktion namens `__express(filePath, options, callback)`, die über die Funktion `res.render()` aufgerufen wird, um den Vorlagencode ausgeben zu können. + +Einige Template-Engines folgen dieser Konvention nicht. Die Bibliothek [Consolidate.js](https://www.npmjs.org/package/consolidate) folgt dieser Konvention, indem alle gängigen Node.js-Template-Engines zugeordnet werden. Daher ist eine reibungslose Funktion in Express gewährleistet. +Nach der Festlegung der View-Engine muss die Engine nicht angegeben oder das Template-Engine-Modul nicht in Ihre Anwendung geladen werden. Express lädt das Modul intern (wie unten für das obige Beispiel gezeigt). @@ -49,4 +59,4 @@ app.get('/', (req, res) => { Wenn Sie eine Anforderung zur Homepage ausführen, wird die Datei `index.pug` im HTML-Format ausgegeben. -Weitere Informationen zur Funktionsweise von Template-Engines in Express siehe ["Template-Engines für Express entwickeln"](/{{ page.lang }}/advanced/developing-template-engines.html). +The view engine cache does not cache the contents of the template's output, only the underlying template itself. The view is still re-rendered with every request even when the cache is on. diff --git a/de/guide/writing-middleware.md b/de/guide/writing-middleware.md old mode 100755 new mode 100644 index 63a4068dda..ad8eaccd02 --- a/de/guide/writing-middleware.md +++ b/de/guide/writing-middleware.md @@ -4,31 +4,32 @@ title: Middleware für die Verwendung in Express-Anwendungen schreiben description: Learn how to write custom middleware functions for Express.js applications, including examples and best practices for enhancing request and response handling. menu: guide lang: de +redirect_from: " " --- # Middleware für die Verwendung in Express-Anwendungen schreibenÜberblick
-*Middlewarefunktionen* sind Funktionen, die Zugriff auf das [Anforderungsobjekt](/{{ page.lang }}/4x/api.html#req) (`req`), das [Antwortobjekt](/{{ page.lang }}/4x/api.html#res) (`res`) und die nächste Middlewarefunktion im Anforderung/Antwort-Zyklus der Anwendung haben. Die nächste Middlewarefunktion wird im Allgemeinen durch die Variable `next` bezeichnet. +_Middlewarefunktionen_ sind Funktionen, die Zugriff auf das [Anforderungsobjekt](/{{ page.lang }}/4x/api.html#req) (`req`), das [Antwortobjekt](/{{ page.lang }}/4x/api.html#res) (`res`) und die nächste Middlewarefunktion im Anforderung/Antwort-Zyklus der Anwendung haben. Die nächste Middlewarefunktion wird im Allgemeinen durch die Variable `next` bezeichnet. Über Middlewarefunktionen lassen sich die folgenden Tasks ausführen: -* Ausführen von Code -* Vornehmen von Änderungen an der Anforderung und an Antwortobjekten -* Beenden des Anforderung/Antwort-Zyklus -* Aufrufen der nächsten Middleware im Stack +- Ausführen von Code +- Vornehmen von Änderungen an der Anforderung und an Antwortobjekten +- End the request-response cycle. +- Aufrufen der nächsten Middleware im Stack Wenn über die aktuelle Middlewarefunktion der Anforderung/Antwort-Zyklus nicht beendet werden kann, muss `next()` aufgerufen werden, um die Steuerung an die nächste Middlewarefunktion zu übergeben. Andernfalls geht die Anforderung in den Status "Blockiert" über. Das folgende Beispiel zeigt die Elemente eines Middlewarefunktionsaufrufs: --
Esta es la [lista completa](https://github.com/senchalabs/connect#middleware) de middleware de Express 4. En la mayoría de los casos, sólo tiene que sustituir el middleware de la versión 3 antigua por su contrapartida de Express 4. Para obtener detalles, consulte la documentación del módulo en GitHub. -- 
++
-Dies ist ein Beispiel einer einfachen Express-Anwendung namens "Hello World", für die Sie zwei Middlewarefunktionen definieren: +Starting with Express 5, middleware functions that return a Promise will call `next(value)` when they reject or throw an error. `next` will be called with either the rejected value or the thrown Error. + ++ -
- HTTP-Methode, für die die Middlewarefunktion angewendet wird.++ HTTP-Methode, für die die Middlewarefunktion angewendet wird.Pfad (Weiterleitung), für den die Middlewarefunktion angewendet wird.@@ -42,7 +43,14 @@ Das folgende Beispiel zeigt die Elemente eines Middlewarefunktionsaufrufs:Beispiel
+ +Here is an example of a simple "Hello World" Express application. +The remainder of this article will define and add three middleware functions to the application: +one called `myLogger` that prints a simple log message, one called `requestTime` that +displays the timestamp of the HTTP request, and one called `validateCookies` that validates incoming cookies. ```js const express = require('express') @@ -55,8 +63,7 @@ app.get('/', (req, res) => { app.listen(3000) ``` -Entwicklung
- +Dies ist ein Beispiel einer einfachen Express-Anwendung namens "Hello World", für die Sie zwei Middlewarefunktionen definieren:
Dies ist ein einfaches Beispiel einer Middlewarefunktion namens "myLogger". Diese Funktion gibt lediglich "LOGGED" aus, wenn eine Anforderung zur Anwendung über diese Funktion läuft. Die Middlewarefunktion ist der Variablen `myLogger` zugeordnet. ```js @@ -67,11 +74,13 @@ const myLogger = function (req, res, next) { ```-Beachten Sie den Aufruf oben zu `next()`. Durch den Aufruf dieser Funktion wird die nächste Middlewarefunktion in der Anwendung aufgerufen. Die Funktion `next()` ist nicht Teil der Node.js- oder Express-API, sondern das dritte Argument, das an die Middlewarefunktion übergeben wird. Die Funktion `next()` kann jeden beliebigen Namen haben, per Konvention erhält sie jedoch immer den Namen "next". Um Unklarheiten zu vermeiden, sollten Sie immer diese Konvention verwenden. +Beachten Sie den Aufruf oben zu `next()`. Durch den Aufruf dieser Funktion wird die nächste Middlewarefunktion in der Anwendung aufgerufen. +Die Funktion `next()` ist nicht Teil der Node.js- oder Express-API, sondern das dritte Argument, das an die Middlewarefunktion übergeben wird. Die Funktion `next()` kann jeden beliebigen Namen haben, per Konvention erhält sie jedoch immer den Namen "next". +Um Unklarheiten zu vermeiden, sollten Sie immer diese Konvention verwenden.- -Zum Laden der Middlewarefunktion rufen Sie `app.use()` auf und geben die Middlewarefunktion an. Beispiel: Durch den folgenden Code wird die Middlewarefunktion `myLogger` vor der Weiterleitung zum Stammverzeichnispfad (/) geladen. +Zum Laden der Middlewarefunktion rufen Sie `app.use()` auf und geben die Middlewarefunktion an. +Beispiel: Durch den folgenden Code wird die Middlewarefunktion `myLogger` vor der Weiterleitung zum Stammverzeichnispfad (/) geladen. ```js const express = require('express') @@ -99,6 +108,8 @@ Wenn `myLogger` nach der Weiterleitung zum Stammverzeichnispfad geladen wird, er Die Middlewarefunktion `myLogger` gibt einfach eine Nachricht aus und übergibt dann die Anforderung zur nächsten Middlewarefunktion im Stack durch Aufruf der Funktion `next()`. +Middleware function requestTime
+ Im nächsten Beispiel wird die Eigenschaft `requestTime` zum Anforderungsobjekt hinzugefügt. Diese Middlewarefunktion erhält den Namen "requestTime". ```js @@ -129,8 +140,80 @@ app.get('/', (req, res) => { app.listen(3000) ``` + Wenn Sie eine Anforderung zum Stammverzeichnis der Anwendung einleiten, zeigt die Anwendung nun die Zeitmarke Ihrer Anforderung im Browser an. +Middleware function validateCookies
+ +Finally, we'll create a middleware function that validates incoming cookies and sends a 400 response if cookies are invalid. + +Here's an example function that validates cookies with an external async service. + +```js +async function cookieValidator (cookies) { + try { + await externallyValidateCookie(cookies.testCookie) + } catch { + throw new Error('Invalid cookies') + } +} +``` + +Here, we use the [`cookie-parser`](/resources/middleware/cookie-parser.html) middleware to parse incoming cookies off the `req` object and pass them to our `cookieValidator` function. The `validateCookies` middleware returns a Promise that upon rejection will automatically trigger our error handler. + +```js +const express = require('express') +const cookieParser = require('cookie-parser') +const cookieValidator = require('./cookieValidator') + +const app = express() + +async function validateCookies (req, res, next) { + await cookieValidator(req.cookies) + next() +} + +app.use(cookieParser()) + +app.use(validateCookies) + +// error handler +app.use((err, req, res, next) => { + res.status(400).send(err.message) +}) + +app.listen(3000) +``` + ++Note how `next()` is called after `await cookieValidator(req.cookies)`. This ensures that if `cookieValidator` resolves, the next middleware in the stack will get called. If you pass anything to the `next()` function (except the string `'route'` or `'router'`), Express regards the current request as being an error and will skip any remaining non-error handling routing and middleware functions. ++ Da Sie Zugriff auf das Anforderungsobjekt, das Antwortobjekt, die nächste Middlewarefunktion im Stack und die gesamte Node.js-API haben, sind die Möglichkeiten, die Sie mit Middlewarefunktionen haben, nahezu unendlich. Weitere Informationen zur Verwendung von Middleware in Express siehe [ Express-Middleware verwenden](/{{ page.lang }}/guide/using-middleware.html). + +Configurable middleware
+ +If you need your middleware to be configurable, export a function which accepts an options object or other parameters, which, then returns the middleware implementation based on the input parameters. + +File: `my-middleware.js` + +```js +module.exports = function (options) { + return function (req, res, next) { + // Implement the middleware function based on the options object + next() + } +} +``` + +The middleware can now be used as shown below. + +```js +const mw = require('./my-middleware.js') + +app.use(mw({ option1: '1', option2: '2' })) +``` + +Refer to [cookie-session](https://github.com/expressjs/cookie-session) and [compression](https://github.com/expressjs/compression) for examples of configurable middleware. diff --git a/de/index.md b/de/index.md index 6f02e6b770..853732a008 100644 --- a/de/index.md +++ b/de/index.md @@ -1,43 +1,64 @@ --- layout: home -title: Express - Node.js-Framework von Webanwendungen -description: "Express is a fast, unopinionated, minimalist web framework for Node.js, providing a robust set of features for web and mobile applications." +title: Express - Node.js web application framework +description: Express is a fast, unopinionated, minimalist web framework for Node.js, providing a robust set of features for web and mobile applications. menu: home lang: de +redirect_from: " " --- +- +-- - -Schnelles, offenes, unkompliziertes Web-Framework für Node.js
+ +Fast, unopinionated, minimalist web framework for Node.js
$ npm install express --save+$ npm install express --save- + +diff --git a/es/4x/api.md b/es/4x/api.md old mode 100755 new mode 100644 index bc90b2e805..a8662e41be --- a/es/4x/api.md +++ b/es/4x/api.md @@ -2,27 +2,26 @@ layout: api version: 4x title: Express 4.x - Referencia de API -lang: es -description: Access the API reference for Express.js 4.x, detailing all modules, methods, - and properties for building web applications with this version. +description: Access the API reference for Express.js 4.x, detailing all modules, methods, and properties for building web applications with this version. +lang: en +redirect_from: " " --- ++ +```javascript +const express = require('express') +const app = express() +const port = 3000 + +app.get('/', (req, res) => { + res.send('Hello World!') +}) + +app.listen(port, () => { + console.log(`Example app listening on port ${port}`) +}) +``` +- +{% if site.announcement %} + ++ {% include announcement.html %} + +{% endif %}Webanwendungen
Express ist ein einfaches und flexibles Node.js-Framework von Webanwendungen, das zahlreiche leistungsfähige Features und Funktionen für Webanwendungen und mobile Anwendungen bereitstellt. --- -APIs
Mithilfe unzähliger HTTP-Dienstprogrammmethoden und Middlewarefunktionen gestaltet sich das Erstellen einer leistungsfähigen API schnell und einfach.-- -Leistung
Express bietet eine Thin-Layer-Ebene mit grundlegenden Webanwendungsfunktionen, ohne die bekannten Node.js-Features zu überlagern.-+LoopBack
Entwickeln Sie modellorientierte Anwendungen mit einem Express-basierten Framework.
Weitere Informationen finden Sie unter loopback.io. -++Web Applications
Express is a minimal and flexible Node.js web application framework that provides a robust set of features for web and mobile applications. +++APIs
With a myriad of HTTP utility methods and middleware at your disposal, creating a robust API is quick and easy. +++Performance
Express provides a thin layer of fundamental web application features, without obscuring Node.js features that you know and love. ++Middleware
+ Express is a lightweight and flexible routing framework with minimal core features + meant to be augmented through the use of Express middleware modules. ++ + +-Erstellen Sie zunächst ein Verzeichnis namens `myapp`, wechseln Sie in das Verzeichnis und führen Sie `npm init` aus. Installieren Sie dann `express` als Abhängigkeit, wie im [Installationshandbuch](/{{ page.lang }}/starter/installing.html) beschrieben. - -Erstellen Sie im Verzeichnis `myapp` eine Datei namens `app.js` und fügen Sie den folgenden Code hinzu: - ```js const express = require('express') const app = express() @@ -30,11 +27,15 @@ app.listen(port, () => { }) ``` -Die Anwendung startet einen Server und ist an Port 3000 empfangsbereit für Verbindungen. Die Anwendung antwortet mit "Hello World!" auf Anforderungen zur Stamm-URL (`/`) oder zu *route*. Bei jedem anderen Pfad lautet die Antwort **404 Not Found**. +Die Anwendung startet einen Server und ist an Port 3000 empfangsbereit für Verbindungen. Die Anwendung antwortet mit "Hello World!" auf Anforderungen zur Stamm-URL (`/`) oder zu _route_. Bei jedem anderen Pfad lautet die Antwort **404 Not Found**. -+\ No newline at end of file diff --git a/de/resources/contributing.md b/de/resources/contributing.md new file mode 100644 index 0000000000..4f6e759006 --- /dev/null +++ b/de/resources/contributing.md @@ -0,0 +1,551 @@ +--- +layout: page +title: Contributing to Express +description: Find out how to contribute to Express.js, including guidelines for reporting issues, submitting pull requests, becoming a collaborator, and understanding security policies. +menu: resources +lang: de +redirect_from: " " +--- + +# Contributing to Express + +### Looking to contribute to Expressjs.com? Click [here](#expressjs-website-contributing). + +Express and the other projects in the [expressjs organization on GitHub](https://github.com/expressjs) are projects of the [OpenJs Foundation](https://openjsf.org/). +These projects are governed under the general policies and guidelines of the Node.js Foundation along with the additional guidelines below. + +- [Technical committee](#technical-committee) +- [Community contributing guide](#community-contributing-guide) +- [Collaborator's guide](#collaborators-guide) +- [Security policies and procedures](#security-policies-and-procedures) + +## Technical committee + +The Express technical committee consists of active project members, and guides development and maintenance of the Express project. For more information, see [Express Community - Technical committee](community.html#technical-committee). + +## Community contributing guide + + + +The goal of this document is to create a contribution process that: + +- Encourages new contributions. +- Encourages contributors to remain involved. +- Avoids unnecessary processes and bureaucracy whenever possible. +- Creates a transparent decision making process that makes it clear how + contributors can be involved in decision making. + +### Vocabulary + +- A **Contributor** is any individual creating or commenting on an issue or pull request. +- A **Committer** is a subset of contributors who have been given write access to the repository. +- A **Project Captain** is the lead maintainer of a repository. +- A **TC (Technical Committee)** is a group of committers representing the required technical + expertise to resolve rare disputes. +- A **Triager** is a subset of contributors who have been given triage access to the repository. + +### Logging Issues + +Log an issue for any question or problem you might have. When in doubt, log an issue, and +any additional policies about what to include will be provided in the responses. The only +exception is security disclosures which should be sent privately. + +Committers may direct you to another repository, ask for additional clarifications, and +add appropriate metadata before the issue is addressed. + +Please be courteous and respectful. Every participant is expected to follow the +project's Code of Conduct. + +### Contributions + +Any change to resources in this repository must be through pull requests. This applies to all changes +to documentation, code, binary files, etc. Even long term committers and TC members must use +pull requests. + +No pull request can be merged without being reviewed. + +For non-trivial contributions, pull requests should sit for at least 36 hours to ensure that +contributors in other timezones have time to review. Consideration should also be given to +weekends and other holiday periods to ensure active committers all have reasonable time to +become involved in the discussion and review process if they wish. + +The default for each contribution is that it is accepted once no committer has an objection. +During a review, committers may also request that a specific contributor who is most versed in a +particular area gives a "LGTM" before the PR can be merged. There is no additional "sign off" +process for contributions to land. Once all issues brought by committers are addressed it can +be landed by any committer. + +In the case of an objection being raised in a pull request by another committer, all involved +committers should seek to arrive at a consensus by way of addressing concerns being expressed +by discussion, compromise on the proposed change, or withdrawal of the proposed change. + +If a contribution is controversial and committers cannot agree about how to get it to land +or if it should land then it should be escalated to the TC. TC members should regularly +discuss pending contributions in order to find a resolution. It is expected that only a +small minority of issues be brought to the TC for resolution and that discussion and +compromise among committers be the default resolution mechanism. + +### Becoming a Triager + +Anyone can become a triager! Read more about the process of being a triager in +[the triage process document](https://github.com/expressjs/express/blob/master/Triager-Guide.md). + +Currently, any existing [organization member](https://github.com/orgs/expressjs/people) can nominate +a new triager. If you are interested in becoming a triager, our best advice is to actively participate +in the community by helping triaging issues and pull requests. As well we recommend +to engage in other community activities like attending the TC meetings, and participating in the Slack +discussions. If you feel ready and have been helping triage some issues, reach out to an active member of the organization to ask if they'd +be willing to support you. If they agree, they can create a pull request to formalize your nomination. In the case of an objection to the nomination, the triage team is responsible for working with the individuals involved and finding a resolution. + +You can also reach out to any of the [organization members](https://github.com/orgs/expressjs/people) +if you have questions or need guidance. + +### Becoming a Committer + +All contributors who have landed significant and valuable contributions should be onboarded in a timely manner, +and added as a committer, and be given write access to the repository. + +Committers are expected to follow this policy and continue to send pull requests, go through +proper review, and have other committers merge their pull requests. + +### TC Process + +The TC uses a "consensus seeking" process for issues that are escalated to the TC. +The group tries to find a resolution that has no open objections among TC members. +If a consensus cannot be reached that has no objections then a majority wins vote +is called. It is also expected that the majority of decisions made by the TC are via +a consensus seeking process and that voting is only used as a last-resort. + +Resolution may involve returning the issue to project captains with suggestions on +how to move forward towards a consensus. It is not expected that a meeting of the TC +will resolve all issues on its agenda during that meeting and may prefer to continue +the discussion happening among the project captains. + +Members can be added to the TC at any time. Any TC member can nominate another committer +to the TC and the TC uses its standard consensus seeking process to evaluate whether or +not to add this new member. The TC will consist of a minimum of 3 active members and a +maximum of 10. If the TC should drop below 5 members the active TC members should nominate +someone new. If a TC member is stepping down, they are encouraged (but not required) to +nominate someone to take their place. + +TC members will be added as admin's on the Github orgs, npm orgs, and other resources as +necessary to be effective in the role. + +To remain "active" a TC member should have participation within the last 12 months and miss +no more than six consecutive TC meetings. Our goal is to increase participation, not punish +people for any lack of participation, this guideline should be only be used as such +(replace an inactive member with a new active one, for example). Members who do not meet this +are expected to step down. If A TC member does not step down, an issue can be opened in the +discussions repo to move them to inactive status. TC members who step down or are removed due +to inactivity will be moved into inactive status. + +Inactive status members can become active members by self nomination if the TC is not already +larger than the maximum of 10. They will also be given preference if, while at max size, an +active member steps down. + +### Project Captains + +The Express TC can designate captains for individual projects/repos in the +organizations. These captains are responsible for being the primary +day-to-day maintainers of the repo on a technical and community front. +Repo captains are empowered with repo ownership and package publication rights. +When there are conflicts, especially on topics that effect the Express project +at large, captains are responsible to raise it up to the TC and drive +those conflicts to resolution. Captains are also responsible for making sure +community members follow the community guidelines, maintaining the repo +and the published package, as well as in providing user support. + +Like TC members, Repo captains are a subset of committers. + +To become a captain for a project the candidate is expected to participate in that +project for at least 6 months as a committer prior to the request. They should have +helped with code contributions as well as triaging issues. They are also required to +have 2FA enabled on both their GitHub and npm accounts. + +Any TC member or an existing captain on the **same** repo can nominate another committer +to the captain role. To do so, they should submit a PR to this document, updating the +**Active Project Captains** section (while maintaining the sort order) with the project +name, the nominee's GitHub handle, and their npm username (if different). + +- Repos can have as many captains as make sense for the scope of work. +- A TC member or an existing repo captain **on the same project** can nominate a new captain. + Repo captains from other projects should not nominate captains for a different project. + +The PR will require at least 2 approvals from TC members and 2 weeks hold time to allow +for comment and/or dissent. When the PR is merged, a TC member will add them to the +proper GitHub/npm groups. + +#### Active Projects and Captains + +- [`expressjs/badgeboard`](https://github.com/expressjs/badgeboard): @wesleytodd +- [`expressjs/basic-auth-connect`](https://github.com/expressjs/basic-auth-connect): @ulisesGascon +- [`expressjs/body-parser`](https://github.com/expressjs/body-parser): @wesleytodd, @jonchurch, @ulisesGascon +- [`expressjs/compression`](https://github.com/expressjs/compression): @ulisesGascon +- [`expressjs/connect-multiparty`](https://github.com/expressjs/connect-multiparty): @ulisesGascon +- [`expressjs/cookie-parser`](https://github.com/expressjs/cookie-parser): @wesleytodd, @UlisesGascon +- [`expressjs/cookie-session`](https://github.com/expressjs/cookie-session): @ulisesGascon +- [`expressjs/cors`](https://github.com/expressjs/cors): @jonchurch, @ulisesGascon +- [`expressjs/discussions`](https://github.com/expressjs/discussions): @wesleytodd +- [`expressjs/errorhandler`](https://github.com/expressjs/errorhandler): @ulisesGascon +- [`expressjs/express-paginate`](https://github.com/expressjs/express-paginate): @ulisesGascon +- [`expressjs/express`](https://github.com/expressjs/express): @wesleytodd, @ulisesGascon +- [`expressjs/expressjs.com`](https://github.com/expressjs/expressjs.com): @crandmck, @jonchurch, @bjohansebas +- [`expressjs/flash`](https://github.com/expressjs/flash): @ulisesGascon +- [`expressjs/generator`](https://github.com/expressjs/generator): @wesleytodd +- [`expressjs/method-override`](https://github.com/expressjs/method-override): @ulisesGascon +- [`expressjs/morgan`](https://github.com/expressjs/morgan): @jonchurch, @ulisesGascon +- [`expressjs/multer`](https://github.com/expressjs/multer): @LinusU, @ulisesGascon +- [`expressjs/response-time`](https://github.com/expressjs/response-time): @UlisesGascon +- [`expressjs/serve-favicon`](https://github.com/expressjs/serve-favicon): @ulisesGascon +- [`expressjs/serve-index`](https://github.com/expressjs/serve-index): @ulisesGascon +- [`expressjs/serve-static`](https://github.com/expressjs/serve-static): @ulisesGascon +- [`expressjs/session`](https://github.com/expressjs/session): @ulisesGascon +- [`expressjs/statusboard`](https://github.com/expressjs/statusboard): @wesleytodd +- [`expressjs/timeout`](https://github.com/expressjs/timeout): @ulisesGascon +- [`expressjs/vhost`](https://github.com/expressjs/vhost): @ulisesGascon +- [`jshttp/accepts`](https://github.com/jshttp/accepts): @blakeembrey +- [`jshttp/basic-auth`](https://github.com/jshttp/basic-auth): @blakeembrey +- [`jshttp/compressible`](https://github.com/jshttp/compressible): @blakeembrey +- [`jshttp/content-disposition`](https://github.com/jshttp/content-disposition): @blakeembrey +- [`jshttp/content-type`](https://github.com/jshttp/content-type): @blakeembrey +- [`jshttp/cookie`](https://github.com/jshttp/cookie): @blakeembrey +- [`jshttp/etag`](https://github.com/jshttp/etag): @blakeembrey +- [`jshttp/forwarded`](https://github.com/jshttp/forwarded): @blakeembrey +- [`jshttp/fresh`](https://github.com/jshttp/fresh): @blakeembrey +- [`jshttp/http-assert`](https://github.com/jshttp/http-assert): @wesleytodd, @jonchurch, @ulisesGascon +- [`jshttp/http-errors`](https://github.com/jshttp/http-errors): @wesleytodd, @jonchurch, @ulisesGascon +- [`jshttp/media-typer`](https://github.com/jshttp/media-typer): @blakeembrey +- [`jshttp/methods`](https://github.com/jshttp/methods): @blakeembrey +- [`jshttp/mime-db`](https://github.com/jshttp/mime-db): @blakeembrey, @UlisesGascon +- [`jshttp/mime-types`](https://github.com/jshttp/mime-types): @blakeembrey, @UlisesGascon +- [`jshttp/negotiator`](https://github.com/jshttp/negotiator): @blakeembrey +- [`jshttp/on-finished`](https://github.com/jshttp/on-finished): @wesleytodd, @ulisesGascon +- [`jshttp/on-headers`](https://github.com/jshttp/on-headers): @blakeembrey +- [`jshttp/proxy-addr`](https://github.com/jshttp/proxy-addr): @wesleytodd, @ulisesGascon +- [`jshttp/range-parser`](https://github.com/jshttp/range-parser): @blakeembrey +- [`jshttp/statuses`](https://github.com/jshttp/statuses): @blakeembrey +- [`jshttp/type-is`](https://github.com/jshttp/type-is): @blakeembrey +- [`jshttp/vary`](https://github.com/jshttp/vary): @blakeembrey +- [`pillarjs/cookies`](https://github.com/pillarjs/cookies): @blakeembrey +- [`pillarjs/csrf`](https://github.com/pillarjs/csrf): @ulisesGascon +- [`pillarjs/encodeurl`](https://github.com/pillarjs/encodeurl): @blakeembrey +- [`pillarjs/finalhandler`](https://github.com/pillarjs/finalhandler): @wesleytodd, @ulisesGascon +- [`pillarjs/hbs`](https://github.com/pillarjs/hbs): @ulisesGascon +- [`pillarjs/multiparty`](https://github.com/pillarjs/multiparty): @blakeembrey +- [`pillarjs/parseurl`](https://github.com/pillarjs/parseurl): @blakeembrey +- [`pillarjs/path-to-regexp`](https://github.com/pillarjs/path-to-regexp): @blakeembrey +- [`pillarjs/request`](https://github.com/pillarjs/request): @wesleytodd +- [`pillarjs/resolve-path`](https://github.com/pillarjs/resolve-path): @blakeembrey +- [`pillarjs/router`](https://github.com/pillarjs/router): @wesleytodd, @ulisesGascon +- [`pillarjs/send`](https://github.com/pillarjs/send): @blakeembrey +- [`pillarjs/understanding-csrf`](https://github.com/pillarjs/understanding-csrf): @ulisesGascon + +#### Current Initiative Captains + +- Triage team [ref](https://github.com/expressjs/discussions/issues/227): @UlisesGascon + +### Developer's Certificate of Origin 1.1 + +```text +By making a contribution to this project, I certify that: + + (a) The contribution was created in whole or in part by me and I + have the right to submit it under the open source license + indicated in the file; or + + (b) The contribution is based upon previous work that, to the best + of my knowledge, is covered under an appropriate open source + license and I have the right under that license to submit that + work with modifications, whether created in whole or in part + by me, under the same open source license (unless I am + permitted to submit under a different license), as indicated + in the file; or + + (c) The contribution was provided directly to me by some other + person who certified (a), (b) or (c) and I have not modified + it. + + (d) I understand and agree that this project and the contribution + are public and that a record of the contribution (including all + personal information I submit with it, including my sign-off) is + maintained indefinitely and may be redistributed consistent with + this project or the open source license(s) involved. +``` + +## Collaborator's guide + + + +### Website Issues + +Open issues for the expressjs.com website in https://github.com/expressjs/expressjs.com. + +### PRs and Code contributions + +- Tests must pass. +- Follow the [JavaScript Standard Style](https://standardjs.com/) and `npm run lint`. +- If you fix a bug, add a test. + +### Branches + +Use the `master` branch for bug fixes or minor work that is intended for the +current release stream. + +Use the correspondingly named branch, e.g. `5.0`, for anything intended for +a future release of Express. + +### Steps for contributing + +1. [Create an issue](https://github.com/expressjs/express/issues/new) for the + bug you want to fix or the feature that you want to add. +2. Create your own [fork](https://github.com/expressjs/express) on GitHub, then + checkout your fork. +3. Write your code in your local copy. It's good practice to create a branch for + each new issue you work on, although not compulsory. +4. To run the test suite, first install the dependencies by running `npm install`, + then run `npm test`. +5. Ensure your code is linted by running `npm run lint` -- fix any issue you + see listed. +6. If the tests pass, you can commit your changes to your fork and then create + a pull request from there. Make sure to reference your issue from the pull + request comments by including the issue number e.g. `#123`. + +### Issues which are questions + +We will typically close any vague issues or questions that are specific to some +app you are writing. Please double check the docs and other references before +being trigger happy with posting a question issue. + +Things that will help get your question issue looked at: + +- Full and runnable JS code. +- Clear description of the problem or unexpected behavior. +- Clear description of the expected result. +- Steps you have taken to debug it yourself. + +If you post a question and do not outline the above items or make it easy for +us to understand and reproduce your issue, it will be closed. + +## Security Policies and Procedures + + + +This document outlines security procedures and general policies for the Express +project. + +- [Reporting a Bug](#reporting-a-bug) +- [Disclosure Policy](#disclosure-policy) +- [Comments on this Policy](#comments-on-this-policy) + +### Reporting a Bug + +The Express team and community take all security bugs in Express seriously. +Thank you for improving the security of Express. We appreciate your efforts and +responsible disclosure and will make every effort to acknowledge your +contributions. + +Report security bugs by emailing `express-security@lists.openjsf.org`. + +To ensure the timely response to your report, please ensure that the entirety +of the report is contained within the email body and not solely behind a web +link or an attachment. + +The lead maintainer will acknowledge your email within 48 hours, and will send a +more detailed response within 48 hours indicating the next steps in handling +your report. After the initial reply to your report, the security team will +endeavor to keep you informed of the progress towards a fix and full +announcement, and may ask for additional information or guidance. + +Report security bugs in third-party modules to the person or team maintaining +the module. + +### Pre-release Versions + +Alpha and Beta releases are unstable and **not suitable for production use**. +Vulnerabilities found in pre-releases should be reported according to the [Reporting a Bug](#reporting-a-bug) section. +Due to the unstable nature of the branch it is not guaranteed that any fixes will be released in the next pre-release. + +### Disclosure Policy + +When the security team receives a security bug report, they will assign it to a +primary handler. This person will coordinate the fix and release process, +involving the following steps: + +- Confirm the problem and determine the affected versions. +- Audit code to find any potential similar problems. +- Prepare fixes for all releases still under maintenance. These fixes will be + released as fast as possible to npm. + +### The Express Threat Model + +We are currently working on a new version of the security model, the most updated version can be found [here](https://github.com/expressjs/security-wg/blob/main/docs/ThreatModel.md) + +### Comments on this Policy + +If you have suggestions on how this process could be improved please submit a +pull request. + +---- + +# Contributing to Expressjs.com {#expressjs-website-contributing} + + + +### The Official Documentation of the Express JS Framework + +This is the contribution documentation for the [Expressjs.com](https://github.com/expressjs/expressjs.com) website. + +#### Need some ideas? These are some typical issues. + +1. **Website issues**: + If you see anything on the site that could use a tune-up, think about how to fix it. + + - Display or screen sizing problems + - Mobile responsiveness issues + - Missing or broken accessibility features + - Website outages + - Broken links + - Page structure or user interface enhancements + +2. **Content Issues**: + Fix anything related to site content or typos. + - Spelling errors + - Incorrect/outdated Express JS documentation + - Missing content + +3. **Translation Issues**: Fix any translation errors or contribute new content. + - Fix spelling errors + - Fix incorrect/poorly translated words + - Translate new content + +> **IMPORTANT:** +> All translation submissions are currently paused. See this [notice](#notice-we-have-paused-all-translation-contributions) for more information. + +- Check out the [Contributing translations](#contributing-translations) section below for a contributing guide. + +#### Want to work on a backlog issue? + +We often have bugs or enhancements that need work. You can find these under our repo's [Issues tab](https://github.com/expressjs/expressjs.com/issues). Check out the tags to find something that's a good match for you. + +#### Have an idea? Found a bug? + +If you've found a bug or a typo, or if you have an idea for an enhancement, you can: + +- Submit a [new issue](https://github.com/expressjs/expressjs.com/issues/new/choose) on our repo. Do this for larger proposals, or if you'd like to discuss or get feedback first. +- Make a [Github pull request](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/creating-a-pull-request). If you have already done work and it's ready to go, feel free to send it our way. + +## Getting Started + +The steps below will guide you through the Expressjs.com contribution process. + +#### Step 1: (OPTIONAL) Open a New Issue + +So you've found a problem that you want to fix, or have a site enhancement you want to make. + +1. If you want to get feedback or discuss, open a discussion [issue](https://github.com/expressjs/expressjs.com/issues/new/choose) prior to starting work. This is not required, but encouraged for larger proposals. + - While we highly encourage this step, it is only for submissions proposing significant change. It helps us to clarify and focus the work, and ensure it aligns with overall project priorities. + - For submissions proposing minor improvements or corrections, this is not needed. You can skip this step. + - When opening an issue please give it a title and fill in the description section. The more details you provide, the more feedback we can give. + +2. After receiving your issue the Express JS documentation team will respond with feedback. We read every submission and always try to respond quickly with feedback. + - For submissions proposing significant change, we encourage you to follow the review process before starting work. + +#### Step 2: Get the Application Code Base + +Clone the repo and get the code: + +``` +git clone https://github.com/expressjs/expressjs.com.git +``` + +After you've got the code you're ready to start making your changes! + +But just in case you need a little extra explanation, this section below outlines the main sections of the code base, where most changes are likely to be made. + +**Markdown Page Files**: + +- These files render to html and make up the individual pages of the site. Most of the site's documentation text content is written in `md` files. +- Change these to make changes to individual pages' content/text or markup. +- Each language has its own complete set of pages, located under their respective language directories - all the Spanish markdown content is found in the `es` directory, for example. + +**Includes Partials and Layout Templates** + +- `_includes` are partials that are imported and reused across multiple pages. + - These are used to import text content for reuse across pages, such as the API documentation, e.g., `_includes > api > en > 5x`, which is included in every language. + - These are used to include the page components that make up site-wide user interface and periphery structure, e.g., Header, Footer, etc. +- `_layouts` are the templates used to wrap the site's individual pages. + - These are used to display the structure of the site's periphery, such as the header and footer, and for injecting and displaying individual markdown pages inside the `content` tag. + +**Blog Markdown Files** + +- These files make up the individual blog posts. If you want to contribute a blog post please + follow the specific instructions for [How to write a blog post.](https://expressjs.com/en/blog/write-post.html) +- Located under the `_posts` directory. + +**CSS or Javascript** + +- All css and js files are kept in `css` and `js` folders on the project root. + +The Express JS website is build using [Jeykyll](https://jekyllrb.com/) and is hosted on [Github Pages](https://pages.github.com/). + +#### Step 3: Running the Application + +Now you'll need a way to see your changes, which means you'll need a running version of the application. You have two options. + +1. **Run Locally**: This gets the local version of the application up and running on your machine. Follow our [Local Setup Guide](https://github.com/expressjs/expressjs.com?tab=readme-ov-file#local-setup) to use this option. + - This is the recommended option for moderate to complex work. +2. **Run using Deploy Preview**: Use this option if you don't want to bother with a local installation. Part of our continuous integration pipeline includes [Netlify Deploy Preview](https://docs.netlify.com/site-deploys/deploy-previews/). + 1. To use this you'll need to get your changes online - after you've made your first commit on your feature branch, make a _draft_ pull request. + 2. After the build steps are complete, you'll have access to a **Deploy Preview** tab that will run your changes on the web, rebuilding after each commit is pushed. + 3. After you are completely done your work and it's ready for review, remove the draft status on your pull request and submit your work. + +## Contributing translations + +#### Notice: We have paused all translation contributions. + +> **IMPORTANT:** +> We are currently working toward a more streamlined translations workflow. As long as this notice is posted, we will _not_ be accepting any translation submissions. + +We highly encourage community translations! We no longer have professional translations, and we believe in the power of our community to provide accurate and helpful translations. + +The documentation is translated into these languages: + +- English (`en`) +- Spanish (`es`) +- French (`fr`) +- Italian (`it`) +- Indonesian (`id`) +- Japanese (`ja`) +- Korean (`ko`) +- Brazilian Portuguese (`pt-br`) +- Russian (`ru`) +- Slovak (`sk`) +- Thai (`th`) +- Turkish (`tr`) +- Ukrainian (`uk`) +- Uzbek (`uz`) +- Simplified Chinese (`zh-cn`) +- Traditional Chinese (`zh-tw`) + +### Adding New Full Site Translations + +If you find a translation is missing from the list you can create a new one. + +To translate Expressjs.com into a new language, follow these steps: + +1. Clone the [`expressjs.com`](https://github.com/expressjs/expressjs.com) repository. +2. Create a directory for the language of your choice using its [ISO 639-1 code](https://www.loc.gov/standards/iso639-2/php/code_list.php) as its name. +3. Copy `index.md`, `api.md`, `starter/`, `guide/`, `advanced/`, `resources/`, `4x/`, and `3x/`, to the language directory. +4. Remove the link to 2.x docs from the "API Reference" menu. +5. Update the `lang` variable in the copied markdown files. +6. Update the `title` variable in the copied markdown files. +7. Create the header, footer, notice, and announcement file for the language in the `_includes/` directory, in the respective directories, and make necessary edits to the contents. +8. Create the announcement file for the language in the `_includes/` directory. +9. Make sure to append `/{{ page.lang }}` to all the links within the site. +10. Update the [CONTRIBUTING.md](https://github.com/expressjs/expressjs.com/blob/gh-pages/CONTRIBUTING.md#contributing-translations) and the `.github/workflows/translation.yml` files with the new language. + +### Adding Page and Section Translations + +Many site translations are still missing pages. To find which ones we need help with, you can [filter for merged PRs](https://github.com/expressjs/expressjs.com/pulls?q=is%3Apr+is%3Aclosed+label%3Arequires-translation-es) that include the tag for your language, such as `requires-translation-es` for requires Spanish translation. + +If you contribute a page or section translation, please reference the original PR. This helps the person merging your translation to remove the tag from the original PR. diff --git a/de/resources/glossary.md b/de/resources/glossary.md old mode 100755 new mode 100644 index 51ae6a2654..399a67424d --- a/de/resources/glossary.md +++ b/de/resources/glossary.md @@ -1,24 +1,17 @@ --- layout: page -title: Express-Glossar +title: Express glossary description: A comprehensive glossary of terms related to Express.js, Node.js, middleware, routing, and other key concepts to help you understand and use Express effectively. menu: resources lang: de +redirect_from: " " --- # Glossar -### Anforderung - -Eine HTTP-Anforderung. Ein Client übergibt eine HTTP-Anforderungsnachricht an einen Server, der wiederum eine Antwort zurückgibt. Bei der Anforderung muss eine der [Anforderungsmethoden](https://en.wikipedia.org/wiki/Hypertext_Transfer_Protocol#Request_methods) wie GET, POST usw. verwendet werden. - -### Antwort - -Eine HTTP-Antwort. Ein Server gibt eine HTTP-Antwortnachricht an den Client zurück. Die Antwort enthält Informationen zum Beendigungsstatus in Bezug auf die Anforderung und kann im Nachrichtenhauptteil auch angeforderten Inhalt enthalten. - ### Anwendung -Im Allgemeinen besteht eine Anwendung aus einem oder mehreren Programmen, über die Operationen für bestimmte Zwecke ausgeführt werden. Im Zusammenhang mit Express ist eine Anwendung ein Programm, das die auf der Node.js-Plattform laufende Express-API nutzt. Wird auch als [Anwendungsobjekt](/{{ page.lang }}/api.html#express) bezeichnet. +Im Allgemeinen besteht eine Anwendung aus einem oder mehreren Programmen, über die Operationen für bestimmte Zwecke ausgeführt werden. Im Zusammenhang mit Express ist eine Anwendung ein Programm, das die auf der Node.js-Plattform laufende Express-API nutzt. Wird auch als [Anwendungsobjekt](/{{ page.lang }}/api.html#express) bezeichnet. ### API @@ -32,26 +25,42 @@ Schnelles, offenes, unkompliziertes Web-Framework für Node.js-Anwendungen. Im A Eine plattformübergreifende Unterstützungsbibliothek, bei der die asynchrone Ein-/Ausgabe im Mittelpunkt steht. Sie wurde in erster Linie für die Verwendung in Node.js entwickelt. -### Middleware +### middleware Eine Funktion, die über die Weiterleitungsebene in Express vor dem letzten Anforderungshandler aufgerufen wird. Deshalb befindet sich diese Funktion in der Mitte zwischen einer unformatierten Anforderung und der endgültigen beabsichtigten Weiterleitung. Nachfolgend finden Sie einige Details zur Middlewareterminologie: - * `var foo = require('middleware')` bedeutet, dass ein Node.js-Modul *benötigt* oder *verwendet* wird. Dann gibt die Anweisung `var mw = foo()` in der Regel die Middleware zurück. - * `app.use(mw)` bedeutet, dass die *Middleware dem globalen Verarbeitungsstack hinzugefügt wird*. - * `app.get('/foo', mw, function (req, res) { ... })` bedeutet, dass die *Middleware dem "GET /foo"-Verarbeitungsstack hinzugefügt wird*. +- `var foo = require('middleware')` bedeutet, dass ein Node.js-Modul _benötigt_ oder _verwendet_ wird. Dann gibt die Anweisung `var mw = foo()` in der Regel die Middleware zurück. +- `app.use(mw)` bedeutet, dass die _Middleware dem globalen Verarbeitungsstack hinzugefügt wird_. +- `app.get('/foo', mw, function (req, res) { ... })` bedeutet, dass die _Middleware dem "GET /foo"-Verarbeitungsstack hinzugefügt wird_. ### Node.js -Eine Softwareplattform, die für die Erstellung skalierbarer Netzanwendungen verwendet wird. Node.js verwendet JavaScript als Scripting-Sprache und erzielt den hohen Durchsatz durch nicht blockierende Ein-/Ausgabe und eine Ereignisschleife mit einem Thread. Siehe auch [nodejs.org](http://nodejs.org/). **Hinweis**: Der ursprüngliche Name lautet "Node.js". Mittlerweile ist die Bezeichnung "Node" geläufig. +Eine Softwareplattform, die für die Erstellung skalierbarer Netzanwendungen verwendet wird. Node.js verwendet JavaScript als Scripting-Sprache und erzielt den hohen Durchsatz durch nicht blockierende Ein-/Ausgabe und eine Ereignisschleife mit einem Thread. Siehe auch [nodejs.org](http://nodejs.org/). **Hinweis**: Der ursprüngliche Name lautet "Node.js". ### Open-Source Bei Verwendung als Adjektiv muss dieser Begriff mit Bindestrichen gekoppelt werden: Beispiel: "Dies ist eine Open-Source-Software." Siehe auch [Open-Source-Software in Wikipedia](http://en.wikipedia.org/wiki/Open-source_software). -### Router +{% capture english-rules %} -Siehe [Router](/{{ page.lang }}/4x/api.html#router) in der API-Referenz. +Although it is common not to hyphenate this term, we are using the standard English rules for hyphenating a compound adjective. + +{% endcapture %} + +{% include admonitions/note.html content=english-rules %} + +### Anforderung + +Eine HTTP-Antwort. Ein Server gibt eine HTTP-Antwortnachricht an den Client zurück. Die Antwort enthält Informationen zum Beendigungsstatus in Bezug auf die Anforderung und kann im Nachrichtenhauptteil auch angeforderten Inhalt enthalten. + +### Antwort + +Eine HTTP-Anforderung. Ein Client übergibt eine HTTP-Anforderungsnachricht an einen Server, der wiederum eine Antwort zurückgibt. The response contains completion status information about the request and might also contain requested content in its message body. ### Weiterleitung (Route) Teil einer URL, die eine Ressource angibt. Beispiel: In `http://foo.com/products/id` ist "/products/id" die Weiterleitung. + +### Router + +Siehe [Router](/{{ page.lang }}/4x/api.html#router) in der API-Referenz. diff --git a/de/resources/middleware.md b/de/resources/middleware.md old mode 100755 new mode 100644 index 798bb22433..2080a46dd8 --- a/de/resources/middleware.md +++ b/de/resources/middleware.md @@ -1,64 +1,44 @@ --- -layout: page +layout: middleware title: Express-Middleware description: Explore a list of Express.js middleware modules maintained by the Express team and the community, including built-in middleware and popular third-party modules. menu: resources lang: de +redirect_from: " " +module: mw-home --- -# Middleware anderer Anbieter +## Express-Middleware Nachfolgend sind einige Express-Middlewaremodule aufgeführt: - - [body-parser](https://github.com/expressjs/body-parser): Bisher: `express.bodyParser`, `json` und `urlencoded`. - Siehe auch: - - [body](https://github.com/raynos/body) - - [co-body](https://github.com/visionmedia/co-body) - - [raw-body](https://github.com/stream-utils/raw-body) - - [compression](https://github.com/expressjs/compression): Bisher `express.compress` - - [connect-image-optimus](https://github.com/msemenistyi/connect-image-optimus): Connect/Express-Middlewaremodule für optimales Image-Serving. Wechselt Images (wenn möglich) zu `.webp` oder `.jxr`. - - [connect-timeout](https://github.com/expressjs/timeout): Bisher: `express.timeout` - - [cookie-parser](https://github.com/expressjs/cookie-parser): Bisher: `express.cookieParser` - - [cookie-session](https://github.com/expressjs/cookie-session): Bisher: `express.cookieSession` - - [errorhandler](https://github.com/expressjs/errorhandler): Bisher: `express.errorHandler` - - [express-debug](https://github.com/devoidfury/express-debug): Entwicklungstool, mit dem eine Registerkarte mit Informationen zu Vorlagenvariablen (lokalen Variablen), zur aktuellen Sitzung, zu hilfreichen Anforderungsdaten usw. Ihrer Anwendung hinzugefügt werden können. - - [express-partial-response](https://github.com/nemtsov/express-partial-response): Express-Middlewaremodul für die Filterung von Teilen von JSON-Antworten auf Basis der Abfragezeichenfolge `fields` durch Verwendung der Google-API Partial Response. - - [express-session](https://github.com/expressjs/session): Bisher: `express.session` - - [express-simple-cdn](https://github.com/jamiesteven/express-simple-cdn): Express-Middlewaremodul für die Verwendung eines CDN (Content Delivery Network) für statische Assets mit Unterstützung mehrerer Hosts (Beispiel: cdn1.host.com, cdn2.host.com). - - [express-slash](https://github.com/ericf/express-slash): Express-Middlewaremodul für Benutzer, die hohen Wert auf abschließende Schrägstriche legen. - - [express-stormpath](https://github.com/stormpath/stormpath-express): Express-Middlewaremodul für Benutzerspeicher, Authentifizierung, Autorisierung, SSO und Datensicherheit. - - [express-uncapitalize](https://github.com/jamiesteven/express-uncapitalize): Middlewaremodul für die Umleitung von HTTP-Anforderungen mit Großbuchstaben in eine kanonische Form mit Kleinbuchstaben. - - [helmet](https://github.com/helmetjs/helmet): Modul zur Sicherung Ihrer Anwendungen durch Festlegung verschiedener HTTP-Header. - - [join-io](https://github.com/coderaiser/join-io "join-io"): Modul für die Verknüpfung von Dateien während der Verarbeitung, um die Anzahl der Anforderungen zu reduzieren. - - [method-override](https://github.com/expressjs/method-override): Bisher: `express.methodOverride` - - [morgan](https://github.com/expressjs/morgan): Bisher: `logger` - - [passport](https://github.com/jaredhanson/passport): Express-Middlewaremodul für die Authentifizierung. - - [response-time](https://github.com/expressjs/response-time): Bisher: `express.responseTime` - - [serve-favicon](https://github.com/expressjs/serve-favicon): Bisher: `express.favicon` - - [serve-index](https://github.com/expressjs/serve-index): Bisher: `express.directory` - - [serve-static](https://github.com/expressjs/serve-static): Modul für statischen Inhalt. - - [static-expiry](https://github.com/paulwalker/connect-static-expiry): URLs mit elektronischem Fingerabdruck oder Caching-Headern für statische Assets einschließlich Unterstützung für eine oder mehrere externe Domänen. - - [vhost](https://github.com/expressjs/vhost): Bisher: `express.vhost` - - [view-helpers](https://github.com/madhums/node-view-helpers): Express-Middlewaremodul, das allgemeine Helper-Methoden für Ansichten bereitstellt. - - [sriracha-admin](https://github.com/hdngr/siracha): Express-Middlewaremodul, das eine Administratorsite für Mongoose dynamisch generiert. +| [express-slash](https://github.com/ericf/express-slash): Express-Middlewaremodul für Benutzer, die hohen Wert auf abschließende Schrägstriche legen. | Beschreibung | +| ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ----------------------------------------------------------------------------------------------------------------------------------- | +| [body-parser](/{{page.lang}}/resources/middleware/body-parser.html) | Parse HTTP request body. | +| [compression](/{{page.lang}}/resources/middleware/compression.html) | Compress HTTP responses. | +| [connect-rid](/{{page.lang}}/resources/middleware/connect-rid.html) | Generate unique request ID. | +| [cookie-parser](/{{page.lang}}/resources/middleware/cookie-parser.html) | Parse cookie header and populate `req.cookies`. See also [cookies](https://github.com/jed/cookies). | +| [cookie-session](/{{page.lang}}/resources/middleware/cookie-session.html) | Establish cookie-based sessions. | +| [cors](/{{page.lang}}/resources/middleware/cors.html) | Enable cross-origin resource sharing (CORS) with various options. | +| [errorhandler](/{{page.lang}}/resources/middleware/errorhandler.html) | Development error-handling/debugging. | +| [method-override](/{{page.lang}}/resources/middleware/method-override.html) | Override HTTP methods using header. | +| [morgan](/{{page.lang}}/resources/middleware/morgan.html) | HTTP request logger. | +| [multer](/{{page.lang}}/resources/middleware/multer.html) | Handle multi-part form data. | +| [response-time](/{{page.lang}}/resources/middleware/response-time.html) | Record HTTP response time. | +| [serve-favicon](/{{page.lang}}/resources/middleware/serve-favicon.html) | Serve a favicon. | +| [serve-index](/{{page.lang}}/resources/middleware/serve-index.html) | Serve directory listing for a given path. | +| [serve-static](/{{page.lang}}/resources/middleware/serve-static.html) | Serve static files. | +| [session](/{{page.lang}}/resources/middleware/session.html) | Establish server-based sessions (development only). | +| [timeout](/{{page.lang}}/resources/middleware/timeout.html) | Set a timeout perioHTTP request processing. | +| [vhost](/{{page.lang}}/resources/middleware/vhost.html) | Create virtual domains. | -Einige Middlewaremodule, die bisher zu Connect gehörten, werden vom Connect/Express-Team nicht mehr unterstützt. Diese Module werden durch ein alternatives oder besseres Modul ersetzt. Verwenden Sie eine der folgenden Alternativen: +## Informationen zu weiteren Middlewaremodulen siehe: - - express.cookieParser - - [cookies](https://github.com/jed/cookies) und [keygrip](https://github.com/jed/keygrip) - - express.limit - - [raw-body](https://github.com/stream-utils/raw-body) - - express.multipart - - [connect-busboy](https://github.com/mscdex/connect-busboy) - - [multer](https://github.com/expressjs/multer) - - [connect-multiparty](https://github.com/superjoe30/connect-multiparty) - - express.query - - [qs](https://github.com/visionmedia/node-querystring) - - express.staticCache - - [st](https://github.com/isaacs/st) - - [connect-static](https://github.com/andrewrk/connect-static) +These are some additional popular middleware modules. -Informationen zu weiteren Middlewaremodulen siehe: +{% include community-caveat.html %} - - [http-framework](https://github.com/Raynos/http-framework/wiki/Modules) - - [expressjs](https://github.com/expressjs) +| [express-slash](https://github.com/ericf/express-slash): Express-Middlewaremodul für Benutzer, die hohen Wert auf abschließende Schrägstriche legen. | Beschreibung | +| ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| [helmet](https://github.com/helmetjs/helmet): Modul zur Sicherung Ihrer Anwendungen durch Festlegung verschiedener HTTP-Header. | Helps secure your apps by setting various HTTP headers. | +| [passport](https://github.com/jaredhanson/passport): Express-Middlewaremodul für die Authentifizierung. | Authentication using "strategies" such as OAuth, OpenID and many others. See [passportjs.org](https://passportjs.org/) for more information. | diff --git a/de/resources/middleware/body-parser.md b/de/resources/middleware/body-parser.md new file mode 100644 index 0000000000..20ec662bac --- /dev/null +++ b/de/resources/middleware/body-parser.md @@ -0,0 +1,8 @@ +--- +layout: middleware +title: Express body-parser middleware +menu: resources +lang: de +redirect_from: " " +module: body-parser +--- diff --git a/de/resources/middleware/compression.md b/de/resources/middleware/compression.md new file mode 100644 index 0000000000..6d4d1daff9 --- /dev/null +++ b/de/resources/middleware/compression.md @@ -0,0 +1,8 @@ +--- +layout: middleware +title: Express compression middleware +menu: resources +lang: de +redirect_from: " " +module: compression +--- diff --git a/de/resources/middleware/connect-rid.md b/de/resources/middleware/connect-rid.md new file mode 100644 index 0000000000..f761c4493d --- /dev/null +++ b/de/resources/middleware/connect-rid.md @@ -0,0 +1,8 @@ +--- +layout: middleware +title: Express connect-rid middleware +menu: resources +lang: de +redirect_from: " " +module: connect-rid +--- diff --git a/de/resources/middleware/cookie-parser.md b/de/resources/middleware/cookie-parser.md new file mode 100644 index 0000000000..336bc801af --- /dev/null +++ b/de/resources/middleware/cookie-parser.md @@ -0,0 +1,8 @@ +--- +layout: middleware +title: Express cookie-parser middleware +menu: resources +lang: de +redirect_from: " " +module: cookie-parser +--- diff --git a/de/resources/middleware/cookie-session.md b/de/resources/middleware/cookie-session.md new file mode 100644 index 0000000000..490c855185 --- /dev/null +++ b/de/resources/middleware/cookie-session.md @@ -0,0 +1,8 @@ +--- +layout: middleware +title: Express cookie-session middleware +menu: resources +lang: de +redirect_from: " " +module: cookie-session +--- diff --git a/de/resources/middleware/cors.md b/de/resources/middleware/cors.md new file mode 100644 index 0000000000..11782ff9ac --- /dev/null +++ b/de/resources/middleware/cors.md @@ -0,0 +1,8 @@ +--- +layout: middleware +title: Express cors middleware +menu: resources +lang: de +redirect_from: " " +module: cors +--- diff --git a/de/resources/middleware/errorhandler.md b/de/resources/middleware/errorhandler.md new file mode 100644 index 0000000000..d6e4cf35e9 --- /dev/null +++ b/de/resources/middleware/errorhandler.md @@ -0,0 +1,8 @@ +--- +layout: middleware +title: Express errorhandler middleware +menu: resources +lang: de +redirect_from: " " +module: errorhandler +--- diff --git a/de/resources/middleware/method-override.md b/de/resources/middleware/method-override.md new file mode 100644 index 0000000000..022aef76af --- /dev/null +++ b/de/resources/middleware/method-override.md @@ -0,0 +1,8 @@ +--- +layout: middleware +title: Express method-override middleware +menu: resources +lang: de +redirect_from: " " +module: method-override +--- diff --git a/de/resources/middleware/morgan.md b/de/resources/middleware/morgan.md new file mode 100644 index 0000000000..1532eec13c --- /dev/null +++ b/de/resources/middleware/morgan.md @@ -0,0 +1,8 @@ +--- +layout: middleware +title: Express morgan middleware +menu: resources +lang: de +redirect_from: " " +module: morgan +--- diff --git a/de/resources/middleware/multer.md b/de/resources/middleware/multer.md new file mode 100644 index 0000000000..9e2f04a64c --- /dev/null +++ b/de/resources/middleware/multer.md @@ -0,0 +1,8 @@ +--- +layout: middleware +title: Express multer middleware +menu: resources +lang: de +redirect_from: " " +module: multer +--- diff --git a/de/resources/middleware/response-time.md b/de/resources/middleware/response-time.md new file mode 100644 index 0000000000..ca89fcc293 --- /dev/null +++ b/de/resources/middleware/response-time.md @@ -0,0 +1,8 @@ +--- +layout: middleware +title: Express response-time middleware +menu: resources +lang: de +redirect_from: " " +module: response-time +--- diff --git a/de/resources/middleware/serve-favicon.md b/de/resources/middleware/serve-favicon.md new file mode 100644 index 0000000000..cef0168702 --- /dev/null +++ b/de/resources/middleware/serve-favicon.md @@ -0,0 +1,8 @@ +--- +layout: middleware +title: Express serve-favicon middleware +menu: resources +lang: de +redirect_from: " " +module: serve-favicon +--- diff --git a/de/resources/middleware/serve-index.md b/de/resources/middleware/serve-index.md new file mode 100644 index 0000000000..edeb954799 --- /dev/null +++ b/de/resources/middleware/serve-index.md @@ -0,0 +1,8 @@ +--- +layout: middleware +title: Express serve-index middleware +menu: resources +lang: de +redirect_from: " " +module: serve-index +--- diff --git a/de/resources/middleware/serve-static.md b/de/resources/middleware/serve-static.md new file mode 100644 index 0000000000..e084feefec --- /dev/null +++ b/de/resources/middleware/serve-static.md @@ -0,0 +1,8 @@ +--- +layout: middleware +title: Express serve-static middleware +menu: resources +lang: de +redirect_from: " " +module: serve-static +--- diff --git a/de/resources/middleware/session.md b/de/resources/middleware/session.md new file mode 100644 index 0000000000..d94dc4f988 --- /dev/null +++ b/de/resources/middleware/session.md @@ -0,0 +1,8 @@ +--- +layout: middleware +title: Express session middleware +menu: resources +lang: de +redirect_from: " " +module: session +--- diff --git a/de/resources/middleware/timeout.md b/de/resources/middleware/timeout.md new file mode 100644 index 0000000000..e201a56db8 --- /dev/null +++ b/de/resources/middleware/timeout.md @@ -0,0 +1,8 @@ +--- +layout: middleware +title: Express timeout middleware +menu: resources +lang: de +redirect_from: " " +module: timeout +--- diff --git a/de/resources/middleware/vhost.md b/de/resources/middleware/vhost.md new file mode 100644 index 0000000000..b3df125d8e --- /dev/null +++ b/de/resources/middleware/vhost.md @@ -0,0 +1,8 @@ +--- +layout: middleware +title: Express vhost middleware +menu: resources +lang: de +redirect_from: " " +module: vhost +--- diff --git a/de/resources/utils.md b/de/resources/utils.md new file mode 100644 index 0000000000..02f14abb88 --- /dev/null +++ b/de/resources/utils.md @@ -0,0 +1,26 @@ +--- +layout: page +title: Express utilities +description: Discover utility modules related to Express.js and Node.js, including tools for cookies, CSRF protection, URL parsing, routing, and more to enhance your applications. +menu: resources +lang: de +redirect_from: " " +--- + +## Express utility functions + +The [pillarjs](https://github.com/pillarjs) GitHub organization contains a number of modules +for utility functions that may be generally useful. + +| Utility modules | Beschreibung | +| -------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| [cookies](https://www.npmjs.com/package/cookies) | Get and set HTTP(S) cookies that can be signed to prevent tampering, using Keygrip. Can be used with the Node.js HTTP library or as Express middleware. | +| [csrf](https://www.npmjs.com/package/csrf) | Contains the logic behind CSRF token creation and verification. Use this module to create custom CSRF middleware. | +| [finalhandler](https://www.npmjs.com/package/finalhandler) | Function to invoke as the final step to respond to HTTP request. | +| [parseurl](https://www.npmjs.com/package/parseurl) | Parse a URL with caching. | +| [path-to-regexp](https://www.npmjs.com/package/path-to-regexp) | Turn an Express-style path string such as \`\`/user/:name\` into a regular expression. | +| [resolve-path](https://www.npmjs.com/package/resolve-path) | Resolves a relative path against a root path with validation. | +| [router](https://www.npmjs.com/package/router) | Simple middleware-style router. | +| [send](https://www.npmjs.com/package/send) | Library for streaming files as a HTTP response, with support for partial responses (ranges), conditional-GET negotiation, and granular events. | + +For additional low-level HTTP-related modules, see [jshttp](http://jshttp.github.io/). diff --git a/de/starter/basic-routing.md b/de/starter/basic-routing.md old mode 100755 new mode 100644 index b50d355504..c61da3dbc3 --- a/de/starter/basic-routing.md +++ b/de/starter/basic-routing.md @@ -4,20 +4,22 @@ title: Basisrouting in Express description: Learn the fundamentals of routing in Express.js applications, including how to define routes, handle HTTP methods, and create route handlers for your web server. menu: starter lang: de +redirect_from: " " --- # Basisrouting -Per *Routing* wird bestimmt, wie eine Antwort auf eine Clientanforderung an einem bestimmten Endpunkt antwortet. Dies ist eine URI (oder ein Pfad) und eine bestimmte HTTP-Anforderungsmethode (GET, POST usw.). +Per _Routing_ wird bestimmt, wie eine Antwort auf eine Clientanforderung an einem bestimmten Endpunkt antwortet. Dies ist eine URI (oder ein Pfad) und eine bestimmte HTTP-Anforderungsmethode (GET, POST usw.). Jede Weiterleitung (Route) kann eine oder mehrere Handlerfunktionen haben, die ausgeführt werden, wenn die Weiterleitung abgeglichen wird. Weiterleitungsdefinitionen haben die folgende Struktur: + ```js app.METHOD(PATH, HANDLER) ``` -Bedeutung: +Where: - `app` ist eine Instanz von `express`. - `METHOD` ist eine [HTTP-Anforderungsmethode](http://en.wikipedia.org/wiki/Hypertext_Transfer_Protocol). @@ -63,3 +65,5 @@ app.delete('/user', (req, res) => { ``` Details zum Thema Routing finden Sie in der entsprechenden [Routinganleitung](/{{ page.lang }}/guide/routing.html). + +### [Previous: Express application generator ](/{{ page.lang }}/starter/generator.html) [Next: Serving static files in Express ](/{{ page.lang }}/starter/static-files.html) \ No newline at end of file diff --git a/de/starter/examples.md b/de/starter/examples.md new file mode 100644 index 0000000000..659c801018 --- /dev/null +++ b/de/starter/examples.md @@ -0,0 +1,22 @@ +--- +layout: page +title: Express examples +description: Explore a collection of Express.js application examples covering various use cases, integrations, and advanced configurations to help you learn and build your projects. +menu: starter +lang: de +redirect_from: " " +--- + +{% capture examples %}{% include readmes/express-master/examples.md %}{% endcapture %} +{{ examples | replace: "](.", "](https://github.com/expressjs/express/tree/master/examples" }} + +## Additional examples + +These are some additional examples with more extensive integrations. + +{% include community-caveat.html %} + +- [prisma-fullstack](https://github.com/prisma/prisma-examples/tree/latest/pulse/fullstack-simple-chat) - Fullstack app with Express and Next.js using [Prisma](https://www.npmjs.com/package/prisma) as an ORM +- [prisma-rest-api-ts](https://github.com/prisma/prisma-examples/tree/latest/orm/express) - REST API with Express in TypeScript using [Prisma](https://www.npmjs.com/package/prisma) as an ORM + +### [Previous: Static Files ](/{{ page.lang }}/starter/static-files.html) [Next: FAQ ](/{{ page.lang }}/starter/faq.html) diff --git a/de/starter/faq.md b/de/starter/faq.md old mode 100755 new mode 100644 index 9cbd67ba54..63260dd76b --- a/de/starter/faq.md +++ b/de/starter/faq.md @@ -4,6 +4,7 @@ title: Häufig gestellte Fragen zu Express description: Find answers to frequently asked questions about Express.js, including topics on application structure, models, authentication, template engines, error handling, and more. menu: starter lang: de +redirect_from: " " --- # Häufig gestellte Fragen @@ -14,14 +15,13 @@ Auf diese Frage gibt es keine verbindliche Antwort. Die Antwort hängt vom Umfan Weiterleitungen und andere anwendungsspezifische Logik können in einer beliebigen Anzahl von Dateien und in jeder von Ihnen bevorzugten Verzeichnisstruktur vorkommen. Die folgenden Beispiele sollen als Entscheidungshilfe dienen: - -* [Weiterleitungslisten](https://github.com/expressjs/express/blob/4.13.1/examples/route-separation/index.js#L32-47) -* [Weiterleitungszuordnung](https://github.com/expressjs/express/blob/4.13.1/examples/route-map/index.js#L52-L66) -* [Controller im MVC-Stil](https://github.com/expressjs/express/tree/master/examples/mvc) +- [Weiterleitungslisten](https://github.com/expressjs/express/blob/4.13.1/examples/route-separation/index.js#L32-47) +- [Weiterleitungszuordnung](https://github.com/expressjs/express/blob/4.13.1/examples/route-map/index.js#L52-L66) +- [Controller im MVC-Stil](https://github.com/expressjs/express/tree/master/examples/mvc) Darüber hinaus gibt es Erweiterungen anderer Anbieter für Express, die zur Vereinfachung einiger dieser Muster beitragen: -* [Weiterleitung mit "express-resource"](https://github.com/expressjs/express-resource) +- [Weiterleitung mit "express-resource"](https://github.com/expressjs/express-resource) ## Wie definiere ich Modelle? @@ -31,12 +31,15 @@ Express hat keine Vorstellungen von einer Datenbank. Dieses Konzept bleibt Node- ## Wie kann ich Benutzer authentifizieren? -Die Authentifizierung ist ein weiterer meinungsstarker Bereich, in den Express nicht eingreift. Sie können ein Authentifizierungsschema nach Ihren Vorstellungen verwenden. Ein einfaches Benutzername/Kennwort-Schema können Sie in [diesem Beispiel](https://github.com/expressjs/express/tree/master/examples/auth) sehen. - +Die Authentifizierung ist ein weiterer meinungsstarker Bereich, in den Express nicht eingreift. Sie können ein Authentifizierungsschema nach Ihren Vorstellungen verwenden. +Ein einfaches Benutzername/Kennwort-Schema können Sie in [diesem Beispiel](https://github.com/expressjs/express/tree/master/examples/auth) sehen. ## Welche Template-Engines unterstützt Express? -Express unterstützt jede Template-Engine, die der `(path, locals, callback)`-Signatur entspricht. Informationen zur Normalisierung von Template-Engine-Schnittstellen und -Caching siehe das Projekt [consolidate.js](https://github.com/visionmedia/consolidate.js). Nicht aufgelistete Template-Engines können trotzdem die Express-Signatur unterstützen. +Express unterstützt jede Template-Engine, die der `(path, locals, callback)`-Signatur entspricht. +Informationen zur Normalisierung von Template-Engine-Schnittstellen und -Caching siehe das Projekt [consolidate.js](https://github.com/visionmedia/consolidate.js). Nicht aufgelistete Template-Engines können trotzdem die Express-Signatur unterstützen. + +For more information, see [Using template engines with Express](/{{page.lang}}/guide/using-template-engines.html). ## Wie handhabe ich 404-Antworten? @@ -44,10 +47,13 @@ In Express sind 404-Antworten nicht das Ergebnis eines Fehlers, sodass diese Ant ```js app.use((req, res, next) => { - res.status(404).send('Sorry cant find that!') + res.status(404).send("Sorry can't find that!") }) ``` +Add routes dynamically at runtime on an instance of `express.Router()` +so the routes are not superseded by a middleware function. + ## Wie richte ich eine Fehlerbehandlungsroutine ein? Middleware für die Fehlerbehandlung wird in derselben Weise definiert wie andere Middleware; außer dass sie vier anstatt drei Argumente aufweist. Dies gilt speziell bei der Signatur `(err, req, res, next)`: @@ -63,4 +69,13 @@ Weitere Informationen siehe [Fehlerbehandlung](/{{ page.lang }}/guide/error-hand ## Wie gebe ich normales HTML-Format aus? -Das ist nicht Ihre Aufgabe! Sie müssen kein HTML-Format mit der Funktion `res.render()` ausgeben. Verwenden Sie die Funktion `res.sendFile()`, wenn Sie es mit einer bestimmten Datei zu tun haben. Wenn Sie viele Assets aus einem Verzeichnis bedienen müssen, verwenden Sie die Middlewarefunktion `express.static()`. +Das ist nicht Ihre Aufgabe! Sie müssen kein HTML-Format mit der Funktion `res.render()` ausgeben. +Verwenden Sie die Funktion `res.sendFile()`, wenn Sie es mit einer bestimmten Datei zu tun haben. +Wenn Sie viele Assets aus einem Verzeichnis bedienen müssen, verwenden Sie die Middlewarefunktion `express.static()`. + +## What version of Node.js does Express require? + +- [Express 4.x](/{{ page.lang }}/4x/api.html) requires Node.js 0.10 or higher. +- [Express 5.x](/{{ page.lang }}/5x/api.html) requires Node.js 18 or higher. + +### [Previous: More examples ](/{{ page.lang }}/starter/examples.html) diff --git a/de/starter/generator.md b/de/starter/generator.md old mode 100755 new mode 100644 index ddc9e004c5..c4b332395f --- a/de/starter/generator.md +++ b/de/starter/generator.md @@ -4,16 +4,24 @@ title: Express-Anwendungsgenerator description: Learn how to use the Express application generator tool to quickly create a skeleton for your Express.js applications, streamlining setup and configuration. menu: starter lang: de +redirect_from: " " --- # Express-Anwendungsgenerator Mit dem Application Generator Tool `express` können Sie innerhalb kürzester Zeit ein Anwendungsgerüst erstellen. -Installieren Sie `express` mit dem folgenden Befehl: +You can run the application generator with the `npx` command (available in Node.js 8.2.0). ```bash -$ npm install express-generator -g +$ npx express-generator +``` + +For earlier Node versions, install the application generator as a global npm package and then launch it: + +```bash +$ npm install -g express-generator +$ express ``` Zeigen Sie die Befehlsoptionen mit der Option `-h` an: @@ -21,7 +29,7 @@ Zeigen Sie die Befehlsoptionen mit der Option `-h` an: ```bash $ express -h - Usage: express [options][dir] + Usage: express [options] [dir] Options: @@ -32,13 +40,13 @@ $ express -h --pug add pug engine support -H, --hogan add hogan.js engine support --no-view generate without view engine - -v, --view <engine> add view <engine> support (ejs|hbs|hjs|jade|pug|twig|vash) (defaults to jade) - -c, --css <engine> add stylesheet <engine> support (less|stylus|compass|sass) (defaults to plain css) + -v, --viewadd view support (ejs|hbs|hjs|jade|pug|twig|vash) (defaults to jade) + -c, --css add stylesheet support (less|stylus|compass|sass) (defaults to plain css) --git add .gitignore -f, --force force on non-empty directory ``` -Im folgenden Beispiel wird eine Express-Anwendung mit dem Namen _myapp_ im aktuellen Arbeitsverzeichnis erstellt: +Im folgenden Beispiel wird eine Express-Anwendung mit dem Namen _myapp_ im aktuellen Arbeitsverzeichnis erstellt: The app will be created in a folder named _myapp_ in the current working directory and the view engine will be set to Pug: ```bash $ express --view=pug myapp @@ -69,18 +77,24 @@ $ cd myapp $ npm install ``` -Führen Sie unter MacOS oder Linux die Anwendung mit diesem Befehl aus: +Verwenden Sie unter Windows diesen Befehl: ```bash $ DEBUG=myapp:* npm start ``` -Verwenden Sie unter Windows diesen Befehl: +Führen Sie unter MacOS oder Linux die Anwendung mit diesem Befehl aus: ```bash > set DEBUG=myapp:* & npm start ``` +On Windows PowerShell, use this command: + +```bash +PS> $env:DEBUG='myapp:*'; npm start +``` + Laden Sie dann `http://localhost:3000/` in Ihren Browser, um auf die Anwendung zuzugreifen. Die erstellte Anwendung hat die folgende Verzeichnisstruktur: @@ -110,3 +124,5 @@ Die erstellte Anwendung hat die folgende Verzeichnisstruktur: Die vom Generator erstellte Anwendungsstruktur ist nur eine der vielen Möglichkeiten, Express-Anwendungen zu strukturieren. Sie können diese Struktur verwenden oder sie an Ihre Anforderungen anpassen.+ +### [Previous: Hello World ](/{{ page.lang }}/starter/hello-world.html) [Next: Basic routing](/{{ page.lang }}/starter/basic-routing.html) diff --git a/de/starter/hello-world.md b/de/starter/hello-world.md old mode 100755 new mode 100644 index cfeff70e13..f2b85513cb --- a/de/starter/hello-world.md +++ b/de/starter/hello-world.md @@ -4,6 +4,7 @@ title: Beispiel "Hello World" in Express description: Get started with Express.js by building a simple 'Hello World' application, demonstrating the basic setup and server creation for beginners. menu: starter lang: de +redirect_from: " " --- # Beispiel "Hello World" @@ -12,10 +13,6 @@ lang: de Dies ist wohl die einfachste Express-Anwendung, die Sie erstellen können. Es handelt sich um eine Anwendung mit nur einer Datei und — *nicht* das, was Sie mit dem [Express Generator](/{{ page.lang }}/starter/generator.html) erhalten würden. Mit dem Generator würde das Gerüst für eine vollständige Anwendung mit zahlreichen JavaScript-Dateien, Jade-Vorlagen und Unterverzeichnissen für verschiedene Zwecke erstellt werden.-`req` (Anforderung) und `res` (Antwort) sind genau dieselben Objekte, die Node bereitstellt. Sie können also `req.pipe()`, `req.on('data', callback)` und alle anderen Tasks, die Sie ausführen wollen, ohne Express ausführen. -+### Running Locally + +Erstellen Sie zunächst ein Verzeichnis namens `myapp`, wechseln Sie in das Verzeichnis und führen Sie `npm init` aus. Installieren Sie dann `express` als Abhängigkeit, wie im [Installationshandbuch](/{{ page.lang }}/starter/installing.html) beschrieben. + +Erstellen Sie im Verzeichnis `myapp` eine Datei namens `app.js` und fügen Sie den folgenden Code hinzu: + +`req` (Anforderung) und `res` (Antwort) sind genau dieselben Objekte, die Node bereitstellt. Sie können also `req.pipe()`, `req.on('data', callback)` und alle anderen Tasks, die Sie ausführen wollen, ohne Express ausführen.Führen Sie die Anwendung mit dem folgenden Befehl aus: @@ -44,3 +45,4 @@ $ node app.js Laden Sie dann [http://localhost:3000/](http://localhost:3000/) in einen Browser, um die Ausgabe zu sehen. +### [Previous: Installing ](/{{ page.lang }}/starter/installing.html) [Next: Express Generator ](/{{ page.lang }}/starter/generator.html) diff --git a/de/starter/installing.md b/de/starter/installing.md old mode 100755 new mode 100644 index c2356700c2..b6bd8407f6 --- a/de/starter/installing.md +++ b/de/starter/installing.md @@ -4,26 +4,32 @@ title: Express installieren description: Learn how to install Express.js in your Node.js environment, including setting up your project directory and managing dependencies with npm. menu: starter lang: de +redirect_from: " " --- # Installation Angenommen, Sie haben [Node.js](https://nodejs.org/) bereits installiert. Erstellen Sie ein Verzeichnis für Ihre Anwendung und definieren Sie dieses Verzeichnis als Ihr Arbeitsverzeichnis. +- [Express 4.x](/{{ page.lang }}/4x/api.html) requires Node.js 0.10 or higher. +- [Express 5.x](/{{ page.lang }}/5x/api.html) requires Node.js 18 or higher. + ```bash $ mkdir myapp $ cd myapp ``` -Erstellen Sie mit dem Befehl `npm init` eine Datei namens `package.json` für Ihre Anwendung. Weitere Informationen zur Funktionsweise von `package.json` finden Sie in den [Angaben zur Handhabung der npm-Datei package.json](https://docs.npmjs.com/files/package.json). +Erstellen Sie mit dem Befehl `npm init` eine Datei namens `package.json` für Ihre Anwendung. +Weitere Informationen zur Funktionsweise von `package.json` finden Sie in den [Angaben zur Handhabung der npm-Datei package.json](https://docs.npmjs.com/files/package.json). ```bash $ npm init ``` -Dieser Befehl fordert Sie zur Eingabe verschiedener Angaben wie Name und Version Ihrer Anwendung auf. Für den Moment reicht es, die Eingabetaste zu drücken und die Standardwerte für die meisten Angaben zu akzeptieren. Es gilt jedoch folgende Ausnahme: +Dieser Befehl fordert Sie zur Eingabe verschiedener Angaben wie Name und Version Ihrer Anwendung auf. +For now, you can simply hit RETURN to accept the defaults for most of them, with the following exception: -```bash +``` entry point: (index.js) ``` @@ -32,15 +38,17 @@ Geben Sie `app.js` oder einen Namen Ihrer Vorstellung als Namen für die Hauptda Installieren Sie jetzt Express im Verzeichnis `myapp` und speichern Sie es in der Abhängigkeitsliste. Beispiel: ```bash -$ npm install express --save +$ npm install express ``` Wenn Sie Express vorübergehend installieren und nicht zur Abhängigkeitsliste hinzufügen wollen, geben Sie die Option `--save` nicht an: ```bash -$ npm install express +$ npm install express --no-save ```Node-Module, die mit der Option `--save` installiert werden, werden zur `Abhängigkeitsliste` in der Datei `package.json` hinzugefügt. Danach werden bei der Ausführung von `npm install` im Verzeichnis `app` automatisch alle Module in der Abhängigkeitsliste installiert.+ +### [Next: Hello World ](/{{ page.lang }}/starter/hello-world.html) \ No newline at end of file diff --git a/de/starter/static-files.md b/de/starter/static-files.md old mode 100755 new mode 100644 index c9c674bf32..cfc96142f2 --- a/de/starter/static-files.md +++ b/de/starter/static-files.md @@ -4,13 +4,23 @@ title: Statische Dateien in Express bereitstellen description: Understand how to serve static files like images, CSS, and JavaScript in Express.js applications using the built-in 'static' middleware. menu: starter lang: de +redirect_from: " " --- # Statische Dateien in Express bereitstellen Wenn Sie statische Dateien wie Bilder, CSS-Dateien und JavaScript-Dateien bereitstellen wollen, verwenden Sie die in Express integrierte Middlewarefunktion `express.static`. -Übergeben Sie den Namen des Verzeichnisses mit den statischen Assets an die Middlewarefunktion `express.static`, um direkt mit dem Bereitstellen der Dateien zu beginnen. Beispiel: Verwenden Sie den folgenden Code, um Bilder, CSS-Dateien und JavaScript-Dateien in einem Verzeichnis namens `public` bereitzustellen: +The function signature is: + +```js +express.static(root, [options]) +``` + +The `root` argument specifies the root directory from which to serve static assets. +For more information on the `options` argument, see [express.static](/{{page.lang}}/4x/api.html#express.static). + +Beispiel: Verwenden Sie den folgenden Code, um Bilder, CSS-Dateien und JavaScript-Dateien in einem Verzeichnis namens `public` bereitzustellen: ```js app.use(express.static('public')) @@ -26,8 +36,7 @@ http://localhost:3000/images/bg.png http://localhost:3000/hello.html ``` --Express sucht nach den Dateien, die sich auf das Verzeichnis mit den statischen Assets beziehen. Der Name dieses Verzeichnisses ist also nicht Teil der URL.+Express sucht nach den Dateien, die sich auf das Verzeichnis mit den statischen Assets beziehen. Der Name dieses Verzeichnisses ist also nicht Teil der URL.Wenn Sie mehrere Verzeichnisse mit statischen Assets verwenden wollen, rufen Sie die Middlewarefunktion `express.static` mehrmals auf: @@ -38,6 +47,11 @@ app.use(express.static('files')) Express sucht in der Reihenfolge nach den Dateien, in der sie die Verzeichnisse mit den statischen Assets über die Middlewarefunktion `express.static` festgelegt haben. +{% capture alert_content %} +For best results, [use a reverse proxy](/{{page.lang}}/advanced/best-practice-performance.html#use-a-reverse-proxy) cache to improve performance of serving static assets. +{% endcapture %} +{% include admonitions/note.html content=alert_content %} + Wenn Sie ein Präfix für einen virtuellen Pfad (in dem der Pfad nicht wirklich im Dateisystem existiert) für Dateien festlegen wollen, die über die Funktion `express.static` bereitgestellt werden, [müssen Sie einen Mountpfad](/{{ page.lang }}/4x/api.html#app.use) für das Verzeichnis mit den statischen Assets wie unten gezeigt angeben: ```js @@ -60,3 +74,7 @@ Der Pfad, den Sie für die Funktion `express.static` angeben, ist jedoch relativ const path = require('path') app.use('/static', express.static(path.join(__dirname, 'public'))) ``` + +For more details about the `serve-static` function and its options, see [serve-static](/resources/middleware/serve-static.html). + +### [Previous: Basic Routing ](/{{ page.lang }}/starter/basic-routing.html) [Next: More examples ](/{{ page.lang }}/starter/examples.html) diff --git a/de/support/index.md b/de/support/index.md index 1f1c15b326..3b8f83c223 100644 --- a/de/support/index.md +++ b/de/support/index.md @@ -1,6 +1,7 @@ --- layout: page title: Version Support +description: Find information about the support schedule for different Express.js versions, including which versions are currently maintained and end-of-life policies. menu: support lang: de --- @@ -11,17 +12,17 @@ Only the latest version of any given major release line is supported. Versions that are EOL (end-of-life) _may_ receive updates for critical security vulnerabilities, but the Express team offers no guarantee and does not plan to address or release fixes for any issues found. -| Major Version | Minimum Node.js Version | Support Start Date | Support End Date | -| -- | -- | -- | -- | -| [**v5.x**{: .supported }](/{{page.lang}}/5x/api.html){: .ignore-underline} | 18 | September 2024 | **ongoing**{: .supported } | -| [**v4.x**{: .supported }](/{{page.lang}}/4x/api.html){: .ignore-underline} | 0.10.0 | April 2014 | **ongoing**{: .supported } | -| [**v3.x**{: .eol }](/{{page.lang}}/3x/api.html){: .ignore-underline} | 0.8.0 | October 2012 | July 2015 | -| [**v2.x**{: .eol }](/2x/){: .ignore-underline} | 0.4.1 | March 2011 | July 2012 | -| **v1.x**{: .eol } | 0.2.0 | December 2010 | March 2011 | -| **v0.14.x**{: .eol } | 0.1.98 | December 2010 | December 2010 | +| Major Version | Minimum Node.js Version | Support Start Date | Support End Date | +| ---------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------- | ------------------ | ---------------------------------------------------------- | +| [**v5.x**{: .supported }](/{{page.lang}}/5x/api.html){: .ignore-underline} | 18 | September 2024 | **ongoing**{: .supported } | +| [**v4.x**{: .supported }](/{{page.lang}}/4x/api.html){: .ignore-underline} | 0.10.0 | April 2014 | **ongoing**{: .supported } | +| [**v3.x**{: .eol }](/{{page.lang}}/3x/api.html){: .ignore-underline} | 0.8.0 | October 2012 | July 2015 | +| [**v2.x**{: .eol }](/2x/){: .ignore-underline} | 0.4.1 | March 2011 | July 2012 | +| **v1.x**{: .eol } | 0.2.0 | December 2010 | March 2011 | +| **v0.14.x**{: .eol } | 0.1.98 | December 2010 | December 2010 | ## Commercial Support Options If you are unable to update to a supported version of Express, please contact one of our partners to receive security updates: - - [HeroDevs Never-Ending Support](http://www.herodevs.com/support/express-nes?utm_source=expressjs&utm_medium=link&utm_campaign=express_eol_page) +- [HeroDevs Never-Ending Support](http://www.herodevs.com/support/express-nes?utm_source=expressjs&utm_medium=link&utm_campaign=express_eol_page) diff --git a/es/3x/api.md b/es/3x/api.md old mode 100755 new mode 100644 index 2f66699741..4a4087260f --- a/es/3x/api.md +++ b/es/3x/api.md @@ -2,34 +2,25 @@ layout: api version: 3x title: Express 3.x - Referencia de API -lang: es -description: Access the API reference for Express.js version 3.x, noting that this - version is end-of-life and no longer maintained - includes details on modules and - methods. +description: Access the API reference for Express.js version 3.x, noting that this version is end-of-life and no longer maintained - includes details on modules and methods. +lang: en +redirect_from: " " --- +- - {% include api/en/3x/res.md %} +**Express 3.x YA NO SE MANTIENE** - Los problemas de rendimiento y seguridad conocidos y desconocidos en 3.x no se han solucionado desde la última actualización (1 de agosto de 2015). Se recomienda especialmente utilizar la última versión de Express. -- -API de 3.x
+Los problemas de rendimiento y seguridad conocidos y desconocidos en 3.x no se han solucionado desde la última actualización (1 de agosto de 2015). Se recomienda especialmente utilizar la última versión de Express. - - {% include api/en/3x/express.md %} +If you are unable to upgrade past 3.x, please consider [Commercial Support Options](/{{ page.lang }}/support#commercial-support-options). - - {% include api/en/3x/app.md %} - - - {% include api/en/3x/req.md %} +API de 3.x
- - {% include api/en/3x/middleware.md %} + +{% include api/en/3x/app.md %}diff --git a/es/5x/api.md b/es/5x/api.md index 2b4353924c..bcf7dc62cd 100644 --- a/es/5x/api.md +++ b/es/5x/api.md @@ -2,18 +2,24 @@ layout: api version: 5x title: Express 5.x - Referencia de API -lang: es -description: Access the API reference for Express.js 5.x, detailing all modules, methods, - and properties for building web applications with this latest version. +description: Access the API reference for Express.js 5.x, detailing all modules, methods, and properties for building web applications with this latest version. +lang: en +redirect_from: " " ---API de 4.x
- - {% include api/en/4x/express.md %} +{% capture node-version %} - - {% include api/en/4x/app.md %} +``` +Express 4.0 requires Node.js 0.10 or higher. +``` - - {% include api/en/4x/req.md %} +{% endcapture %} - - {% include api/en/4x/res.md %} +{% include admonitions/note.html content=node-version %} - - {% include api/en/4x/router.md %} + +{% include api/en/4x/app.md %}5.x API
-{% include admonitions/caution.html content="This is early beta documentation that may be incomplete and is still under development." %} +{% capture node-version %} -{% include admonitions/note.html content="Express 5.0 requires Node.js 18 or higher." %} +``` +Express 5.0 requires Node.js 18 or higher. +``` + +{% endcapture %} + +{% include admonitions/note.html content=node-version %} {% include api/en/5x/express.md %} {% include api/en/5x/app.md %} diff --git a/es/advanced/best-practice-performance.md b/es/advanced/best-practice-performance.md old mode 100755 new mode 100644 index cfeba1a566..227feddb69 --- a/es/advanced/best-practice-performance.md +++ b/es/advanced/best-practice-performance.md @@ -1,53 +1,49 @@ --- layout: page title: Mejores prácticas de rendimiento cuando se utiliza Express en producción +description: Discover performance and reliability best practices for Express apps in production, covering code optimizations and environment setups for optimal performance. menu: advanced -lang: es -description: Discover performance and reliability best practices for Express apps - in production, covering code optimizations and environment setups for optimal performance. +lang: en +redirect_from: " " --- -# Mejores prácticas de producción: rendimiento y fiabilidad - -## Visión general +# Production best practices: performance and reliability En este artículo se describen las mejores prácticas de rendimiento y fiabilidad para las aplicaciones Express desplegadas en producción. Este tema entra claramente dentro del área de "DevOps", que abarca operaciones y desarrollos tradicionales. Por lo tanto, la información se divide en dos partes: -- Cosas que hacer en el código (la parte de desarrollo): - - [Utilizar la compresión de gzip](#utilizar-la-compresión-de-gzip) - - [No utilizar funciones síncronas](#no-utilizar-funciones-síncronas) - - [Realizar un registro correcto](#realizar-un-registro-correcto) - - [Manejar las excepciones correctamente](#manejar-las-excepciones-correctamente) -- Cosas que hacer en el entorno / configuración (la parte de operaciones): - - - [Establecer NODE_ENV en "production"](#establecer-node_env-en-production) - - [Asegurarse de que la aplicación se reinicia automáticamente](#asegurarse-de-que-la-aplicación-se-reinicia-automáticamente) - - [Ejecutar la aplicación en un clúster](#ejecutar-la-aplicación-en-un-clúster) - - [Almacenar en la caché los resultados de la solicitud](#almacenar-en-la-caché-los-resultados-de-la-solicitud) - - [Utilizar un equilibrador de carga](#utilizar-un-equilibrador-de-carga) - - [Utilizar un proxy inverso](#utilizar-un-proxy-inverso) - - +- Cosas que hacer en el código (la parte de desarrollo): + - [Utilizar la compresión de gzip](#utilizar-la-compresión-de-gzip) + - [No utilizar funciones síncronas](#no-utilizar-funciones-síncronas) + - [Realizar un registro correcto](#realizar-un-registro-correcto) + - [Manejar las excepciones correctamente](#manejar-las-excepciones-correctamente) +- Cosas que hacer en el entorno / configuración (la parte de operaciones): + - [Establecer NODE_ENV en "production"](#establecer-node_env-en-production) + - [Asegurarse de que la aplicación se reinicia automáticamente](#asegurarse-de-que-la-aplicación-se-reinicia-automáticamente) + - [Ejecutar la aplicación en un clúster](#ejecutar-la-aplicación-en-un-clúster) + - [Almacenar en la caché los resultados de la solicitud](#almacenar-en-la-caché-los-resultados-de-la-solicitud) + - [Utilizar un equilibrador de carga](#utilizar-un-equilibrador-de-carga) + - [Utilizar un proxy inverso](#utilizar-un-proxy-inverso) ## Cosas que hacer en el código Estas son algunas de las cosas que puede hacer en el código para mejorar el rendimiento de la aplicación: -- [Utilizar la compresión de gzip](#utilizar-la-compresión-de-gzip) -- [No utilizar funciones síncronas](#no-utilizar-funciones-síncronas) -- [Realizar un registro correcto](#realizar-un-registro-correcto) -- [Manejar las excepciones correctamente](#manejar-las-excepciones-correctamente) +- [Utilizar la compresión de gzip](#utilizar-la-compresión-de-gzip) +- [No utilizar funciones síncronas](#no-utilizar-funciones-síncronas) +- [Realizar un registro correcto](#realizar-un-registro-correcto) +- [Manejar las excepciones correctamente](#manejar-las-excepciones-correctamente) ### Utilizar la compresión de gzip -La compresión de gzip puede disminuir significativamente el tamaño del cuerpo de respuesta y, por lo tanto, aumentar la velocidad de una aplicación web. Utilice el middleware de [compresión](https://www.npmjs.com/package/compression) para la compresión de gzip en la aplicación Express. Por ejemplo: +La compresión de gzip puede disminuir significativamente el tamaño del cuerpo de respuesta y, por lo tanto, aumentar la velocidad de una aplicación web. Utilice el middleware de [compresión](https://www.npmjs.com/package/compression) para la compresión de gzip en la aplicación Express. For example: ```js const compression = require('compression') const express = require('express') const app = express() + app.use(compression()) ``` @@ -59,21 +55,19 @@ Las funciones síncronas y los métodos impiden el avance del proceso de ejecuci Aunque Node y muchos módulos proporcionan versiones síncronas y asíncronas de las funciones, utilice siempre la versión asíncrona en producción. La única vez que está justificado utilizar una función síncrona es en el arranque inicial. -Si utiliza Node.js 4.0+ o io.js 2.1.0+, puede utilizar el distintivo de línea de mandatos `--trace-sync-io` para imprimir un aviso y un seguimiento de la pila siempre que la aplicación utilice una API síncrona. Desde luego, no deseará utilizarlo en producción, sólo para garantizar que el código está listo para producción. Consulte [Weekly update for io.js 2.1.0](https://nodejs.org/en/blog/weekly-updates/weekly-update.2015-05-22/#2-1-0) para obtener más información. +You can use the `--trace-sync-io` command-line flag to print a warning and a stack trace whenever your application uses a synchronous API. Desde luego, no deseará utilizarlo en producción, sólo para garantizar que el código está listo para producción. Consulte [Weekly update for io.js 2.1.0](https://nodejs.org/en/blog/weekly-updates/weekly-update.2015-05-22/#2-1-0) para obtener más información. ### Realizar un registro correcto -En general, hay dos motivos para realizar un registro desde la aplicación: a efectos de depuración o para registrar la actividad de la aplicación (básicamente, todo lo demás). El uso de `console.log()` o `console.err()` para imprimir mensajes de registro en el terminal es una práctica común en el desarrollo. No obstante, [estas funciones son síncronas](https://nodejs.org/api/console.html#console_console_1) cuando el destino es un terminal o un archivo, por lo que no son adecuadas para producción, a menos que canalice la salida a otro programa. +En general, hay dos motivos para realizar un registro desde la aplicación: a efectos de depuración o para registrar la actividad de la aplicación (básicamente, todo lo demás). El uso de `console.log()` o `console.err()` para imprimir mensajes de registro en el terminal es una práctica común en el desarrollo. But [these functions are synchronous](https://nodejs.org/api/console.html#console) when the destination is a terminal or a file, so they are not suitable for production, unless you pipe the output to another program. -#### A efectos de depuración +#### For debugging Si realiza el registro a efectos de depuración, en lugar de utilizar `console.log()`, utilice un módulo de depuración especial como [debug](https://www.npmjs.com/package/debug). Este módulo permite utilizar la variable de entorno DEBUG para controlar qué mensajes de depuración se envían a `console.err()`, si se envía alguno. Para mantener la aplicación básicamente asíncrona, deberá canalizar `console.err()` a otro programa. Pero en este caso, realmente no va a depurar en producción, ¿no? #### Para la actividad de la aplicación -Si está registrando la actividad de la aplicación (por ejemplo, realizando un seguimiento del tráfico o las llamadas de API), en lugar de utilizar `console.log()`, utilice una biblioteca de registro como [Winston](https://www.npmjs.com/package/winston) o [Bunyan](https://www.npmjs.com/package/bunyan). Para ver una comparación detallada de estas dos bibliotecas, consulte el post del blog StrongLoop [Comparing Winston and Bunyan Node.js Logging](https://web.archive.org/web/20240000000000/https://strongloop.com/strongblog/compare-node-js-logging-winston-bunyan/). - - +If you're logging app activity (for example, tracking traffic or API calls), instead of using `console.log()`, use a logging library like [Pino](https://www.npmjs.com/package/pino), which is the fastest and most efficient option available. ### Manejar las excepciones correctamente @@ -81,32 +75,19 @@ Las aplicaciones Node se bloquean cuando encuentran una excepción no capturada. Para asegurarse de manejar todas las excepciones, siga estas técnicas: -- [Utilizar try-catch](#try-catch) -- [Utilizar promesas](#utilizar-promesas) +- [Utilizar try-catch](#try-catch) +- [Utilizar promesas](#utilizar-promesas) Antes de profundizar en estos temas, deberá tener unos conocimientos básicos del manejo de errores de Node/Express: el uso de devoluciones de llamada error-first y la propagación de errores en el middleware. Node utiliza un convenio de "devolución de llamada error-first" para devolver los errores de las funciones asíncronas, donde el primer parámetro en la función de devolución de llamada es el objeto de error, seguido de los datos de resultados en los parámetros posteriores. Para indicar que no hay ningún error, pase null como el primer parámetro. La función de devolución de llamada debe seguir por lo tanto el convenio de devolución de llamada error-first para manejar correctamente el error. En Express, la práctica recomendada es utilizar la función next() para propagar los errores a través de la cadena de middleware. Para obtener más información sobre los aspectos básicos del manejo de errores, consulte: -- [Error Handling in Node.js](https://www.tritondatacenter.com/node-js/production/design/errors) -- [Building Robust Node Applications: Error Handling](https://web.archive.org/web/20240000000000/https://strongloop.com/strongblog/robust-node-applications-error-handling/) (blog StrongLoop) - -#### Qué no debe hacer - -Algo que _no_ debe hacer es escuchar el suceso `uncaughtException`, que se emite cuando una excepción se reproduce hacia atrás en el bucle de sucesos. La adición de un escucha de sucesos para `uncaughtException` cambiará el comportamiento predeterminado del proceso que se encuentra con la excepción; el proceso continuará ejecutándose a pesar de la excepción. Esto puede parecer una buena forma de evitar el bloqueo de la aplicación, pero continuar ejecutando la aplicación después de una excepción no capturada es una práctica peligrosa y no se recomienda, ya que el estado del proceso se vuelve imprevisible y poco fiable. - -Asimismo, el uso de `uncaughtException` se reconoce oficialmente como un mecanismo [arduo](https://nodejs.org/api/process.html#process_event_uncaughtexception) y hay una [propuesta](https://github.com/nodejs/node-v0.x-archive/issues/2582) para eliminarlo del núcleo. Por lo tanto, la escucha `uncaughtException` no es una buena idea. Es por esto por lo que se recomiendan varios procesos y supervisores; el bloqueo y el reinicio es a menudo la forma más fiable de recuperarse de un error. - -Tampoco se recomienda el uso de [dominios](https://nodejs.org/api/domain.html). Generalmente no soluciona el problema y es un módulo en desuso. - - +- [Error Handling in Node.js](https://www.tritondatacenter.com/node-js/production/design/errors) #### Utilizar try-catch Try-catch es una construcción de lenguaje JavaScript que puede utilizar para capturar excepciones en código síncrono. Por ejemplo, utilice try-catch para manejar los errores de análisis de JSON, como se muestra a continuación. -Utilice una herramienta como [JSHint](http://jshint.com/) o [JSLint](http://www.jslint.com/) para buscar excepciones implícitas como [errores de referencia o variables sin definir](http://www.jshint.com/docs/options/#undef). - A continuación, se muestra un ejemplo de uso de try-catch para manejar una posible excepción de bloqueo de proceso. Esta función de middleware acepta un parámetro de campo de consulta denominado "params" que es un objeto JSON. @@ -127,100 +108,86 @@ app.get('/search', (req, res) => { No obstante, try-catch sólo funciona para el código síncrono. Como la plataforma de Node es principalmente asíncrona (particularmente en un entorno de producción), try-catch no capturará muchas excepciones. - +#### Use promises -#### Utilizar promesas - -Las promesas manejarán todas las excepciones (explícitas e implícitas) en los bloques de códigos asíncronos que utilicen `then()`. Sólo tiene que añadir `.catch(next)` al final de las cadenas de promesas. Por ejemplo: +When an error is thrown in an `async` function or a rejected promise is awaited inside an `async` function, those errors will be passed to the error handler as if calling `next(err)` ```js -app.get('/', (req, res, next) => { - // do some sync stuff - queryDb() - .then((data) => makeCsv(data)) // handle data - .then((csv) => { /* handle csv */ }) - .catch(next) +app.get('/', async (req, res, next) => { + const data = await userData() // If this promise fails, it will automatically call `next(err)` to handle the error. + + res.send(data) }) app.use((err, req, res, next) => { - // handle error + res.status(err.status ?? 500).send({ error: err.message }) }) ``` -Ahora todos los errores, asíncronos y síncronos, se propagarán al middleware de errores. - -No obstante, hay dos advertencias: - -1. Todo el código asíncrono debe devolver promesas (excepto los emisores). Si una determinada biblioteca no devuelve promesas, convierta el objeto base utilizando una función de ayuda como [Bluebird.promisifyAll()](http://bluebirdjs.com/docs/api/promise.promisifyall.html). -2. Los emisores de sucesos (como las secuencias) todavía pueden provocar excepciones no capturadas. Por lo tanto, asegúrese de que está manejando el suceso de error correctamente; por ejemplo: +Also, you can use asynchronous functions for your middleware, and the router will handle errors if the promise fails, for example: ```js -const wrap = fn => (...args) => fn(...args).catch(args[2]) +app.use(async (req, res, next) => { + req.locals.user = await getUser(req) -app.get('/', wrap(async (req, res, next) => { - const company = await getCompanyById(req.query.id) - const stream = getLogoStreamById(company.id) - stream.on('error', next).pipe(res) -})) + next() // This will be called if the promise does not throw an error. +}) ``` -La función `wrap()` es un envoltorio que toma las promesas rechazadas y llama a `next()` con el error como primer argumento. Para más detalles, vea [Asynchronous Error Handling in Express with Promises, Generators and ES7](https://web.archive.org/web/20240000000000/https://strongloop.com/strongblog/async-error-handling-expressjs-es7-promises-generators/). +Best practice is to handle errors as close to the site as possible. So while this is now handled in the router, it’s best to catch the error in the middleware and handle it without relying on separate error-handling middleware. -Para más información acerca del manejo de errores utilizando promesas, vea [Promises in Node.js with Q – An Alternative to Callbacks](https://web.archive.org/web/20240000000000/https://strongloop.com/strongblog/promises-in-node-js-with-q-an-alternative-to-callbacks/). +#### Qué no debe hacer -## Cosas que hacer en el entorno / configuración +Algo que _no_ debe hacer es escuchar el suceso `uncaughtException`, que se emite cuando una excepción se reproduce hacia atrás en el bucle de sucesos. La adición de un escucha de sucesos para `uncaughtException` cambiará el comportamiento predeterminado del proceso que se encuentra con la excepción; el proceso continuará ejecutándose a pesar de la excepción. Esto puede parecer una buena forma de evitar el bloqueo de la aplicación, pero continuar ejecutando la aplicación después de una excepción no capturada es una práctica peligrosa y no se recomienda, ya que el estado del proceso se vuelve imprevisible y poco fiable. -Estas son algunas de las cosas que puede hacer en el entorno del sistema para mejorar el rendimiento de la aplicación: +Asimismo, el uso de `uncaughtException` se reconoce oficialmente como un mecanismo [arduo](https://nodejs.org/api/process.html#process_event_uncaughtexception) y hay una [propuesta](https://github.com/nodejs/node-v0.x-archive/issues/2582) para eliminarlo del núcleo. Por lo tanto, la escucha `uncaughtException` no es una buena idea. Es por esto por lo que se recomiendan varios procesos y supervisores; el bloqueo y el reinicio es a menudo la forma más fiable de recuperarse de un error. -- [Establecer NODE_ENV en "production"](#establecer-node_env-en-production) -- [Asegurarse de que la aplicación se reinicia automáticamente](#asegurarse-de-que-la-aplicación-se-reinicia-automáticamente) -- [Ejecutar la aplicación en un clúster](#ejecutar-la-aplicación-en-un-clúster) -- [Almacenar en la caché los resultados de la solicitud](#almacenar-en-la-caché-los-resultados-de-la-solicitud) -- [Utilizar un equilibrador de carga](#utilizar-un-equilibrador-de-carga) -- [Utilizar un proxy inverso](#utilizar-un-proxy-inverso) +Tampoco se recomienda el uso de [dominios](https://nodejs.org/api/domain.html). Generalmente no soluciona el problema y es un módulo en desuso. -### Establecer NODE_ENV en "production" +## Things to do in your environment / setup -La variable de entorno NODE_ENV especifica el entorno en el que se ejecuta una aplicación (normalmente, desarrollo o producción). Una de las cosas más sencillas que puede hacer para mejorar el rendimiento es establecer NODE_ENV en "production". +{#in-environment} -Si establece NODE_ENV en "production", Express: +Estas son algunas de las cosas que puede hacer en el entorno del sistema para mejorar el rendimiento de la aplicación: -- Almacena en la caché las plantillas de vistas. -- Almacena en la caché los archivos CSS generados en las extensiones CSS. -- Genera menos mensajes de error detallados. +- [Establecer NODE_ENV en "production"](#establecer-node_env-en-production) +- [Asegurarse de que la aplicación se reinicia automáticamente](#asegurarse-de-que-la-aplicación-se-reinicia-automáticamente) +- [Ejecutar la aplicación en un clúster](#ejecutar-la-aplicación-en-un-clúster) +- [Almacenar en la caché los resultados de la solicitud](#almacenar-en-la-caché-los-resultados-de-la-solicitud) +- [Utilizar un equilibrador de carga](#utilizar-un-equilibrador-de-carga) +- [Utilizar un proxy inverso](#utilizar-un-proxy-inverso) -Las [pruebas indican](http://apmblog.dynatrace.com/2015/07/22/the-drastic-effects-of-omitting-node_env-in-your-express-js-applications/) que sólo esta acción puede mejorar hasta tres veces el rendimiento de la aplicación. +### Establecer NODE_ENV en "production" -Si necesita escribir código específico del entorno, puede comprobar el valor de NODE_ENV con `process.env.NODE_ENV`. Tenga en cuenta que comprobar el valor de una variable de entorno supone una reducción de rendimiento, por lo que debe hacerse moderadamente. +La variable de entorno NODE_ENV especifica el entorno en el que se ejecuta una aplicación (normalmente, desarrollo o producción). One of the simplest things you can do to improve performance is to set NODE_ENV to `production`. -En el desarrollo, normalmente establece las variables de entorno en el shell interactivo, por ejemplo, utilizando `export` o su archivo `.bash_profile`. Sin embargo, en general, no debe hacerlo en un servidor de producción; en su lugar, utilice el sistema init de su sistema operativo (systemd o Upstart). En la siguiente sección se proporcionan más detalles sobre el uso del sistema init en general, pero el establecimiento de NODE_ENV es tan importante (y fácil de hacer) para el rendimiento, que se resalta aquí. +Si establece NODE_ENV en "production", Express: -Con Upstart, utilice la palabra clave `env` en el archivo de trabajo. Por ejemplo: +- Almacena en la caché las plantillas de vistas. +- Almacena en la caché los archivos CSS generados en las extensiones CSS. +- Genera menos mensajes de error detallados. -```sh -# /etc/init/env.conf - env NODE_ENV=production -``` +[Tests indicate](https://www.dynatrace.com/news/blog/the-drastic-effects-of-omitting-node-env-in-your-express-js-applications/) that just doing this can improve app performance by a factor of three! -Para obtener más información, consulte [Upstart Intro, Cookbook and Best Practices](http://upstart.ubuntu.com/cookbook/#environment-variables). +If you need to write environment-specific code, you can check the value of NODE_ENV with `process.env.NODE_ENV`. Tenga en cuenta que comprobar el valor de una variable de entorno supone una reducción de rendimiento, por lo que debe hacerse moderadamente. -Con systemd, utilice la directiva `Environment` en el archivo unit. Por ejemplo: +En el desarrollo, normalmente establece las variables de entorno en el shell interactivo, por ejemplo, utilizando `export` o su archivo `.bash_profile`. But in general, you shouldn't do that on a production server; instead, use your OS's init system (systemd). En la siguiente sección se proporcionan más detalles sobre el uso del sistema init en general, pero el establecimiento de NODE_ENV es tan importante (y fácil de hacer) para el rendimiento, que se resalta aquí. + +Con systemd, utilice la directiva `Environment` en el archivo unit. For example: ```sh # /etc/systemd/system/myservice.service Environment=NODE_ENV=production ``` -Para obtener más información, consulte [Using Environment Variables In systemd Units](https://coreos.com/os/docs/latest/using-environment-variables-in-systemd-units.html). - -Si está utilizando StrongLoop Process Manager, también puede [establecer la variable de entorno cuando instala StrongLoop PM como un servicio](https://docs.strongloop.com/display/SLC/Setting+up+a+production+host#Settingupaproductionhost-Setenvironmentvariables). +For more information, see [Using Environment Variables In systemd Units](https://www.flatcar.org/docs/latest/setup/systemd/environment-variables/). ### Asegurarse de que la aplicación se reinicia automáticamente En la producción, no desea que la aplicación esté nunca fuera de línea. Esto significa que debe asegurarse de que se reinicia si la aplicación o el servidor se bloquean. Aunque espera que no se produzca ninguno de estos sucesos, si somos realistas, debe tener en cuenta ambas eventualidades de la siguiente manera: -- Utilizando un gestor de procesos para reiniciar la aplicación (y Node) cuando se bloquea. -- Utilizando el sistema init que proporciona su sistema operativo para reiniciar el gestor de procesos cuando se bloquea el sistema operativo. También puede utilizar el sistema init sin un gestor de procesos. +- Utilizando un gestor de procesos para reiniciar la aplicación (y Node) cuando se bloquea. +- Utilizando el sistema init que proporciona su sistema operativo para reiniciar el gestor de procesos cuando se bloquea el sistema operativo. También puede utilizar el sistema init sin un gestor de procesos. Las aplicaciones Node se bloquean si encuentran una excepción no capturada. Lo primero que debe hacer es asegurarse de que se realizan las pruebas correctas en la aplicación y que se manejan todas las excepciones (consulte [Manejar correctamente las excepciones](#exceptions) para obtener detalles). No obstante, para estar libre de errores, aplique un mecanismo para garantizar que cuando se bloquee la aplicación, se reinicie automáticamente. @@ -230,54 +197,35 @@ En el desarrollo, la aplicación se inicia simplemente desde la línea de mandat Además de reiniciar la aplicación cuando se bloquea, un gestor de procesos permite: -- Obtener información útil sobre el rendimiento en tiempo de ejecución y el consumo de recursos. -- Modificar dinámicamente los valores para mejorar el rendimiento. -- Controlar la agrupación en clúster (StrongLoop PM y pm2). +- Obtener información útil sobre el rendimiento en tiempo de ejecución y el consumo de recursos. +- Modificar dinámicamente los valores para mejorar el rendimiento. +- Control clustering (pm2). -Los gestores de procesos más conocidos para Node son los siguientes: - -- [StrongLoop Process Manager](http://strong-pm.io/) -- [PM2](https://github.com/Unitech/pm2) -- [Forever](https://www.npmjs.com/package/forever) - -Para ver una comparación característica a característica de los tres gestores de procesos, consulte [http://strong-pm.io/compare/](http://strong-pm.io/compare/). - -El uso de cualquiera de estos gestores de procesos bastará para mantener activa la aplicación, aunque se bloquee cada cierto tiempo. - -No obstante, StrongLoop PM tiene muchas características especialmente indicadas para el despliegue de producción. Puede utilizarlo y las herramientas relacionadas de StrongLoop para: - -- Crear y empaquetar la aplicación localmente y, a continuación, desplegarla de forma segura en el sistema de producción. -- Reiniciar automáticamente la aplicación si se bloque por cualquier motivo. -- Gestionar los clústeres de forma remota. -- Ver perfiles de CPU e instantáneas de almacenamiento dinámico para optimizar el rendimiento y diagnosticar fugas de memoria. -- Ver medidas de rendimiento para la aplicación. -- Escalar fácilmente a varios hosts con control integrado para el equilibrador de carga Nginx. - -Como se explica a continuación, cuando instala StrongLoop PM como un servicio de sistema operativo utilizando el sistema init, se reinicia automáticamente cuando se reinicia el sistema. De esta forma, mantiene activos siempre los clústeres y los procesos de aplicaciones. +Historically, it was popular to use a Node.js process manager like [PM2](https://github.com/Unitech/pm2). See their documentation if you wish to do this. However, we recommend using your init system for process management. #### Utilizar un sistema init -La siguiente capa de fiabilidad es garantizar que la aplicación se reinicie cuando se reinicie el servidor. Los sistemas pueden bloquearse por una amplia variedad de motivos. Para garantizar que la aplicación se reinicie si se bloquea el servidor, utilice el sistema init incorporado en su sistema operativo. Los dos principales sistemas init que se utilizan hoy día son [systemd](https://wiki.debian.org/systemd) y [Upstart](http://upstart.ubuntu.com/). +La siguiente capa de fiabilidad es garantizar que la aplicación se reinicie cuando se reinicie el servidor. Los sistemas pueden bloquearse por una amplia variedad de motivos. Para garantizar que la aplicación se reinicie si se bloquea el servidor, utilice el sistema init incorporado en su sistema operativo. The main init system in use today is [systemd](https://wiki.debian.org/systemd). Hay dos formas de utilizar los sistemas init con la aplicación Express: -- Ejecutar la aplicación en un gestor de procesos e instalar el gestor de procesos como un servicio con el sistema init. El gestor de procesos reiniciará la aplicación cuando esta se bloquee y el sistema init reiniciará el gestor de procesos cuando se reinicie el sistema operativo. Este es el enfoque recomendado. -- Ejecutar la aplicación (y Node) directamente con el sistema init. Esta opción parece más simple, pero no tiene las ventajas adicionales de utilizar el gestor de procesos. +- Ejecutar la aplicación en un gestor de procesos e instalar el gestor de procesos como un servicio con el sistema init. El gestor de procesos reiniciará la aplicación cuando esta se bloquee y el sistema init reiniciará el gestor de procesos cuando se reinicie el sistema operativo. This is the recommended approach. +- Ejecutar la aplicación (y Node) directamente con el sistema init. Esta opción parece más simple, pero no tiene las ventajas adicionales de utilizar el gestor de procesos. ##### Systemd Systemd es un administrador de servicios y sistemas Linux. La mayoría de las principales distribuciones Linux han adoptado systemd como su sistema init predeterminado. -Un archivo de configuración de servicio de systemd se denomina un _archivo unit_, con un nombre de archivo terminado en .service. A continuación, se muestra un archivo unit de ejemplo para gestionar directamente una aplicación Node (sustituya el texto en negrita por los valores de su sistema y su aplicación): +Un archivo de configuración de servicio de systemd se denomina un _archivo unit_, con un nombre de archivo terminado en .service. A continuación, se muestra un archivo unit de ejemplo para gestionar directamente una aplicación Node (sustituya el texto en negrita por los valores de su sistema y su aplicación): Replace the values enclosed in `` for your system and app: ```sh [Unit] -Description=Awesome Express App +Description= [Service] Type=simple -ExecStart=/usr/local/bin/node /projects/myapp/index.js -WorkingDirectory=/projects/myapp +ExecStart=/usr/local/bin/node +WorkingDirectory= User=nobody Group=nogroup @@ -302,97 +250,11 @@ WantedBy=multi-user.target Para obtener más información sobre systemd, consulte [systemd reference (man page)](http://www.freedesktop.org/software/systemd/man/systemd.unit.html). -##### StrongLoop PM como un servicio systemd - -Puede instalar fácilmente StrongLoop Process Manager como un servicio systemd. A continuación, cuando se reinicie el servidor, se reiniciará automáticamente StrongLoop PM, que a su vez reiniciará todas las aplicaciones que esté gestionando. - -Para instalar StrongLoop PM como un servicio systemd: - -```bash -$ sudo sl-pm-install --systemd -``` - -A continuación, inicie el servicio con: - -```bash -$ sudo /usr/bin/systemctl start strong-pm -``` - -Para obtener más información, consulte [Setting up a production host (documentación de StrongLoop)](https://docs.strongloop.com/display/SLC/Setting+up+a+production+host#Settingupaproductionhost-RHEL7+,Ubuntu15.04or15.10). - -##### Upstart - -Upstart es una herramienta del sistema disponible en muchas distribuciones Linux para iniciar tareas y servicios durante el arranque del sistema, detenerlos durante la conclusión y supervisarlos. Puede configurar la aplicación Express o el gestor de procesos como un servicio y, a continuación, Upstart lo reiniciará automáticamente cuando se bloquee. - -Un servicio de Upstart se define en un archivo de configuración de trabajo (también denominado un "trabajo") con un nombre de archivo terminado en `.conf`. El siguiente ejemplo muestra cómo crear un trabajo denominado "myapp" para una aplicación denominada "myapp" con el archivo principal ubicado en `/projects/myapp/index.js`. - -Cree un archivo denominado `myapp.conf` en `/etc/init/` con el siguiente contenido (sustituya el texto en negrita por los valores de su sistema y su aplicación): - -```sh -# When to start the process -start on runlevel [2345] - -# When to stop the process -stop on runlevel [016] - -# Increase file descriptor limit to be able to handle more requests -limit nofile 50000 50000 - -# Use production mode -env NODE_ENV=production - -# Run as www-data -setuid www-data -setgid www-data - -# Run from inside the app dir -chdir /projects/myapp - -# The process to start -exec /usr/local/bin/node /projects/myapp/index.js - -# Restart the process if it is down -respawn - -# Limit restart attempt to 10 times within 10 seconds -respawn limit 10 10 -``` - -NOTA: este script requiere Upstart 1.4 o posterior, soportado en Ubuntu 12.04-14.10. - -Como el trabajo se configura para ejecutarse cuando se inicia el sistema, la aplicación se iniciará junto con el sistema operativo, y se reiniciará automáticamente si la aplicación se bloquea o el sistema se cuelga. - -Aparte reiniciar automáticamente la aplicación, Upstart permite utilizar estos mandatos: - -- `start myapp` – Iniciar la aplicación -- `restart myapp` – Reiniciar la aplicación -- `stop myapp` – Detener la aplicación - -Para obtener más información sobre Upstart, consulte [Upstart Intro, Cookbook and Best Practises](http://upstart.ubuntu.com/cookbook). - -##### StrongLoop PM como un servicio Upstart - -Puede instalar fácilmente StrongLoop Process Manager como un servicio Upstart. A continuación, cuando se reinicie el servidor, se reiniciará automáticamente StrongLoop PM, que a su vez reiniciará todas las aplicaciones que esté gestionando. - -Para instalar StrongLoop PM como un servicio Upstart 1.4: - -```bash -$ sudo sl-pm-install -``` - -A continuación, ejecute el servicio con: - -```bash -$ sudo /sbin/initctl start strong-pm -``` - -NOTA: en los sistemas que no dan soporte a Upstart 1.4, los mandatos son ligeramente diferentes. Consulte [Setting up a production host (documentación de StrongLoop)](https://docs.strongloop.com/display/SLC/Setting+up+a+production+host#Settingupaproductionhost-RHELLinux5and6,Ubuntu10.04-.10,11.04-.10) para obtener más información. - ### Ejecutar la aplicación en un clúster En un sistema multinúcleo, puede multiplicar el rendimiento de una aplicación Node iniciando un clúster de procesos. Un clúster ejecuta varias instancias de la aplicación, idealmente una instancia en cada núcleo de CPU, lo que permite distribuir la carga y las tareas entre las instancias. - + IMPORTANTE: como las instancias de aplicación se ejecutan como procesos independientes, no comparten el mismo espacio de memoria. Es decir, los objetos son locales para cada instancia de la aplicación. Por lo tanto, no puede mantener el estado en el código de aplicación. No obstante, puede utilizar un almacén de datos en memoria como [Redis](http://redis.io/) para almacenar los datos y los estados relacionados con la sesión. Esta advertencia se aplica básicamente a todas las formas de escalado horizontal, ya sean clústeres con varios procesos o varios servidores físicos. @@ -400,43 +262,52 @@ En las aplicaciones en clúster, los procesos de trabajador pueden bloquearse in #### Mediante el módulo de clúster de Node -La agrupación en clústeres es posible gracias al [módulo de clúster](https://nodejs.org/docs/latest/api/cluster.html) de Node. Esto permite al proceso maestro generar procesos de trabajador y distribuir las conexiones entrantes entre los trabajadores. No obstante, en lugar de utilizar este módulo directamente, es mucho mejor utilizar una de las muchas herramientas que lo hacen automáticamente, por ejemplo, [node-pm](https://www.npmjs.com/package/node-pm) o [cluster-service](https://www.npmjs.com/package/cluster-service). +Clustering is made possible with Node's [cluster module](https://nodejs.org/api/cluster.html). Esto permite al proceso maestro generar procesos de trabajador y distribuir las conexiones entrantes entre los trabajadores. -#### Mediante StrongLoop PM +#### Using PM2 -Si despliega la aplicación en StrongLoop Process Manager (PM), puede aprovechar la agrupación en clúster _sin_ modificar el código de aplicación. +If you deploy your application with PM2, then you can take advantage of clustering _without_ modifying your application code. You should ensure your [application is stateless](https://pm2.keymetrics.io/docs/usage/specifics/#stateless-apps) first, meaning no local data is stored in the process (such as sessions, websocket connections and the like). -Cuando StrongLoop Process Manager (PM) ejecuta una aplicación, la ejecuta automáticamente en un clúster con un número de trabajadores igual al número de núcleos de CPU en el sistema. Puede cambiar manualmente el número de procesos de trabajador en el clúster utilizando la herramienta de línea de mandatos slc sin detener la aplicación. +When running an application with PM2, you can enable **cluster mode** to run it in a cluster with a number of instances of your choosing, such as the matching the number of available CPUs on the machine. You can manually change the number of processes in the cluster using the `pm2` command line tool without stopping the app. -Por ejemplo, suponiendo que ha desplegado la aplicación en prod.foo.com y que StrongLoop PM escucha en el puerto 8701 (el valor predeterminado), para establecer el tamaño de clúster en ocho utilizando slc: +To enable cluster mode, start your application like so: ```bash -$ slc ctl -C http://prod.foo.com:8701 set-size my-app 8 +# Start 4 worker processes +$ pm2 start npm --name my-app -i 4 -- start +# Auto-detect number of available CPUs and start that many worker processes +$ pm2 start npm --name my-app -i max -- start ``` -Para obtener más información sobre la agrupación en clúster con StrongLoop PM, consulte [Clustering](https://docs.strongloop.com/display/SLC/Clustering) en la documentación de StrongLoop. +This can also be configured within a PM2 process file (`ecosystem.config.js` or similar) by setting `exec_mode` to `cluster` and `instances` to the number of workers to start. + +Once running, the application can be scaled like so: + +```bash +# Add 3 more workers +$ pm2 scale my-app +3 +# Scale to a specific number of workers +$ pm2 scale my-app 2 +``` + +For more information on clustering with PM2, see [Cluster Mode](https://pm2.keymetrics.io/docs/usage/cluster-mode/) in the PM2 documentation. ### Almacenar en la caché los resultados de la solicitud Otra estrategia para mejorar el rendimiento en la producción es almacenar en la caché el resultado de las solicitudes, para que la aplicación no repita la operación de dar servicio a la misma solicitud repetidamente. -Utilice un servidor de almacenamiento en memoria caché como [Varnish](https://www.varnish-cache.org/) o [Nginx](https://www.nginx.com/resources/wiki/start/topics/examples/reverseproxycachingexample/) (consulte también [Nginx Caching](https://serversforhackers.com/nginx-caching/)) para mejorar significativamente la velocidad y el rendimiento de la aplicación. +Use a caching server like [Varnish](https://www.varnish-cache.org/) or [Nginx](https://blog.nginx.org/blog/nginx-caching-guide) (see also [Nginx Caching](https://serversforhackers.com/nginx-caching/)) to greatly improve the speed and performance of your app. ### Utilizar un equilibrador de carga Independientemente de lo optimizada que esté una aplicación, una única instancia sólo puede manejar una cantidad limitada de carga y tráfico. Una forma de escalar una aplicación es ejecutar varias instancias de la misma y distribuir el tráfico utilizando un equilibrador de carga. La configuración de un equilibrador de carga puede mejorar el rendimiento y la velocidad de la aplicación, lo que permite escalarla más que con una única instancia. -Un equilibrador de carga normalmente es un proxy inverso que orquesta el tráfico hacia y desde los servidores y las instancias de aplicación. Puede configurar fácilmente un equilibrador de carga para la aplicación utilizando [Nginx](http://nginx.org/en/docs/http/load_balancing.html) o [HAProxy](https://www.digitalocean.com/community/tutorials/an-introduction-to-haproxy-and-load-balancing-concepts). +Un equilibrador de carga normalmente es un proxy inverso que orquesta el tráfico hacia y desde los servidores y las instancias de aplicación. You can easily set up a load balancer for your app by using [Nginx](https://nginx.org/en/docs/http/load_balancing.html) or [HAProxy](https://www.digitalocean.com/community/tutorials/an-introduction-to-haproxy-and-load-balancing-concepts). Con el equilibrio de carga, deberá asegurarse de que las solicitudes asociadas con un determinado ID de sesión se conecten al proceso que las ha originado. Esto se conoce como _afinidad de sesiones_ o _sesiones adhesivas_, y puede solucionarse con la recomendación anterior de utilizar un almacén de datos como, por ejemplo, Redis para los datos de sesión (dependiendo de la aplicación). Para obtener más información, consulte [Using multiple nodes](https://socket.io/docs/v4/using-multiple-nodes/). -#### Mediante StrongLoop PM con un equilibrador de carga Nginx - -[StrongLoop Process Manager](http://strong-pm.io/) se integra con un Nginx Controller, lo que simplifica las configuraciones de entornos de producción de varios hosts. Para obtener más información, consulte [Scaling to multiple servers](https://docs.strongloop.com/display/SLC/Scaling+to+multiple+servers) (documentación de StrongLoop). - - ### Utilizar un proxy inverso Un proxy inverso se coloca delante de una aplicación web y realiza operaciones de soporte en las solicitudes, aparte de dirigir las solicitudes a la aplicación. Puede manejar las páginas de errores, la compresión, el almacenamiento en memoria caché, el servicio de archivos y el equilibrio de carga, entre otros. -La entrega de tareas que no necesitan saber el estado de la aplicación a un proxy inverso permite a Express realizar tareas de aplicación especializadas. Por este motivo, se recomienda ejecutar Express detrás de un proxy inverso como [Nginx](https://www.nginx.com/) o [HAProxy](http://www.haproxy.org/) en la producción. +La entrega de tareas que no necesitan saber el estado de la aplicación a un proxy inverso permite a Express realizar tareas de aplicación especializadas. For this reason, it is recommended to run Express behind a reverse proxy like [Nginx](https://www.nginx.org/) or [HAProxy](https://www.haproxy.org/) in production. diff --git a/es/advanced/best-practice-security.md b/es/advanced/best-practice-security.md old mode 100755 new mode 100644 index b227e4d41f..c6fe0781da --- a/es/advanced/best-practice-security.md +++ b/es/advanced/best-practice-security.md @@ -1,37 +1,50 @@ --- layout: page title: Mejores prácticas de seguridad para Express en producción +description: Discover crucial security best practices for Express apps in production, including using TLS, input validation, secure cookies, and preventing vulnerabilities. menu: advanced -lang: es -description: Discover crucial security best practices for Express apps in production, - including using TLS, input validation, secure cookies, and preventing vulnerabilities. +lang: en +redirect_from: " " --- -# Mejores prácticas de producción: seguridad +# Production Best Practices: Security -## Visión general +## Overview -El término *"producción"* hace referencia a la etapa del ciclo de vida del software donde una aplicación o una API tiene disponibilidad general para sus consumidores o usuarios finales. Por su parte, en la etapa de *"desarrollo"*, todavía estás escribiendo y probando activamente el código, y la aplicación no está abierta para el acceso externo. Los correspondientes entornos del sistema se conocen como los entornos de *producción* y *desarrollo*, respectivamente. +El término _"producción"_ hace referencia a la etapa del ciclo de vida del software donde una aplicación o una API tiene disponibilidad general para sus consumidores o usuarios finales. Por su parte, en la etapa de _"desarrollo"_, todavía estás escribiendo y probando activamente el código, y la aplicación no está abierta para el acceso externo. Los correspondientes entornos del sistema se conocen como los entornos de _producción_ y _desarrollo_, respectivamente. Los entornos de desarrollo y producción se configuran normalmente de forma diferente y tiene requisitos también muy diferentes. Lo que funciona en el desarrollo puede que no sea aceptable en la producción. Por ejemplo, en un entorno de desarrollo, puede que desee el registro detallado de errores a efecto de depuración, mientras que el mismo comportamiento puede suponer un problema de seguridad en un entorno de producción. De la misma forma, en el desarrollo, no es necesario preocuparse por la escalabilidad, la fiabilidad y el rendimiento, mientras que estos son clave en la producción. -{% include admonitions/note.html content="Si crees haber encontrado una vulnerabilidad de seguridad en Express, por favor mira nuestras [Políticas de Seguridad y Procedimientos](/en/resources/contributing.html#security-policies-and-procedures). -" %} +{% capture security-note %} -Las mejores prácticas de seguridad para aplicaciones Express en producción incluyen: +If you believe you have discovered a security vulnerability in Express, please see +[Security Policies and Procedures](/en/resources/contributing.html#security-policies-and-procedures). -- [No utilizar versiones en desuso o vulnerables de Express](#no-utilizar-versiones-en-desuso-o-vulnerables-de-express) -- [Utilizar TLS](#utilizar-tls) -- [Utilizar Helmet](#utilizar-helmet) -- [Utilizar cookies de forma segura](#utilizar-cookies-de-forma-segura) -- [Prevenir ataques de fuerza bruta a la autenticación](#prevenir-ataques-de-fuerza-bruta-a-la-autenticación) -- [Asegurarse de que las dependencias sean seguras](#asegurarse-de-que-las-dependencias-sean-seguras) -- [Evitar otras vulnerabilidades conocidas](#evitar-otras-vulnerabilidades-conocidas) -- [Consideraciones adicionales](#consideraciones-adicionales) +{% endcapture %} + +{% include admonitions/note.html content=security-note %} + +Security best practices for Express applications in production include: + +- [Production Best Practices: Security](#production-best-practices-security) + - [Overview](#overview) + - [Don't use deprecated or vulnerable versions of Express](#dont-use-deprecated-or-vulnerable-versions-of-express) + - [Utilizar TLS](#utilizar-tls) + - [Do not trust user input](#do-not-trust-user-input) + - [Prevent open redirects](#prevent-open-redirects) + - [Utilizar Helmet](#utilizar-helmet) + - [Reduce fingerprinting](#reduce-fingerprinting) + - [Utilizar cookies de forma segura](#utilizar-cookies-de-forma-segura) + - [noCache](https://github.com/helmetjs/nocache) establece cabeceras `Cache-Control` y Pragma para inhabilitar el almacenamiento en memoria caché del lado de cliente. + - [ieNoOpen](https://github.com/helmetjs/ienoopen) establece `X-Download-Options` para IE8+. + - [Prevenir ataques de fuerza bruta a la autenticación](#prevenir-ataques-de-fuerza-bruta-a-la-autenticación) + - [Asegurarse de que las dependencias sean seguras](#asegurarse-de-que-las-dependencias-sean-seguras) + - [Evitar otras vulnerabilidades conocidas](#evitar-otras-vulnerabilidades-conocidas) + - [Consideraciones adicionales](#consideraciones-adicionales) ## No utilizar versiones en desuso o vulnerables de Express -Express 2.x y 3.x ya no se mantienen. Los problemas de seguridad y rendimiento en estas versiones no se solucionarán. No las utilice. Si no ha cambiado todavía a la versión 4, siga la [guía de migración](/{{ page.lang }}/guide/migrating-4.html). +Express 2.x y 3.x ya no se mantienen. Los problemas de seguridad y rendimiento en estas versiones no se solucionarán. No las utilice. Si no ha cambiado todavía a la versión 4, siga la [guía de migración](/{{ page.lang }}/guide/migrating-4.html). Asimismo, asegúrese de que no está utilizando ninguna de las versiones vulnerables de Express que se listan en la [página Actualizaciones de seguridad](/{{ page.lang }}/advanced/security-updates.html). Si las utiliza, actualícese a uno de los releases estables, preferiblemente el más reciente. @@ -39,45 +52,83 @@ Asimismo, asegúrese de que no está utilizando ninguna de las versiones vulnera Si la aplicación maneja o transmite datos confidenciales, utilice [Transport Layer Security](https://en.wikipedia.org/wiki/Transport_Layer_Security) (TLS) para proteger la conexión y los datos. Esta tecnología cifra los datos antes de enviarlos desde el cliente al servidor, lo que evita algunos de los ataques de pirateo más comunes (y sencillos). Aunque las solicitudes Ajax y POST no sean obvias visiblemente y parezca que están "ocultas" en los navegadores, su tráfico de red es vulnerable para los [rastreos de paquetes](https://en.wikipedia.org/wiki/Packet_analyzer) y los [ataques de intermediarios](https://en.wikipedia.org/wiki/Man-in-the-middle_attack). -Es posible que esté familiarizado con el cifrado SSL (Secure Socket Layer). [TLS es simplemente el siguiente paso después de SSL](https://msdn.microsoft.com/en-us/library/windows/desktop/aa380515(v=vs.85).aspx). Es decir, si antes utilizaba SSL, se recomienda actualizar a TLS. En general, se recomienda Nginx para manejar TLS. Encontrará una buena referencia para configurar TLS en Nginx (y otros servidores) en [la wiki de Mozilla Recommended Server Configurations](https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_Server_Configurations). +Es posible que esté familiarizado con el cifrado SSL (Secure Socket Layer). [TLS es simplemente el siguiente paso después de SSL](https://msdn.microsoft.com/en-us/library/windows/desktop/aa380515\(v=vs.85\).aspx). Es decir, si antes utilizaba SSL, se recomienda actualizar a TLS. En general, se recomienda Nginx para manejar TLS. Encontrará una buena referencia para configurar TLS en Nginx (y otros servidores) en [la wiki de Mozilla Recommended Server Configurations](https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_Server_Configurations). Asimismo, una herramienta muy útil para obtener un certificado de TLS gratis es [Let's Encrypt](https://letsencrypt.org/about/), una entidad emisora de certificados (CA) abierta, automatizada y gratuita proporcionada por [Internet Security Research Group (ISRG)](https://letsencrypt.org/isrg/). +## Do not trust user input + +For web applications, one of the most critical security requirements is proper user input validation and handling. This comes in many forms and we will not cover all of them here. +Ultimately, the responsibility for validating and correctly handling the types of user input your application accepts is yours. + +### Prevent open redirects + +An example of potentially dangerous user input is an _open redirect_, where an application accepts a URL as user input (often in the URL query, for example `?url=https://example.com`) and uses `res.redirect` to set the `location` header and +return a 3xx status. + +An application must validate that it supports redirecting to the incoming URL to avoid sending users to malicious links such as phishing websites, among other risks. + +Here is an example of checking URLs before using `res.redirect` or `res.location`: + +```js +app.use((req, res) => { + try { + if (new Url(req.query.url).host !== 'example.com') { + return res.status(400).end(`Unsupported redirect to host: ${req.query.url}`) + } + } catch (e) { + return res.status(400).end(`Invalid url: ${req.query.url}`) + } + res.redirect(req.query.url) +}) +``` + ## Utilizar Helmet [Helmet](https://www.npmjs.com/package/helmet) ayuda a proteger la aplicación de algunas vulnerabilidades web conocidas mediante el establecimiento correcto de cabeceras HTTP. -Helmet es realmente una colección de nueve funciones de middleware más paquetes que establecen cabeceras HTTP relacionadas con la seguridad: +Helmet is a middleware function that sets security-related HTTP response headers. Helmet sets the following headers by default: + +- `Content-Security-Policy`: A powerful allow-list of what can happen on your page which mitigates many attacks +- `Cross-Origin-Opener-Policy`: Helps process-isolate your page +- `Cross-Origin-Resource-Policy`: Blocks others from loading your resources cross-origin +- `Origin-Agent-Cluster`: Changes process isolation to be origin-based +- `Referrer-Policy`: Controls the [`Referer`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referer) header +- `Strict-Transport-Security`: Tells browsers to prefer HTTPS +- `X-Content-Type-Options`: Avoids [MIME sniffing](https://developer.mozilla.org/en-US/docs/Web/HTTP/Basics_of_HTTP/MIME_types#mime_sniffing) +- `X-DNS-Prefetch-Control`: Controls DNS prefetching +- `X-Download-Options`: Forces downloads to be saved (Internet Explorer only) +- `X-Frame-Options`: Legacy header that mitigates [Clickjacking](https://en.wikipedia.org/wiki/Clickjacking) attacks +- `X-Permitted-Cross-Domain-Policies`: Controls cross-domain behavior for Adobe products, like Acrobat +- `X-Powered-By`: Info about the web server. Removed because it could be used in simple attacks +- `X-XSS-Protection`: Legacy header that tries to mitigate [XSS attacks](https://developer.mozilla.org/en-US/docs/Glossary/Cross-site_scripting), but makes things worse, so Helmet disables it -* [csp](https://github.com/helmetjs/csp) establece la cabecera `Content-Security-Policy` para evitar ataques de scripts entre sitios y otras inyecciones entre sitios. -* [hidePoweredBy](https://github.com/helmetjs/hide-powered-by) elimina la cabecera `X-Powered-By`. -* [hsts](https://github.com/helmetjs/hsts) establece la cabecera `Strict-Transport-Security` que fuerza conexiones seguras (HTTP sobre SSL/TLS) con el servidor. -* [ieNoOpen](https://github.com/helmetjs/ienoopen) establece `X-Download-Options` para IE8+. -* [noCache](https://github.com/helmetjs/nocache) establece cabeceras `Cache-Control` y Pragma para inhabilitar el almacenamiento en memoria caché del lado de cliente. -* [noSniff](https://github.com/helmetjs/dont-sniff-mimetype) establece `X-Content-Type-Options` para evitar que los navegadores rastreen mediante MIME una respuesta del tipo de contenido declarado. -* [frameguard](https://github.com/helmetjs/frameguard) establece la cabecera `X-Frame-Options` para proporcionar protección contra el [clickjacking](https://www.owasp.org/index.php/Clickjacking). -* [xssFilter](https://github.com/helmetjs/x-xss-protection) establece `X-XSS-Protection` para habilitar el filtro de scripts entre sitios (XSS) en los navegadores web más recientes. +Each header can be configured or disabled. To read more about it please go to [its documentation website][helmet]. Instale Helmet como cualquier otro módulo: ```bash -$ npm install --save helmet +$ npm install helmet ``` A continuación, utilícelo en el código: ```js -/// ... +// ... const helmet = require('helmet') app.use(helmet()) -/// ... +// ... ``` -### Como mínimo, inhabilitar la cabecera X-Powered-By +## Reduce fingerprinting -Si no desea utilizar Helmet, como mínimo, inhabilite la cabecera `X-Powered-By`. Los atacantes pueden utilizar esta cabecera (que está habilitada de forma predeterminada) para detectar las aplicaciones que ejecutan Express e iniciar ataques con destinos específicos. +It can help to provide an extra layer of security to reduce the ability of attackers to determine +the software that a server uses, known as "fingerprinting." Though not a security issue itself, +reducing the ability to fingerprint an application improves its overall security posture. +Server software can be fingerprinted by quirks in how it responds to specific requests, for example in +the HTTP response headers. Por lo tanto, se recomienda desactivar la cabecera con el método `app.disable()`: @@ -85,24 +136,54 @@ Por lo tanto, se recomienda desactivar la cabecera con el método `app.disable() app.disable('x-powered-by') ``` -Si utiliza `helmet.js`, lo hace automáticamente. +{% capture powered-advisory %} -## Utilizar cookies de forma segura +Disabling the `X-Powered-By header` does not prevent +a sophisticated attacker from determining that an app is running Express. It may +discourage a casual exploit, but there are other ways to determine an app is running +Express. + +{% endcapture %} + +{% include admonitions/note.html content=powered-advisory %} + +Express also sends its own formatted "404 Not Found" messages and formatter error +response messages. These can be changed by +[adding your own not found handler](/en/starter/faq.html#how-do-i-handle-404-responses) +and +[writing your own error handler](/en/guide/error-handling.html#writing-error-handlers): + +```js +// last app.use calls right before app.listen(): + +// custom 404 +app.use((req, res, next) => { + res.status(404).send("Sorry can't find that!") +}) + +// custom error handler +app.use((err, req, res, next) => { + console.error(err.stack) + res.status(500).send('Something broke!') +}) +``` + +## Establecer las opciones de seguridad de las cookies Para garantizar que las cookies no abran la aplicación para ataques, no utilice el nombre de cookie de sesión predeterminado y establezca las opciones de seguridad de las cookies correctamente. Hay dos módulos de sesión de cookies de middleware principales: -* [express-session](https://www.npmjs.com/package/express-session), que sustituye el middleware `express.session` incorporado en Express 3.x. -* [cookie-session](https://www.npmjs.com/package/cookie-session), que sustituye el middleware `express.cookieSession` incorporado en Express 3.x. +- [express-session](https://www.npmjs.com/package/express-session), que sustituye el middleware `express.session` incorporado en Express 3.x. +- [cookie-session](https://www.npmjs.com/package/cookie-session), que sustituye el middleware `express.cookieSession` incorporado en Express 3.x. -La principal diferencia entre los dos módulos es cómo guardan los datos de sesión de las cookies. El middleware [express-session](https://www.npmjs.com/package/express-session) almacena los datos de sesión en el servidor; sólo guarda el ID de sesión en la propia cookie, no los datos de sesión. De forma predeterminada, utiliza el almacenamiento en memoria y no está diseñado para un entorno de producción. En la producción, deberá configurar un almacenamiento de sesión escalable; consulte la lista de [almacenes de sesión compatibles](https://github.com/expressjs/session#compatible-session-stores). +La principal diferencia entre los dos módulos es cómo guardan los datos de sesión de las cookies. El middleware [express-session](https://www.npmjs.com/package/express-session) almacena los datos de sesión en el servidor; sólo guarda el ID de sesión en la propia cookie, no los datos de sesión. De forma predeterminada, utiliza el almacenamiento en memoria y no está diseñado para un entorno de producción. En la producción, deberá configurar un almacenamiento de sesión escalable; consulte la lista de [almacenes de sesión compatibles](https://github.com/expressjs/session#compatible-session-stores). -Por su parte, el middleware [cookie-session](https://www.npmjs.com/package/cookie-session) implementa un almacenamiento basado en cookies: serializa la sesión completa en la cookie, en lugar de sólo una clave de sesión. Utilícelo sólo cuando los datos de sesión sean relativamente pequeños y fácilmente codificables como valores primitivos (en lugar de objetos). Aunque se supone que los navegadores pueden dar soporte a 4096 bytes por cookie como mínimo, para no exceder el límite, no supere un tamaño de 4093 bytes por dominio. Asimismo, asegúrese de que los datos de la cookie estén visibles para el cliente, para que si se deben proteger u ocultar por cualquier motivo, se utilice mejor la opción express-session. +Por su parte, el middleware [cookie-session](https://www.npmjs.com/package/cookie-session) implementa un almacenamiento basado en cookies: serializa la sesión completa en la cookie, en lugar de sólo una clave de sesión. Utilícelo sólo cuando los datos de sesión sean relativamente pequeños y fácilmente codificables como valores primitivos (en lugar de objetos). Aunque se supone que los navegadores pueden dar soporte a 4096 bytes por cookie como mínimo, para no exceder el límite, no supere un tamaño de 4093 bytes por dominio. Asimismo, asegúrese de que los datos de la cookie estén visibles para el cliente, para que si se deben proteger u ocultar por cualquier motivo, se utilice mejor la opción express-session. ### No utilizar el nombre de cookie de sesión predeterminado -Si utiliza el nombre de cookie de sesión predeterminado, la aplicación puede quedar abierta a los ataques. El problema de seguridad que supone es similar a `X-Powered-By`: un posible atacante puede utilizarlo para firmar digitalmente el servidor y dirigir los ataques en consecuencia. +Si utiliza el nombre de cookie de sesión predeterminado, la aplicación puede quedar abierta a los ataques. El problema de seguridad que supone es similar a `X-Powered-By`: un posible atacante puede utilizarlo para firmar digitalmente el servidor y dirigir los ataques en consecuencia. Para evitar este problema, utilice nombres de cookie genéricos, por ejemplo, con el middleware [express-session](https://www.npmjs.com/package/express-session): @@ -112,19 +193,18 @@ app.set('trust proxy', 1) // trust first proxy app.use(session({ secret: 's3Cur3', name: 'sessionId' -}) -) +})) ``` -### Establecer las opciones de seguridad de las cookies +### Utilizar cookies de forma segura Establezca las siguientes opciones de cookies para mejorar la seguridad: -* `secure` - Garantiza que el navegador sólo envíe la cookie a través de HTTPS. -* `httpOnly` - Garantiza que la cookie sólo se envíe a través de HTTP(S), no a través de JavaScript de cliente, para la protección contra ataques de scripts entre sitios. -* `domain` - Indica el dominio de la cookie; utilícelo para compararlo con el dominio del servidor donde se está solicitando el URL. Si coinciden, compruebe el atributo de vía de acceso a continuación. -* `path` - Indica la vía de acceso de la cookie; utilícela para compararla con la vía de acceso de la solicitud. Si esta y el dominio coinciden, envíe la cookie en la solicitud. -* `expires` - Se utiliza para establecer la fecha de caducidad de las cookies persistentes. +- `secure` - Garantiza que el navegador sólo envíe la cookie a través de HTTPS. +- `httpOnly` - Garantiza que la cookie sólo se envíe a través de HTTP(S), no a través de JavaScript de cliente, para la protección contra ataques de scripts entre sitios. +- `domain` - Indica el dominio de la cookie; utilícelo para compararlo con el dominio del servidor donde se está solicitando el URL. Si coinciden, compruebe el atributo de vía de acceso a continuación. +- `path` - Indica la vía de acceso de la cookie; utilícela para compararla con la vía de acceso de la solicitud. Si esta y el dominio coinciden, envíe la cookie en la solicitud. +- `expires` - Se utiliza para establecer la fecha de caducidad de las cookies persistentes. A continuación, se muestra un ejemplo de uso del middleware [cookie-session](https://www.npmjs.com/package/cookie-session): @@ -144,8 +224,7 @@ app.use(session({ path: 'foo/bar', expires: expiryDate } -}) -) +})) ``` ## Prevenir ataques de fuerza bruta a la autenticación @@ -161,9 +240,9 @@ El paquete [rate-limiter-flexible](https://github.com/animir/node-rate-limiter-f ## Asegurarse de que las dependencias sean seguras -El uso de npm para gestionar las dependencias de la aplicación es muy útil y cómodo. No obstante, los paquetes que utiliza pueden contener vulnerabilidades de seguridad críticas que también pueden afectar a la aplicación. La seguridad de la aplicación sólo es tan fuerte como el "enlace más débil" de las dependencias. +El uso de npm para gestionar las dependencias de la aplicación es muy útil y cómodo. No obstante, los paquetes que utiliza pueden contener vulnerabilidades de seguridad críticas que también pueden afectar a la aplicación. La seguridad de la aplicación sólo es tan fuerte como el "enlace más débil" de las dependencias. -Desde npm@6, npm revisa automáticamente cada solicitud de instalación. También puedes utilizar 'npm audit' para analizar tu árbol de dependencias. +Since npm@6, npm automatically reviews every install request. También puedes utilizar 'npm audit' para analizar tu árbol de dependencias. ```bash $ npm audit @@ -184,19 +263,20 @@ Usa este comando para comprobar tu aplicación contra vulnerabilidades: $ snyk test ``` -## Evitar otras vulnerabilidades conocidas +### Avoid other known vulnerabilities -Esté atento a las advertencias de [Node Security Project](https://npmjs.com/advisories) que puedan afectar a Express u otros módulos que utilice la aplicación. En general, Node Security Project es un excelente recurso de herramientas e información sobre la seguridad de Node. +Esté atento a las advertencias de [Node Security Project](https://npmjs.com/advisories) que puedan afectar a Express u otros módulos que utilice la aplicación. En general, Node Security Project es un excelente recurso de herramientas e información sobre la seguridad de Node. Por último, las aplicaciones de Express, como cualquier otra aplicación web, son vulnerables a una amplia variedad de ataques basados en web. Familiarícese con las [vulnerabilidades web](https://www.owasp.org/www-project-top-ten/) conocidas y tome precauciones para evitarlas. -## Consideraciones adicionales +## Additional considerations + +A continuación, se muestran algunas recomendaciones para la excelente lista de comprobación [Node.js Security Checklist](https://blog.risingstack.com/node-js-security-checklist/). Consulte el post de este blog para ver todos los detalles de estas recomendaciones: -A continuación, se muestran algunas recomendaciones para la excelente lista de comprobación [Node.js Security Checklist](https://blog.risingstack.com/node-js-security-checklist/). Consulte el post de este blog para ver todos los detalles de estas recomendaciones: +- Filtre y sanee siempre la entrada de usuario para protegerse contra los ataques de scripts entre sitios (XSS) e inyección de mandatos. +- Defiéndase contra los ataques de inyección de SQL utilizando consultas parametrizadas o sentencias preparadas. +- Utilice la herramienta [sqlmap](http://sqlmap.org/) de código abierto para detectar vulnerabilidades de inyección de SQL en la aplicación. +- Utilice las herramientas [nmap](https://nmap.org/) y [sslyze](https://github.com/nabla-c0d3/sslyze) para probar la configuración de los cifrados SSL, las claves y la renegociación, así como la validez del certificado. +- Utilice [safe-regex](https://www.npmjs.com/package/safe-regex) para asegurarse de que las expresiones regulares no sean susceptibles de ataques de [denegación de servicio de expresiones regulares](https://www.owasp.org/index.php/Regular_expression_Denial_of_Service_-_ReDoS). -* Implemente el límite de velocidad para evitar ataques de fuerza bruta contra la autenticación. Una forma de hacerlo es utilizar [StrongLoop API Gateway](https://web.archive.org/web/20240000000000/https://strongloop.com/node-js/api-gateway/) para forzar una política de limitación de velocidad. También puede utilizar middleware como [express-limiter](https://www.npmjs.com/package/express-limiter), aunque para ello deberá modificar el código de alguna forma. -* Filtre y sanee siempre la entrada de usuario para protegerse contra los ataques de scripts entre sitios (XSS) e inyección de mandatos. -* Defiéndase contra los ataques de inyección de SQL utilizando consultas parametrizadas o sentencias preparadas. -* Utilice la herramienta [sqlmap](http://sqlmap.org/) de código abierto para detectar vulnerabilidades de inyección de SQL en la aplicación. -* Utilice las herramientas [nmap](https://nmap.org/) y [sslyze](https://github.com/nabla-c0d3/sslyze) para probar la configuración de los cifrados SSL, las claves y la renegociación, así como la validez del certificado. -* Utilice [safe-regex](https://www.npmjs.com/package/safe-regex) para asegurarse de que las expresiones regulares no sean susceptibles de ataques de [denegación de servicio de expresiones regulares](https://www.owasp.org/index.php/Regular_expression_Denial_of_Service_-_ReDoS). +[helmet]: \ No newline at end of file diff --git a/es/advanced/developing-template-engines.md b/es/advanced/developing-template-engines.md old mode 100755 new mode 100644 index 47d893d54e..ebe7b364cc --- a/es/advanced/developing-template-engines.md +++ b/es/advanced/developing-template-engines.md @@ -1,10 +1,10 @@ --- layout: page title: Desarrollo de motores de plantilla para Express +description: Learn how to develop custom template engines for Express.js using app.engine(), with examples on creating and integrating your own template rendering logic. menu: advanced -lang: es -description: Learn how to develop custom template engines for Express.js using app.engine(), - with examples on creating and integrating your own template rendering logic. +lang: en +redirect_from: " " --- # Desarrollo de motores de plantilla para Express @@ -17,9 +17,10 @@ El siguiente código es un ejemplo de implementación de un motor de plantilla m const fs = require('fs') // this engine requires the fs module app.engine('ntl', (filePath, options, callback) => { // define the template engine fs.readFile(filePath, (err, content) => { - if (err) return callback(new Error(err)) + if (err) return callback(err) // this is an extremely simple template engine - const rendered = content.toString().replace('#title#', ` ${options.title} `) + const rendered = content.toString() + .replace('#title#', `${options.title} `) .replace('#message#', `${options.message}
`) return callback(null, rendered) }) @@ -34,6 +35,7 @@ La aplicación ahora podrá representar archivos `.ntl`. Cree un archivo denomin #title# #message# ``` + A continuación, cree la ruta siguiente en la aplicación. ```js @@ -41,4 +43,5 @@ app.get('/', (req, res) => { res.render('index', { title: 'Hey', message: 'Hello there!' }) }) ``` -Cuando realice una solicitud a la página de inicio, `index.ntl` se representará como HTML. + +Cuando realice una solicitud a la página de inicio, `index.ntl` se representará como HTML. \ No newline at end of file diff --git a/es/advanced/healthcheck-graceful-shutdown.md b/es/advanced/healthcheck-graceful-shutdown.md new file mode 100644 index 0000000000..3e233fb436 --- /dev/null +++ b/es/advanced/healthcheck-graceful-shutdown.md @@ -0,0 +1,34 @@ +--- +layout: page +title: Health Checks and Graceful Shutdown +description: Learn how to implement health checks and graceful shutdown in Express apps to enhance reliability, manage deployments, and integrate with load balancers like Kubernetes. +menu: advanced +lang: en +redirect_from: " " +--- + +# Health Checks and Graceful Shutdown + +## Graceful shutdown + +When you deploy a new version of your application, you must replace the previous version. The process manager you're using will first send a SIGTERM signal to the application to notify it that it will be killed. Once the application gets this signal, it should stop accepting new requests, finish all the ongoing requests, clean up the resources it used, including database connections and file locks then exit. + +### + +```js +const server = app.listen(port) + +process.on('SIGTERM', () => { + debug('SIGTERM signal received: closing HTTP server') + server.close(() => { + debug('HTTP server closed') + }) +}) +``` + +## Health checks + +A load balancer uses health checks to determine if an application instance is healthy and can accept requests. For example, [Kubernetes has two health checks](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/): + +- `liveness`, that determines when to restart a container. +- `readiness`, that determines when a container is ready to start accepting traffic. When a pod is not ready, it is removed from the service load balancers. \ No newline at end of file diff --git a/es/advanced/security-updates.md b/es/advanced/security-updates.md old mode 100755 new mode 100644 index bcabee2cc6..bc60b5a245 --- a/es/advanced/security-updates.md +++ b/es/advanced/security-updates.md @@ -1,47 +1,88 @@ --- layout: page title: Actualizaciones de seguridad de Express +description: Review the latest security updates and patches for Express.js, including detailed vulnerability lists for different versions to help maintain a secure application. menu: advanced -lang: es -description: Review the latest security updates and patches for Express.js, including - detailed vulnerability lists for different versions to help maintain a secure application. +lang: en +redirect_from: " " --- # Actualizaciones de seguridad-Las vulnerabilidades de Node.js afectan directamente a Express. Por lo tanto, [vigile las vulnerabilidades de Node.js](https://nodejs.org +Node.js vulnerabilities directly affect Express. Por lo tanto, [vigile las vulnerabilidades de Node.js](https://nodejs.org /en/blog/vulnerability/) y asegúrese de utilizar la versión estable más reciente de Node.js.En la lista siguiente se muestran las vulnerabilidades de Express que se han solucionado en la actualización de versión especificada. +{% capture security-policy %} +If you believe you have discovered a security vulnerability in Express, please see +[Security Policies and Procedures](/{{page.lang}}/resources/contributing.html#security-policies-and-procedures). +{% endcapture %} + +{% include admonitions/note.html content=security-policy %} + ## 4.x - * 4.11.1 - * Se ha solucionado la vulnerabilidad de divulgación de vía de acceso raíz en `express.static`, `res.sendfile` y `res.sendFile` - * 4.10.7 - * Se ha solucionado la vulnerabilidad de Open Redirect en `express.static` ([anuncio](https://npmjs.com/advisories/35), [CVE-2015-1164](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1164)). - * 4.8.8 - * Se han solucionado las vulnerabilidades de cruce de directorios en `express.static` ([anuncio](http://npmjs.com/advisories/32) , [CVE-2014-6394](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6394)). - * 4.8.4 - * Node.js 0.10 puede tener fugas de `fd` en determinadas situaciones que afectan a `express.static` y `res.sendfile`. Las solicitudes maliciosas pueden provocar la fuga de `fd` y, en última instancia, generar errores `EMFILE` y anular la capacidad de respuesta del servidor. - * 4.8.0 - * Las matrices dispersas que tienen índices extremadamente altos en la serie de consulta pueden hacer que el proceso se quede sin memoria y se bloquee el servidor. - * Los objetos de serie de consulta extremadamente anidados pueden hacer que se bloquee el proceso y anular la capacidad de respuesta del servidor temporalmente. +- 4.21.2 + - The dependency `path-to-regexp` has been updated to address a [vulnerability](https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-rhx6-c78j-4q9w). +- 4.21.1 + - The dependency `cookie` has been updated to address a [vulnerability](https://github.com/jshttp/cookie/security/advisories/GHSA-pxg6-pf52-xh8x), This may affect your application if you use `res.cookie`. +- 4.20.0 + - Fixed XSS vulnerability in `res.redirect` ([advisory](https://github.com/expressjs/express/security/advisories/GHSA-qw6h-vgh9-j6wx), [CVE-2024-43796](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43796)). + - The dependency `serve-static` has been updated to address a [vulnerability](https://github.com/advisories/GHSA-cm22-4g7w-348p). + - The dependency `send` has been updated to address a [vulnerability](https://github.com/advisories/GHSA-m6fv-jmcg-4jfg). + - The dependency `path-to-regexp` has been updated to address a [vulnerability](https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-9wv6-86v2-598j). + - The dependency `body-parser` has been updated to addres a [vulnerability](https://github.com/advisories/GHSA-qwcr-r2fm-qrc7), This may affect your application if you had url enconding activated. +- 4.19.0, 4.19.1 + - Fixed open redirect vulnerability in `res.location` and `res.redirect` ([advisory](https://github.com/expressjs/express/security/advisories/GHSA-rv95-896h-c2vc), [CVE-2024-29041](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29041)). +- 4.17.3 + - The dependency `qs` has been updated to address a [vulnerability](https://github.com/advisories/GHSA-hrpp-h998-j3pp). This may affect your application if the following APIs are used: `req.query`, `req.body`, `req.param`. +- 4.16.0 + - The dependency `forwarded` has been updated to address a [vulnerability](https://npmjs.com/advisories/527). This may affect your application if the following APIs are used: `req.host`, `req.hostname`, `req.ip`, `req.ips`, `req.protocol`. + - The dependency `mime` has been updated to address a [vulnerability](https://npmjs.com/advisories/535), but this issue does not impact Express. + - The dependency `send` has been updated to provide a protection against a [Node.js 8.5.0 vulnerability](https://nodejs.org/en/blog/vulnerability/september-2017-path-validation/). This only impacts running Express on the specific Node.js version 8.5.0. +- 4.15.5 + - The dependency `debug` has been updated to address a [vulnerability](https://snyk.io/vuln/npm:debug:20170905), but this issue does not impact Express. + - The dependency `fresh` has been updated to address a [vulnerability](https://npmjs.com/advisories/526). This will affect your application if the following APIs are used: `express.static`, `req.fresh`, `res.json`, `res.jsonp`, `res.send`, `res.sendfile` `res.sendFile`, `res.sendStatus`. +- 4.15.3 + - The dependency `ms` has been updated to address a [vulnerability](https://snyk.io/vuln/npm:ms:20170412). This may affect your application if untrusted string input is passed to the `maxAge` option in the following APIs: `express.static`, `res.sendfile`, and `res.sendFile`. +- 4.15.2 + - The dependency `qs` has been updated to address a [vulnerability](https://snyk.io/vuln/npm:qs:20170213), but this issue does not impact Express. Updating to 4.15.2 is a good practice, but not required to address the vulnerability. +- 4.11.1 + - Se ha solucionado la vulnerabilidad de divulgación de vía de acceso raíz en `express.static`, `res.sendfile` y `res.sendFile` +- 4.10.7 + - Se ha solucionado la vulnerabilidad de Open Redirect en `express.static` ([anuncio](https://npmjs.com/advisories/35), [CVE-2015-1164](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1164)). +- 4.8.8 + - Se han solucionado las vulnerabilidades de cruce de directorios en `express.static` ([anuncio](http://npmjs.com/advisories/32) , [CVE-2014-6394](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6394)). +- 4.8.4 + - Node.js 0.10 puede tener fugas de `fd` en determinadas situaciones que afectan a `express.static` y `res.sendfile`. Las solicitudes maliciosas pueden provocar la fuga de `fd` y, en última instancia, generar errores `EMFILE` y anular la capacidad de respuesta del servidor. +- 4.8.0 + - Las matrices dispersas que tienen índices extremadamente altos en la serie de consulta pueden hacer que el proceso se quede sin memoria y se bloquee el servidor. + - Los objetos de serie de consulta extremadamente anidados pueden hacer que se bloquee el proceso y anular la capacidad de respuesta del servidor temporalmente. ## 3.x - * 3.19.1 - * Se ha solucionado la vulnerabilidad de divulgación de vía de acceso raíz en `express.static`, `res.sendfile` y `res.sendFile` - * 3.19.0 - * Se ha solucionado la vulnerabilidad de Open Redirect en `express.static` ([anuncio](https://npmjs.com/advisories/35), [CVE-2015-1164](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1164)). - * 3.16.10 - * Se han solucionado las vulnerabilidades de cruce de directorios en `express.static`. - * 3.16.6 - * Node.js 0.10 puede tener fugas de `fd` en determinadas situaciones que afectan a `express.static` y `res.sendfile`. Las solicitudes maliciosas pueden provocar la fuga de `fd` y, en última instancia, generar errores `EMFILE` y anular la capacidad de respuesta del servidor. - * 3.16.0 - * Las matrices dispersas que tienen índices extremadamente altos en la serie de consulta pueden hacer que el proceso se quede sin memoria y se bloquee el servidor. - * Los objetos de serie de consulta extremadamente anidados pueden hacer que se bloquee el proceso y anular la capacidad de respuesta del servidor temporalmente. - * 3.3.0 - * La respuesta 404 de un intento de alteración temporal de método no soportado era susceptible de ataques de scripts entre sitios. ++ **Express 3.x YA NO SE MANTIENE** + +Los problemas de rendimiento y seguridad conocidos y desconocidos en 3.x no se han solucionado desde la última actualización (1 de agosto de 2015). Se recomienda especialmente utilizar la última versión de Express. + +If you are unable to upgrade past 3.x, please consider [Commercial Support Options](/{{ page.lang }}/support#commercial-support-options). + ++ +- 3.19.1 + - Se ha solucionado la vulnerabilidad de divulgación de vía de acceso raíz en `express.static`, `res.sendfile` y `res.sendFile` +- 3.19.0 + - Se ha solucionado la vulnerabilidad de Open Redirect en `express.static` ([anuncio](https://npmjs.com/advisories/35), [CVE-2015-1164](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1164)). +- 3.16.10 + - Se han solucionado las vulnerabilidades de cruce de directorios en `express.static`. +- 3.16.6 + - Node.js 0.10 puede tener fugas de `fd` en determinadas situaciones que afectan a `express.static` y `res.sendfile`. Las solicitudes maliciosas pueden provocar la fuga de `fd` y, en última instancia, generar errores `EMFILE` y anular la capacidad de respuesta del servidor. +- 3.16.0 + - Las matrices dispersas que tienen índices extremadamente altos en la serie de consulta pueden hacer que el proceso se quede sin memoria y se bloquee el servidor. + - Los objetos de serie de consulta extremadamente anidados pueden hacer que se bloquee el proceso y anular la capacidad de respuesta del servidor temporalmente. +- 3.3.0 + - La respuesta 404 de un intento de alteración temporal de método no soportado era susceptible de ataques de scripts entre sitios. \ No newline at end of file diff --git a/es/api.md b/es/api.md old mode 100755 new mode 100644 index 639a07c26f..a34e0dcbc9 --- a/es/api.md +++ b/es/api.md @@ -1,28 +1,21 @@ --- layout: api -version: 4x -title: Express 4.x - Referencia de API -lang: es -description: Access the API reference for Express.js detailing all modules, methods, - and properties for building web applications with this version. +version: 5x +title: Express 5.x - Referencia de API +description: Access the API reference for Express.js detailing all modules, methods, and properties for building web applications with this version. +lang: en +redirect_from: " " --- -- -API de 4.x
- - - {% include api/en/4x/express.md %} ++diff --git a/id/changelog/index.md b/es/changelog/index.md similarity index 80% rename from id/changelog/index.md rename to es/changelog/index.md index d6f0bc121d..d64a7855b7 100644 --- a/id/changelog/index.md +++ b/es/changelog/index.md @@ -2,105 +2,171 @@ layout: page title: Express changelog description: Stay updated with the release changelog for Express.js, detailing new features, bug fixes, and important changes across versions. -menu: changelog -lang: id -redirect_from: - - "id/changelog/4x.html" +lang: en sitemap: false +redirect_from: + - " " + - " " --- + + +5.x API
+ {% include api/en/5x/express.md %} - {% include api/en/4x/app.md %} - + {% include api/en/5x/app.md %} - {% include api/en/4x/req.md %} - + {% include api/en/5x/req.md %} - {% include api/en/4x/res.md %} - + {% include api/en/5x/res.md %} - {% include api/en/4x/router.md %} - + {% include api/en/5x/router.md %}+ # Release changelog All the latest updates, improvements, and fixes to Express -## 5.0.1 - Release date: 2024-10-08 +## Express v5 + +{: id="5.x"} + +### 5.1.0 - Release date: 2025-03-31 + +{: id="5.0.1"} + +The 5.1.0 minor release includes some new features and improvements: + +- Support for sending responses as Uint8Array +- Added support for ETag option in `res.sendFile()` +- Added support for adding multiple links with the same rel with `res.links()` +- Performance: Use loop for acceptParams +- [body-parser@2.2.0](https://github.com/expressjs/body-parser/releases/tag/v2.2.0) + - Remove legacy node.js support checks for Brotli & `AsyncLocalStorage` + - Remove `unpipe` & `destroy` +- [router@2.2.0](https://github.com/pillarjs/router/releases/tag/v2.2.0) + - Restore `debug`. Now with the `router` scope instead of `express`. + - Remove legacy node.js support checks for `setImmediate` + - Deprecate non-native promise support + - Remove `after`, `safe-buffer`, `array-flatten`, `setprotoypeof`, `methods`, `utils-merge` +- [finalhandler@2.1.0](https://github.com/pillarjs/finalhandler/releases/tag/v2.1.0) + - Remove legacy node.js support checks for `headersSent`, `setImmediate`, & http2 support + - Remove `unpipe` +- Transitioned all remaining dependencies to use `^` ranges instead of locked versions +- Add package.json funding field to highlight our OpenCollective +- See [Changelog v5.1.0](https://github.com/expressjs/express/releases/tag/v5.1.0) + +### 5.0.1 - Release date: 2024-10-08 + {: id="5.0.1"} The 5.0.1 patch release includes one security fix: -* Update [jshttps/cookie](https://www.npmjs.com/package/cookie) to address a [vulnerability](https://github.com/advisories/GHSA-pxg6-pf52-xh8x). +- Update [jshttps/cookie](https://www.npmjs.com/package/cookie) to address a [vulnerability](https://github.com/advisories/GHSA-pxg6-pf52-xh8x). + +### 5.0.0 - Release date: 2024-09-09 -## 5.0.0 - Release date: 2024-09-09 {: id="5.0.0"} -Check the [migration guide]({{page.lang}}/guide/migrating-5.html) with all the changes in this new version of Express. +Check the [migration guide](/{{page.lang}}/guide/migrating-5.html) with all the changes in this new version of Express. + +## Express v4 + +{: id="4.x"} + +### 4.21.2 - Release date: 2024-11-06 + +{: id="4.21.2"} + +The 4.21.2 patch release includes one security fix: + +- Update [pillajs/path-to-regexp](https://www.npmjs.com/package/path-to-regexp) to address a [vulnerability](https://github.com/advisories/GHSA-rhx6-c78j-4q9w). + +### 4.21.1 - Release date: 2024-10-08 -## 4.21.1 - Release date: 2024-10-08 {: id="4.21.1"} The 4.21.1 patch release includes one security fix: -* Update [jshttps/cookie](https://www.npmjs.com/package/cookie) to address a [vulnerability](https://github.com/advisories/GHSA-pxg6-pf52-xh8x). +- Update [jshttps/cookie](https://www.npmjs.com/package/cookie) to address a [vulnerability](https://github.com/advisories/GHSA-pxg6-pf52-xh8x). + +### 4.21.0 - Release date: 2024-09-11 -## 4.21.0 - Release date: 2024-09-11 {: id="4.21.0"} The 4.21.0 minor release includes one new feature: -* Deprecate `res.location("back")` and `res.redirect("back")` magic string +- Deprecate `res.location("back")` and `res.redirect("back")` magic string + +### 4.20.0 - Release date: 2024-09-10 -## 4.20.0 - Release date: 2024-09-10 {: id="4.20.0"} The 4.20.0 minor release includes bug fixes and some new features, including: -* The [`res.clearCookie()` method](/{{ page.lang }}/4x/api.html#res.clearCookie) deprecates `options.maxAge` and `options.expires` options. -* The [`res.redirect()` method](/{{ page.lang }}/4x/api.html#res.redirect) removes HTML link rendering. -* The [`express.urlencoded()` method](/{{ page.lang }}/4x/api.html#express.urlencoded) method now has a depth level of `32`, whereas it was previously `Infinity`. -* Adds support for named matching groups in the routes using a regex -* Removes encoding of `\`, `|`, and `^` to align better with URL spec +- The [`res.clearCookie()` method](/{{ page.lang }}/4x/api.html#res.clearCookie) deprecates `options.maxAge` and `options.expires` options. +- The [`res.redirect()` method](/{{ page.lang }}/4x/api.html#res.redirect) removes HTML link rendering. +- The [`express.urlencoded()` method](/{{ page.lang }}/4x/api.html#express.urlencoded) method now has a depth level of `32`, whereas it was previously `Infinity`. +- Adds support for named matching groups in the routes using a regex +- Removes encoding of `\`, `|`, and `^` to align better with URL spec For a complete list of changes in this release, see [History.md](https://github.com/expressjs/express/blob/master/History.md#4200--2024-09-10) -## 4.19.2 - Release date: 2024-03-25 +### 4.19.2 - Release date: 2024-03-25 + {: id="4.19.2"} -* Improved fix for open redirect allow list bypass +- Improved fix for open redirect allow list bypass For a complete list of changes in this release, see [History.md](https://github.com/expressjs/express/blob/master/History.md#4192--2024-03-25) -## 4.19.1 - Release date: 2024-03-20 +### 4.19.1 - Release date: 2024-03-20 + {: id="4.19.1"} -* Allow passing non-strings to res.location with new encoding handling checks +- Allow passing non-strings to res.location with new encoding handling checks For a complete list of changes in this release, see [History.md](https://github.com/expressjs/express/blob/master/History.md#4191--2024-03-20) -## 4.19.0 - Release date: 2024-03-20 +### 4.19.0 - Release date: 2024-03-20 + {: id="4.19.0"} -* Prevent open redirect allow list bypass due to encodeurl -* deps: cookie@0.6.0 +- Prevent open redirect allow list bypass due to encodeurl +- deps: cookie@0.6.0 For a complete list of changes in this release, see [History.md](https://github.com/expressjs/express/blob/master/History.md#4190--2024-03-20) -## 4.18.3 - Release date: 2024-02-29 +### 4.18.3 - Release date: 2024-02-29 + {: id="4.18.3"} The 4.18.3 patch release includes the following bug fix:diff --git a/es/guide/behind-proxies.md b/es/guide/behind-proxies.md old mode 100755 new mode 100644 index b76847f03c..7e20f8ae65 --- a/es/guide/behind-proxies.md +++ b/es/guide/behind-proxies.md @@ -1,22 +1,24 @@ --- layout: page title: Express detrás de proxies +description: Learn how to configure Express.js applications to work correctly behind reverse proxies, including using the trust proxy setting to handle client IP addresses. menu: guide -lang: es -description: Learn how to configure Express.js applications to work correctly behind - reverse proxies, including using the trust proxy setting to handle client IP addresses. +lang: en +redirect_from: " " --- # Express detrás de proxies -Cuando ejecute una aplicación Express detrás de un proxy, establezca (utilizando [app.set()](/{{ page.lang }}/4x/api.html#app.set)) la variable de aplicación `trust proxy` en uno de los valores de la siguiente tabla. +When running an Express app behind a reverse proxy, some of the Express APIs may return different values than expected. In order to adjust for this, the `trust proxy` application setting may be used to expose information provided by the reverse proxy in the Express APIs. The most common issue is express APIs that expose the client's IP address may instead show an internal IP address of the reverse proxy.- - Fix routing requests without method. ([commit](https://github.com/expressjs/express/commit/74beeac0718c928b4ba249aba3652c52fbe32ca8)) - + Fix routing requests without method. ([commit](https://github.com/expressjs/express/commit/74beeac0718c928b4ba249aba3652c52fbe32ca8)) +
- - Fix regression routing a large stack in a single route. ([commit](https://github.com/expressjs/express/commit/7ec5dd2b3c5e7379f68086dae72859f5573c8b9b)) - + Fix regression routing a large stack in a single route. ([commit](https://github.com/expressjs/express/commit/7ec5dd2b3c5e7379f68086dae72859f5573c8b9b)) +
- The [`res.sendFile()` method](/{{ page.lang }}/4x/api.html#res.sendFile) now accepts two new options: `acceptRanges` and `cacheControl`. - - `acceptRanges` (defaut is `true`), enables or disables accepting ranged requests. When disabled, the response does not send the `Accept-Ranges` header and ignores the contents of the `Range` request header. +- `acceptRanges` (defaut is `true`), enables or disables accepting ranged requests. When disabled, the response does not send the `Accept-Ranges` header and ignores the contents of the `Range` request header. - - `cacheControl`, (default is `true`), enables or disables the `Cache-Control` response header. Disabling it will ignore the `maxAge` option. +- `cacheControl`, (default is `true`), enables or disables the `Cache-Control` response header. Disabling it will ignore the `maxAge` option. + +- `res.sendFile` has also been updated to handle `Range` header and redirections better. - - `res.sendFile` has also been updated to handle `Range` header and redirections better.
- @@ -513,15 +598,23 @@ The 4.14.0 minor release includes bug fixes, security update, performance improv
- The [jshttp/cookie module](https://www.npmjs.com/package/cookie) (in addition to a number of other improvements) has been updated and now the [`res.cookie()` method](/{{ page.lang }}/4x/api.html#res.cookie) supports the `sameSite` option to let you specify the [SameSite cookie attribute](https://tools.ietf.org/html/draft-west-first-party-cookies-07). - - {% include admonitions/note.html content="This attribute has not yet been fully standardized, may change in the future, and many clients may ignore it." %} - The possible value for the `sameSite` option are: +{% capture note-4-14-0 %} + +``` +This attribute has not yet been fully standardized, may change in the future, and many clients may ignore it. +``` + +{% endcapture %} +{% include admonitions/note.html content=note-4-14-0 %} + +The possible value for the `sameSite` option are: + +- `true`, which sets the `SameSite` attribute to `Strict` for strict same site enforcement. +- `false`, which does not set the `SameSite` attribute. +- `'lax'`, which sets the `SameSite` attribute to `Lax` for lax same site enforcement. +- `'strict'`, which sets the `SameSite` attribute to `Strict` for strict same site enforcement. - - `true`, which sets the `SameSite` attribute to `Strict` for strict same site enforcement. - - `false`, which does not set the `SameSite` attribute. - - `'lax'`, which sets the `SameSite` attribute to `Lax` for lax same site enforcement. - - `'strict'`, which sets the `SameSite` attribute to `Strict` for strict same site enforcement.
- @@ -538,3 +631,5 @@ The 4.14.0 minor release includes bug fixes, security update, performance improv For a complete list of changes in this release, see [History.md](https://github.com/expressjs/express/blob/master/History.md#4140--2016-06-16). + +
-Aunque la aplicación no dejará de ejecutarse si no se establece la variable de aplicación `trust proxy`, registrará incorrectamente la dirección IP del proxy como la dirección IP del cliente, a menos que se configure `trust proxy`. +When configuring the `trust proxy` setting, it is important to understand the exact setup of the reverse proxy. Since this setting will trust values provided in the request, it is important that the combination of the setting in Express matches how the reverse proxy operates.+The application setting `trust proxy` may be set to one of the values listed in the following table. +-
-Si establece un valor de `trust proxy` distinto de `false`, se producen tres cambios importantes: +Enabling `trust proxy` will have the following impact:Tipo Valor Type Value Booleano @@ -24,16 +26,20 @@ Aunque la aplicación no dejará de ejecutarse si no se establece la variable de Si es `true`, la dirección IP del cliente se entiende como la entrada más a la izquierda en la cabecera `X-Forwarded-*`. Si es `false`, la aplicación se entiende como orientada directamente a Internet, y la dirección IP del cliente se obtiene de `req.connection.remoteAddress`. Este es el valor predeterminado. + ++When setting to `true`, it is important to ensure that the last reverse proxy trusted is removing/overwriting all of the following HTTP headers: `X-Forwarded-For`, `X-Forwarded-Host`, and `X-Forwarded-Proto`, otherwise it may be possible for the client to provide any value. +- Direcciones IP +IP addresses -Una dirección IP, una subred o una matriz de direcciones IP y subredes de confianza. La siguiente lista muestra los nombres de subred preconfigurados: +An IP address, subnet, or an array of IP addresses and subnets to trust as being a reverse proxy. The following list shows the pre-configured subnet names: -* loopback - `127.0.0.1/8`, `::1/128` -* linklocal - `169.254.0.0/16`, `fe80::/10` -* uniquelocal - `10.0.0.0/8`, `172.16.0.0/12`, `192.168.0.0/16`, `fc00::/7` +- loopback - `127.0.0.1/8`, `::1/128` +- linklocal - `169.254.0.0/16`, `fe80::/10` +- uniquelocal - `10.0.0.0/8`, `172.16.0.0/12`, `192.168.0.0/16`, `fc00::/7` Puede establecer direcciones IP de varias formas: @@ -44,20 +50,24 @@ app.set('trust proxy', 'loopback, linklocal, uniquelocal') // specify multiple s app.set('trust proxy', ['loopback', 'linklocal', 'uniquelocal']) // specify multiple subnets as an array ``` -Cuando se especifican, las direcciones IP o las subredes se excluyen del proceso de determinación de direcciones, y la dirección IP no de confianza más próxima al servidor de aplicaciones se establece como la dirección IP del cliente. +Cuando se especifican, las direcciones IP o las subredes se excluyen del proceso de determinación de direcciones, y la dirección IP no de confianza más próxima al servidor de aplicaciones se establece como la dirección IP del cliente. This works by checking if `req.socket.remoteAddress` is trusted. If so, then each address in `X-Forwarded-For` is checked from right to left until the first non-trusted address. + - Número +Number -Confíe en la porción `n` entre el origen y el destino del servidor proxy accesible externamente como el cliente. +Use the address that is at most `n` number of hops away from the Express application. `req.socket.remoteAddress` is the first hop, and the rest are looked for in the `X-Forwarded-For` header from right to left. A value of `0` means that the first untrusted address would be `req.socket.remoteAddress`, i.e. there is no reverse proxy. + + +When using this setting, it is important to ensure there are not multiple, different-length paths to the Express application such that the client can be less than the configured number of hops away, otherwise it may be possible for the client to provide any value. +- Función +Function -Implementación de confianza personalizada. Utilícela sólo si sabe lo que está haciendo. - +Custom trust implementation. ```js app.set('trust proxy', (ip) => { @@ -65,12 +75,13 @@ app.set('trust proxy', (ip) => { else return false }) ``` + - El valor de [req.hostname](/{{ page.lang }}/api.html#req.hostname) se obtiene del valor definido en la cabecera `X-Forwarded-Host`, que puede estar establecido por el cliente o el proxy. @@ -81,4 +92,4 @@ Si establece un valor de `trust proxy` distinto de `false`, se producen tres cam
-Estos son algunos de los muchos controladores de base de datos que hay disponibles. Para ver otras opciones, realice búsquedas en el sitio [npm](https://www.npmjs.com/). +Estos son algunos de los muchos controladores de base de datos que hay disponibles. Para ver otras opciones, realice búsquedas en el sitio [npm](https://www.npmjs.com/).- - ## Cassandra **Módulo**: [cassandra-driver](https://github.com/datastax/nodejs-driver) **Instalación** +### + ```bash $ npm install cassandra-driver ``` -**Ejemplo** +### --
+client.execute('select key from system.local', (err, result) => { + if (err) throw err + console.log(result.rows[0]) +}) +``` + +## Couchbase - +**Module**: [couchnode](https://github.com/couchbase/couchnode) + +### + +```bash +$ npm install couchbase +``` + +### + +```js +const couchbase = require('couchbase') +const bucket = (new couchbase.Cluster('http://localhost:8091')).openBucket('bucketName') + +// add a document to a bucket +bucket.insert('document-key', { name: 'Matt', shoeSize: 13 }, (err, result) => { + if (err) { + console.log(err) + } else { + console.log(result) + } +}) + +// get all documents with shoe size 13 +const n1ql = 'SELECT d.* FROM `bucketName` d WHERE shoeSize = $1' +const query = N1qlQuery.fromString(n1ql) +bucket.query(query, [13], (err, result) => { + if (err) { + console.log(err) + } else { + console.log(result) + } +}) +``` ## CouchDB **Módulo**: [nano](https://github.com/dscape/nano) **Instalación** +### + ```bash $ npm install nano ``` -**Ejemplo** +### --var cassandra = require('cassandra-driver'); -var client = new cassandra.Client({ contactPoints: ['localhost']}); +```js +const cassandra = require('cassandra-driver') +const client = new cassandra.Client({ contactPoints: ['localhost'] }) -client.execute('select key from system.local', function(err, result) { - if (err) throw err; - console.log(result.rows[0]); -}); ---
+// Insert a book document in the books database +books.insert({ name: 'The Art of war' }, null, (err, body) => { + if (err) { + console.log(err) + } else { + console.log(body) + } +}) - +// Get a list of all books +books.list((err, body) => { + if (err) { + console.log(err) + } else { + console.log(body.rows) + } +}) +``` ## LevelDB **Módulo**: [levelup](https://github.com/rvagg/node-levelup) **Instalación** +### + ```bash $ npm install level levelup leveldown ``` -**Ejemplo** - --var nano = require('nano')('http://localhost:5984'); -nano.db.create('books'); -var books = nano.db.use('books'); - -//Insert a book document in the books database -books.insert({name: 'The Art of war'}, null, function(err, body) { - if (!err){ - console.log(body); - } -}); +```js +const nano = require('nano')('http://localhost:5984') +nano.db.create('books') +const books = nano.db.use('books') -//Get a list of all books -books.list(function(err, body){ - console.log(body.rows); -}); ---
+ db.get('name', (err, value) => { + if (err) return console.log('Ooops!', err) - + console.log(`name=${value}`) + }) +}) +``` ## MySQL **Módulo**: [mysql](https://github.com/felixge/node-mysql/) **Instalación** +### + ```bash $ npm install mysql ``` -**Ejemplo** +### --var levelup = require('levelup'); -var db = levelup('./mydb'); +### -db.put('name', 'LevelUP', function (err) { +```js +const levelup = require('levelup') +const db = levelup('./mydb') - if (err) return console.log('Ooops!', err); - db.get('name', function (err, value) { - if (err) return console.log('Ooops!', err); - console.log('name=' + value); - }); +db.put('name', 'LevelUP', (err) => { + if (err) return console.log('Ooops!', err) -}); ---
+ console.log('The solution is: ', rows[0].solution) +}) - +connection.end() +``` ## MongoDB **Módulo**: [mongodb](https://github.com/mongodb/node-mongodb-native) **Instalación** +### + ```bash $ npm install mongodb ``` -**Ejemplo** +### Example (v2.\*) --var mysql = require('mysql'); -var connection = mysql.createConnection({ - host : 'localhost', - user : 'dbuser', - password : 's3kreee7' -}); +```js +const mysql = require('mysql') +const connection = mysql.createConnection({ + host: 'localhost', + user: 'dbuser', + password: 's3kreee7', + database: 'my_db' +}) -connection.connect(); +connection.connect() -connection.query('SELECT 1 + 1 AS solution', function(err, rows, fields) { - if (err) throw err; - console.log('The solution is: ', rows[0].solution); -}); +connection.query('SELECT 1 + 1 AS solution', (err, rows, fields) => { + if (err) throw err -connection.end(); ---
+MongoClient.connect('mongodb://localhost:27017/animals', (err, db) => { + if (err) throw err -Si desea un controlador de modelo de objeto para MongoDB, consulte [Mongoose](https://github.com/LearnBoost/mongoose). + db.collection('mammals').find().toArray((err, result) => { + if (err) throw err + + console.log(result) + }) +}) +``` + +### + +```js +const MongoClient = require('mongodb').MongoClient - +MongoClient.connect('mongodb://localhost:27017/animals', (err, client) => { + if (err) throw err + + const db = client.db('animals') + + db.collection('mammals').find().toArray((err, result) => { + if (err) throw err + + console.log(result) + }) +}) +``` + +Si desea un controlador de modelo de objeto para MongoDB, consulte [Mongoose](https://github.com/LearnBoost/mongoose). ## Neo4j -**Módulo**: [apoc](https://github.com/hacksparrow/apoc) -**Instalación** +-var MongoClient = require('mongodb').MongoClient; +```js +const MongoClient = require('mongodb').MongoClient -MongoClient.connect('mongodb://localhost:27017/animals', function(err, db) { - if (err) { - throw err; - } - db.collection('mammals').find().toArray(function(err, result) { - if (err) { - throw err; - } - console.log(result); - }); -}); --+var apoc = require('apoc');apoc.query('match (n) return n').exec().then( +function (response) { +console.log(response); +}, +function (fail) { +console.log(fail); +} +);+ +### ```bash -$ npm install apoc +$ npm install neo4j-driver ``` -**Ejemplo** +### --
+```js +const neo4j = require('neo4j-driver') +const driver = neo4j.driver('neo4j://localhost:7687', neo4j.auth.basic('neo4j', 'letmein')) - +const session = driver.session() + +session.readTransaction((tx) => { + return tx.run('MATCH (n) RETURN count(n) AS count') + .then((res) => { + console.log(res.records[0].get('count')) + }) + .catch((error) => { + console.log(error) + }) +}) +``` ## Oracle -**Módulo**: [oracledb](https://github.com/oracle/node-oracledb) +**Module**: [oracledb](https://github.com/oracle/node-oracledb) -### Instalación +### NOTA: [Vea los requisitos previos de instalación](https://github.com/oracle/node-oracledb#-installation). @@ -223,7 +283,7 @@ NOTA: [Vea los requisitos previos de instalación](https://github.com/oracle/nod $ npm install oracledb ``` -### Ejemplo +### ```js const oracledb = require('oracledb') @@ -257,130 +317,182 @@ async function getEmployee (empId) { getEmployee(101) ``` - - - ## PostgreSQL **Módulo**: [pg-promise](https://github.com/vitaly-t/pg-promise) **Instalación** +### + ```bash $ npm install pg-promise ``` -**Ejemplo** - --var apoc = require('apoc'); - -apoc.query('match (n) return n').exec().then( - function (response) { - console.log(response); - }, - function (fail) { - console.log(fail); - } -); ---
- - +```js +const pgp = require('pg-promise')(/* options */) +const db = pgp('postgres://username:password@host:port/database') + +db.one('SELECT $1 AS value', 123) + .then((data) => { + console.log('DATA:', data.value) + }) + .catch((error) => { + console.log('ERROR:', error) + }) +``` ## Redis **Módulo**: [redis](https://github.com/mranney/node_redis) **Instalación** +### + ```bash $ npm install redis ``` -**Ejemplo** +### --var pgp = require("pg-promise")(/*options*/); -var db = pgp("postgres://username:password@host:port/database"); +### -db.one("SELECT $1 AS value", 123) - .then(function (data) { - console.log("DATA:", data.value); - }) - .catch(function (error) { - console.log("ERROR:", error); - }); ---
+**Module**: [tedious](https://github.com/tediousjs/tedious) - +### + +```bash +$ npm install tedious +``` + +### + +```js +const Connection = require('tedious').Connection +const Request = require('tedious').Request + +const config = { + server: 'localhost', + authentication: { + type: 'default', + options: { + userName: 'your_username', // update me + password: 'your_password' // update me + } + } +} + +const connection = new Connection(config) + +connection.on('connect', (err) => { + if (err) { + console.log(err) + } else { + executeStatement() + } +}) + +function executeStatement () { + request = new Request("select 123, 'hello world'", (err, rowCount) => { + if (err) { + console.log(err) + } else { + console.log(`${rowCount} rows`) + } + connection.close() + }) + + request.on('row', (columns) => { + columns.forEach((column) => { + if (column.value === null) { + console.log('NULL') + } else { + console.log(column.value) + } + }) + }) + + connection.execSql(request) +} +``` ## SQLite **Módulo**: [sqlite3](https://github.com/mapbox/node-sqlite3) **Instalación** +### + ```bash $ npm install sqlite3 ``` -**Ejemplo** - --var client = require('redis').createClient(); +```js +const redis = require('redis') +const client = redis.createClient() -client.on('error', function (err) { - console.log('Error ' + err); -}); +client.on('error', (err) => { + console.log(`Error ${err}`) +}) -client.set('string key', 'string val', redis.print); -client.hset('hash key', 'hashtest 1', 'some value', redis.print); -client.hset(['hash key', 'hashtest 2', 'some other value'], redis.print); +client.set('string key', 'string val', redis.print) +client.hset('hash key', 'hashtest 1', 'some value', redis.print) +client.hset(['hash key', 'hashtest 2', 'some other value'], redis.print) -client.hkeys('hash key', function (err, replies) { +client.hkeys('hash key', (err, replies) => { + console.log(`${replies.length} replies:`) - console.log(replies.length + ' replies:'); - replies.forEach(function (reply, i) { - console.log(' ' + i + ': ' + reply); - }); + replies.forEach((reply, i) => { + console.log(` ${i}: ${reply}`) + }) - client.quit(); + client.quit() +}) +``` + +## SQL Server -}); ---
+ db.each('SELECT rowid AS id, info FROM lorem', (err, row) => { + console.log(`${row.id}: ${row.info}`) + }) +}) - +db.close() +``` ## ElasticSearch **Módulo**: [elasticsearch](https://github.com/elastic/elasticsearch-js) **Instalación** +### + ```bash $ npm install elasticsearch ``` -**Ejemplo** +### --var sqlite3 = require('sqlite3').verbose(); -var db = new sqlite3.Database(':memory:'); +### -db.serialize(function() { +```js +const sqlite3 = require('sqlite3').verbose() +const db = new sqlite3.Database(':memory:') - db.run('CREATE TABLE lorem (info TEXT)'); - var stmt = db.prepare('INSERT INTO lorem VALUES (?)'); +db.serialize(() => { + db.run('CREATE TABLE lorem (info TEXT)') + const stmt = db.prepare('INSERT INTO lorem VALUES (?)') - for (var i = 0; i < 10; i++) { - stmt.run('Ipsum ' + i); + for (let i = 0; i < 10; i++) { + stmt.run(`Ipsum ${i}`) } - stmt.finalize(); - - db.each('SELECT rowid AS id, info FROM lorem', function(err, row) { - console.log(row.id + ': ' + row.info); - }); -}); + stmt.finalize() -db.close(); ---
+}).then((response) => { + const hits = response.hits.hits +}, (error) => { + console.trace(error.message) +}) +``` diff --git a/es/guide/debugging.md b/es/guide/debugging.md old mode 100755 new mode 100644 index 4b4d627258..4194bf6cd1 --- a/es/guide/debugging.md +++ b/es/guide/debugging.md @@ -1,10 +1,10 @@ --- layout: page title: Depuración de Express +description: Learn how to enable and use debugging logs in Express.js applications by setting the DEBUG environment variable for enhanced troubleshooting. menu: guide -lang: es -description: Learn how to enable and use debugging logs in Express.js applications - by setting the DEBUG environment variable for enhanced troubleshooting. +lang: en +redirect_from: " " --- # Depuración de Express @@ -18,7 +18,7 @@ $ DEBUG=express:* node index.js En Windows, utilice el mandato correspondiente. ```bash -> set DEBUG=express:* & node index.js +> $env:DEBUG = "express:*"; node index.js ``` La ejecución de este mandato en la aplicación predeterminada generada por el [generador de Express](/{{ page.lang }}/starter/generator.html) imprime la siguiente salida: @@ -59,11 +59,11 @@ $ DEBUG=express:* node ./bin/www express:router:layer new / +1ms express:router use /users router +0ms express:router:layer new /users +0ms - express:router use / <anonymous> +0ms + express:router use / <anonymous> +0ms express:router:layer new / +0ms - express:router use / <anonymous> +0ms + express:router use / <anonymous> +0ms express:router:layer new / +0ms - express:router use / <anonymous> +0ms + express:router use / <anonymous> +0ms express:router:layer new / +0ms ``` @@ -89,7 +89,7 @@ Cuando se realiza una solicitud a la aplicación, verá los registros especifica Para ver sólo los registros de la implementación de direccionador, establezca el valor de `DEBUG` en `express:router`. De la misma forma, para ver sólo los registros de la implementación de aplicación, establezca el valor de `DEBUG` en `express:application`, etc. -## Aplicaciones generadas por `express` +## Applications generated by `express` Una aplicación generada por el mandato `express` utiliza el módulo `debug`, y el ámbito de su espacio de nombres de depuración se establece en el nombre de la aplicación. @@ -104,3 +104,27 @@ Puede especificar más de un espacio de nombres de depuración asignando una lis ```bash $ DEBUG=http,mail,express:* node index.js ``` + +## Advanced options + +When running through Node.js, you can set a few environment variables that will change the behavior of the debug logging: + +| Name | Purpose | +| ------------------- | ----------------------------------------------------------------- | +| `DEBUG` | Enables/disables specific debugging namespaces. | +| `DEBUG_COLORS` | Whether or not to use colors in the debug output. | +| `DEBUG_DEPTH` | Object inspection depth. | +| `DEBUG_FD` | File descriptor to write debug output to. | +| `DEBUG_SHOW_HIDDEN` | Shows hidden properties on inspected objects. | + +{% capture debug-text %} + +The environment variables beginning with `DEBUG_` end up being +converted into an Options object that gets used with `%o`/`%O` formatters. +See the Node.js documentation for +[`util.inspect()`](https://nodejs.org/api/util.html#util_util_inspect_object_options) +for the complete list. + +{% endcapture %} + +{% include admonitions/note.html content=debug-text %} diff --git a/es/guide/error-handling.md b/es/guide/error-handling.md old mode 100755 new mode 100644 index 034c9e7476..6b8abb8123 --- a/es/guide/error-handling.md +++ b/es/guide/error-handling.md @@ -1,15 +1,189 @@ --- layout: page title: Manejo de errores de Express +description: Understand how Express.js handles errors in synchronous and asynchronous code, and learn to implement custom error handling middleware for your applications. menu: guide -lang: es -description: Understand how Express.js handles errors in synchronous and asynchronous - code, and learn to implement custom error handling middleware for your applications. +lang: en +redirect_from: " " --- -# Manejo de errores +# Error Handling -Defina las funciones de middleware de manejo de errores de la misma forma que otras funciones de middleware, excepto que las funciones de manejo de errores tienen cuatro argumentos en lugar de tres: `(err, req, res, next)`. Por ejemplo: +_Error Handling_ refers to how Express catches and processes errors that +occur both synchronously and asynchronously. Express comes with a default error +handler so you don't need to write your own to get started. + +## Catching Errors + +It's important to ensure that Express catches all errors that occur while +running route handlers and middleware. + +Errors that occur in synchronous code inside route handlers and middleware +require no extra work. If synchronous code throws an error, then Express will +catch and process it. For example: + +```js +app.get('/', (req, res) => { + throw new Error('BROKEN') // Express will catch this on its own. +}) +``` + +Defina las funciones de middleware de manejo de errores de la misma forma que otras funciones de middleware, excepto que las funciones de manejo de errores tienen cuatro argumentos en lugar de tres: `(err, req, res, next)`. For example: + +```js +app.get('/', (req, res, next) => { + fs.readFile('/file-does-not-exist', (err, data) => { + if (err) { + next(err) // Pass errors to Express. + } else { + res.send(data) + } + }) +}) +``` + +Si tiene un manejador de rutas con varias funciones de devolución de llamada, puede utilizar el parámetro `route` para omitir el siguiente manejador de rutas. +For example: + +```js +app.get('/user/:id', async (req, res, next) => { + const user = await getUserById(req.params.id) + res.send(user) +}) +``` + +If `getUserById` throws an error or rejects, `next` will be called with either +the thrown error or the rejected value. If no rejected value is provided, `next` +will be called with a default Error object provided by the Express router. + +Si pasa cualquier valor a la función `next()` (excepto la serie `'route'`), Express considera que la solicitud actual tiene un error y omitirá las restantes funciones de middleware y direccionamiento que no son de manejo de errores. + +If the callback in a sequence provides no data, only errors, you can simplify +this code as follows: + +```js +app.get('/', [ + function (req, res, next) { + fs.writeFile('/inaccessible-path', 'data', next) + }, + function (req, res) { + res.send('OK') + } +]) +``` + +In the above example, `next` is provided as the callback for `fs.writeFile`, +which is called with or without errors. If there is no error, the second +handler is executed, otherwise Express catches and processes the error. + +You must catch errors that occur in asynchronous code invoked by route handlers or +middleware and pass them to Express for processing. For example: + +```js +app.get('/', (req, res, next) => { + setTimeout(() => { + try { + throw new Error('BROKEN') + } catch (err) { + next(err) + } + }, 100) +}) +``` + +The above example uses a `try...catch` block to catch errors in the +asynchronous code and pass them to Express. If the `try...catch` +block were omitted, Express would not catch the error since it is not part of the synchronous +handler code. + +Use promises to avoid the overhead of the `try...catch` block or when using functions +that return promises. For example: + +```js +app.get('/', (req, res, next) => { + Promise.resolve().then(() => { + throw new Error('BROKEN') + }).catch(next) // Errors will be passed to Express. +}) +``` + +Since promises automatically catch both synchronous errors and rejected promises, +you can simply provide `next` as the final catch handler and Express will catch errors, +because the catch handler is given the error as the first argument. + +You could also use a chain of handlers to rely on synchronous error +catching, by reducing the asynchronous code to something trivial. For example: + +```js +app.get('/', [ + function (req, res, next) { + fs.readFile('/maybe-valid-file', 'utf-8', (err, data) => { + res.locals.data = data + next(err) + }) + }, + function (req, res) { + res.locals.data = res.locals.data.split(',')[1] + res.send(res.locals.data) + } +]) +``` + +The above example has a couple of trivial statements from the `readFile` +call. If `readFile` causes an error, then it passes the error to Express, otherwise you +quickly return to the world of synchronous error handling in the next handler +in the chain. Then, the example above tries to process the data. If this fails, then the +synchronous error handler will catch it. If you had done this processing inside +the `readFile` callback, then the application might exit and the Express error +handlers would not run. + +Whichever method you use, if you want Express error handlers to be called in and the +application to survive, you must ensure that Express receives the error. + +## El manejador de errores predeterminado + +Express se suministra con un manejador de errores incorporado, que se encarga de los errores que aparecen en la aplicación. Esta función de middleware de manejo de errores predeterminada se añade al final de la pila de funciones de middleware. + +Si pasa un error a `next()` y no lo maneja en el manejador de errores, lo manejará el manejador de errores incorporado; el error se escribirá en el cliente con el seguimiento de la pila. El seguimiento de la pila no se incluye en el entorno de producción. + +-var elasticsearch = require('elasticsearch'); -var client = elasticsearch.Client({ +```js +const elasticsearch = require('elasticsearch') +const client = elasticsearch.Client({ host: 'localhost:9200' -}); +}) client.search({ index: 'books', @@ -393,10 +505,9 @@ client.search({ } } } -}).then(function(response) { - var hits = response.hits.hits; -}, function(error) { - console.trace(error.message); -}); --+Establezca la variable de entorno `NODE_ENV` en `production`, para ejecutar la aplicación en modalidad de producción. ++ +When an error is written, the following information is added to the +response: + +- The `res.statusCode` is set from `err.status` (or `err.statusCode`). If + this value is outside the 4xx or 5xx range, it will be set to 500. +- The `res.statusMessage` is set according to the status code. +- The body will be the HTML of the status code message when in production + environment, otherwise will be `err.stack`. +- Any headers specified in an `err.headers` object. + +Si invoca `next()` con un error después de haber empezado a escribir la respuesta (por ejemplo, si encuentra un error mientras se envía la respuesta en modalidad continua al cliente), el manejador de errores predeterminado de Express cierra la conexión y falla la solicitud. + +Por lo tanto, cuando añade un manejador de errores personalizado, se recomienda delegar en los mecanismos de manejo de errores predeterminados de Express, cuando las cabeceras ya se han enviado al cliente: + +```js +function errorHandler (err, req, res, next) { + if (res.headersSent) { + return next(err) + } + res.status(500) + res.render('error', { error: err }) +} +``` + +Note that the default error handler can get triggered if you call `next()` with an error +in your code more than once, even if custom error handling middleware is in place. + +Other error handling middleware can be found at [Express middleware](/{{ page.lang }}/resources/middleware.html). + +## Writing error handlers + +Define error-handling middleware functions in the same way as other middleware functions, +except error-handling functions have four arguments instead of three: +`(err, req, res, next)`. For example: ```js app.use((err, req, res, next) => { @@ -24,7 +198,10 @@ El middleware de manejo de errores se define al final, después de otras llamada const bodyParser = require('body-parser') const methodOverride = require('method-override') -app.use(bodyParser()) +app.use(bodyParser.urlencoded({ + extended: true +})) +app.use(bodyParser.json()) app.use(methodOverride()) app.use((err, req, res, next) => { // logic @@ -39,7 +216,10 @@ A efectos de la organización (y de infraestructura de nivel superior), puede de const bodyParser = require('body-parser') const methodOverride = require('method-override') -app.use(bodyParser()) +app.use(bodyParser.urlencoded({ + extended: true +})) +app.use(bodyParser.json()) app.use(methodOverride()) app.use(logErrors) app.use(clientErrorHandler) @@ -57,6 +237,8 @@ function logErrors (err, req, res, next) { También en este ejemplo, `clientErrorHandler` se define de la siguiente manera; en este caso, el error se pasa de forma explícita al siguiente: +Notice that when _not_ calling "next" in an error-handling function, you are responsible for writing (and ending) the response. Otherwise, those requests will "hang" and will not be eligible for garbage collection. + ```js function clientErrorHandler (err, req, res, next) { if (req.xhr) { @@ -66,6 +248,7 @@ function clientErrorHandler (err, req, res, next) { } } ``` + La función que detecta todos los errores de `errorHandler` puede implementarse de la siguiente manera: ```js @@ -75,17 +258,16 @@ function errorHandler (err, req, res, next) { } ``` -Si pasa cualquier valor a la función `next()` (excepto la serie `'route'`), Express considera que la solicitud actual tiene un error y omitirá las restantes funciones de middleware y direccionamiento que no son de manejo de errores. Si desea manejar ese error de alguna manera, deberá crear una ruta de manejo de errores como se describe en la siguiente sección. - -Si tiene un manejador de rutas con varias funciones de devolución de llamada, puede utilizar el parámetro `route` para omitir el siguiente manejador de rutas. Por ejemplo: +If you have a route handler with multiple callback functions, you can use the `route` parameter to skip to the next route handler. For example: ```js app.get('/a_route_behind_paywall', (req, res, next) => { if (!req.user.hasPaid) { - // continue handling this request next('route') + } else { + next() } }, (req, res, next) => { PaidContent.find((err, doc) => { @@ -94,32 +276,9 @@ app.get('/a_route_behind_paywall', }) }) ``` + En este ejemplo, se omitirá el manejador `getPaidContent`, pero los restantes manejadores en `app` para `/a_route_behind_paywall` continuarán ejecutándose.Las llamadas a `next()` y `next(err)` indican que el manejador actual está completo y en qué estado. `next(err)` omitirá los demás manejadores de la cadena, excepto los que se hayan configurado para manejar errores como se ha descrito anteriormente.- -## El manejador de errores predeterminado - -Express se suministra con un manejador de errores incorporado, que se encarga de los errores que aparecen en la aplicación. Esta función de middleware de manejo de errores predeterminada se añade al final de la pila de funciones de middleware. - -Si pasa un error a `next()` y no lo maneja en el manejador de errores, lo manejará el manejador de errores incorporado; el error se escribirá en el cliente con el seguimiento de la pila. El seguimiento de la pila no se incluye en el entorno de producción. - --Establezca la variable de entorno `NODE_ENV` en `production`, para ejecutar la aplicación en modalidad de producción. -- -Si invoca `next()` con un error después de haber empezado a escribir la respuesta (por ejemplo, si encuentra un error mientras se envía la respuesta en modalidad continua al cliente), el manejador de errores predeterminado de Express cierra la conexión y falla la solicitud. - -Por lo tanto, cuando añade un manejador de errores personalizado, se recomienda delegar en los mecanismos de manejo de errores predeterminados de Express, cuando las cabeceras ya se han enviado al cliente: - -```js -function errorHandler (err, req, res, next) { - if (res.headersSent) { - return next(err) - } - res.status(500) - res.render('error', { error: err }) -} -``` diff --git a/es/guide/migrating-4.md b/es/guide/migrating-4.md old mode 100755 new mode 100644 index 1eee5aca04..c48ad90428 --- a/es/guide/migrating-4.md +++ b/es/guide/migrating-4.md @@ -1,15 +1,15 @@ --- layout: page title: Migración a Express 4 +description: A guide to migrating your Express.js applications from version 3 to 4, covering changes in middleware, routing, and how to update your codebase effectively. menu: guide -lang: es -description: A guide to migrating your Express.js applications from version 3 to 4, - covering changes in middleware, routing, and how to update your codebase effectively. +lang: en +redirect_from: " " --- # Migración a Express 4 -Visión general
+Overview
Express 4 es un cambio que rompe el código existente de Express 3, etc. Esto implica que una aplicación Express 3 existente no funcionará si actualiza la versión de Express en sus dependencias. @@ -18,7 +18,7 @@ En este artículo se describen:- Los cambios en Express 4.
- Un ejemplo de migración de una aplicación Express 3 a Express 4. -
- La actualización al generador de aplicaciones Express 4. +
- La actualización al generador de aplicaciones Express 4.
Los cambios en Express 4
@@ -26,7 +26,7 @@ En este artículo se describen: Se han realizado varios cambios importantes en Express 4:-
-
- Cambios en el sistema principal y de middleware de Express. Las dependencias de Connect y el middleware incorporado se han eliminado, por lo que debe añadir el middleware manualmente. +
- Changes to Express core and middleware system. The dependencies on Connect and built-in middleware were removed, so you must add middleware yourself.
- Cambios en el sistema de direccionamiento.
- Otros cambios. @@ -34,8 +34,8 @@ Se han realizado varios cambios importantes en Express 4: Vea también: -* [Nuevas características en 4.x.](https://github.com/expressjs/express/wiki/New-features-in-4.x) -* [Migración de 3.x a 4.x.](https://github.com/expressjs/express/wiki/Migrating-from-3.x-to-4.x) +- [New features in 4.x.](https://github.com/expressjs/express/wiki/New-features-in-4.x) +- [Migrating from 3.x to 4.x.](https://github.com/expressjs/express/wiki/Migrating-from-3.x-to-4.x)
Cambios en el sistema principal y de middleware de Express @@ -53,7 +53,7 @@ middleware necesario para ejecutar la aplicación. Sólo tiene que seguir estos En la tabla siguiente se lista el middleware de Express 3 y su contrapartida en Express 4.
-
+Express 3 Express 4 Express 3 Express 4 express.bodyParserbody-parser + multer serve-index express.staticserve-static
+app.useacepta parámetros
En la versión 4, puede utilizar un parámetro de variable para definir la vía de acceso donde se cargan las funciones de middleware y, a continuación, leer el valor del parámetro en el manejador de rutas. -Por ejemplo: +For example: ```js -app.use('/book/:id', function (req, res, next) { +app.use('/book/:id', (req, res, next) => { console.log('ID:', req.params.id) next() }) ``` +app.useaccepts parametersEl sistema de direccionamiento
@@ -111,10 +112,11 @@ Ahora las aplicaciones cargan implícitamente el middleware de direccionamiento, La forma en que define las rutas no varía, pero el sistema de direccionamiento tiene dos nuevas características que permiten organizar las rutas: {: .doclist } -* Un nuevo método, `app.route()`, para crear manejadores de rutas encadenables para una vía de acceso de ruta. -* Una nueva clase, `express.Router`, para crear manejadores de rutas montables modulares. -Método
+- Un nuevo método, `app.route()`, para crear manejadores de rutas encadenables para una vía de acceso de ruta. +- Una nueva clase, `express.Router`, para crear manejadores de rutas montables modulares. + +app.route()
El nuevo método `app.route()` permite crear manejadores de rutas encadenables para una vía de acceso de ruta. Como la vía de acceso se especifica en una única ubicación, la creación de rutas modulares es muy útil, al igual que la reducción de redundancia y errores tipográficos. Para obtener más información sobre las rutas, consulte la [`documentación` de Router()](/{{ page.lang }}/4x/api.html#router). @@ -122,18 +124,18 @@ A continuación, se muestra un ejemplo de manejadores de rutas encadenados que s ```js app.route('/book') - .get(function (req, res) { + .get((req, res) => { res.send('Get a random book') }) - .post(function (req, res) { + .post((req, res) => { res.send('Add a book') }) - .put(function (req, res) { + .put((req, res) => { res.send('Update the book') }) ``` -app.route()methodClase
+express.Router
La otra característica que permite organizar las rutas es una nueva clase, `express.Router`, que puede utilizar para crear manejadores de rutas montables modulares. Una instancia `Router` es un sistema de middleware y direccionamiento completo; por este motivo, a menudo se conoce como una "miniaplicación". @@ -146,16 +148,16 @@ var express = require('express') var router = express.Router() // middleware specific to this router -router.use(function timeLog (req, res, next) { +router.use((req, res, next) => { console.log('Time: ', Date.now()) next() }) // define the home page route -router.get('/', function (req, res) { +router.get('/', (req, res) => { res.send('Birds home page') }) // define the about route -router.get('/about', function (req, res) { +router.get('/about', (req, res) => { res.send('About birds') }) @@ -167,7 +169,7 @@ A continuación, cargue el módulo de direccionador en la aplicación: ```js var birds = require('./birds') -/// ... +// ... app.use('/birds', birds) ``` @@ -175,15 +177,15 @@ app.use('/birds', birds) La aplicación ahora podrá manejar solicitudes a las vías de acceso `/birds` y `/birds/about`, e invocará el middleware `timeLog` que es específico de la ruta.express.Routerclass-Otros cambios +Other changes
En la tabla siguiente se muestran otros cambios pequeños pero importantes en Express 4:-
+- Objeto -Descripción ++ Object +Description Node.js @@ -195,7 +197,7 @@ Node.js 0.8.x. `http.createServer()`-El módulo `http` ya no es necesario, a menos que necesite trabajar directamente con él (socket.io/SPDY/HTTPS). La aplicación puede iniciarse utilizando la función `app.listen()`. +The `http` module is no longer needed, unless you need to directly work with it (socket.io/SPDY/HTTPS). La aplicación puede iniciarse utilizando la función `app.listen()`. @@ -288,12 +290,12 @@ Se ha eliminado. La funcionalidad está ahora limitada a establecer el valor de cookie básico. Utilice `res.cookie()` para obtener la funcionalidad adicional. -Migración de aplicación de ejemplo
A continuación, se muestra un ejemplo de migración de una aplicación Express 3 a Express 4. -Los archivos de interés son `app.js` y `package.json`. +The files of interest are `app.js` and `package.json`.Aplicación versión 3 @@ -301,7 +303,7 @@ Aplicación versión 3
-Considere una aplicación Express v.3 con el siguiente archivo `app.js`: +Consider an Express v.3 application with the following `app.js` file: ```js var express = require('express') @@ -332,7 +334,7 @@ if (app.get('env') === 'development') { app.get('/', routes.index) app.get('/users', user.list) -http.createServer(app).listen(app.get('port'), function () { +http.createServer(app).listen(app.get('port'), () => { console.log('Express server listening on port ' + app.get('port')) }) ``` @@ -369,12 +371,12 @@ $ npm install serve-favicon morgan method-override express-session body-parser m Realice los cambios siguientes en `app.js`: 1. Las funciones de middleware de Express incorporadas `express.favicon`, - `express.logger`, `express.methodOverride`, - `express.session`, `express.bodyParser` y - `express.errorHandler` ya no están disponibles en el objeto `express`. Debe instalar sus alternativas manualmente y cargarlas en la aplicación. + `express.logger`, `express.methodOverride`, + `express.session`, `express.bodyParser` y + `express.errorHandler` ya no están disponibles en el objeto `express`. Debe instalar sus alternativas manualmente y cargarlas en la aplicación. 2. Ya no es necesario cargar la función `app.router`. - No es un objeto de aplicación Express 4 válido, por lo que debe eliminar el código `app.use(app.router);`. + No es un objeto de aplicación Express 4 válido, por lo que debe eliminar el código `app.use(app.router);`. 3. Asegúrese de que las funciones de middleware se cargan en el orden correcto: cargue `errorHandler` después de cargar las rutas de aplicación. @@ -397,7 +399,7 @@ La ejecución del mandato `npm` anterior actualizará `package.json` de la sigui "errorhandler": "^1.1.1", "express": "^4.8.0", "express-session": "^1.7.2", - "pug": "2.0.0-beta6", + "pug": "^2.0.0", "method-override": "^2.1.2", "morgan": "^1.2.2", "multer": "^0.1.3", @@ -462,14 +464,14 @@ server.listen(app.get('port'), () => { A menos que necesite trabajar directamente con el módulo `http` (socket.io/SPDY/HTTPS), no es necesario cargarlo y la aplicación puede iniciarse simplemente de la siguiente manera: ```js -app.listen(app.get('port'), function () { +app.listen(app.get('port'), () => { console.log('Express server listening on port ' + app.get('port')) }) ```app.jsEjecutar la aplicación
+Run the app
El proceso de migración está completo y la aplicación es ahora una aplicación Express 4. Para confirmarlo, inicie la aplicación utilizando el siguiente mandato: @@ -509,11 +511,12 @@ Ahora el mandato `express` en el sistema se actualiza al generador de Express 4. Las opciones de mandato y el uso continúan prácticamente iguales, con las siguientes excepciones: {: .doclist } -* Se ha eliminado la opción `--sessions`. -* Se ha eliminado la opción `--jshtml`. -* Se ha añadido la opción `--hogan` para dar soporte a [Hogan.js](http://twitter.github.io/hogan.js/). -Ejemplo
+- Removed the `--sessions` option. +- Removed the `--jshtml` option. +- Se ha añadido la opción `--hogan` para dar soporte a [Hogan.js](http://twitter.github.io/hogan.js/). + +Ejecute el siguiente mandato para crear una aplicación Express 4: @@ -544,7 +547,7 @@ suprima la línea `module.exports = app;` al final del archivo `app.js` y pegue ```js app.set('port', process.env.PORT || 3000) -var server = app.listen(app.get('port'), function () { +var server = app.listen(app.get('port'), () => { debug('Express server listening on port ' + server.address().port) }) ``` @@ -557,4 +560,4 @@ var debug = require('debug')('app4') A continuación, cambie `"start": "node ./bin/www"` en el archivo `package.json` por `"start": "node app.js"`. -Ahora ha devuelto la funcionalidad de `./bin/www` a `app.js`. Este cambio no se recomienda, pero el ejercicio permite entender cómo funciona el archivo `./bin/www` y por qué el archivo `app.js` ya no se inicia solo. +Ahora ha devuelto la funcionalidad de `./bin/www` a `app.js`. Este cambio no se recomienda, pero el ejercicio permite entender cómo funciona el archivo `./bin/www` y por qué el archivo `app.js` ya no se inicia solo. diff --git a/es/guide/migrating-5.md b/es/guide/migrating-5.md old mode 100755 new mode 100644 index c364b49b9c..e98bd7df15 --- a/es/guide/migrating-5.md +++ b/es/guide/migrating-5.md @@ -1,32 +1,45 @@ --- layout: page title: Migración a Express 5 +description: A comprehensive guide to migrating your Express.js applications from version 4 to 5, detailing breaking changes, deprecated methods, and new improvements. menu: guide -lang: es -description: A comprehensive guide to migrating your Express.js applications from - version 4 to 5, detailing breaking changes, deprecated methods, and new improvements. +lang: en +redirect_from: " " --- # Migración a Express 5 -
Visión general
+Overview
-Express 5.0 continúa en la etapa del release alfa, pero hay una vista previa de los cambios que habrá en el release y cómo migrar la aplicación Express 4 a Express 5. +Express 5 no es muy diferente de Express 4: los cambios en la API no son tan significativos como los de la migración de 3.0 a 4.0. Aunque la API básica permanece igual, continúa habiendo cambios que rompen el código existente; es decir, un programa de Express 4 existente no funcionará si lo actualiza para que utilice Express 5. -Express 5 no es muy diferente de Express 4: los cambios en la API no son tan significativos como los de la migración de 3.0 a 4.0. Aunque la API básica permanece igual, continúa habiendo cambios que rompen el código existente; es decir, un programa de Express 4 existente no funcionará si lo actualiza para que utilice Express 5. +To install this version, you need to have a Node.js version 18 or higher. Then, execute the following command in your application directory: -Para instalar el release alpha más reciente y obtener una vista previa de Express 5, especifique el siguiente mandato en el directorio raíz de la aplicación: - -```bash -$ npm install "express@5" --save +```sh +npm install "express@5" ``` A continuación, puede ejecutar las pruebas automatizadas para ver qué falla y solucionar los problemas según las actualizaciones siguientes. Después de solucionar los errores de las pruebas, ejecute la aplicación para ver qué errores se producen. Verá rápidamente si la aplicación utiliza métodos o propiedades que no están soportados. -Cambios en Express 5
+## Express 5 Codemods + +To help you migrate your express server, we have created a set of codemods that will help you automatically update your code to the latest version of Express. + +Run the following command for run all the codemods available: + +```sh +npx @expressjs/codemod upgrade +``` + +If you want to run a specific codemod, you can run the following command: + +```sh +npx @expressjs/codemod name-of-the-codemod +``` + +You can find the list of available codemods [here](https://github.com/expressjs/codemod?tab=readme-ov-file#available-codemods). -A continuación, se muestra la lista de cambios (a partir del release alpha 2) que le afectarán como usuario de Express. -Consulte la [Pull request](https://github.com/expressjs/express/pull/2237) para ver una lista de todas las características planificadas. +Changes in Express 5
**Métodos y propiedades eliminados** @@ -38,26 +51,40 @@ Consulte la [Pull request](https://github.com/expressjs/express/pull/2237) para- req.param(name)
- res.json(obj, status)
- res.jsonp(obj, status)
+- res.redirect('back') and res.location('back')
+- res.redirect(url, status)
- res.send(body, status)
- res.send(status)
- res.sendfile()
+- router.param(fn)
+- express.static.mime
+- express:router debug logs
-**Modificados** +**Mejoras**-
+
- Path route matching syntax +
- Rejected promises handled from middleware and handlers +
- express.urlencoded +
- app.listen
- app.router +
- req.body
- req.host
- req.query +
- res.clearCookie +
- res.status +
- res.vary
Métodos y propiedades eliminados
+### Removed methods and properties Si utiliza cualquiera de estos métodos o propiedades en la aplicación, se bloqueará. Por lo tanto, deberá cambiar la aplicación después de actualizar a la versión 5. @@ -65,21 +92,75 @@ Si utiliza cualquiera de estos métodos o propiedades en la aplicación, se bloq Express 5 ya no da soporte a la función `app.del()`. Si utiliza esta función, se genera un error. Para registrar las rutas HTTP DELETE, utilice la función `app.delete()` en su lugar. -Inicialmente, se utilizaba `del` en lugar de `delete`, porque `delete` es una palabra clave reservada en JavaScript. No obstante, a partir de ECMAScript 6, `delete` y otras palabras clave reservadas pueden utilizarse correctamente como nombres de propiedad. Puede leer aquí la discusión que llevó a descartar la función `app.del`. +Inicialmente, se utilizaba `del` en lugar de `delete`, porque `delete` es una palabra clave reservada en JavaScript. No obstante, a partir de ECMAScript 6, `delete` y otras palabras clave reservadas pueden utilizarse correctamente como nombres de propiedad. + +{% capture codemod-deprecated-signatures %} +You can replace the deprecated signatures with the following command: + +```plain-text +npx @expressjs/codemod v4-deprecated-signatures +``` + +{% endcapture %} + +{% include admonitions/note.html content=codemod-deprecated-signatures %} + +```js +// v4 +app.del('/user/:id', (req, res) => { + res.send(`DELETE /user/${req.params.id}`) +}) + +// v5 +app.delete('/user/:id', (req, res) => { + res.send(`DELETE /user/${req.params.id}`) +}) +```app.param(fn)
La firma `app.param(fn)` se utilizaba para modificar el comportamiento de la función `app.param(name, fn)`. Está en desuso desde v4.11.0 y Express 5 ya no le da soporte. -Nombres de métodos pluralizados
+Pluralized method names
-Los siguientes nombres de métodos se han pluralizado. En Express 4, el uso de los métodos antiguos daba como resultado un aviso de obsolescencia. Express 5 ya no les da soporte: +Los siguientes nombres de métodos se han pluralizado. En Express 4, el uso de los métodos antiguos daba como resultado un aviso de obsolescencia. Express 5 ya no les da soporte: + +`req.acceptsLanguage()` se ha sustituido por `req.acceptsLanguages()`. `req.acceptsCharset()` se ha sustituido por `req.acceptsCharsets()`. `req.acceptsEncoding()` se ha sustituido por `req.acceptsEncodings()`. -`req.acceptsLanguage()` se ha sustituido por `req.acceptsLanguages()`. +{% capture codemod-pluralized-methods %} +You can replace the deprecated signatures with the following command: + +```plain-text +npx @expressjs/codemod pluralized-methods +``` + +{% endcapture %} + +{% include admonitions/note.html content=codemod-pluralized-methods %} + +```js +// v4 +app.all('/', (req, res) => { + req.acceptsCharset('utf-8') + req.acceptsEncoding('br') + req.acceptsLanguage('en') + + // ... +}) + +// v5 +app.all('/', (req, res) => { + req.acceptsCharsets('utf-8') + req.acceptsEncodings('br') + req.acceptsLanguages('en') + + // ... +}) +```Dos puntos (:) delanteros en el nombre de app.param(name, fn)
@@ -91,43 +172,334 @@ Esto no afectará al código si sigue la documentación de Express 4 de [app.par Este método potencialmente confuso y peligroso de recuperar datos de formulario se ha eliminado. No necesitará buscar específicamente el nombre de parámetro enviado en el objeto `req.params`, `req.body` o `req.query`. +{% capture codemod-req-param %} +You can replace the deprecated signatures with the following command: + +```plain-text +npx @expressjs/codemod req-param +``` + +{% endcapture %} + +{% include admonitions/note.html content=codemod-req-param %} + +```js +// v4 +app.post('/user', (req, res) => { + const id = req.param('id') + const body = req.param('body') + const query = req.param('query') + + // ... +}) + +// v5 +app.post('/user', (req, res) => { + const id = req.params.id + const body = req.body + const query = req.query + + // ... +}) +``` +res.json(obj, status)
Express 5 ya no da soporte a la firma `res.json(obj, status)`. En su lugar, establezca el estado y encadénelo al método `res.json()` de la siguiente manera: `res.status(status).json(obj)`. +{% include admonitions/note.html content=codemod-deprecated-signatures %} + +```js +// v4 +app.post('/user', (req, res) => { + res.json({ name: 'Ruben' }, 201) +}) + +// v5 +app.post('/user', (req, res) => { + res.status(201).json({ name: 'Ruben' }) +}) +``` +res.jsonp(obj, status)
Express 5 ya no da soporte a la firma `res.jsonp(obj, status)`. En su lugar, establezca el estado y encadénelo al método `res.jsonp()` de la siguiente manera: `res.status(status).jsonp(obj)`. -res.send(body, status)
+{% include admonitions/note.html content=codemod-deprecated-signatures %} + +```js +// v4 +app.post('/user', (req, res) => { + res.jsonp({ name: 'Ruben' }, 201) +}) + +// v5 +app.post('/user', (req, res) => { + res.status(201).jsonp({ name: 'Ruben' }) +}) +``` + +res.redirect(url, status)
Express 5 ya no da soporte a la firma `res.send(obj, status)`. En su lugar, establezca el estado y encadénelo al método `res.send()` de la siguiente manera: `res.status(status).send(obj)`. +{% include admonitions/note.html content=codemod-deprecated-signatures %} + +```js +// v4 +app.get('/user', (req, res) => { + res.redirect('/users', 301) +}) + +// v5 +app.get('/user', (req, res) => { + res.redirect(301, '/users') +}) +``` + +res.redirect('back') and res.location('back')
+ +Express 5 no longer supports the magic string `back` in the `res.redirect()` and `res.location()` methods. Instead, use the `req.get('Referrer') || '/'` value to redirect back to the previous page. In Express 4, the res.`redirect('back')` and `res.location('back')` methods were deprecated. + +{% capture codemod-magic-redirect %} +You can replace the deprecated signatures with the following command: + +```plain-text +npx @expressjs/codemod magic-redirect +``` + +{% endcapture %} + +{% include admonitions/note.html content=codemod-magic-redirect %} + +```js +// v4 +app.get('/user', (req, res) => { + res.redirect('back') +}) + +// v5 +app.get('/user', (req, res) => { + res.redirect(req.get('Referrer') || '/') +}) +``` + +res.send(body, status)
+ +Express 5 no longer supports the signature `res.send(obj, status)`. Instead, set the status and then chain it to the `res.send()` method like this: `res.status(status).send(obj)`. + +{% include admonitions/note.html content=codemod-deprecated-signatures %} + +```js +// v4 +app.get('/user', (req, res) => { + res.send({ name: 'Ruben' }, 200) +}) + +// v5 +app.get('/user', (req, res) => { + res.status(200).send({ name: 'Ruben' }) +}) +``` +res.send(status)
-Express 5 ya no da soporte a la firmares.send(status), donde *`status`* es un número. En su lugar, utilice la función `res.sendStatus(statusCode)`, que establece el código de estado de la cabecera de respuesta HTTP y envía la versión de texto del código: "Not Found", "Internal Server Error", etc. +Express 5 ya no da soporte a la firmares.send(status), donde _`status`_ es un número. En su lugar, utilice la función `res.sendStatus(statusCode)`, que establece el código de estado de la cabecera de respuesta HTTP y envía la versión de texto del código: "Not Found", "Internal Server Error", etc. Si necesita enviar un número utilizando la función `res.send()`, escríbalo entre comillas para convertirlo en una serie, para que Express no lo interprete como un intento de utilizar la firma antigua no soportada. +{% include admonitions/note.html content=codemod-deprecated-signatures %} + +```js +// v4 +app.get('/user', (req, res) => { + res.send(200) +}) + +// v5 +app.get('/user', (req, res) => { + res.sendStatus(200) +}) +``` +res.sendfile()
La función `res.sendfile()` se ha sustituido por una versión de la función `res.sendFile()` con cada palabra en mayúscula en Express 5. +{% include admonitions/note.html content=codemod-deprecated-signatures %} + +```js +// v4 +app.get('/user', (req, res) => { + res.sendfile('/path/to/file') +}) + +// v5 +app.get('/user', (req, res) => { + res.sendFile('/path/to/file') +}) +``` + +router.param(fn)
+ +The `router.param(fn)` signature was used for modifying the behavior of the `router.param(name, fn)` function. Está en desuso desde v4.11.0 y Express 5 ya no le da soporte. + +express.static.mime
+ +In Express 5, `mime` is no longer an exported property of the `static` field. +Use the [`mime-types` package](https://github.com/jshttp/mime-types) to work with MIME type values. + +```js +// v4 +express.static.mime.lookup('json') + +// v5 +const mime = require('mime-types') +mime.lookup('json') +``` + +express:router debug logs
+ +In Express 5, router handling logic is performed by a dependency. Therefore, the +debug logs for the router are no longer available under the `express:` namespace. +In v4, the logs were available under the namespaces `express:router`, `express:router:layer`, +and `express:router:route`. All of these were included under the namespace `express:*`. +In v5.1+, the logs are available under the namespaces `router`, `router:layer`, and `router:route`. +The logs from `router:layer` and `router:route` are included in the namespace `router:*`. +To achieve the same detail of debug logging when using `express:*` in v4, use a conjunction of +`express:*`, `router`, and `router:*`. + +```sh +# v4 +DEBUG=express:* node index.js + +# v5 +DEBUG=express:*,router,router:* node index.js +``` +Modificados
+Path route matching syntax
+ +Path route matching syntax is when a string is supplied as the first parameter to the `app.all()`, `app.use()`, `app.METHOD()`, `router.all()`, `router.METHOD()`, and `router.use()` APIs. The following changes have been made to how the path string is matched to an incoming request: + +- The wildcard `*` must have a name, matching the behavior of parameters `:`, use `/*splat` instead of `/*` + +```js +// v4 +app.get('/*', async (req, res) => { + res.send('ok') +}) + +// v5 +app.get('/*splat', async (req, res) => { + res.send('ok') +}) +``` + +{% capture note_wildcard %} +`*splat` matches any path without the root path. If you need to match the root path as well `/`, you can use `/{*splat}`, wrapping the wildcard in braces. + +```js +// v5 +app.get('/{*splat}', async (req, res) => { + res.send('ok') +}) +``` + +{% endcapture %} +{% include admonitions/note.html content=note_wildcard %} + +- The optional character `?` is no longer supported, use braces instead. + +```js +// v4 +app.get('/:file.:ext?', async (req, res) => { + res.send('ok') +}) + +// v5 +app.get('/:file{.:ext}', async (req, res) => { + res.send('ok') +}) +``` + +- Regexp characters are not supported. For example: + +```js +app.get('/[discussion|page]/:slug', async (req, res) => { + res.status(200).send('ok') +}) +``` + +should be changed to: + +```js +app.get(['/discussion/:slug', '/page/:slug'], async (req, res) => { + res.status(200).send('ok') +}) +``` + +- Some characters have been reserved to avoid confusion during upgrade (`()[]?+!`), use `\` to escape them. +- Parameter names now support valid JavaScript identifiers, or quoted like `:"this"`. + +Rejected promises handled from middleware and handlers
+ +Request middleware and handlers that return rejected promises are now handled by forwarding the rejected value as an `Error` to the error handling middleware. This means that using `async` functions as middleware and handlers are easier than ever. When an error is thrown in an `async` function or a rejected promise is `await`ed inside an async function, those errors will be passed to the error handler as if calling `next(err)`. + +Details of how Express handles errors is covered in the [error handling documentation](/en/guide/error-handling.html). + +express.urlencoded
+ +The `express.urlencoded` method makes the `extended` option `false` by default. + +app.listen
+ +In Express 5, the `app.listen` method will invoke the user-provided callback function (if provided) when the server receives an error event. In Express 4, such errors would be thrown. This change shifts error-handling responsibility to the callback function in Express 5. If there is an error, it will be passed to the callback as an argument. +For example: + +```js +const server = app.listen(8080, '0.0.0.0', (error) => { + if (error) { + throw error // e.g. EADDRINUSE + } + console.log(`Listening on ${JSON.stringify(server.address())}`) +}) +``` +app.router
El objeto `app.router`, que se ha eliminado en Express 4, ha vuelto en Express 5. En la nueva versión, este objeto es sólo una referencia al direccionador de Express base, a diferencia de en Express 3, donde una aplicación debía cargarlo explícitamente. +req.body
+ +The `req.body` property returns `undefined` when the body has not been parsed. In Express 4, it returns `{}` by default. +req.host
-En Express 4, la función `req.host` fragmentaba incorrectamente el número de puerto si estaba presente. En Express 5, el número de puerto se mantiene. +En Express 4, la función `req.host` fragmentaba incorrectamente el número de puerto si estaba presente. In Express 5, the port number is maintained.req.query
-De Express 4.7 y Express 5 en adelante, la opción de analizador de consultas puede aceptar `false` para inhabilitar el análisis de series de consulta si desea utilizar su propia función para la lógica de análisis de series de consulta. +The `req.query` property is no longer a writable property and is instead a getter. The default query parser has been changed from "extended" to "simple". -Mejoras
+res.clearCookie
+ +The `res.clearCookie` method ignores the `maxAge` and `expires` options provided by the user. + +res.status
+ +The `res.status` method only accepts integers in the range of `100` to `999`, following the behavior defined by Node.js, and it returns an error when the status code is not an integer. + +res.vary
+ +The `res.vary` throws an error when the `field` argument is missing. In Express 4, if the argument was omitted, it gave a warning in the console + +### Improvementsres.render()
Este método ahora impone un comportamiento asíncrono para todos los motores de vistas, lo que evita los errores provocados por los motores de vistas que tenían una implementación síncrona e incumplían la interfaz recomendada. + +Brotli encoding support
+ +Express 5 supports Brotli encoding for requests received from clients that support it. diff --git a/es/guide/overriding-express-api.md b/es/guide/overriding-express-api.md new file mode 100644 index 0000000000..0ff0e90f4f --- /dev/null +++ b/es/guide/overriding-express-api.md @@ -0,0 +1,73 @@ +--- +layout: page +title: Overriding the Express API +description: Discover how to customize and extend the Express.js API by overriding methods and properties on the request and response objects using prototypes. +menu: guide +lang: en +--- + +# Overriding the Express API + +The Express API consists of various methods and properties on the request and response objects. These are inherited by prototype. There are two extension points for the Express API: + +1. The global prototypes at `express.request` and `express.response`. +2. App-specific prototypes at `app.request` and `app.response`. + +Altering the global prototypes will affect all loaded Express apps in the same process. If desired, alterations can be made app-specific by only altering the app-specific prototypes after creating a new app. + +## Methods + +You can override the signature and behavior of existing methods with your own, by assigning a custom function. + +Following is an example of overriding the behavior of [res.sendStatus](/4x/api.html#res.sendStatus). + +```js +app.response.sendStatus = function (statusCode, type, message) { + // code is intentionally kept simple for demonstration purpose + return this.contentType(type) + .status(statusCode) + .send(message) +} +``` + +The above implementation completely changes the original signature of `res.sendStatus`. It now accepts a status code, encoding type, and the message to be sent to the client. + +The overridden method may now be used this way: + +```js +res.sendStatus(404, 'application/json', '{"error":"resource not found"}') +``` + +## Properties + +Properties in the Express API are either: + +1. Assigned properties (ex: `req.baseUrl`, `req.originalUrl`) +2. Defined as getters (ex: `req.secure`, `req.ip`) + +Since properties under category 1 are dynamically assigned on the `request` and `response` objects in the context of the current request-response cycle, their behavior cannot be overridden. + +Properties under category 2 can be overwritten using the Express API extensions API. + +The following code rewrites how the value of `req.ip` is to be derived. Now, it simply returns the value of the `Client-IP` request header. + +```js +Object.defineProperty(app.request, 'ip', { + configurable: true, + enumerable: true, + get () { return this.get('Client-IP') } +}) +``` + +## Prototype + +In order to provide the Express API, the request/response objects passed to Express (via `app(req, res)`, for example) need to inherit from the same prototype chain. By default, this is `http.IncomingRequest.prototype` for the request and `http.ServerResponse.prototype` for the response. + +Unless necessary, it is recommended that this be done only at the application level, rather than globally. Also, take care that the prototype that is being used matches the functionality as closely as possible to the default prototypes. + +```js +// Use FakeRequest and FakeResponse in place of http.IncomingRequest and http.ServerResponse +// for the given app reference +Object.setPrototypeOf(Object.getPrototypeOf(app.request), FakeRequest.prototype) +Object.setPrototypeOf(Object.getPrototypeOf(app.response), FakeResponse.prototype) +``` diff --git a/es/guide/routing.md b/es/guide/routing.md old mode 100755 new mode 100644 index 2d9168bf96..cd48f5428f --- a/es/guide/routing.md +++ b/es/guide/routing.md @@ -1,18 +1,29 @@ --- layout: page title: Direccionamiento de Express +description: Learn how to define and use routes in Express.js applications, including route methods, route paths, parameters, and using Router for modular routing. menu: guide -lang: es -description: Learn how to define and use routes in Express.js applications, including - route methods, route paths, parameters, and using Router for modular routing. +lang: en +redirect_from: " " --- # Direccionamiento -*Direccionamiento* hace referencia a la definición de puntos finales de aplicación (URI) y cómo responden a las solicitudes de cliente. +_Direccionamiento_ hace referencia a la definición de puntos finales de aplicación (URI) y cómo responden a las solicitudes de cliente. Para ver una introducción al direccionamiento, consulte [Direccionamiento básico](/{{ page.lang }}/starter/basic-routing.html). -El siguiente código es un ejemplo de una ruta muy básica. +You define routing using methods of the Express `app` object that correspond to HTTP methods; +for example, `app.get()` to handle GET requests and `app.post` to handle POST requests. For a full list, +see [app.METHOD](/{{ page.lang }}/5x/api.html#app.METHOD). You can also use [app.all()](/{{ page.lang }}/5x/api.html#app.all) to handle all HTTP methods and [app.use()](/{{ page.lang }}/5x/api.html#app.use) to +specify middleware as the callback function (See [Using middleware](/{{ page.lang }}/guide/using-middleware.html) for details). + +These routing methods specify a callback function (sometimes called "handler functions") called when the application receives a request to the specified route (endpoint) and HTTP method. In other words, the application "listens" for requests that match the specified route(s) and method(s), and when it detects a match, it calls the specified callback function. + +In fact, the routing methods can have more than one callback function as arguments. +With multiple callback functions, it is important to provide `next` as an argument to the callback function and then call `next()` within the body of the function to hand off control +to the next callback. + +The following code is an example of a very basic route. ```js const express = require('express') @@ -24,9 +35,9 @@ app.get('/', (req, res) => { }) ``` -Métodos de ruta
+Route methods
-Un método de ruta se deriva de uno de los métodos HTTP y se adjunta a una instancia de la clase `express`. +A route method is derived from one of the HTTP methods, and is attached to an instance of the `express` class. El siguiente código es un ejemplo de las rutas que se definen para los métodos GET y POST a la raíz de la aplicación. @@ -42,15 +53,10 @@ app.post('/', (req, res) => { }) ``` -Express da soporte a los siguientes métodos de direccionamiento que se corresponden con los métodos HTTP: `get`, `post`, `put`, `head`, `delete`, `options`, `trace`, `copy`, `lock`, `mkcol`, `move`, `purge`, `propfind`, `proppatch`, `unlock`, `report`, `mkactivity`, `checkout`, `merge`, `m-search`, `notify`, `subscribe`, `unsubscribe`, `patch`, `search` y `connect`. - --Para direccionar los métodos que se convierten en nombres de variable JavaScript no válidos, utilice la notación entre corchetes. Por ejemplo, `app['m-search']('/', function ...` -- -Hay un método de direccionamiento especial, `app.all()`, que no se deriva de ningún método HTTP. Este método se utiliza para cargar funciones de middleware en una vía de acceso para todos los métodos de solicitud. +Express supports methods that correspond to all HTTP request methods: `get`, `post`, and so on. +For a full list, see [app.METHOD](/{{ page.lang }}/5x/api.html#app.METHOD). -En el siguiente ejemplo, el manejador se ejecutará para las solicitudes a "/secret", tanto si utiliza GET, POST, PUT, DELETE, como cualquier otro método de solicitud HTTP soportado en el [módulo http](https://nodejs.org/api/http.html#http_http_methods). +Hay un método de direccionamiento especial, `app.all()`, que no se deriva de ningún método HTTP. Este método se utiliza para cargar funciones de middleware en una vía de acceso para todos los métodos de solicitud. En el siguiente ejemplo, el manejador se ejecutará para las solicitudes a "/secret", tanto si utiliza GET, POST, PUT, DELETE, como cualquier otro método de solicitud HTTP soportado en el [módulo http](https://nodejs.org/api/http.html#http_http_methods). ```js app.all('/secret', (req, res, next) => { @@ -63,15 +69,32 @@ app.all('/secret', (req, res, next) => { Las vías de acceso de ruta, en combinación con un método de solicitud, definen los puntos finales en los que pueden realizarse las solicitudes. Las vías de acceso de ruta pueden ser series, patrones de serie o expresiones regulares. -- Express utiliza [path-to-regexp](https://www.npmjs.com/package/path-to-regexp) para correlacionar las vías de acceso de ruta; consulte la documentación de path-to-regexp para ver todas las posibilidades para definir vías de acceso de ruta. [Express Route Tester](http://forbeslindesay.github.io/express-route-tester/) es una herramienta muy útil para probar rutas básicas de Express, aunque no da soporte a la coincidencia de patrones. -+{% capture caution-character %} In express 5, the characters `?`, `+`, `*`, `[]`, and `()` are handled differently than in version 4, please review the [migration guide](/{{ page.lang }}/guide/migrating-5.html#path-syntax) for more information.{% endcapture %} --Las series de consulta no forman parte de la vía de acceso de ruta. -+{% include admonitions/caution.html content=caution-character %} + +{% capture note-dollar-character %}In express 4, regular expression characters such as `$` need to be escaped with a `\`. +{% endcapture %} + +{% include admonitions/caution.html content=note-dollar-character %} + +{% capture note-path-to-regexp %} + +Express uses [path-to-regexp](https://www.npmjs.com/package/path-to-regexp) for matching the route paths; see the path-to-regexp documentation for all the possibilities in defining route paths. [Express Route Tester](http://forbeslindesay.github.io/express-route-tester/) es una herramienta muy útil para probar rutas básicas de Express, aunque no da soporte a la coincidencia de patrones. + +{% endcapture %} + +{% include admonitions/note.html content=note-path-to-regexp %} + +{% capture query-string-note %} + +Query strings are not part of the route path. -Estos son algunos ejemplos de vías de acceso de ruta basadas en series. +{% endcapture %} + +{% include admonitions/warning.html content=query-string-note %} + +### Route paths based on strings Esta vía de acceso de ruta coincidirá con las solicitudes a la ruta raíz, `/`. @@ -97,7 +120,11 @@ app.get('/random.text', (req, res) => { }) ``` -Estos son algunos ejemplos de vías de acceso de ruta basadas en patrones de serie. +### Route paths based on string patterns + +{% capture caution-string-patterns %} The string patterns in Express 5 no longer work. Please refer to the [migration guide](/{{ page.lang }}/guide/migrating-5.html#path-syntax) for more information.{% endcapture %} + +{% include admonitions/caution.html content=caution-string-patterns %} Esta vía de acceso de ruta coincidirá con `acd` y `abcd`. @@ -131,11 +158,7 @@ app.get('/ab(cd)?e', (req, res) => { }) ``` --Los caracteres ?, +, * y () son subconjuntos de sus contrapartidas de expresiones regulares. El guión (-) y el punto (.) se interpretan literalmente en las vías de acceso basadas en series. -- -Ejemplos de vías de acceso de ruta basadas en expresiones regulares: +### Ejemplos de vías de acceso de ruta basadas en expresiones regulares: Esta vía de acceso de ruta coincidirá con cualquier valor con una "a" en el nombre de la ruta. @@ -153,13 +176,78 @@ app.get(/.*fly$/, (req, res) => { }) ``` -Manejadores de rutas
+Route parameters
+ +Route parameters are named URL segments that are used to capture the values specified at their position in the URL. The captured values are populated in the `req.params` object, with the name of the route parameter specified in the path as their respective keys. + +``` +Route path: /users/:userId/books/:bookId +Request URL: http://localhost:3000/users/34/books/8989 +req.params: { "userId": "34", "bookId": "8989" } +``` + +To define routes with route parameters, simply specify the route parameters in the path of the route as shown below. + +```js +app.get('/users/:userId/books/:bookId', (req, res) => { + res.send(req.params) +}) +``` + ++The name of route parameters must be made up of "word characters" ([A-Za-z0-9_]). ++ +Since the hyphen (`-`) and the dot (`.`) are interpreted literally, they can be used along with route parameters for useful purposes. + +``` +Route path: /flights/:from-:to +Request URL: http://localhost:3000/flights/LAX-SFO +req.params: { "from": "LAX", "to": "SFO" } +``` + +``` +Route path: /plantae/:genus.:species +Request URL: http://localhost:3000/plantae/Prunus.persica +req.params: { "genus": "Prunus", "species": "persica" } +``` + +{% capture warning-regexp %} +In express 5, Regexp characters are not supported in route paths, for more information please refer to the [migration guide](/{{ page.lang }}/guide/migrating-5.html#path-syntax).{% endcapture %} + +{% include admonitions/caution.html content=warning-regexp %} + +To have more control over the exact string that can be matched by a route parameter, you can append a regular expression in parentheses (`()`): + +``` +Route path: /user/:userId(\d+) +Request URL: http://localhost:3000/user/42 +req.params: {"userId": "42"} +``` + +{% capture escape-advisory %} + +Because the regular expression is usually part of a literal string, be sure to escape any `\` characters with an additional backslash, for example `\\d+`. + +{% endcapture %} + +{% include admonitions/warning.html content=escape-advisory %} + +{% capture warning-version %} + +In Express 4.x, the `*` character in regular expressions is not interpreted in the usual way. As a workaround, use `{0,}` instead of `*`. This will likely be fixed in Express 5. + +{% endcapture %} + +{% include admonitions/warning.html content=warning-version %} + +Route handlers
Puede proporcionar varias funciones de devolución de llamada que se comportan como [middleware](/{{ page.lang }}/guide/using-middleware.html) para manejar una solicitud. La única excepción es que estas devoluciones de llamada pueden invocar `next('route')` para omitir el resto de las devoluciones de llamada de ruta. Puede utilizar este mecanismo para imponer condiciones previas en una ruta y, a continuación, pasar el control a las rutas posteriores si no hay motivo para continuar con la ruta actual. Los manejadores de rutas pueden tener la forma de una función, una matriz de funciones o combinaciones de ambas, como se muestra en los siguientes ejemplos. -Una función de devolución de llamada individual puede manejar una ruta. Por ejemplo: +Una función de devolución de llamada individual puede manejar una ruta. For example: ```js app.get('/example/a', (req, res) => { @@ -167,7 +255,7 @@ app.get('/example/a', (req, res) => { }) ``` -Más de una función de devolución de llamada puede manejar una ruta (asegúrese de especificar el objeto `next`). Por ejemplo: +Más de una función de devolución de llamada puede manejar una ruta (asegúrese de especificar el objeto `next`). For example: ```js app.get('/example/b', (req, res, next) => { @@ -177,7 +265,8 @@ app.get('/example/b', (req, res, next) => { res.send('Hello from B!') }) ``` -Una matriz de funciones de devolución de llamada puede manejar una ruta. Por ejemplo: + +Una matriz de funciones de devolución de llamada puede manejar una ruta. For example: ```js const cb0 = function (req, res, next) { @@ -197,7 +286,7 @@ const cb2 = function (req, res) { app.get('/example/c', [cb0, cb1, cb2]) ``` -Una combinación de funciones independientes y matrices de funciones puede manejar una ruta. Por ejemplo: +Una combinación de funciones independientes y matrices de funciones puede manejar una ruta. For example: ```js const cb0 = function (req, res, next) { @@ -218,21 +307,21 @@ app.get('/example/d', [cb0, cb1], (req, res, next) => { }) ``` -Métodos de respuesta
+Response methods
Los métodos en el objeto de respuesta (`res`) de la tabla siguiente pueden enviar una respuesta al cliente y terminar el ciclo de solicitud/respuestas. Si ninguno de estos métodos se invoca desde un manejador de rutas, la solicitud de cliente se dejará colgada. -| Método | Descripción -|----------------------|-------------------------------------- -| [res.download()](/{{ page.lang }}/4x/api.html#res.download) | Solicita un archivo para descargarlo. -| [res.end()](/{{ page.lang }}/4x/api.html#res.end) | Finaliza el proceso de respuesta. -| [res.json()](/{{ page.lang }}/4x/api.html#res.json) | Envía una respuesta JSON. -| [res.jsonp()](/{{ page.lang }}/4x/api.html#res.jsonp) | Envía una respuesta JSON con soporte JSONP. -| [res.redirect()](/{{ page.lang }}/4x/api.html#res.redirect) | Redirecciona una solicitud. -| [res.render()](/{{ page.lang }}/4x/api.html#res.render) | Representa una plantilla de vista. -| [res.send()](/{{ page.lang }}/4x/api.html#res.send) | Envía una respuesta de varios tipos. -| [res.sendFile()](/{{ page.lang }}/4x/api.html#res.sendFile) | Envía un archivo como una secuencia de octetos. -| [res.sendStatus()](/{{ page.lang }}/4x/api.html#res.sendStatus) | Establece el código de estado de la respuesta y envía su representación de serie como el cuerpo de respuesta. +| Method | Description | +| ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------- | +| [res.download()](/{{ page.lang }}/4x/api.html#res.download) | Solicita un archivo para descargarlo. | +| [res.end()](/{{ page.lang }}/4x/api.html#res.end) | Finaliza el proceso de respuesta. | +| [res.json()](/{{ page.lang }}/4x/api.html#res.json) | Envía una respuesta JSON. | +| [res.jsonp()](/{{ page.lang }}/4x/api.html#res.jsonp) | Send a JSON response with JSONP support. | +| [res.redirect()](/{{ page.lang }}/4x/api.html#res.redirect) | Redirecciona una solicitud. | +| [res.render()](/{{ page.lang }}/4x/api.html#res.render) | Representa una plantilla de vista. | +| [res.send()](/{{ page.lang }}/4x/api.html#res.send) | Envía una respuesta de varios tipos. | +| [res.sendFile()](/{{ page.lang }}/4x/api.html#res.sendFile) | Envía un archivo como una secuencia de octetos. | +| [res.sendStatus()](/{{ page.lang }}/4x/api.html#res.sendStatus) | Establece el código de estado de la respuesta y envía su representación de serie como el cuerpo de respuesta. |app.route()
@@ -267,10 +356,12 @@ const express = require('express') const router = express.Router() // middleware that is specific to this router -router.use((req, res, next) => { +const timeLog = (req, res, next) => { console.log('Time: ', Date.now()) next() -}) +} +router.use(timeLog) + // define the home page route router.get('/', (req, res) => { res.send('Birds home page') @@ -288,9 +379,15 @@ A continuación, cargue el módulo de direccionador en la aplicación: ```js const birds = require('./birds') -/// ... +// ... app.use('/birds', birds) ``` La aplicación ahora podrá manejar solicitudes a `/birds` y `/birds/about`, así como invocar la función de middleware `timeLog` que es específica de la ruta. + +But if the parent route `/birds` has path parameters, it will not be accessible by default from the sub-routes. To make it accessible, you will need to pass the `mergeParams` option to the Router constructor [reference](/{{ page.lang }}/5x/api.html#app.use). + +```js +const router = express.Router({ mergeParams: true }) +``` diff --git a/es/guide/using-middleware.md b/es/guide/using-middleware.md old mode 100755 new mode 100644 index e8ed03a1ce..879552c6ff --- a/es/guide/using-middleware.md +++ b/es/guide/using-middleware.md @@ -1,45 +1,46 @@ --- layout: page title: Utilización del middleware de Express +description: Learn how to use middleware in Express.js applications, including application-level and router-level middleware, error handling, and integrating third-party middleware. menu: guide -lang: es -description: Learn how to use middleware in Express.js applications, including application-level - and router-level middleware, error handling, and integrating third-party middleware. +lang: en +redirect_from: " " --- # Utilización del middleware Express es una infraestructura web de direccionamiento y middleware que tiene una funcionalidad mínima propia: una aplicación Express es fundamentalmente una serie de llamadas a funciones de middleware. -Las funciones de *middleware* son funciones que tienen acceso al [objeto de solicitud](/{{ page.lang }}/4x/api.html#req) (`req`), al [objeto de respuesta](/{{ page.lang }}/4x/api.html#res) (`res`) y a la siguiente función de middleware en el ciclo de solicitud/respuestas de la aplicación. La siguiente función de middleware se denota normalmente con una variable denominada `next`. +Las funciones de _middleware_ son funciones que tienen acceso al [objeto de solicitud](/{{ page.lang }}/4x/api.html#req) (`req`), al [objeto de respuesta](/{{ page.lang }}/4x/api.html#res) (`res`) y a la siguiente función de middleware en el ciclo de solicitud/respuestas de la aplicación. La siguiente función de middleware se denota normalmente con una variable denominada `next`. Las funciones de middleware pueden realizar las siguientes tareas: -* Ejecutar cualquier código. -* Realizar cambios en la solicitud y los objetos de respuesta. -* Finalizar el ciclo de solicitud/respuestas. -* Invocar la siguiente función de middleware en la pila. +- Execute any code. +- Realizar cambios en la solicitud y los objetos de respuesta. +- Finalizar el ciclo de solicitud/respuestas. +- Invocar la siguiente función de middleware en la pila. -Si la función de middleware actual no finaliza el ciclo de solicitud/respuestas, debe invocar `next()` para pasar el control a la siguiente función de middleware. De lo contrario, la solicitud quedará colgada. +Si la función de middleware actual no finaliza el ciclo de solicitud/respuestas, debe invocar `next()` para pasar el control a la siguiente función de middleware. Otherwise, the request will be left hanging. -Una aplicación Express puede utilizar los siguientes tipos de middleware: +An Express application can use the following types of middleware: - - [Middleware de nivel de aplicación](#middleware.application) - - [Middleware de nivel de direccionador](#middleware.router) - - [Middleware de manejo de errores](#middleware.error-handling) - - [Middleware incorporado](#middleware.built-in) - - [Middleware de terceros](#middleware.third-party) +- [Application-level middleware](#middleware.application) +- [Middleware de nivel de direccionador](#middleware.router) +- [Error-handling middleware](#middleware.error-handling) +- [Built-in middleware](#middleware.built-in) +- [Third-party middleware](#middleware.third-party) Puede cargar middleware de nivel de aplicación y de nivel de direccionador con una vía de acceso de montaje opcional. También puede cargar una serie de funciones de middleware a la vez, lo que crea una subpila del sistema de middleware en un punto de montaje. -Middleware de nivel de aplicación
+Application-level middleware
Enlace el middleware de nivel de aplicación a una instancia del [objeto de aplicación](/{{ page.lang }}/4x/api.html#app) utilizando las funciones `app.use()` y `app.METHOD()`, donde `METHOD` es el método HTTP de la solicitud que maneja la función de middleware (por ejemplo, GET, PUT o POST) en minúsculas. -Este ejemplo muestra una función de middleware sin ninguna vía de acceso de montaje. La función se ejecuta cada vez que la aplicación recibe una solicitud. +Este ejemplo muestra una función de middleware sin ninguna vía de acceso de montaje. The function is executed every time the app receives a request. ```js +const express = require('express') const app = express() app.use((req, res, next) => { @@ -92,12 +93,19 @@ app.get('/user/:id', (req, res, next) => { // handler for the /user/:id path, which prints the user ID app.get('/user/:id', (req, res, next) => { - res.end(req.params.id) + res.send(req.params.id) }) ``` Para omitir el resto de las funciones de middleware de una pila de middleware de direccionador, invoque `next('route')` para pasar el control a la siguiente ruta. -**NOTA**: `next('route')` sólo funcionará en las funciones de middleware que se hayan cargado utilizando las funciones `app.METHOD()` o `router.METHOD()`. + +{% capture next-function %} + +`next('route')` will work only in middleware functions that were loaded by using the `app.METHOD()` or `router.METHOD()` functions. + +{% endcapture %} + +{% include admonitions/note.html content=next-function %} Este ejemplo muestra una subpila de middleware que maneja solicitudes GET a la vía de acceso `/user/:id`. @@ -106,15 +114,36 @@ app.get('/user/:id', (req, res, next) => { // if the user ID is 0, skip to the next route if (req.params.id === '0') next('route') // otherwise pass the control to the next middleware function in this stack - else next() // + else next() }, (req, res, next) => { - // render a regular page - res.render('regular') + // send a regular response + res.send('regular') }) -// handler for the /user/:id path, which renders a special page +// handler for the /user/:id path, which sends a special response app.get('/user/:id', (req, res, next) => { - res.render('special') + res.send('special') +}) +``` + +Middleware can also be declared in an array for reusability. + +A continuación, se muestra un ejemplo de uso de la función de middleware `express.static` con un objeto de opciones elaboradas: + +```js +function logOriginalUrl (req, res, next) { + console.log('Request URL:', req.originalUrl) + next() +} + +function logMethod (req, res, next) { + console.log('Request Type:', req.method) + next() +} + +const logStuff = [logOriginalUrl, logMethod] +app.get('/user/:id', logStuff, (req, res, next) => { + res.send('User Info') }) ``` @@ -125,11 +154,13 @@ El middleware de nivel de direccionador funciona de la misma manera que el middl ```js const router = express.Router() ``` + Cargue el middleware de nivel de direccionador utilizando las funciones `router.use()` y `router.METHOD()`. El siguiente código de ejemplo replica el sistema de middleware que se ha mostrado anteriormente para el middleware de nivel de aplicación, utilizando el middleware de nivel de direccionador: ```js +const express = require('express') const app = express() const router = express.Router() @@ -153,7 +184,7 @@ router.get('/user/:id', (req, res, next) => { // if the user ID is 0, skip to the next router if (req.params.id === '0') next('route') // otherwise pass control to the next middleware function in this stack - else next() // + else next() }, (req, res, next) => { // render a regular page res.render('regular') @@ -168,10 +199,36 @@ router.get('/user/:id', (req, res, next) => { // mount the router on the app app.use('/', router) ``` -Middleware de manejo de errores
+ +Para obtener más detalles sobre la función `serve-static` y sus opciones, consulte la documentación de [serve-static](https://github.com/expressjs/serve-static). + +Este ejemplo muestra una subpila de middleware que maneja solicitudes GET a la vía de acceso `/user/:id`. + +```js +const express = require('express') +const app = express() +const router = express.Router() + +// predicate the router with a check and bail out when needed +router.use((req, res, next) => { + if (!req.headers['x-auth']) return next('router') + next() +}) + +router.get('/user/:id', (req, res) => { + res.send('hello, user!') +}) + +// use the router and 401 anything falling through +app.use('/admin', router, (req, res) => { + res.sendStatus(401) +}) +``` + +Error-handling middleware
-El middleware de manejo de errores siempre utiliza *cuatro* argumentos. Debe proporcionar cuatro argumentos para identificarlo como una función de middleware de manejo de errores. Aunque no necesite utilizar el objeto `next`, debe especificarlo para mantener la firma. De lo contrario, el objeto `next` se interpretará como middleware normal y no podrá manejar errores. +El middleware de manejo de errores siempre utiliza *cuatro* argumentos. Debe proporcionar cuatro argumentos para identificarlo como una función de middleware de manejo de errores. Aunque no necesite utilizar el objeto `next`, debe especificarlo para mantener la firma. De lo contrario, el objeto `next` se interpretará como middleware normal y no podrá manejar errores.Defina las funciones de middleware de manejo de errores de la misma forma que otras funciones de middleware, excepto con cuatro argumentos en lugar de tres, específicamente con la firma `(err, req, res, next)`: @@ -185,58 +242,17 @@ app.use((err, req, res, next) => { Para obtener detalles sobre el middleware de manejo de errores, consulte: [Manejo de errores](/{{ page.lang }}/guide/error-handling.html). -Middleware incorporado
+Built-in middleware
Desde la versión 4.x, Express ya no depende de [Connect](https://github.com/senchalabs/connect). Excepto `express.static`, todas las funciones de middleware que se incluían previamente con Express están ahora en módulos diferentes. Consulte [la lista de funciones de middleware](https://github.com/senchalabs/connect#middleware). -express.static(root, [options])
- -La única función de middleware incorporado en Express es `express.static`. Esta función se basa en [serve-static](https://github.com/expressjs/serve-static) y es responsable del servicio de activos estáticos de una aplicación Express. +La única función de middleware incorporado en Express es `express.static`. -El argumento `root` especifica el directorio raíz desde el que se realiza el servicio de activos estáticos. - -El objeto `options` opcional puede tener las siguientes propiedades: - -| Propiedad | Descripción | Tipo | Valor predeterminado | -|---------------|-----------------------------------------------------------------------|-------------|-----------------| -| `dotfiles` | Opción para el servicio de dotfiles. Los valores posibles son "allow", "deny" e "ignore" | Serie | "ignore" | -| `etag` | Habilitar o inhabilitar la generación de etag | Booleano | `true` | -| `extensions` | Establece las reservas de extensiones de archivos. | Matriz | `[]` | -| `index` | Envía el archivo de índices de directorios. Establézcalo en `false` para inhabilitar la indexación de directorios. | Mixto | "index.html" | - `lastModified` | Establezca la cabecera `Last-Modified` en la última fecha de modificación del archivo en el sistema operativo. Los valores posibles son `true` o `false`. | Booleano | `true` | -| `maxAge` | Establezca la propiedad max-age de la cabecera Cache-Control en milisegundos o una serie en [formato ms](https://www.npmjs.org/package/ms) | Número | 0 | -| `redirect` | Redireccionar a la "/" final cuando el nombre de vía de acceso es un directorio. | Booleano | `true` | -| `setHeaders` | Función para establecer las cabeceras HTTP que se sirven con el archivo. | Función | | - -A continuación, se muestra un ejemplo de uso de la función de middleware `express.static` con un objeto de opciones elaboradas: - -```js -const options = { - dotfiles: 'ignore', - etag: false, - extensions: ['htm', 'html'], - index: false, - maxAge: '1d', - redirect: false, - setHeaders: function (res, path, stat) { - res.set('x-timestamp', Date.now()) - } -} - -app.use(express.static('public', options)) -``` - -Puede tener más de un directorio estático para cada aplicación: - -```js -app.use(express.static('public')) -app.use(express.static('uploads')) -app.use(express.static('files')) -``` - -Para obtener más detalles sobre la función `serve-static` y sus opciones, consulte la documentación de [serve-static](https://github.com/expressjs/serve-static). +- [express.static](/en/4x/api.html#express.static) serves static assets such as HTML files, images, and so on. +- [express.json](/en/4x/api.html#express.json) parses incoming requests with JSON payloads. **NOTE: Available with Express 4.16.0+** +- [express.urlencoded](/en/4x/api.html#express.urlencoded) parses incoming requests with URL-encoded payloads. **NOTE: Available with Express 4.16.0+** -Middleware de terceros
+Third-party middleware
Utilice el middleware de terceros para añadir funcionalidad a las aplicaciones Express. diff --git a/es/guide/using-template-engines.md b/es/guide/using-template-engines.md old mode 100755 new mode 100644 index b8b76464e6..80f8a8f511 --- a/es/guide/using-template-engines.md +++ b/es/guide/using-template-engines.md @@ -1,35 +1,46 @@ --- layout: page title: Utilización de motores de plantilla con Express +description: Discover how to integrate and use template engines like Pug, Handlebars, and EJS with Express.js to render dynamic HTML pages efficiently. menu: guide -lang: es -description: Discover how to integrate and use template engines like Pug, Handlebars, - and EJS with Express.js to render dynamic HTML pages efficiently. +lang: en +redirect_from: " " --- # Utilización de motores de plantilla con Express -Para que Express pueda representar archivos de plantilla, deben establecerse los siguientes valores de aplicación: +A _template engine_ enables you to use static template files in your application. At runtime, the template engine replaces +variables in a template file with actual values, and transforms the template into an HTML file sent to the client. +This approach makes it easier to design an HTML page. -* `views`, el directorio donde se encuentran los archivos de plantilla. Ejemplo: `app.set('views', './views')` -* `view engine`, el motor de plantilla que se utiliza. Ejemplo: `app.set('view engine', 'pug')` +The [Express application generator](/{{ page.lang }}/starter/generator.html) uses [Pug](https://pugjs.org/api/getting-started.html) as its default, but it also supports [Handlebars](https://www.npmjs.com/package/handlebars), and [EJS](https://www.npmjs.com/package/ejs), among others. + +To render template files, set the following [application setting properties](/{{ page.lang }}/4x/api.html#app.set), in the default `app.js` created by the generator: + +- `views`, el directorio donde se encuentran los archivos de plantilla. Ejemplo: `app.set('views', './views')` + This defaults to the `views` directory in the application root directory. +- `view engine`, el motor de plantilla que se utiliza. Ejemplo: `app.set('view engine', 'pug')` A continuación, instale el paquete npm de motor de plantilla correspondiente: ```bash $ npm install pug --save -```bash +```-Los motores de plantilla compatibles con Express como, por ejemplo, Pug exportan una función denominada `__express(filePath, options, callback)`, que es invocada por la función `res.render()` para representar el código de plantilla. +Express-compliant template engines such as Pug export a function named `__express(filePath, options, callback)`, +which `res.render()` calls to render the template code. + +Some template engines do not follow this convention. The [@ladjs/consolidate](https://www.npmjs.com/package/@ladjs/consolidate) +library follows this convention by mapping all of the popular Node.js template engines, and therefore works seamlessly within Express. -Algunos motores de plantilla no siguen esta convención. La biblioteca [Consolidate.js](https://www.npmjs.org/package/consolidate) sigue esta convención correlacionando todos los motores de plantilla de Node.js más conocidos, por lo que funciona de forma ininterrumpida en Express.-Una vez establecida la propiedad view engine, no tiene que especificar el motor ni cargar el módulo de motor de plantilla en la aplicación; Express carga el módulo internamente, como se muestra a continuación (para el ejemplo anterior). +After the view engine is set, you don't have to specify the engine or load the template engine module in your app; +Express loads the module internally, for example: ```js -app.set('view engine', 'pug'); +app.set('view engine', 'pug') ``` Cree un archivo de plantilla Pug denominado `index.pug` en el directorio `views`, con el siguiente contenido: @@ -52,4 +63,4 @@ app.get('/', (req, res) => { Cuando realice una solicitud a la página de inicio, el archivo `index.pug` se representará como HTML. -Para obtener más información sobre cómo funcionan los motores de plantilla en Express, consulte: ["Desarrollo de motores de plantilla para Express"](/{{ page.lang }}/advanced/developing-template-engines.html). +The view engine cache does not cache the contents of the template's output, only the underlying template itself. The view is still re-rendered with every request even when the cache is on. diff --git a/es/guide/writing-middleware.md b/es/guide/writing-middleware.md old mode 100755 new mode 100644 index eb6762201a..f54191a926 --- a/es/guide/writing-middleware.md +++ b/es/guide/writing-middleware.md @@ -1,35 +1,35 @@ --- layout: page title: Escritura de middleware para su uso en aplicaciones Express +description: Learn how to write custom middleware functions for Express.js applications, including examples and best practices for enhancing request and response handling. menu: guide -lang: es -description: Learn how to write custom middleware functions for Express.js applications, - including examples and best practices for enhancing request and response handling. +lang: en +redirect_from: " " --- # Escritura de middleware para su uso en aplicaciones Express -Visión general
+Overview
-Las funciones de *middleware* son funciones que tienen acceso al [objeto de solicitud](/{{ page.lang }}/4x/api.html#req) (`req`), al [objeto de respuesta](/{{ page.lang }}/4x/api.html#res) (`res`) y a la siguiente función de middleware en el ciclo de solicitud/respuestas de la aplicación. La siguiente función de middleware se denota normalmente con una variable denominada `next`. +Las funciones de _middleware_ son funciones que tienen acceso al [objeto de solicitud](/{{ page.lang }}/4x/api.html#req) (`req`), al [objeto de respuesta](/{{ page.lang }}/4x/api.html#res) (`res`) y a la siguiente función de middleware en el ciclo de solicitud/respuestas de la aplicación. La siguiente función de middleware se denota normalmente con una variable denominada `next`. Las funciones de middleware pueden realizar las siguientes tareas: -* Ejecutar cualquier código. -* Realizar cambios en la solicitud y los objetos de respuesta. -* Finalizar el ciclo de solicitud/respuestas. -* Invocar el siguiente middleware en la pila. +- Execute any code. +- Realizar cambios en la solicitud y los objetos de respuesta. +- Finalizar el ciclo de solicitud/respuestas. +- Invocar el siguiente middleware en la pila. -Si la función de middleware actual no finaliza el ciclo de solicitud/respuestas, debe invocar `next()` para pasar el control a la siguiente función de middleware. De lo contrario, la solicitud quedará colgada. +Si la función de middleware actual no finaliza el ciclo de solicitud/respuestas, debe invocar `next()` para pasar el control a la siguiente función de middleware. Otherwise, the request will be left hanging. El siguiente ejemplo muestra los elementos de una llamada a función de middleware:-
+ + +Starting with Express 5, middleware functions that return a Promise will call `next(value)` when they reject or throw an error. `next` will be called with either the rejected value or the thrown Error. + ++
- Método HTTP para el que se aplica la función de middleware.+Método HTTP para el que se aplica la función de middleware.Vía de acceso (ruta) para la que se aplica la función de middleware.@@ -41,9 +41,16 @@ El siguiente ejemplo muestra los elementos de una llamada a función de middlewaArgumento de solicitud HTTP a la función de middleware, denominado "req" por convención.-A continuación, se muestra un ejemplo de una aplicación Express simple, "Hello World", para la que definirá dos funciones de middleware: +The remainder of this article will define and add three middleware functions to the application: +one called `myLogger` that prints a simple log message, one called `requestTime` that +displays the timestamp of the HTTP request, and one called `validateCookies` that validates incoming cookies. ```js const express = require('express') @@ -56,8 +63,7 @@ app.get('/', (req, res) => { app.listen(3000) ``` -
Desarrollo
- +Middleware function myLogger
Este es un ejemplo simple de una función de middleware denominada "myLogger". Esta función simplemente imprime "LOGGED" cuando una solicitud de la aplicación pasa por ella. La función de middleware se asigna a una variable denominada `myLogger`. ```js @@ -68,8 +74,9 @@ const myLogger = function (req, res, next) { ```-Observe la llamada anterior a `next()`. La llamada a esta función invoca la siguiente función de middleware en la aplicación. -La función `next()` no forma parte de la API de Express o Node.js, pero es el tercer argumento que se pasa a la función de middleware. La función `next()` puede tener cualquier nombre, pero por convención siempre se denomina "next". Para evitar confusiones, utilice siempre esta convención. +Observe la llamada anterior a `next()`. La llamada a esta función invoca la siguiente función de middleware en la aplicación. +La función `next()` no forma parte de la API de Express o Node.js, pero es el tercer argumento que se pasa a la función de middleware. La función `next()` puede tener cualquier nombre, pero por convención siempre se denomina "next". +Para evitar confusiones, utilice siempre esta convención.Para cargar la función de middleware, llame a `app.use()`, especificando la función de middleware. @@ -93,7 +100,7 @@ app.get('/', (req, res) => { app.listen(3000) ``` -Cada vez que la aplicación recibe una solicitud, imprime el mensaje "LOGGED" en el terminal. +Every time the app receives a request, it prints the message "LOGGED" to the terminal. El orden de carga del middleware es importante: las funciones de middleware que se cargan primero también se ejecutan primero. @@ -101,6 +108,8 @@ Si `myLogger` se carga después de la ruta a la vía de acceso raíz, la solicit La función de middleware `myLogger` simplemente imprime un mensaje y, a continuación, pasa la solicitud a la siguiente función de middleware de la pila llamando a la función `next()`. +Middleware function requestTime
+ El siguiente ejemplo añade una propiedad denominada `requestTime` al objeto de solicitud. Llamaremos a esta función de middleware "requestTime". ```js @@ -110,7 +119,7 @@ const requestTime = function (req, res, next) { } ``` -La aplicación ahora utiliza la función de middleware `requestTime`. Asimismo, la función de devolución de llamada de la ruta de vía de acceso raíz utiliza la propiedad que la función de middleware añade a `req` (el objeto de solicitud). +The app now uses the `requestTime` middleware function. Asimismo, la función de devolución de llamada de la ruta de vía de acceso raíz utiliza la propiedad que la función de middleware añade a `req` (el objeto de solicitud). ```js const express = require('express') @@ -131,8 +140,80 @@ app.get('/', (req, res) => { app.listen(3000) ``` + Cuando realiza una solicitud a la raíz de la aplicación, la aplicación ahora muestra la indicación de fecha y hora de la solicitud en el navegador. +Middleware function validateCookies
+ +Finally, we'll create a middleware function that validates incoming cookies and sends a 400 response if cookies are invalid. + +Here's an example function that validates cookies with an external async service. + +```js +async function cookieValidator (cookies) { + try { + await externallyValidateCookie(cookies.testCookie) + } catch { + throw new Error('Invalid cookies') + } +} +``` + +Here, we use the [`cookie-parser`](/resources/middleware/cookie-parser.html) middleware to parse incoming cookies off the `req` object and pass them to our `cookieValidator` function. The `validateCookies` middleware returns a Promise that upon rejection will automatically trigger our error handler. + +```js +const express = require('express') +const cookieParser = require('cookie-parser') +const cookieValidator = require('./cookieValidator') + +const app = express() + +async function validateCookies (req, res, next) { + await cookieValidator(req.cookies) + next() +} + +app.use(cookieParser()) + +app.use(validateCookies) + +// error handler +app.use((err, req, res, next) => { + res.status(400).send(err.message) +}) + +app.listen(3000) +``` + ++Note how `next()` is called after `await cookieValidator(req.cookies)`. This ensures that if `cookieValidator` resolves, the next middleware in the stack will get called. If you pass anything to the `next()` function (except the string `'route'` or `'router'`), Express regards the current request as being an error and will skip any remaining non-error handling routing and middleware functions. ++ Como tiene acceso al objeto de solicitud, el objeto de respuesta, la siguiente función de middleware de la pila y toda la API de Node.js, las posibilidades con las funciones de middleware son ilimitadas. Para obtener más información sobre el middleware de Express, consulte: [Utilización del middleware de Express](/{{ page.lang }}/guide/using-middleware.html). + +Configurable middleware
+ +If you need your middleware to be configurable, export a function which accepts an options object or other parameters, which, then returns the middleware implementation based on the input parameters. + +File: `my-middleware.js` + +```js +module.exports = function (options) { + return function (req, res, next) { + // Implement the middleware function based on the options object + next() + } +} +``` + +The middleware can now be used as shown below. + +```js +const mw = require('./my-middleware.js') + +app.use(mw({ option1: '1', option2: '2' })) +``` + +Refer to [cookie-session](https://github.com/expressjs/cookie-session) and [compression](https://github.com/expressjs/compression) for examples of configurable middleware. diff --git a/es/index.md b/es/index.md index 66dcbc21a4..e5aea8fd30 100644 --- a/es/index.md +++ b/es/index.md @@ -1,47 +1,64 @@ --- layout: home -title: Express - Infraestructura de aplicaciones web Node.js +title: Express - Node.js web application framework +description: Express is a fast, unopinionated, minimalist web framework for Node.js, providing a robust set of features for web and mobile applications. menu: home -lang: es -description: Express is a fast, unopinionated, minimalist web framework for Node.js, - providing a robust set of features for web and mobile applications. +lang: en +redirect_from: " " --- +-- - -Infraestructura web rápida, minimalista y flexible para Node.js
+ +Fast, unopinionated, minimalist web framework for Node.js
$ npm install express --save+$ npm install express --save- + ++ +```javascript +const express = require('express') +const app = express() +const port = 3000 + +app.get('/', (req, res) => { + res.send('Hello World!') +}) + +app.listen(port, () => { + console.log(`Example app listening on port ${port}`) +}) +``` +- +{% if site.announcement %} + ++ {% include announcement.html %} + +{% endif %}Aplicaciones web
Express es una infraestructura de aplicaciones web Node.js mínima y flexible que proporciona un conjunto sólido de características para las aplicaciones web y móviles. --- -API
Con miles de métodos de programa de utilidad HTTP y middleware a su disposición, la creación de una API sólida es rápida y sencilla. --- -Rendimiento
Express proporciona una delgada capa de características de aplicación web básicas, que no ocultan las características de Node.js que tanto ama y conoce. --+LoopBack
Desarrolle aplicaciones basadas en modelos con una infraestructura basada en Express.
Encontrará más información en loopback.io. -++Web Applications
Express is a minimal and flexible Node.js web application framework that provides a robust set of features for web and mobile applications. +++APIs
With a myriad of HTTP utility methods and middleware at your disposal, creating a robust API is quick and easy. +++Performance
Express provides a thin layer of fundamental web application features, without obscuring Node.js features that you know and love. ++Middleware
+ Express is a lightweight and flexible routing framework with minimal core features + meant to be augmented through the use of Express middleware modules. +-En primer lugar, cree un directorio denominado `myapp`, cámbielo y ejecute `npm init`. A continuación, instale `express` como una dependencia, según se describe en la [guía de instalación](/{{ page.lang }}/starter/installing.html). - -En el directorio `myapp`, cree un archivo denominado `app.js` y añada el código siguiente: - ```js const express = require('express') const app = express() @@ -31,7 +27,13 @@ app.listen(port, () => { }) ``` -La aplicación inicia un servidor y escucha las conexiones en el puerto 3000. La aplicación responde con "Hello World!" para las solicitudes al URL raíz (`/`) o a la *ruta* raíz. Para cada vía de acceso diferente, responderá con un error **404 Not Found**. +La aplicación inicia un servidor y escucha las conexiones en el puerto 3000. La aplicación responde con "Hello World!" para las solicitudes al URL raíz (`/`) o a la _ruta_ raíz. Para cada vía de acceso diferente, responderá con un error **404 Not Found**. + +### Running Locally + +En primer lugar, cree un directorio denominado `myapp`, cámbielo y ejecute `npm init`. A continuación, instale `express` como una dependencia, según se describe en la [guía de instalación](/{{ page.lang }}/starter/installing.html). + +En el directorio `myapp`, cree un archivo denominado `app.js` y añada el código siguiente:-Logotipo
- +Logotype
@@ -77,13 +75,12 @@ Express es un proyecto de la Fundación OpenJS. Por favor, revise la [política
- +\ No newline at end of file diff --git a/es/resources/contributing.md b/es/resources/contributing.md new file mode 100644 index 0000000000..47d992d045 --- /dev/null +++ b/es/resources/contributing.md @@ -0,0 +1,551 @@ +--- +layout: page +title: Contribuir a Express +description: Find out how to contribute to Express.js, including guidelines for reporting issues, submitting pull requests, becoming a collaborator, and understanding security policies. +menu: resources +lang: en +redirect_from: " " +--- + +# Contribuir a Express + +### Looking to contribute to Expressjs.com? Click [here](#expressjs-website-contributing). + +Express and the other projects in the [expressjs organization on GitHub](https://github.com/expressjs) are projects of the [OpenJs Foundation](https://openjsf.org/). +These projects are governed under the general policies and guidelines of the Node.js Foundation along with the additional guidelines below. + +- [Technical committee](#technical-committee) +- [Community contributing guide](#community-contributing-guide) +- [Collaborator's guide](#collaborators-guide) +- [Security policies and procedures](#security-policies-and-procedures) + +## Technical committee + +The Express technical committee consists of active project members, and guides development and maintenance of the Express project. For more information, see [Express Community - Technical committee](community.html#technical-committee). + +## Community contributing guide + + + +The goal of this document is to create a contribution process that: + +- Encourages new contributions. +- Encourages contributors to remain involved. +- Avoids unnecessary processes and bureaucracy whenever possible. +- Creates a transparent decision making process that makes it clear how + contributors can be involved in decision making. + +### Vocabulary + +- A **Contributor** is any individual creating or commenting on an issue or pull request. +- A **Committer** is a subset of contributors who have been given write access to the repository. +- A **Project Captain** is the lead maintainer of a repository. +- A **TC (Technical Committee)** is a group of committers representing the required technical + expertise to resolve rare disputes. +- A **Triager** is a subset of contributors who have been given triage access to the repository. + +### Logging Issues + +Log an issue for any question or problem you might have. When in doubt, log an issue, and +any additional policies about what to include will be provided in the responses. The only +exception is security disclosures which should be sent privately. + +Committers may direct you to another repository, ask for additional clarifications, and +add appropriate metadata before the issue is addressed. + +Please be courteous and respectful. Every participant is expected to follow the +project's Code of Conduct. + +### Contributions + +Any change to resources in this repository must be through pull requests. This applies to all changes +to documentation, code, binary files, etc. Even long term committers and TC members must use +pull requests. + +No pull request can be merged without being reviewed. + +For non-trivial contributions, pull requests should sit for at least 36 hours to ensure that +contributors in other timezones have time to review. Consideration should also be given to +weekends and other holiday periods to ensure active committers all have reasonable time to +become involved in the discussion and review process if they wish. + +The default for each contribution is that it is accepted once no committer has an objection. +During a review, committers may also request that a specific contributor who is most versed in a +particular area gives a "LGTM" before the PR can be merged. There is no additional "sign off" +process for contributions to land. Once all issues brought by committers are addressed it can +be landed by any committer. + +In the case of an objection being raised in a pull request by another committer, all involved +committers should seek to arrive at a consensus by way of addressing concerns being expressed +by discussion, compromise on the proposed change, or withdrawal of the proposed change. + +If a contribution is controversial and committers cannot agree about how to get it to land +or if it should land then it should be escalated to the TC. TC members should regularly +discuss pending contributions in order to find a resolution. It is expected that only a +small minority of issues be brought to the TC for resolution and that discussion and +compromise among committers be the default resolution mechanism. + +### Becoming a Triager + +Anyone can become a triager! Read more about the process of being a triager in +[the triage process document](https://github.com/expressjs/express/blob/master/Triager-Guide.md). + +Currently, any existing [organization member](https://github.com/orgs/expressjs/people) can nominate +a new triager. If you are interested in becoming a triager, our best advice is to actively participate +in the community by helping triaging issues and pull requests. As well we recommend +to engage in other community activities like attending the TC meetings, and participating in the Slack +discussions. If you feel ready and have been helping triage some issues, reach out to an active member of the organization to ask if they'd +be willing to support you. If they agree, they can create a pull request to formalize your nomination. In the case of an objection to the nomination, the triage team is responsible for working with the individuals involved and finding a resolution. + +You can also reach out to any of the [organization members](https://github.com/orgs/expressjs/people) +if you have questions or need guidance. + +### Becoming a Committer + +All contributors who have landed significant and valuable contributions should be onboarded in a timely manner, +and added as a committer, and be given write access to the repository. + +Committers are expected to follow this policy and continue to send pull requests, go through +proper review, and have other committers merge their pull requests. + +### TC Process + +The TC uses a "consensus seeking" process for issues that are escalated to the TC. +The group tries to find a resolution that has no open objections among TC members. +If a consensus cannot be reached that has no objections then a majority wins vote +is called. It is also expected that the majority of decisions made by the TC are via +a consensus seeking process and that voting is only used as a last-resort. + +Resolution may involve returning the issue to project captains with suggestions on +how to move forward towards a consensus. It is not expected that a meeting of the TC +will resolve all issues on its agenda during that meeting and may prefer to continue +the discussion happening among the project captains. + +Members can be added to the TC at any time. Any TC member can nominate another committer +to the TC and the TC uses its standard consensus seeking process to evaluate whether or +not to add this new member. The TC will consist of a minimum of 3 active members and a +maximum of 10. If the TC should drop below 5 members the active TC members should nominate +someone new. If a TC member is stepping down, they are encouraged (but not required) to +nominate someone to take their place. + +TC members will be added as admin's on the Github orgs, npm orgs, and other resources as +necessary to be effective in the role. + +To remain "active" a TC member should have participation within the last 12 months and miss +no more than six consecutive TC meetings. Our goal is to increase participation, not punish +people for any lack of participation, this guideline should be only be used as such +(replace an inactive member with a new active one, for example). Members who do not meet this +are expected to step down. If A TC member does not step down, an issue can be opened in the +discussions repo to move them to inactive status. TC members who step down or are removed due +to inactivity will be moved into inactive status. + +Inactive status members can become active members by self nomination if the TC is not already +larger than the maximum of 10. They will also be given preference if, while at max size, an +active member steps down. + +### Project Captains + +The Express TC can designate captains for individual projects/repos in the +organizations. These captains are responsible for being the primary +day-to-day maintainers of the repo on a technical and community front. +Repo captains are empowered with repo ownership and package publication rights. +When there are conflicts, especially on topics that effect the Express project +at large, captains are responsible to raise it up to the TC and drive +those conflicts to resolution. Captains are also responsible for making sure +community members follow the community guidelines, maintaining the repo +and the published package, as well as in providing user support. + +Like TC members, Repo captains are a subset of committers. + +To become a captain for a project the candidate is expected to participate in that +project for at least 6 months as a committer prior to the request. They should have +helped with code contributions as well as triaging issues. They are also required to +have 2FA enabled on both their GitHub and npm accounts. + +Any TC member or an existing captain on the **same** repo can nominate another committer +to the captain role. To do so, they should submit a PR to this document, updating the +**Active Project Captains** section (while maintaining the sort order) with the project +name, the nominee's GitHub handle, and their npm username (if different). + +- Repos can have as many captains as make sense for the scope of work. +- A TC member or an existing repo captain **on the same project** can nominate a new captain. + Repo captains from other projects should not nominate captains for a different project. + +The PR will require at least 2 approvals from TC members and 2 weeks hold time to allow +for comment and/or dissent. When the PR is merged, a TC member will add them to the +proper GitHub/npm groups. + +#### Active Projects and Captains + +- [`expressjs/badgeboard`](https://github.com/expressjs/badgeboard): @wesleytodd +- [`expressjs/basic-auth-connect`](https://github.com/expressjs/basic-auth-connect): @ulisesGascon +- [`expressjs/body-parser`](https://github.com/expressjs/body-parser): @wesleytodd, @jonchurch, @ulisesGascon +- [`expressjs/compression`](https://github.com/expressjs/compression): @ulisesGascon +- [`expressjs/connect-multiparty`](https://github.com/expressjs/connect-multiparty): @ulisesGascon +- [`expressjs/cookie-parser`](https://github.com/expressjs/cookie-parser): @wesleytodd, @UlisesGascon +- [`expressjs/cookie-session`](https://github.com/expressjs/cookie-session): @ulisesGascon +- [`expressjs/cors`](https://github.com/expressjs/cors): @jonchurch, @ulisesGascon +- [`expressjs/discussions`](https://github.com/expressjs/discussions): @wesleytodd +- [`expressjs/errorhandler`](https://github.com/expressjs/errorhandler): @ulisesGascon +- [`expressjs/express-paginate`](https://github.com/expressjs/express-paginate): @ulisesGascon +- [`expressjs/express`](https://github.com/expressjs/express): @wesleytodd, @ulisesGascon +- [`expressjs/expressjs.com`](https://github.com/expressjs/expressjs.com): @crandmck, @jonchurch, @bjohansebas +- [`expressjs/flash`](https://github.com/expressjs/flash): @ulisesGascon +- [`expressjs/generator`](https://github.com/expressjs/generator): @wesleytodd +- [`expressjs/method-override`](https://github.com/expressjs/method-override): @ulisesGascon +- [`expressjs/morgan`](https://github.com/expressjs/morgan): @jonchurch, @ulisesGascon +- [`expressjs/multer`](https://github.com/expressjs/multer): @LinusU, @ulisesGascon +- [`expressjs/response-time`](https://github.com/expressjs/response-time): @UlisesGascon +- [`expressjs/serve-favicon`](https://github.com/expressjs/serve-favicon): @ulisesGascon +- [`expressjs/serve-index`](https://github.com/expressjs/serve-index): @ulisesGascon +- [`expressjs/serve-static`](https://github.com/expressjs/serve-static): @ulisesGascon +- [`expressjs/session`](https://github.com/expressjs/session): @ulisesGascon +- [`expressjs/statusboard`](https://github.com/expressjs/statusboard): @wesleytodd +- [`expressjs/timeout`](https://github.com/expressjs/timeout): @ulisesGascon +- [`expressjs/vhost`](https://github.com/expressjs/vhost): @ulisesGascon +- [`jshttp/accepts`](https://github.com/jshttp/accepts): @blakeembrey +- [`jshttp/basic-auth`](https://github.com/jshttp/basic-auth): @blakeembrey +- [`jshttp/compressible`](https://github.com/jshttp/compressible): @blakeembrey +- [`jshttp/content-disposition`](https://github.com/jshttp/content-disposition): @blakeembrey +- [`jshttp/content-type`](https://github.com/jshttp/content-type): @blakeembrey +- [`jshttp/cookie`](https://github.com/jshttp/cookie): @blakeembrey +- [`jshttp/etag`](https://github.com/jshttp/etag): @blakeembrey +- [`jshttp/forwarded`](https://github.com/jshttp/forwarded): @blakeembrey +- [`jshttp/fresh`](https://github.com/jshttp/fresh): @blakeembrey +- [`jshttp/http-assert`](https://github.com/jshttp/http-assert): @wesleytodd, @jonchurch, @ulisesGascon +- [`jshttp/http-errors`](https://github.com/jshttp/http-errors): @wesleytodd, @jonchurch, @ulisesGascon +- [`jshttp/media-typer`](https://github.com/jshttp/media-typer): @blakeembrey +- [`jshttp/methods`](https://github.com/jshttp/methods): @blakeembrey +- [`jshttp/mime-db`](https://github.com/jshttp/mime-db): @blakeembrey, @UlisesGascon +- [`jshttp/mime-types`](https://github.com/jshttp/mime-types): @blakeembrey, @UlisesGascon +- [`jshttp/negotiator`](https://github.com/jshttp/negotiator): @blakeembrey +- [`jshttp/on-finished`](https://github.com/jshttp/on-finished): @wesleytodd, @ulisesGascon +- [`jshttp/on-headers`](https://github.com/jshttp/on-headers): @blakeembrey +- [`jshttp/proxy-addr`](https://github.com/jshttp/proxy-addr): @wesleytodd, @ulisesGascon +- [`jshttp/range-parser`](https://github.com/jshttp/range-parser): @blakeembrey +- [`jshttp/statuses`](https://github.com/jshttp/statuses): @blakeembrey +- [`jshttp/type-is`](https://github.com/jshttp/type-is): @blakeembrey +- [`jshttp/vary`](https://github.com/jshttp/vary): @blakeembrey +- [`pillarjs/cookies`](https://github.com/pillarjs/cookies): @blakeembrey +- [`pillarjs/csrf`](https://github.com/pillarjs/csrf): @ulisesGascon +- [`pillarjs/encodeurl`](https://github.com/pillarjs/encodeurl): @blakeembrey +- [`pillarjs/finalhandler`](https://github.com/pillarjs/finalhandler): @wesleytodd, @ulisesGascon +- [`pillarjs/hbs`](https://github.com/pillarjs/hbs): @ulisesGascon +- [`pillarjs/multiparty`](https://github.com/pillarjs/multiparty): @blakeembrey +- [`pillarjs/parseurl`](https://github.com/pillarjs/parseurl): @blakeembrey +- [`pillarjs/path-to-regexp`](https://github.com/pillarjs/path-to-regexp): @blakeembrey +- [`pillarjs/request`](https://github.com/pillarjs/request): @wesleytodd +- [`pillarjs/resolve-path`](https://github.com/pillarjs/resolve-path): @blakeembrey +- [`pillarjs/router`](https://github.com/pillarjs/router): @wesleytodd, @ulisesGascon +- [`pillarjs/send`](https://github.com/pillarjs/send): @blakeembrey +- [`pillarjs/understanding-csrf`](https://github.com/pillarjs/understanding-csrf): @ulisesGascon + +#### Current Initiative Captains + +- Triage team [ref](https://github.com/expressjs/discussions/issues/227): @UlisesGascon + +### Developer's Certificate of Origin 1.1 + +```text +By making a contribution to this project, I certify that: + + (a) The contribution was created in whole or in part by me and I + have the right to submit it under the open source license + indicated in the file; or + + (b) The contribution is based upon previous work that, to the best + of my knowledge, is covered under an appropriate open source + license and I have the right under that license to submit that + work with modifications, whether created in whole or in part + by me, under the same open source license (unless I am + permitted to submit under a different license), as indicated + in the file; or + + (c) The contribution was provided directly to me by some other + person who certified (a), (b) or (c) and I have not modified + it. + + (d) I understand and agree that this project and the contribution + are public and that a record of the contribution (including all + personal information I submit with it, including my sign-off) is + maintained indefinitely and may be redistributed consistent with + this project or the open source license(s) involved. +``` + +## Collaborator's guide + + + +### Website Issues + +Open issues for the expressjs.com website in https://github.com/expressjs/expressjs.com. + +### PRs and Code contributions + +- Tests must pass. +- Follow the [JavaScript Standard Style](https://standardjs.com/) and `npm run lint`. +- If you fix a bug, add a test. + +### Branches + +Use the `master` branch for bug fixes or minor work that is intended for the +current release stream. + +Use the correspondingly named branch, e.g. `5.0`, for anything intended for +a future release of Express. + +### Steps for contributing + +1. [Create an issue](https://github.com/expressjs/express/issues/new) for the + bug you want to fix or the feature that you want to add. +2. Create your own [fork](https://github.com/expressjs/express) on GitHub, then + checkout your fork. +3. Write your code in your local copy. It's good practice to create a branch for + each new issue you work on, although not compulsory. +4. To run the test suite, first install the dependencies by running `npm install`, + then run `npm test`. +5. Ensure your code is linted by running `npm run lint` -- fix any issue you + see listed. +6. If the tests pass, you can commit your changes to your fork and then create + a pull request from there. Make sure to reference your issue from the pull + request comments by including the issue number e.g. `#123`. + +### Issues which are questions + +We will typically close any vague issues or questions that are specific to some +app you are writing. Please double check the docs and other references before +being trigger happy with posting a question issue. + +Things that will help get your question issue looked at: + +- Full and runnable JS code. +- Clear description of the problem or unexpected behavior. +- Clear description of the expected result. +- Steps you have taken to debug it yourself. + +If you post a question and do not outline the above items or make it easy for +us to understand and reproduce your issue, it will be closed. + +## Security Policies and Procedures + + + +This document outlines security procedures and general policies for the Express +project. + +- [Reporting a Bug](#reporting-a-bug) +- [Disclosure Policy](#disclosure-policy) +- [Comments on this Policy](#comments-on-this-policy) + +### Reporting a Bug + +The Express team and community take all security bugs in Express seriously. +Thank you for improving the security of Express. We appreciate your efforts and +responsible disclosure and will make every effort to acknowledge your +contributions. + +Report security bugs by emailing `express-security@lists.openjsf.org`. + +To ensure the timely response to your report, please ensure that the entirety +of the report is contained within the email body and not solely behind a web +link or an attachment. + +The lead maintainer will acknowledge your email within 48 hours, and will send a +more detailed response within 48 hours indicating the next steps in handling +your report. After the initial reply to your report, the security team will +endeavor to keep you informed of the progress towards a fix and full +announcement, and may ask for additional information or guidance. + +Report security bugs in third-party modules to the person or team maintaining +the module. + +### Pre-release Versions + +Alpha and Beta releases are unstable and **not suitable for production use**. +Vulnerabilities found in pre-releases should be reported according to the [Reporting a Bug](#reporting-a-bug) section. +Due to the unstable nature of the branch it is not guaranteed that any fixes will be released in the next pre-release. + +### Disclosure Policy + +When the security team receives a security bug report, they will assign it to a +primary handler. This person will coordinate the fix and release process, +involving the following steps: + +- Confirm the problem and determine the affected versions. +- Audit code to find any potential similar problems. +- Prepare fixes for all releases still under maintenance. These fixes will be + released as fast as possible to npm. + +### The Express Threat Model + +We are currently working on a new version of the security model, the most updated version can be found [here](https://github.com/expressjs/security-wg/blob/main/docs/ThreatModel.md) + +### Comments on this Policy + +If you have suggestions on how this process could be improved please submit a +pull request. + +---- + +# Contributing to Expressjs.com {#expressjs-website-contributing} + + + +### The Official Documentation of the Express JS Framework + +This is the contribution documentation for the [Expressjs.com](https://github.com/expressjs/expressjs.com) website. + +#### Need some ideas? These are some typical issues. + +1. **Website issues**: + If you see anything on the site that could use a tune-up, think about how to fix it. + + - Display or screen sizing problems + - Mobile responsiveness issues + - Missing or broken accessibility features + - Website outages + - Broken links + - Page structure or user interface enhancements + +2. **Content Issues**: + Fix anything related to site content or typos. + - Spelling errors + - Incorrect/outdated Express JS documentation + - Missing content + +3. **Translation Issues**: Fix any translation errors or contribute new content. + - Fix spelling errors + - Fix incorrect/poorly translated words + - Translate new content + +> **IMPORTANT:** +> All translation submissions are currently paused. See this [notice](#notice-we-have-paused-all-translation-contributions) for more information. + +- Check out the [Contributing translations](#contributing-translations) section below for a contributing guide. + +#### Want to work on a backlog issue? + +We often have bugs or enhancements that need work. You can find these under our repo's [Issues tab](https://github.com/expressjs/expressjs.com/issues). Check out the tags to find something that's a good match for you. + +#### Have an idea? Found a bug? + +If you've found a bug or a typo, or if you have an idea for an enhancement, you can: + +- Submit a [new issue](https://github.com/expressjs/expressjs.com/issues/new/choose) on our repo. Do this for larger proposals, or if you'd like to discuss or get feedback first. +- Make a [Github pull request](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/creating-a-pull-request). If you have already done work and it's ready to go, feel free to send it our way. + +## Getting Started + +The steps below will guide you through the Expressjs.com contribution process. + +#### Step 1: (OPTIONAL) Open a New Issue + +So you've found a problem that you want to fix, or have a site enhancement you want to make. + +1. If you want to get feedback or discuss, open a discussion [issue](https://github.com/expressjs/expressjs.com/issues/new/choose) prior to starting work. This is not required, but encouraged for larger proposals. + - While we highly encourage this step, it is only for submissions proposing significant change. It helps us to clarify and focus the work, and ensure it aligns with overall project priorities. + - For submissions proposing minor improvements or corrections, this is not needed. You can skip this step. + - When opening an issue please give it a title and fill in the description section. The more details you provide, the more feedback we can give. + +2. After receiving your issue the Express JS documentation team will respond with feedback. We read every submission and always try to respond quickly with feedback. + - For submissions proposing significant change, we encourage you to follow the review process before starting work. + +#### Step 2: Get the Application Code Base + +Clone the repo and get the code: + +``` +git clone https://github.com/expressjs/expressjs.com.git +``` + +After you've got the code you're ready to start making your changes! + +But just in case you need a little extra explanation, this section below outlines the main sections of the code base, where most changes are likely to be made. + +**Markdown Page Files**: + +- These files render to html and make up the individual pages of the site. Most of the site's documentation text content is written in `md` files. +- Change these to make changes to individual pages' content/text or markup. +- Each language has its own complete set of pages, located under their respective language directories - all the Spanish markdown content is found in the `es` directory, for example. + +**Includes Partials and Layout Templates** + +- `_includes` are partials that are imported and reused across multiple pages. + - These are used to import text content for reuse across pages, such as the API documentation, e.g., `_includes > api > en > 5x`, which is included in every language. + - These are used to include the page components that make up site-wide user interface and periphery structure, e.g., Header, Footer, etc. +- `_layouts` are the templates used to wrap the site's individual pages. + - These are used to display the structure of the site's periphery, such as the header and footer, and for injecting and displaying individual markdown pages inside the `content` tag. + +**Blog Markdown Files** + +- These files make up the individual blog posts. If you want to contribute a blog post please + follow the specific instructions for [How to write a blog post.](https://expressjs.com/en/blog/write-post.html) +- Located under the `_posts` directory. + +**CSS or Javascript** + +- All css and js files are kept in `css` and `js` folders on the project root. + +The Express JS website is build using [Jeykyll](https://jekyllrb.com/) and is hosted on [Github Pages](https://pages.github.com/). + +#### Step 3: Running the Application + +Now you'll need a way to see your changes, which means you'll need a running version of the application. You have two options. + +1. **Run Locally**: This gets the local version of the application up and running on your machine. Follow our [Local Setup Guide](https://github.com/expressjs/expressjs.com?tab=readme-ov-file#local-setup) to use this option. + - This is the recommended option for moderate to complex work. +2. **Run using Deploy Preview**: Use this option if you don't want to bother with a local installation. Part of our continuous integration pipeline includes [Netlify Deploy Preview](https://docs.netlify.com/site-deploys/deploy-previews/). + 1. To use this you'll need to get your changes online - after you've made your first commit on your feature branch, make a _draft_ pull request. + 2. After the build steps are complete, you'll have access to a **Deploy Preview** tab that will run your changes on the web, rebuilding after each commit is pushed. + 3. After you are completely done your work and it's ready for review, remove the draft status on your pull request and submit your work. + +## Contributing translations + +#### Notice: We have paused all translation contributions. + +> **IMPORTANT:** +> We are currently working toward a more streamlined translations workflow. As long as this notice is posted, we will _not_ be accepting any translation submissions. + +We highly encourage community translations! We no longer have professional translations, and we believe in the power of our community to provide accurate and helpful translations. + +The documentation is translated into these languages: + +- English (`en`) +- Spanish (`es`) +- French (`fr`) +- Italian (`it`) +- Indonesian (`id`) +- Japanese (`ja`) +- Korean (`ko`) +- Brazilian Portuguese (`pt-br`) +- Russian (`ru`) +- Slovak (`sk`) +- Thai (`th`) +- Turkish (`tr`) +- Ukrainian (`uk`) +- Uzbek (`uz`) +- Simplified Chinese (`zh-cn`) +- Traditional Chinese (`zh-tw`) + +### Adding New Full Site Translations + +If you find a translation is missing from the list you can create a new one. + +To translate Expressjs.com into a new language, follow these steps: + +1. Clone the [`expressjs.com`](https://github.com/expressjs/expressjs.com) repository. +2. Create a directory for the language of your choice using its [ISO 639-1 code](https://www.loc.gov/standards/iso639-2/php/code_list.php) as its name. +3. Copy `index.md`, `api.md`, `starter/`, `guide/`, `advanced/`, `resources/`, `4x/`, and `3x/`, to the language directory. +4. Remove the link to 2.x docs from the "API Reference" menu. +5. Update the `lang` variable in the copied markdown files. +6. Update the `title` variable in the copied markdown files. +7. Create the header, footer, notice, and announcement file for the language in the `_includes/` directory, in the respective directories, and make necessary edits to the contents. +8. Create the announcement file for the language in the `_includes/` directory. +9. Make sure to append `/{{ page.lang }}` to all the links within the site. +10. Update the [CONTRIBUTING.md](https://github.com/expressjs/expressjs.com/blob/gh-pages/CONTRIBUTING.md#contributing-translations) and the `.github/workflows/translation.yml` files with the new language. + +### Adding Page and Section Translations + +Many site translations are still missing pages. To find which ones we need help with, you can [filter for merged PRs](https://github.com/expressjs/expressjs.com/pulls?q=is%3Apr+is%3Aclosed+label%3Arequires-translation-es) that include the tag for your language, such as `requires-translation-es` for requires Spanish translation. + +If you contribute a page or section translation, please reference the original PR. This helps the person merging your translation to remove the tag from the original PR. diff --git a/es/resources/glossary.md b/es/resources/glossary.md old mode 100755 new mode 100644 index d9c07759fa..8e7916e2bb --- a/es/resources/glossary.md +++ b/es/resources/glossary.md @@ -1,33 +1,25 @@ --- layout: page title: Glosario de Express +description: A comprehensive glossary of terms related to Express.js, Node.js, middleware, routing, and other key concepts to help you understand and use Express effectively. menu: resources -lang: es -description: A comprehensive glossary of terms related to Express.js, Node.js, middleware, - routing, and other key concepts to help you understand and use Express effectively. +lang: en +redirect_from: " " --- # Glosario -### API - -Interfaz de programación de aplicaciones. Explique la abreviatura la primera vez que la utilice. - -### aplicación +### application En general, uno o varios programas diseñados para realizar operaciones para un determinado propósito. En el contexto de Express, un programa que utiliza la API de Express que se ejecuta en la plataforma Node.js. También puede hacer referencia a un [objeto de aplicación](/{{ page.lang }}/api.html#express). -### código abierto - -Consulte [Open source software en la Wikipedia](http://en.wikipedia.org/wiki/Open-source_software). - -### direccionador +### API -Consulte [direccionador](/{{ page.lang }}/4x/api.html#router) en la referencia de API. +Application programming interface. Explique la abreviatura la primera vez que la utilice. ### Express -Una infraestructura web rápida, minimalista y flexible para las aplicaciones Node.js. En general, se prefiere "Express" a "Express.js", aunque esta también se acepta. +Una infraestructura web rápida, minimalista y flexible para las aplicaciones Node.js. En general, se prefiere "Express" a "Express.js", aunque esta también se acepta. ### libuv @@ -35,24 +27,40 @@ Una biblioteca de soporte multiplataforma que se centra en la E/S asíncrona, de ### middleware -Una función invocada por la capa de direccionamiento de Express antes del manejador de la última solicitud, por lo que se sitúa en medio de una solicitud sin formato y la última ruta prevista. Algunos puntos delicados de terminología relacionados con el middleware: +Una función invocada por la capa de direccionamiento de Express antes del manejador de la última solicitud, por lo que se sitúa en medio de una solicitud sin formato y la última ruta prevista. Algunos puntos delicados de terminología relacionados con el middleware: - * `var foo = require('middleware')` significa que *requiere* o *utiliza* un módulo Node.js. A continuación, la sentencia `var mw = foo()` normalmente devuelve el middleware. - * `app.use(mw)` significa que *se añade el middleware a la pila de procesos global*. - * `app.get('/foo', mw, function (req, res) { ... })` significa que *se añade el middleware a la pila de procesos "GET /foo"*. +- `var foo = require('middleware')` significa que _requiere_ o _utiliza_ un módulo Node.js. A continuación, la sentencia `var mw = foo()` normalmente devuelve el middleware. +- `app.use(mw)` significa que _se añade el middleware a la pila de procesos global_. +- `app.get('/foo', mw, function (req, res) { ... })` significa que _se añade el middleware a la pila de procesos "GET /foo"_. ### Node.js -Una plataforma de software que se utiliza para crear aplicaciones de red escalables. Node.js utiliza JavaScript como lenguaje de script y consigue un elevado rendimiento mediante E/S sin bloqueo y un bucle de sucesos de una sola hebra. Consulte [nodejs.org](http://nodejs.org/). **Nota de uso**: inicialmente, "Node.js", posteriormente "Node". +Una plataforma de software que se utiliza para crear aplicaciones de red escalables. Node.js utiliza JavaScript como lenguaje de script y consigue un elevado rendimiento mediante E/S sin bloqueo y un bucle de sucesos de una sola hebra. Consulte [nodejs.org](http://nodejs.org/). **Nota de uso**: inicialmente, "Node.js", posteriormente "Node". + +### Consulte [Open source software en la Wikipedia](http://en.wikipedia.org/wiki/Open-source_software). -### respuesta +When used as an adjective, hyphenate; for example: "This is open-source software." See [Open-source software on Wikipedia](http://en.wikipedia.org/wiki/Open-source_software). -Una respuesta HTTP. Un servidor devuelve un mensaje de respuesta HTTP al cliente. La respuesta contiene información de estado de finalización sobre la solicitud y también puede contener contenido de la solicitud en el cuerpo del mensaje. +{% capture english-rules %} -### ruta +Although it is common not to hyphenate this term, we are using the standard English rules for hyphenating a compound adjective. -Parte de un URL que identifica un recurso. Por ejemplo, en `http://foo.com/products/id`, "/products/id" es la ruta. +{% endcapture %} -### solicitud +{% include admonitions/note.html content=english-rules %} -Una solicitud HTTP. Un cliente envía un mensaje de solicitud HTTP a un servidor, que devuelve una respuesta. La solicitud debe utilizar uno de los [métodos de solicitud](https://en.wikipedia.org/wiki/Hypertext_Transfer_Protocol#Request_methods) como, por ejemplo, GET, POST, etc. +### request + +Una solicitud HTTP. Un cliente envía un mensaje de solicitud HTTP a un servidor, que devuelve una respuesta. La solicitud debe utilizar uno de los [métodos de solicitud](https://en.wikipedia.org/wiki/Hypertext_Transfer_Protocol#Request_methods) como, por ejemplo, GET, POST, etc. + +### response + +An HTTP response. A server returns an HTTP response message to the client. La respuesta contiene información de estado de finalización sobre la solicitud y también puede contener contenido de la solicitud en el cuerpo del mensaje. + +### route + +Parte de un URL que identifica un recurso. For example, in `http://foo.com/products/id`, "/products/id" is the route. + +### router + +Consulte [direccionador](/{{ page.lang }}/4x/api.html#router) en la referencia de API. diff --git a/es/resources/middleware.md b/es/resources/middleware.md old mode 100755 new mode 100644 index b9635cd84b..e7565ea7c4 --- a/es/resources/middleware.md +++ b/es/resources/middleware.md @@ -1,65 +1,44 @@ --- -layout: page +layout: middleware title: Middleware de Express +description: Explore a list of Express.js middleware modules maintained by the Express team and the community, including built-in middleware and popular third-party modules. menu: resources -lang: es -description: Explore a list of Express.js middleware modules maintained by the Express - team and the community, including built-in middleware and popular third-party modules. +lang: en +redirect_from: " " +module: mw-home --- -# Middleware de terceros +## Middleware de Express Estos son algunos módulos de middleware de Express: - - [body-parser](https://github.com/expressjs/body-parser): anteriormente `express.bodyParser`, `json` y `urlencoded`. - Vea también: - - [body](https://github.com/raynos/body) - - [co-body](https://github.com/visionmedia/co-body) - - [raw-body](https://github.com/stream-utils/raw-body) - - [compression](https://github.com/expressjs/compression): anteriormente `express.compress` - - [connect-image-optimus](https://github.com/msemenistyi/connect-image-optimus): módulos de middleware de Connect/Express para el servicio óptimo de imágenes. Cambia las imágenes a `.webp` o `.jxr`, si es posible. - - [connect-timeout](https://github.com/expressjs/timeout): anteriormente `express.timeout` - - [cookie-parser](https://github.com/expressjs/cookie-parser): anteriormente `express.cookieParser` - - [cookie-session](https://github.com/expressjs/cookie-session): anteriormente `express.cookieSession` - - [errorhandler](https://github.com/expressjs/errorhandler): anteriormente `express.errorHandler` - - [express-debug](https://github.com/devoidfury/express-debug): herramienta de desarrollo discreta que añade a la aplicación un separador con información sobre las variables de plantilla (locals), la sesión actual, datos de solicitud útiles, etc. - - [express-partial-response](https://github.com/nemtsov/express-partial-response): módulo de middleware de Express middleware para filtrar partes de las respuestas JSON basándose en la serie de consulta `fields`; utiliza la respuesta parcial de la API de Google. - - [express-session](https://github.com/expressjs/session): anteriormente `express.session` - - [express-simple-cdn](https://github.com/jamiesteven/express-simple-cdn): módulo de middleware de Express para utilizar una CDN (Red de entrega de contenido) para los activos estáticos, con soporte de varios hosts (por ejemplo, cdn1.host.com, cdn2.host.com). - - [express-slash](https://github.com/ericf/express-slash): módulo de middleware de Express para aquellos que son estrictos sobre las barras inclinadas finales. - - [express-stormpath](https://github.com/stormpath/stormpath-express): módulo de middleware de Express para el almacenamiento de usuario, la autenticación, la autorización, SSO y la seguridad de datos. - - [express-uncapitalize](https://github.com/jamiesteven/express-uncapitalize): módulo de middleware para redirigir las solicitudes que contienen mayúsculas a un formato en minúsculas canónico. - - [helmet](https://github.com/helmetjs/helmet): módulo para ayudar a proteger las aplicaciones estableciendo varias cabeceras HTTP. - - [join-io](https://github.com/coderaiser/join-io "join-io"): módulo para unir archivos sobre la marcha para reducir el recuento de solicitudes. - - [method-override](https://github.com/expressjs/method-override): anteriormente `express.methodOverride` - - [morgan](https://github.com/expressjs/morgan): anteriormente `logger` - - [passport](https://github.com/jaredhanson/passport): módulo de middleware de Express para la autenticación. - - [response-time](https://github.com/expressjs/response-time): anteriormente `express.responseTime` - - [serve-favicon](https://github.com/expressjs/serve-favicon): anteriormente `express.favicon` - - [serve-index](https://github.com/expressjs/serve-index): anteriormente `express.directory` - - [serve-static](https://github.com/expressjs/serve-static): módulo para el servicio de contenido estático. - - [static-expiry](https://github.com/paulwalker/connect-static-expiry): cabeceras de almacenamiento en memoria caché o URL de firma digital para activos estáticos, incluido el soporte para uno o varios dominios externos. - - [vhost](https://github.com/expressjs/vhost): anteriormente `express.vhost` - - [view-helpers](https://github.com/madhums/node-view-helpers): módulo de middleware de Express que proporciona métodos de ayudante comunes a las vistas. - - [sriracha-admin](https://github.com/hdngr/siracha): módulo de middleware de Express que genera dinámicamente un sitio de administración para Mongoose. +| [express-slash](https://github.com/ericf/express-slash): módulo de middleware de Express para aquellos que son estrictos sobre las barras inclinadas finales. | Description | +| --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------- | +| [body-parser](/{{page.lang}}/resources/middleware/body-parser.html) | Parse HTTP request body. | +| [compression](/{{page.lang}}/resources/middleware/compression.html) | Compress HTTP responses. | +| [connect-rid](/{{page.lang}}/resources/middleware/connect-rid.html) | Generate unique request ID. | +| [cookie-parser](/{{page.lang}}/resources/middleware/cookie-parser.html) | Parse cookie header and populate `req.cookies`. See also [cookies](https://github.com/jed/cookies). | +| [cookie-session](/{{page.lang}}/resources/middleware/cookie-session.html) | Establish cookie-based sessions. | +| [cors](/{{page.lang}}/resources/middleware/cors.html) | Enable cross-origin resource sharing (CORS) with various options. | +| [errorhandler](/{{page.lang}}/resources/middleware/errorhandler.html) | Development error-handling/debugging. | +| [method-override](/{{page.lang}}/resources/middleware/method-override.html) | Override HTTP methods using header. | +| [morgan](/{{page.lang}}/resources/middleware/morgan.html) | HTTP request logger. | +| [multer](/{{page.lang}}/resources/middleware/multer.html) | Handle multi-part form data. | +| [response-time](/{{page.lang}}/resources/middleware/response-time.html) | Record HTTP response time. | +| [serve-favicon](/{{page.lang}}/resources/middleware/serve-favicon.html) | Serve a favicon. | +| [serve-index](/{{page.lang}}/resources/middleware/serve-index.html) | Serve directory listing for a given path. | +| [serve-static](/{{page.lang}}/resources/middleware/serve-static.html) | Serve static files. | +| [session](/{{page.lang}}/resources/middleware/session.html) | Establish server-based sessions (development only). | +| [timeout](/{{page.lang}}/resources/middleware/timeout.html) | Set a timeout perioHTTP request processing. | +| [vhost](/{{page.lang}}/resources/middleware/vhost.html) | Create virtual domains. | -Algunos módulos de middleware incluidos previamente con Connect ya no están soportados por el equipo de Connect/Express. Estos módulos se han sustituido por un módulo alternativo o deben reemplazarse por un módulo mejor. Utilice una de las siguientes alternativas: +## Para ver más módulo de middleware, consulte: - - express.cookieParser - - [cookies](https://github.com/jed/cookies) y [keygrip](https://github.com/jed/keygrip) - - express.limit - - [raw-body](https://github.com/stream-utils/raw-body) - - express.multipart - - [connect-busboy](https://github.com/mscdex/connect-busboy) - - [multer](https://github.com/expressjs/multer) - - [connect-multiparty](https://github.com/superjoe30/connect-multiparty) - - express.query - - [qs](https://github.com/visionmedia/node-querystring) - - express.staticCache - - [st](https://github.com/isaacs/st) - - [connect-static](https://github.com/andrewrk/connect-static) +These are some additional popular middleware modules. -Para ver más módulo de middleware, consulte: +{% include community-caveat.html %} - - [http-framework](https://github.com/Raynos/http-framework/wiki/Modules) - - [expressjs](https://github.com/expressjs) +| [express-slash](https://github.com/ericf/express-slash): módulo de middleware de Express para aquellos que son estrictos sobre las barras inclinadas finales. | Description | +| --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| [helmet](https://github.com/helmetjs/helmet): módulo para ayudar a proteger las aplicaciones estableciendo varias cabeceras HTTP. | Helps secure your apps by setting various HTTP headers. | +| [passport](https://github.com/jaredhanson/passport): módulo de middleware de Express para la autenticación. | Authentication using "strategies" such as OAuth, OpenID and many others. See [passportjs.org](https://passportjs.org/) for more information. | diff --git a/th/resources/middleware/body-parser.md b/es/resources/middleware/body-parser.md similarity index 84% rename from th/resources/middleware/body-parser.md rename to es/resources/middleware/body-parser.md index b142f25860..d188f90ee8 100644 --- a/th/resources/middleware/body-parser.md +++ b/es/resources/middleware/body-parser.md @@ -3,5 +3,6 @@ layout: middleware title: Express body-parser middleware menu: resources lang: en +redirect_from: " " module: body-parser --- diff --git a/th/resources/middleware/compression.md b/es/resources/middleware/compression.md similarity index 84% rename from th/resources/middleware/compression.md rename to es/resources/middleware/compression.md index 0907a7df4f..05f540b0d0 100644 --- a/th/resources/middleware/compression.md +++ b/es/resources/middleware/compression.md @@ -3,5 +3,6 @@ layout: middleware title: Express compression middleware menu: resources lang: en +redirect_from: " " module: compression --- diff --git a/th/resources/middleware/connect-rid.md b/es/resources/middleware/connect-rid.md similarity index 84% rename from th/resources/middleware/connect-rid.md rename to es/resources/middleware/connect-rid.md index d95420263d..64bc400309 100644 --- a/th/resources/middleware/connect-rid.md +++ b/es/resources/middleware/connect-rid.md @@ -3,5 +3,6 @@ layout: middleware title: Express connect-rid middleware menu: resources lang: en +redirect_from: " " module: connect-rid --- diff --git a/th/resources/middleware/cookie-parser.md b/es/resources/middleware/cookie-parser.md similarity index 85% rename from th/resources/middleware/cookie-parser.md rename to es/resources/middleware/cookie-parser.md index c1ce24a5c5..a75855fc91 100644 --- a/th/resources/middleware/cookie-parser.md +++ b/es/resources/middleware/cookie-parser.md @@ -3,5 +3,6 @@ layout: middleware title: Express cookie-parser middleware menu: resources lang: en +redirect_from: " " module: cookie-parser --- diff --git a/th/resources/middleware/cookie-session.md b/es/resources/middleware/cookie-session.md similarity index 85% rename from th/resources/middleware/cookie-session.md rename to es/resources/middleware/cookie-session.md index 76d978ccad..8b68fa1911 100644 --- a/th/resources/middleware/cookie-session.md +++ b/es/resources/middleware/cookie-session.md @@ -3,5 +3,6 @@ layout: middleware title: Express cookie-session middleware menu: resources lang: en +redirect_from: " " module: cookie-session --- diff --git a/th/resources/middleware/cors.md b/es/resources/middleware/cors.md similarity index 82% rename from th/resources/middleware/cors.md rename to es/resources/middleware/cors.md index 65b6b4b939..be266ac8d4 100644 --- a/th/resources/middleware/cors.md +++ b/es/resources/middleware/cors.md @@ -3,5 +3,6 @@ layout: middleware title: Express cors middleware menu: resources lang: en +redirect_from: " " module: cors --- diff --git a/th/resources/middleware/errorhandler.md b/es/resources/middleware/errorhandler.md similarity index 84% rename from th/resources/middleware/errorhandler.md rename to es/resources/middleware/errorhandler.md index acc252ef85..b7da1e5f68 100644 --- a/th/resources/middleware/errorhandler.md +++ b/es/resources/middleware/errorhandler.md @@ -3,5 +3,6 @@ layout: middleware title: Express errorhandler middleware menu: resources lang: en +redirect_from: " " module: errorhandler --- diff --git a/th/resources/middleware/method-override.md b/es/resources/middleware/method-override.md similarity index 85% rename from th/resources/middleware/method-override.md rename to es/resources/middleware/method-override.md index e276b6eace..5938f1de7f 100644 --- a/th/resources/middleware/method-override.md +++ b/es/resources/middleware/method-override.md @@ -3,5 +3,6 @@ layout: middleware title: Express method-override middleware menu: resources lang: en +redirect_from: " " module: method-override --- diff --git a/th/resources/middleware/morgan.md b/es/resources/middleware/morgan.md similarity index 83% rename from th/resources/middleware/morgan.md rename to es/resources/middleware/morgan.md index 9a01e52f9d..7d09c8ba37 100644 --- a/th/resources/middleware/morgan.md +++ b/es/resources/middleware/morgan.md @@ -3,5 +3,6 @@ layout: middleware title: Express morgan middleware menu: resources lang: en +redirect_from: " " module: morgan --- diff --git a/th/resources/middleware/multer.md b/es/resources/middleware/multer.md similarity index 83% rename from th/resources/middleware/multer.md rename to es/resources/middleware/multer.md index 5dfa0f8e47..f837cafdb8 100644 --- a/th/resources/middleware/multer.md +++ b/es/resources/middleware/multer.md @@ -3,5 +3,6 @@ layout: middleware title: Express multer middleware menu: resources lang: en +redirect_from: " " module: multer --- diff --git a/th/resources/middleware/response-time.md b/es/resources/middleware/response-time.md similarity index 85% rename from th/resources/middleware/response-time.md rename to es/resources/middleware/response-time.md index 6f42eba9ca..ae48e3f005 100644 --- a/th/resources/middleware/response-time.md +++ b/es/resources/middleware/response-time.md @@ -3,5 +3,6 @@ layout: middleware title: Express response-time middleware menu: resources lang: en +redirect_from: " " module: response-time --- diff --git a/th/resources/middleware/serve-favicon.md b/es/resources/middleware/serve-favicon.md similarity index 85% rename from th/resources/middleware/serve-favicon.md rename to es/resources/middleware/serve-favicon.md index 5268ce1c50..57f5a450aa 100644 --- a/th/resources/middleware/serve-favicon.md +++ b/es/resources/middleware/serve-favicon.md @@ -3,5 +3,6 @@ layout: middleware title: Express serve-favicon middleware menu: resources lang: en +redirect_from: " " module: serve-favicon --- diff --git a/th/resources/middleware/serve-index.md b/es/resources/middleware/serve-index.md similarity index 84% rename from th/resources/middleware/serve-index.md rename to es/resources/middleware/serve-index.md index 06f3e89de2..a92b46dc95 100644 --- a/th/resources/middleware/serve-index.md +++ b/es/resources/middleware/serve-index.md @@ -3,5 +3,6 @@ layout: middleware title: Express serve-index middleware menu: resources lang: en +redirect_from: " " module: serve-index --- diff --git a/th/resources/middleware/serve-static.md b/es/resources/middleware/serve-static.md similarity index 84% rename from th/resources/middleware/serve-static.md rename to es/resources/middleware/serve-static.md index 9c7afaa31e..b17737af5f 100644 --- a/th/resources/middleware/serve-static.md +++ b/es/resources/middleware/serve-static.md @@ -3,5 +3,6 @@ layout: middleware title: Express serve-static middleware menu: resources lang: en +redirect_from: " " module: serve-static --- diff --git a/th/resources/middleware/session.md b/es/resources/middleware/session.md similarity index 83% rename from th/resources/middleware/session.md rename to es/resources/middleware/session.md index eda9faa738..05ec6133ac 100644 --- a/th/resources/middleware/session.md +++ b/es/resources/middleware/session.md @@ -3,5 +3,6 @@ layout: middleware title: Express session middleware menu: resources lang: en +redirect_from: " " module: session --- diff --git a/th/resources/middleware/timeout.md b/es/resources/middleware/timeout.md similarity index 83% rename from th/resources/middleware/timeout.md rename to es/resources/middleware/timeout.md index 54de8855cd..0aa926a7f3 100644 --- a/th/resources/middleware/timeout.md +++ b/es/resources/middleware/timeout.md @@ -3,5 +3,6 @@ layout: middleware title: Express timeout middleware menu: resources lang: en +redirect_from: " " module: timeout --- diff --git a/th/resources/middleware/vhost.md b/es/resources/middleware/vhost.md similarity index 83% rename from th/resources/middleware/vhost.md rename to es/resources/middleware/vhost.md index 57bdb266ef..08860472ec 100644 --- a/th/resources/middleware/vhost.md +++ b/es/resources/middleware/vhost.md @@ -3,5 +3,6 @@ layout: middleware title: Express vhost middleware menu: resources lang: en +redirect_from: " " module: vhost --- diff --git a/es/resources/utils.md b/es/resources/utils.md new file mode 100644 index 0000000000..18f7c1aaf8 --- /dev/null +++ b/es/resources/utils.md @@ -0,0 +1,26 @@ +--- +layout: page +title: Express utilities +description: Discover utility modules related to Express.js and Node.js, including tools for cookies, CSRF protection, URL parsing, routing, and more to enhance your applications. +menu: resources +lang: en +redirect_from: " " +--- + +## Express utility functions + +The [pillarjs](https://github.com/pillarjs) GitHub organization contains a number of modules +for utility functions that may be generally useful. + +| Utility modules | Description | +| -------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| [cookies](https://www.npmjs.com/package/cookies) | Get and set HTTP(S) cookies that can be signed to prevent tampering, using Keygrip. Can be used with the Node.js HTTP library or as Express middleware. | +| [csrf](https://www.npmjs.com/package/csrf) | Contains the logic behind CSRF token creation and verification. Use this module to create custom CSRF middleware. | +| [finalhandler](https://www.npmjs.com/package/finalhandler) | Function to invoke as the final step to respond to HTTP request. | +| [parseurl](https://www.npmjs.com/package/parseurl) | Parse a URL with caching. | +| [path-to-regexp](https://www.npmjs.com/package/path-to-regexp) | Turn an Express-style path string such as \`\`/user/:name\` into a regular expression. | +| [resolve-path](https://www.npmjs.com/package/resolve-path) | Resolves a relative path against a root path with validation. | +| [router](https://www.npmjs.com/package/router) | Simple middleware-style router. | +| [send](https://www.npmjs.com/package/send) | Library for streaming files as a HTTP response, with support for partial responses (ranges), conditional-GET negotiation, and granular events. | + +For additional low-level HTTP-related modules, see [jshttp](http://jshttp.github.io/). diff --git a/es/starter/basic-routing.md b/es/starter/basic-routing.md old mode 100755 new mode 100644 index 56c2c38aa3..f2baa49a65 --- a/es/starter/basic-routing.md +++ b/es/starter/basic-routing.md @@ -1,27 +1,27 @@ --- layout: page title: Direccionamiento básico de Express +description: Learn the fundamentals of routing in Express.js applications, including how to define routes, handle HTTP methods, and create route handlers for your web server. menu: starter -lang: es -description: Learn the fundamentals of routing in Express.js applications, including - how to define routes, handle HTTP methods, and create route handlers for your web - server. +lang: en +redirect_from: " " --- # Direccionamiento básico -El *direccionamiento* hace referencia a la determinación de cómo responde una aplicación a una solicitud de cliente en un determinado punto final, que es un URI (o una vía de acceso) y un método de solicitud HTTP específico (GET, POST, etc.). +El _direccionamiento_ hace referencia a la determinación de cómo responde una aplicación a una solicitud de cliente en un determinado punto final, que es un URI (o una vía de acceso) y un método de solicitud HTTP específico (GET, POST, etc.). Cada ruta puede tener una o varias funciones de manejador, que se excluyen cuando se correlaciona la ruta. -La definición de ruta tiene la siguiente estructura: +Route definition takes the following structure: + ```js app.METHOD(PATH, HANDLER) ``` -Donde: +Where: -- `app` es una instancia de `express`. +- `app` is an instance of `express`. - `METHOD` es un [método de solicitud HTTP](http://en.wikipedia.org/wiki/Hypertext_Transfer_Protocol). - `PATH` es una vía de acceso en el servidor. - `HANDLER` es la función que se ejecuta cuando se correlaciona la ruta. @@ -65,3 +65,5 @@ app.delete('/user', (req, res) => { ``` Para obtener más detalles sobre el direccionamiento, consulte la [guía de direccionamiento](/{{ page.lang }}/guide/routing.html). + +### [Previous: Express application generator ](/{{ page.lang }}/starter/generator.html) [Next: Serving static files in Express ](/{{ page.lang }}/starter/static-files.html) \ No newline at end of file diff --git a/es/starter/examples.md b/es/starter/examples.md new file mode 100644 index 0000000000..0df4f7d85a --- /dev/null +++ b/es/starter/examples.md @@ -0,0 +1,22 @@ +--- +layout: page +title: Express examples +description: Explore a collection of Express.js application examples covering various use cases, integrations, and advanced configurations to help you learn and build your projects. +menu: starter +lang: en +redirect_from: " " +--- + +{% capture examples %}{% include readmes/express-master/examples.md %}{% endcapture %} +{{ examples | replace: "](.", "](https://github.com/expressjs/express/tree/master/examples" }} + +## Additional examples + +These are some additional examples with more extensive integrations. + +{% include community-caveat.html %} + +- [prisma-fullstack](https://github.com/prisma/prisma-examples/tree/latest/pulse/fullstack-simple-chat) - Fullstack app with Express and Next.js using [Prisma](https://www.npmjs.com/package/prisma) as an ORM +- [prisma-rest-api-ts](https://github.com/prisma/prisma-examples/tree/latest/orm/express) - REST API with Express in TypeScript using [Prisma](https://www.npmjs.com/package/prisma) as an ORM + +### [Previous: Static Files ](/{{ page.lang }}/starter/static-files.html) [Next: FAQ ](/{{ page.lang }}/starter/faq.html) diff --git a/es/starter/faq.md b/es/starter/faq.md old mode 100755 new mode 100644 index a46c4ebbae..e8e15d9199 --- a/es/starter/faq.md +++ b/es/starter/faq.md @@ -1,28 +1,27 @@ --- layout: page title: Preguntas más frecuentes sobre Express +description: Find answers to frequently asked questions about Express.js, including topics on application structure, models, authentication, template engines, error handling, and more. menu: starter -lang: es -description: Find answers to frequently asked questions about Express.js, including - topics on application structure, models, authentication, template engines, error - handling, and more. +lang: en +redirect_from: " " --- # Preguntas más frecuentes -## ¿Cómo debo estructurar mi aplicación? +## How should I structure my application? -No hay una respuesta definitiva a esta pregunta. La respuesta depende de la escala de la aplicación y del equipo implicado. Para ser lo más flexible posible, Express no realiza suposiciones en cuanto a la estructura. +There is no definitive answer to this question. La respuesta depende de la escala de la aplicación y del equipo implicado. Para ser lo más flexible posible, Express no realiza suposiciones en cuanto a la estructura. Las rutas y otra lógica específica de la aplicación puede residir en tantos archivos como desee, con la estructura de directorios que prefiera. Vea los siguientes ejemplos como inspiración: -* [Listas de rutas](https://github.com/expressjs/express/blob/4.13.1/examples/route-separation/index.js#L32-47) -* [Correlación de rutas](https://github.com/expressjs/express/blob/4.13.1/examples/route-map/index.js#L52-L66) -* [Controladores de estilo MVC](https://github.com/expressjs/express/tree/master/examples/mvc) +- [Listas de rutas](https://github.com/expressjs/express/blob/4.13.1/examples/route-separation/index.js#L32-47) +- [Correlación de rutas](https://github.com/expressjs/express/blob/4.13.1/examples/route-map/index.js#L52-L66) +- [Controladores de estilo MVC](https://github.com/expressjs/express/tree/master/examples/mvc) Asimismo, hay extensiones de terceros para Express, que simplifican algunos de estos patrones: -* [express-resource](https://github.com/expressjs/express-resource) +- [express-resource](https://github.com/expressjs/express-resource) ## ¿Cómo debo definir los modelos? @@ -32,25 +31,29 @@ Consulte [LoopBack](http://loopback.io) para ver una infraestructura basada en E ## ¿Cómo puedo autenticar los usuarios? -La autenticación es otra área rígida en la que no entra Express. Puede utilizar el esquema de autenticación que desee. +La autenticación es otra área rígida en la que no entra Express. Puede utilizar el esquema de autenticación que desee. Para ver un esquema simple de nombre de usuario/contraseña, consulte [este ejemplo](https://github.com/expressjs/express/tree/master/examples/auth). - ## ¿A qué motor de plantilla da soporte Express? Express da soporte a cualquier motor de plantilla que cumpla la firma `(path, locals, callback)`. Para normalizar las interfaces de motor de plantilla y el almacenamiento en memoria caché, consulte el proyecto [consolidate.js](https://github.com/visionmedia/consolidate.js) para ver el soporte. Otros motores de plantilla que no aparezcan en la lista también pueden dar soporte a la firma de Express. -## ¿Cómo puedo manejar las respuestas 404? +For more information, see [Using template engines with Express](/{{page.lang}}/guide/using-template-engines.html). + +## How do I handle 404 responses? En Express, las respuestas 404 no son el resultado de un error, por lo que el middleware de manejador de errores no las capturará. Este comportamiento se debe a que una respuesta 404 simplemente indica la ausencia de trabajo adicional pendiente; es decir, Express ha ejecutado todas las rutas y funciones de middleware, y ha comprobado que ninguna de ellas responde. Lo único que debe hacer es añadir una función de middleware al final de la pila (debajo de las demás funciones) para manejar una respuesta 404: ```js app.use((req, res, next) => { - res.status(404).send('Sorry cant find that!') + res.status(404).send("Sorry can't find that!") }) ``` +Add routes dynamically at runtime on an instance of `express.Router()` +so the routes are not superseded by a middleware function. + ## ¿Cómo configuro un manejador de errores? El middleware de manejo de errores se define de la misma forma que otro middleware, excepto con cuatro argumentos en lugar de tres; específicamente con la firma `(err, req, res, next)`: @@ -69,3 +72,10 @@ Para obtener más información, consulte [Manejo de errores](/{{ page.lang }}/gu De ninguna manera. No es necesario "representar" HTML con la función `res.render()`. Si tiene un archivo específico, utilice la función `res.sendFile()`. Para el servicio de muchos activos desde un directorio, utilice la función de middleware `express.static()`. + +## What version of Node.js does Express require? + +- [Express 4.x](/{{ page.lang }}/4x/api.html) requires Node.js 0.10 or higher. +- [Express 5.x](/{{ page.lang }}/5x/api.html) requires Node.js 18 or higher. + +### [Previous: More examples ](/{{ page.lang }}/starter/examples.html) diff --git a/es/starter/generator.md b/es/starter/generator.md old mode 100755 new mode 100644 index d6fb3afd0b..85dffda2c9 --- a/es/starter/generator.md +++ b/es/starter/generator.md @@ -1,20 +1,27 @@ --- layout: page title: Generador de aplicaciones Express +description: Learn how to use the Express application generator tool to quickly create a skeleton for your Express.js applications, streamlining setup and configuration. menu: starter -lang: es -description: Learn how to use the Express application generator tool to quickly create - a skeleton for your Express.js applications, streamlining setup and configuration. +lang: en +redirect_from: " " --- # Generador de aplicaciones Express Utilice la herramienta de generador de aplicaciones, `express`, para crear rápidamente un esqueleto de aplicación. -Instale `express` con el siguiente mandato: +You can run the application generator with the `npx` command (available in Node.js 8.2.0). ```bash -$ npm install express-generator -g +$ npx express-generator +``` + +For earlier Node versions, install the application generator as a global npm package and then launch it: + +```bash +$ npm install -g express-generator +$ express ``` Muestre las opciones de mandato con la opción `-h`: @@ -22,7 +29,7 @@ Muestre las opciones de mandato con la opción `-h`: ```bash $ express -h - Usage: express [options][dir] + Usage: express [options] [dir] Options: @@ -33,8 +40,8 @@ $ express -h --pug add pug engine support -H, --hogan add hogan.js engine support --no-view generate without view engine - -v, --view <engine> add view <engine> support (ejs|hbs|hjs|jade|pug|twig|vash) (defaults to jade) - -c, --css <engine> add stylesheet <engine> support (less|stylus|compass|sass) (defaults to plain css) + -v, --viewadd view support (ejs|hbs|hjs|jade|pug|twig|vash) (defaults to jade) + -c, --css add stylesheet support (less|stylus|compass|sass) (defaults to plain css) --git add .gitignore -f, --force force on non-empty directory ``` @@ -82,9 +89,15 @@ En Windows, utilice este mandato: > set DEBUG=myapp:* & npm start ``` +On Windows PowerShell, use this command: + +```bash +PS> $env:DEBUG='myapp:*'; npm start +``` + A continuación, cargue `http://localhost:3000/` en el navegador para acceder a la aplicación. -La aplicación generada tiene la siguiente estructura de directorios: +The generated app has the following directory structure: ```bash . @@ -111,3 +124,5 @@ La aplicación generada tiene la siguiente estructura de directorios: La estructura de la aplicación creada por el generador es sólo una de las muchas formas de estructurar las aplicaciones Express. Puede utilizar esta estructura o modificarla según sus necesidades.+ +### [Previous: Hello World ](/{{ page.lang }}/starter/hello-world.html) [Next: Basic routing](/{{ page.lang }}/starter/basic-routing.html) diff --git a/es/starter/hello-world.md b/es/starter/hello-world.md old mode 100755 new mode 100644 index 8786f259b1..6df6cf6912 --- a/es/starter/hello-world.md +++ b/es/starter/hello-world.md @@ -1,10 +1,10 @@ --- layout: page title: Ejemplo "Hello World" de Express +description: Get started with Express.js by building a simple 'Hello World' application, demonstrating the basic setup and server creation for beginners. menu: starter -lang: es -description: Get started with Express.js by building a simple 'Hello World' application, - demonstrating the basic setup and server creation for beginners. +lang: en +redirect_from: " " --- # Ejemplo Hello world @@ -13,10 +13,6 @@ description: Get started with Express.js by building a simple 'Hello World' appl Esta es básicamente la aplicación Express más sencilla que puede crear. Es una aplicación de archivo simple — *no* lo que obtendrá si utiliza el [generador de Express](/{{ page.lang }}/starter/generator.html), que crea el andamiaje para una aplicación completa con varios archivos JavaScript, plantillas Jade y subdirectorios para distintos propósitos.`req` (solicitud) y `res` (respuesta) son exactamente los mismos objetos que proporciona Node, por lo que puede invocar `req.pipe()`, `req.on('data', callback)` y cualquier otro objeto que invocaría sin estar Express implicado. @@ -45,3 +47,4 @@ $ node app.js A continuación, cargue [http://localhost:3000/](http://localhost:3000/) en un navegador para ver la salida. +### [Previous: Installing ](/{{ page.lang }}/starter/installing.html) [Next: Express Generator ](/{{ page.lang }}/starter/generator.html) diff --git a/es/starter/installing.md b/es/starter/installing.md old mode 100755 new mode 100644 index 43ea990dbb..eb2ca045ae --- a/es/starter/installing.md +++ b/es/starter/installing.md @@ -1,16 +1,19 @@ --- layout: page title: Instalación de Express +description: Learn how to install Express.js in your Node.js environment, including setting up your project directory and managing dependencies with npm. menu: starter -lang: es -description: Learn how to install Express.js in your Node.js environment, including - setting up your project directory and managing dependencies with npm. +lang: en +redirect_from: " " --- # Instalación Suponiendo que ya ha instalado [Node.js](https://nodejs.org/), cree un directorio para que contenga la aplicación y conviértalo en el directorio de trabajo. +- [Express 4.x](/{{ page.lang }}/4x/api.html) requires Node.js 0.10 or higher. +- [Express 5.x](/{{ page.lang }}/5x/api.html) requires Node.js 18 or higher. + ```bash $ mkdir myapp $ cd myapp @@ -26,25 +29,26 @@ $ npm init Este mandato solicita varios elementos como, por ejemplo, el nombre y la versión de la aplicación. Por ahora, sólo tiene que pulsar INTRO para aceptar los valores predeterminados para la mayoría de ellos, con la siguiente excepción: -```bash +``` entry point: (index.js) ``` Especifique `app.js` o el nombre que desee para el archivo principal. Si desea que sea `index.js`, pulse INTRO para aceptar el nombre de archivo predeterminado recomendado. -A continuación, instale Express en el directorio `myapp` y guárdelo en la lista de dependencias. Por ejemplo: +A continuación, instale Express en el directorio `myapp` y guárdelo en la lista de dependencias. For example: ```bash -$ npm install express --save +$ npm install express ``` Para instalar Express temporalmente y no añadirlo a la lista de dependencias, omita la opción `--save`: ```bash -$ npm install express +$ npm install express --no-save ```diff --git a/fr/4x/api.md b/fr/4x/api.md old mode 100755 new mode 100644 index 89327e1a51..0ce14005a6 --- a/fr/4x/api.md +++ b/fr/4x/api.md @@ -2,27 +2,26 @@ layout: api version: 4x title: Express 4.x - Référence de l'API +description: Access the API reference for Express.js 4.x, detailing all modules, methods, and properties for building web applications with this version. lang: fr -description: Access the API reference for Express.js 4.x, detailing all modules, methods, - and properties for building web applications with this version. +redirect_from: " " --- +-Los módulos de Node que se instalan con la opción `--save` se añaden a la lista `dependencies` en el archivo `package.json`. -Posteriormente, si ejecuta `npm install` en el directorio `app`, los módulos se instalarán automáticamente en la lista de dependencias. +Los módulos de Node que se instalan con la opción `--save` se añaden a la lista `dependencies` en el archivo `package.json`. Posteriormente, si ejecuta `npm install` en el directorio `app`, los módulos se instalarán automáticamente en la lista de dependencias.+ +### [Next: Hello World ](/{{ page.lang }}/starter/hello-world.html) \ No newline at end of file diff --git a/es/starter/static-files.md b/es/starter/static-files.md old mode 100755 new mode 100644 index 45ed04083a..827dbc6c76 --- a/es/starter/static-files.md +++ b/es/starter/static-files.md @@ -1,17 +1,26 @@ --- layout: page title: Servicio de archivos estáticos en Express +description: Understand how to serve static files like images, CSS, and JavaScript in Express.js applications using the built-in 'static' middleware. menu: starter -lang: es -description: Understand how to serve static files like images, CSS, and JavaScript - in Express.js applications using the built-in 'static' middleware. +lang: en +redirect_from: " " --- # Servicio de archivos estáticos en Express Para el servicio de archivos estáticos como, por ejemplo, imágenes, archivos CSS y archivos JavaScript, utilice la función de middleware incorporado `express.static` de Express. -Pase el nombre del directorio que contiene los activos estáticos a la función de middleware `express.static` para empezar directamente el servicio de los archivos. Por ejemplo, utilice el siguiente código para el servicio de imágenes, archivos CSS y archivos JavaScript en un directorio denominado `public`: +The function signature is: + +```js +express.static(root, [options]) +``` + +The `root` argument specifies the root directory from which to serve static assets. +For more information on the `options` argument, see [express.static](/{{page.lang}}/4x/api.html#express.static). + +Por ejemplo, utilice el siguiente código para el servicio de imágenes, archivos CSS y archivos JavaScript en un directorio denominado `public`: ```js app.use(express.static('public')) @@ -40,6 +49,11 @@ app.use(express.static('files')) Express busca los archivos en el orden en el que se definen los directorios estáticos con la función de middleware `express.static`. +{% capture alert_content %} +For best results, [use a reverse proxy](/{{page.lang}}/advanced/best-practice-performance.html#use-a-reverse-proxy) cache to improve performance of serving static assets. +{% endcapture %} +{% include admonitions/note.html content=alert_content %} + Para crear un prefijo de vía de acceso virtual (donde la vía de acceso no existe realmente en el sistema de archivos) para los archivos a los que da servicio la función `express.static`, [especifique una vía de acceso de montaje](/{{ page.lang }}/4x/api.html#app.use) para el directorio estático, como se muestra a continuación: ```js @@ -62,3 +76,7 @@ No obstante, la vía de acceso que proporciona a la función `express.static` es const path = require('path') app.use('/static', express.static(path.join(__dirname, 'public'))) ``` + +For more details about the `serve-static` function and its options, see [serve-static](/resources/middleware/serve-static.html). + +### [Previous: Basic Routing ](/{{ page.lang }}/starter/basic-routing.html) [Next: More examples ](/{{ page.lang }}/starter/examples.html) diff --git a/es/support/index.md b/es/support/index.md index 206af52617..018767928f 100644 --- a/es/support/index.md +++ b/es/support/index.md @@ -1,8 +1,9 @@ --- layout: page title: Version Support +description: Find information about the support schedule for different Express.js versions, including which versions are currently maintained and end-of-life policies. menu: support -lang: es +lang: en --- # Version Support @@ -11,17 +12,17 @@ Only the latest version of any given major release line is supported. Versions that are EOL (end-of-life) _may_ receive updates for critical security vulnerabilities, but the Express team offers no guarantee and does not plan to address or release fixes for any issues found. -| Major Version | Minimum Node.js Version | Support Start Date | Support End Date | -| -- | -- | -- | -- | -| [**v5.x**{: .supported }](/{{page.lang}}/5x/api.html){: .ignore-underline} | 18 | September 2024 | **ongoing**{: .supported } | -| [**v4.x**{: .supported }](/{{page.lang}}/4x/api.html){: .ignore-underline} | 0.10.0 | April 2014 | **ongoing**{: .supported } | -| [**v3.x**{: .eol }](/{{page.lang}}/3x/api.html){: .ignore-underline} | 0.8.0 | October 2012 | July 2015 | -| [**v2.x**{: .eol }](/2x/){: .ignore-underline} | 0.4.1 | March 2011 | July 2012 | -| **v1.x**{: .eol } | 0.2.0 | December 2010 | March 2011 | -| **v0.14.x**{: .eol } | 0.1.98 | December 2010 | December 2010 | +| Major Version | Minimum Node.js Version | Support Start Date | Support End Date | +| ---------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------- | ------------------ | ---------------------------------------------------------- | +| [**v5.x**{: .supported }](/{{page.lang}}/5x/api.html){: .ignore-underline} | 18 | September 2024 | **ongoing**{: .supported } | +| [**v4.x**{: .supported }](/{{page.lang}}/4x/api.html){: .ignore-underline} | 0.10.0 | April 2014 | **ongoing**{: .supported } | +| [**v3.x**{: .eol }](/{{page.lang}}/3x/api.html){: .ignore-underline} | 0.8.0 | October 2012 | July 2015 | +| [**v2.x**{: .eol }](/2x/){: .ignore-underline} | 0.4.1 | March 2011 | July 2012 | +| **v1.x**{: .eol } | 0.2.0 | December 2010 | March 2011 | +| **v0.14.x**{: .eol } | 0.1.98 | December 2010 | December 2010 | ## Commercial Support Options If you are unable to update to a supported version of Express, please contact one of our partners to receive security updates: - - [HeroDevs Never-Ending Support](http://www.herodevs.com/support/express-nes?utm_source=expressjs&utm_medium=link&utm_campaign=express_eol_page) +- [HeroDevs Never-Ending Support](http://www.herodevs.com/support/express-nes?utm_source=expressjs&utm_medium=link&utm_campaign=express_eol_page) diff --git a/fr/3x/api.md b/fr/3x/api.md old mode 100755 new mode 100644 index f9bd651fcf..46084808cd --- a/fr/3x/api.md +++ b/fr/3x/api.md @@ -2,34 +2,25 @@ layout: api version: 3x title: Express 3.x - Référence de l'API +description: Access the API reference for Express.js version 3.x, noting that this version is end-of-life and no longer maintained - includes details on modules and methods. lang: fr -description: Access the API reference for Express.js version 3.x, noting that this - version is end-of-life and no longer maintained - includes details on modules and - methods. +redirect_from: " " --- +- - {% include api/en/3x/res.md %} +**Express 3.x N'EST PLUS PRIS EN CHARGE** - Les problèmes de performances et de sécurité connus et inconnus n'ont pas été traités depuis la dernière mise à jour (1er août 2015). Il est fortement recommandé d'utiliser la dernière version d'Express. -- -API 3.x
+Les problèmes de performances et de sécurité connus et inconnus n'ont pas été traités depuis la dernière mise à jour (1er août 2015). Il est fortement recommandé d'utiliser la dernière version d'Express. - - {% include api/en/3x/express.md %} +If you are unable to upgrade past 3.x, please consider [Commercial Support Options](/{{ page.lang }}/support#commercial-support-options). - - {% include api/en/3x/app.md %} - - - {% include api/en/3x/req.md %} +API 3.x
- - {% include api/en/3x/middleware.md %} + +{% include api/en/3x/app.md %}diff --git a/fr/5x/api.md b/fr/5x/api.md index 57cf546fbe..443fda6a67 100644 --- a/fr/5x/api.md +++ b/fr/5x/api.md @@ -2,18 +2,24 @@ layout: api version: 5x title: Express 5.x - Référence de l'API +description: Access the API reference for Express.js 5.x, detailing all modules, methods, and properties for building web applications with this latest version. lang: fr -description: Access the API reference for Express.js 5.x, detailing all modules, methods, - and properties for building web applications with this latest version. +redirect_from: " " ---API 4.x
- - {% include api/en/4x/express.md %} +{% capture node-version %} - - {% include api/en/4x/app.md %} +``` +Express 4.0 requires Node.js 0.10 or higher. +``` - - {% include api/en/4x/req.md %} +{% endcapture %} - - {% include api/en/4x/res.md %} +{% include admonitions/note.html content=node-version %} - - {% include api/en/4x/router.md %} + +{% include api/en/4x/app.md %}5.x API
-{% include admonitions/caution.html content="This is early beta documentation that may be incomplete and is still under development." %} +{% capture node-version %} -{% include admonitions/note.html content="Express 5.0 requires Node.js 18 or higher." %} +``` +Express 5.0 requires Node.js 18 or higher. +``` + +{% endcapture %} + +{% include admonitions/note.html content=node-version %} {% include api/en/5x/express.md %} {% include api/en/5x/app.md %} diff --git a/fr/advanced/best-practice-performance.md b/fr/advanced/best-practice-performance.md old mode 100755 new mode 100644 index 90ed247ce7..56fd3b1536 --- a/fr/advanced/best-practice-performance.md +++ b/fr/advanced/best-practice-performance.md @@ -1,35 +1,39 @@ --- layout: page -title: Meilleures pratiques en termes de performances pour l'utilisation d'Express - en production +title: Meilleures pratiques en termes de performances pour l'utilisation d'Express en production +description: Discover performance and reliability best practices for Express apps in production, covering code optimizations and environment setups for optimal performance. menu: advanced lang: fr -description: Discover performance and reliability best practices for Express apps - in production, covering code optimizations and environment setups for optimal performance. +redirect_from: " " --- # Meilleures pratiques en production : performances et fiabilité -## Présentation - Cet article traite des meilleures pratiques en termes de performances et de fiabilité pour les applications Express déployées en production. La présente rubrique s'inscrit clairement dans le concept "devops", qui couvre à la fois le développement traditionnel et l'exploitation. Ainsi, les informations se divisent en deux parties : -* [A faire dans votre code](#code) (partie développement, "dev"). -* [A faire dans votre environnement/configuration](#env) (partie exploitation, "ops"). - - +- Things to do in your code (the dev part): + - Utiliser le middleware pour exploiter les fichiers statiques + - [Asynchronous Error Handling in Express with Promises, Generators and ES7](https://web.archive.org/web/20240000000000/https://strongloop.com/strongblog/async-error-handling-expressjs-es7-promises-generators/) + - [Do logging correctly](#do-logging-correctly) + - Traiter correctement les exceptions +- [A faire dans votre environnement/configuration](#env) (partie exploitation, "ops"). + - Définir NODE_ENV sur "production" + - Vérifier que votre application redémarre automatiquement + - Exécuter votre application dans un cluster + - [Cache request results](#cache-request-results) + - Utilisation de StrongLoop PM avec un équilibreur de charge Nginx + - Encore mieux, utilisez un proxy inverse pour exploiter les fichiers statiques ; pour plus d'informations, voir [Utiliser un proxy inverse](#proxy). ## A faire dans votre code Les actions suivantes peuvent être réalisées dans votre code afin d'améliorer les performances de votre application : -* Utiliser la compression gzip -* Ne pas utiliser les fonctions synchrones -* Utiliser le middleware pour exploiter les fichiers statiques -* Procéder à une journalisation correcte -* Traiter correctement les exceptions +- Utiliser le middleware pour exploiter les fichiers statiques +- [Asynchronous Error Handling in Express with Promises, Generators and ES7](https://web.archive.org/web/20240000000000/https://strongloop.com/strongblog/async-error-handling-expressjs-es7-promises-generators/) +- [Do logging correctly](#do-logging-correctly) +- Traiter correctement les exceptions ### Utiliser la compression gzip @@ -39,6 +43,7 @@ La compression Gzip peut considérablement réduire la taille du corps de répon const compression = require('compression') const express = require('express') const app = express() + app.use(compression()) ``` @@ -50,19 +55,11 @@ Les fonctions et les méthodes synchrones ralentissent le processus d'exécution Bien que Node et plusieurs modules mettent à disposition les versions synchrone et asynchrone de leurs fonctions, utilisez toujours la version asynchrone en production. L'utilisation d'une fonction synchrone n'est justifiée que lors du démarrage initial. -Si vous utilisez Node.js 4.0+ ou io.js 2.1.0+, vous pouvez utiliser l'option de ligne de commande `--trace-sync-io` pour imprimer un avertissement et une trace de pile chaque fois que votre application utilise une API synchrone. Bien entendu vous n'utiliserez pas réellement cette option en production, mais plutôt pour vérifier que votre code est prêt pour la phase production. Pour plus d'informations, voir [Weekly update for io.js 2.1.0](https://nodejs.org/en/blog/weekly-updates/weekly-update.2015-05-22/#2-1-0). - -### Utiliser le middleware pour exploiter les fichiers statiques - -En développement, vous pouvez utiliser [res.sendFile()](/{{ page.lang }}/4x/api.html#res.sendFile) pour exploiter les fichiers statiques. Ne l'utilisez toutefois pas en production, car cette fonction doit lire le système de fichiers pour chaque demande de fichier ; elle se heurterait à des temps d'attente importants qui affecteraient les performances globales de l'application. Notez que `res.sendFile()` n'est *pas* implémentée avec l'appel système [sendfile](http://linux.die.net/man/2/sendfile), qui la rendrait beaucoup plus efficace. - -Utilisez plutôt le middleware [serve-static](https://www.npmjs.com/package/serve-static) (ou tout middleware équivalent), qui est optimisé pour l'utilisation des fichiers dans les applications Express. - -Encore mieux, utilisez un proxy inverse pour exploiter les fichiers statiques ; pour plus d'informations, voir [Utiliser un proxy inverse](#proxy). +You can use the `--trace-sync-io` command-line flag to print a warning and a stack trace whenever your application uses a synchronous API. Bien entendu vous n'utiliserez pas réellement cette option en production, mais plutôt pour vérifier que votre code est prêt pour la phase production. Pour plus d'informations, voir [Weekly update for io.js 2.1.0](https://nodejs.org/en/blog/weekly-updates/weekly-update.2015-05-22/#2-1-0). ### Procéder à une journalisation correcte -En règle générale, vous utilisez la journalisation à partir de votre application à deux fins : le débogage et la journalisation de l'activité de votre application (principalement tout le reste). L'utilisation de `console.log()` ou de `console.err()` pour imprimer des messages de journal sur le terminal est une pratique courante en développement. Cependant, [ces fonctions sont synchrones](https://nodejs.org/api/console.html#console_console_1) lorsque la destination est un terminal ou un fichier ; elles ne conviennent donc pas en production, à moins que vous ne dirigiez la sortie vers un autre programme. +En règle générale, vous utilisez la journalisation à partir de votre application à deux fins : le débogage et la journalisation de l'activité de votre application (principalement tout le reste). L'utilisation de `console.log()` ou de `console.err()` pour imprimer des messages de journal sur le terminal est une pratique courante en développement. But [these functions are synchronous](https://nodejs.org/api/console.html#console) when the destination is a terminal or a file, so they are not suitable for production, unless you pipe the output to another program. #### Pour le débogage @@ -70,9 +67,7 @@ Si vous utilisez la journalisation à des fins de débogage, utilisez un module #### Pour journaliser l'activité de votre application -Si vous journalisez l'activité de votre application (par exemple, pour suivre le trafic ou les appels API), utilisez une bibliothèque de journalisation telle que [Winston](https://www.npmjs.com/package/winston) ou [Bunyan](https://www.npmjs.com/package/bunyan) plutôt que d'utiliser `console.log()`. Pour obtenir une comparaison détaillée de ces deux bibliothèques, consultez l'article StrongLoop intitulé [Comparing Winston and Bunyan Node.js Logging](https://web.archive.org/web/20240000000000/https://strongloop.com/strongblog/compare-node-js-logging-winston-bunyan/). - - +If you're logging app activity (for example, tracking traffic or API calls), instead of using `console.log()`, use a logging library like [Pino](https://www.npmjs.com/package/pino), which is the fastest and most efficient option available. ### Traiter correctement les exceptions @@ -80,32 +75,19 @@ Les applications Node plantent lorsqu'elles tombent sur une exception non interc Pour vérifier que vous traitez toutes les exceptions, procédez comme suit : -* [Utiliser try-catch](#try-catch) -* [Utiliser des promesses](#promises) +- [Utiliser try-catch](#try-catch) +- [Utiliser des promesses](#promises) Avant de s'immerger dans les rubriques qui suivent, il est conseillé de posséder des connaissances de base concernant le traitement des erreurs Node/Express, à savoir l'utilisation des rappels "error-first" et la propagation des erreurs dans le middleware. Node utilise la convention de "rappel error-first" pour renvoyer les erreurs issues des fonctions asynchrones, dans laquelle le premier paramètre de la fonction callback est l'objet error, suivi par les données de résultat dans les paramètres suivants. Pour n'indiquer aucune erreur, indiquez null comme premier paramètre. La fonction de rappel doit suivre la convention de rappel "error-first" de sorte à traiter l'erreur de manière significative. Dans Express, la meilleure pratique consiste à utiliser la fonction next() pour propager les erreurs via la chaîne du middleware. Pour plus d'informations sur les bases du traitement des erreurs, voir : -* [Error Handling in Node.js](https://www.tritondatacenter.com/node-js/production/design/errors) -* [Building Robust Node Applications: Error Handling](https://web.archive.org/web/20240000000000/https://strongloop.com/strongblog/robust-node-applications-error-handling/) (blogue StrongLoop) - -#### A ne pas faire - -Vous ne devriez *pas* écouter l'événement `uncaughtException`, émis lorsqu'une exception remonte vers la boucle d'événements. L'ajout d'un programme d'écoute d'événement pour `uncaughtException` va modifier le comportement par défaut du processus qui rencontre une exception ; le processus va continuer à s'exécuter malgré l'exception. Cela pourrait être un bon moyen d'empêcher votre application de planter, mais continuer à exécuter l'application après une exception non interceptée est une pratique dangereuse qui n'est pas recommandée, étant donné que l'état du processus devient peu fiable et imprévisible. - -De plus, l'utilisation d'`uncaughtException` est officiellement reconnue comme étant [rudimentaire](https://nodejs.org/api/process.html#process_event_uncaughtexception) et il a été [proposé](https://github.com/nodejs/node-v0.x-archive/issues/2582) de le supprimer. Ecouter `uncaughtException` n'est qu'une mauvaise idée. Voilà pourquoi nous recommandons d'utiliser plusieurs processus et superviseurs à la place : faire planter son application et la redémarrer est souvent plus sûr que de la restaurer après une erreur. - -L'utilisation de [domain](https://nodejs.org/api/domain.html) n'est également pas recommandée. Ce module obsolète ne résout globalement pas le problème. - - +- [Error Handling in Node.js](https://www.tritondatacenter.com/node-js/production/design/errors) #### Utiliser try-catch Try-catch est un élément de langage JavaScript que vous pouvez utiliser pour intercepter les exceptions dans le code synchrone. Utilisez try-catch pour traiter les erreurs d'analyse JSON, comme indiqué ci-dessous, par exemple. -Utilisez un outil tel que [JSHint](http://jshint.com/) ou [JSLint](http://www.jslint.com/) pour vous aider à identifier les exceptions implicites comme les [erreurs de référence dans les variables non définies](http://www.jshint.com/docs/options/#undef). - Voici un exemple d'utilisation de try-catch pour traiter une exception potentielle de plantage de processus. Cette fonction middleware accepte un paramètre de zone de requête nommé "params" qui est un objet JSON. @@ -126,85 +108,70 @@ app.get('/search', (req, res) => { Toutefois, try-catch ne fonctionne que dans le code synchrone. Etant donné que la plateforme Node est principalement asynchrone (en particulier dans un environnement de production), try-catch n'interceptera pas beaucoup d'exceptions. - - #### Utiliser des promesses -Les promesses vont traiter n'importe quelle exception (explicite et implicite) dans les blocs de code asynchrone qui utilisent `then()`. Contentez-vous d'ajouter `.catch(next)` à la fin des chaînes de promesse. Par exemple : +When an error is thrown in an `async` function or a rejected promise is awaited inside an `async` function, those errors will be passed to the error handler as if calling `next(err)` ```js -app.get('/', (req, res, next) => { - // do some sync stuff - queryDb() - .then((data) => makeCsv(data)) // handle data - .then((csv) => { /* handle csv */ }) - .catch(next) +app.get('/', async (req, res, next) => { + const data = await userData() // If this promise fails, it will automatically call `next(err)` to handle the error. + + res.send(data) }) app.use((err, req, res, next) => { - // handle error + res.status(err.status ?? 500).send({ error: err.message }) }) ``` -Toutes les erreurs asynchrones et synchrones sont à présent propagées vers le middleware de traitement des erreurs. - -Observez toutefois les deux avertissements suivants : - -1. L'intégralité de votre code asynchrone doit renvoyer des promesses (à l'exception des émetteurs). Si une bibliothèque spécifique ne renvoie pas de promesses, convertissez l'objet de base à l'aide d'une fonction d'aide telle que [Bluebird.promisifyAll()](http://bluebirdjs.com/docs/api/promise.promisifyall.html). -2. Les émetteurs d'événements (comme les flux) peuvent toujours générer des exceptions non interceptées. Veillez donc à traiter l'événement d'erreur de manière appropriée ; par exemple : +Also, you can use asynchronous functions for your middleware, and the router will handle errors if the promise fails, for example: ```js -const wrap = fn => (...args) => fn(...args).catch(args[2]) +app.use(async (req, res, next) => { + req.locals.user = await getUser(req) -app.get('/', wrap(async (req, res, next) => { - const company = await getCompanyById(req.query.id) - const stream = getLogoStreamById(company.id) - stream.on('error', next).pipe(res) -})) + next() // This will be called if the promise does not throw an error. +}) ``` -Pour plus d'informations sur le traitement des erreurs à l'aide de promesses, voir : +Best practice is to handle errors as close to the site as possible. So while this is now handled in the router, it’s best to catch the error in the middleware and handle it without relying on separate error-handling middleware. -* [Asynchronous Error Handling in Express with Promises, Generators and ES7](https://web.archive.org/web/20240000000000/https://strongloop.com/strongblog/async-error-handling-expressjs-es7-promises-generators/) -* [Promises in Node.js with Q – An Alternative to Callbacks](https://web.archive.org/web/20240000000000/https://strongloop.com/strongblog/promises-in-node-js-with-q-an-alternative-to-callbacks/) +#### A ne pas faire - +Vous ne devriez _pas_ écouter l'événement `uncaughtException`, émis lorsqu'une exception remonte vers la boucle d'événements. L'ajout d'un programme d'écoute d'événement pour `uncaughtException` va modifier le comportement par défaut du processus qui rencontre une exception ; le processus va continuer à s'exécuter malgré l'exception. Cela pourrait être un bon moyen d'empêcher votre application de planter, mais continuer à exécuter l'application après une exception non interceptée est une pratique dangereuse qui n'est pas recommandée, étant donné que l'état du processus devient peu fiable et imprévisible. -## A faire dans votre environnement/configuration +De plus, l'utilisation d'`uncaughtException` est officiellement reconnue comme étant [rudimentaire](https://nodejs.org/api/process.html#process_event_uncaughtexception) et il a été [proposé](https://github.com/nodejs/node-v0.x-archive/issues/2582) de le supprimer. Ecouter `uncaughtException` n'est qu'une mauvaise idée. Voilà pourquoi nous recommandons d'utiliser plusieurs processus et superviseurs à la place : faire planter son application et la redémarrer est souvent plus sûr que de la restaurer après une erreur. + +L'utilisation de [domain](https://nodejs.org/api/domain.html) n'est également pas recommandée. Ce module obsolète ne résout globalement pas le problème. + +## Things to do in your environment / setup + +{#in-environment} Les actions suivantes peuvent être réalisées dans votre environnement système afin d'améliorer les performances de votre application : -* Définir NODE_ENV sur "production" -* Vérifier que votre application redémarre automatiquement -* Exécuter votre application dans un cluster -* Mettre en cache les résultats d'une demande -* Utiliser un équilibreur de charge -* Utiliser un proxy inverse +- Définir NODE_ENV sur "production" +- Vérifier que votre application redémarre automatiquement +- Exécuter votre application dans un cluster +- [Cache request results](#cache-request-results) +- Utilisation de StrongLoop PM avec un équilibreur de charge Nginx +- Encore mieux, utilisez un proxy inverse pour exploiter les fichiers statiques ; pour plus d'informations, voir [Utiliser un proxy inverse](#proxy). ### Définir NODE_ENV sur "production" -La variable d'environnement NODE_ENV spécifie l'environnement dans lequel une application s'exécute (en règle générale, développement ou production). Le moyen le plus simple d'améliorer vos performances consiste à définir NODE_ENV sur "production." +La variable d'environnement NODE_ENV spécifie l'environnement dans lequel une application s'exécute (en règle générale, développement ou production). One of the simplest things you can do to improve performance is to set NODE_ENV to `production`. En définissant NODE_ENV sur "production", Express : -* Met en cache les modèles d'affichage. -* Met en cache les fichiers CSS générés à partir d'extensions CSS. -* Génère moins de messages d'erreur prolixes. +- Met en cache les modèles d'affichage. +- Met en cache les fichiers CSS générés à partir d'extensions CSS. +- Génère moins de messages d'erreur prolixes. -[Les tests indiquent](http://apmblog.dynatrace.com/2015/07/22/the-drastic-effects-of-omitting-node_env-in-your-express-js-applications/) que ce simple paramétrage peut multiplier les performances d'application par trois ! +[Tests indicate](https://www.dynatrace.com/news/blog/the-drastic-effects-of-omitting-node-env-in-your-express-js-applications/) that just doing this can improve app performance by a factor of three! Si vous avez besoin d'écrire du code spécifique à un environnement, vous pouvez vérifier la valeur de NODE_ENV avec `process.env.NODE_ENV`. Sachez que la vérification de la valeur de n'importe quelle variable d'environnement pénalise les performances et devrait donc être effectuée avec modération. -En développement, vous définissez généralement les variables d'environnement dans votre shell interactif, à l'aide de `export` ou de votre fichier `.bash_profile` par exemple. Il n'est toutefois pas conseillé de le faire sur un serveur de production ; utilisez plutôt le système init de votre système d'exploitation (systemd ou Upstart). La section qui suit fournit des détails sur l'utilisation de votre système init en général, mais la définition de NODE_ENV est tellement importante pour les performances (et facile à réaliser), qu'elle est mise en évidence ici. - -Avec Upstart, utilisez le mot clé `env` dans votre fichier de travail. Par exemple : - -```sh -# /etc/init/env.conf - env NODE_ENV=production -``` - -Pour plus d'informations, voir [Upstart Intro, Cookbook and Best Practices](http://upstart.ubuntu.com/cookbook/#environment-variables). +En développement, vous définissez généralement les variables d'environnement dans votre shell interactif, à l'aide de `export` ou de votre fichier `.bash_profile` par exemple. But in general, you shouldn't do that on a production server; instead, use your OS's init system (systemd). La section qui suit fournit des détails sur l'utilisation de votre système init en général, mais la définition de NODE_ENV est tellement importante pour les performances (et facile à réaliser), qu'elle est mise en évidence ici. Avec systemd, utilisez la directive `Environment` dans votre fichier d'unité. Par exemple : @@ -213,16 +180,14 @@ Avec systemd, utilisez la directive `Environment` dans votre fichier d'unité. P Environment=NODE_ENV=production ``` -Pour plus d'informations, voir [Using Environment Variables In systemd Units](https://coreos.com/os/docs/latest/using-environment-variables-in-systemd-units.html). - -Si vous utilisez StrongLoop Process Manager, vous pouvez également [définir la variable d'environnement lorsque vous installez StrongLoop PM en tant que service](https://docs.strongloop.com/display/SLC/Setting+up+a+production+host#Settingupaproductionhost-Setenvironmentvariables). +For more information, see [Using Environment Variables In systemd Units](https://www.flatcar.org/docs/latest/setup/systemd/environment-variables/). ### Vérifier que votre application redémarre automatiquement En production, vous ne souhaitez jamais que votre application soit déconnectée. Vous devez donc veiller à ce qu'elle redémarre si elle plante et si le serveur plante. Même si vous espérez que cela n'arrive pas, vous devez en réalité considérer ces deux éventualités en : -* Utilisant un gestionnaire de processus pour redémarrer l'application (et Node) lorsqu'elle plante. -* Utilisant le système init fourni par votre système d'exploitation pour redémarrer le gestionnaire de processus lorsque le système d'exploitation plante. Vous pouvez également utiliser le système init sans gestionnaire de processus. +- Utilisant un gestionnaire de processus pour redémarrer l'application (et Node) lorsqu'elle plante. +- Utilisant le système init fourni par votre système d'exploitation pour redémarrer le gestionnaire de processus lorsque le système d'exploitation plante. Vous pouvez également utiliser le système init sans gestionnaire de processus. Les applications Node plantent si elles tombent sur une exception non interceptée. Avant toute chose, vérifiez que votre application est correctement testée et qu'elle traite toutes les exceptions (voir [Traiter correctement les exceptions](#exceptions) pour plus de détails). En cas d'échec, mettez en place un mécanisme qui garantit que si et lorsque votre application plante, elle redémarre automatiquement. @@ -232,54 +197,35 @@ En développement, vous avez simplement démarré votre application à partir de En plus de redémarrer votre application lorsqu'elle plante, un gestionnaire de processus peut vous permettre : -* De vous informer sur les performances d'exécution et la consommation des ressources. -* De modifier les paramètres de manière dynamique afin d'améliorer les performances. -* De contrôler la mise en cluster (StrongLoop PM et pm2). +- De vous informer sur les performances d'exécution et la consommation des ressources. +- De modifier les paramètres de manière dynamique afin d'améliorer les performances. +- Control clustering (pm2). -Les gestionnaires de processus les plus populaires pour Node sont les suivants : - -* [StrongLoop Process Manager](http://strong-pm.io/) -* [PM2](https://github.com/Unitech/pm2) -* [Forever](https://www.npmjs.com/package/forever) - -Pour obtenir une comparaison détaillée de ces trois gestionnaires de processus, voir [http://strong-pm.io/compare/](http://strong-pm.io/compare/). - -L'utilisation de l'un de ces trois gestionnaires de processus suffira à garder votre application active, même si elle plantera de temps en temps. - -StrongLoop PM possède un grand nombre de fonctionnalités qui ciblent en particulier le déploiement en production. Vous pouvez l'utiliser avec les outils StrongLoop associés pour : - -* Générer et mettre en package votre application en local, puis la déployer en toute sécurité sur votre système de production. -* Redémarrer automatiquement votre application si elle plante pour une raison quelconque. -* Gérer vos clusters à distance. -* Afficher les profils d'UC et les instantanés de segment de mémoire pour optimiser les performances et diagnostiquer les fuites de mémoire. -* Afficher les mesures de performance de votre application. -* Evoluer facilement vers plusieurs hôtes avec un contrôlé intégré de l'équilibreur de charge Nginx. - -Comme décrit ci-dessous, lorsque vous installez StrongLoop PM en tant que service de système d'exploitation à l'aide de votre système init, il redémarre automatiquement au redémarrage du système. Ainsi, vos processus applicatifs et vos clusters resteront toujours actifs. +Historically, it was popular to use a Node.js process manager like [PM2](https://github.com/Unitech/pm2). See their documentation if you wish to do this. However, we recommend using your init system for process management. #### Utiliser un système init -Le niveau de fiabilité suivant consiste à garantir que votre application redémarre lorsque le serveur redémarre. Les systèmes peuvent toujours tomber en panne pour divers motifs. Pour garantir que votre application redémarre si le serveur plante, utilisez le système init intégré à votre système d'exploitation. Les deux principaux systèmes init actuellement utilisés sont [systemd](https://wiki.debian.org/systemd) et [Upstart](http://upstart.ubuntu.com/). +Le niveau de fiabilité suivant consiste à garantir que votre application redémarre lorsque le serveur redémarre. Les systèmes peuvent toujours tomber en panne pour divers motifs. Pour garantir que votre application redémarre si le serveur plante, utilisez le système init intégré à votre système d'exploitation. The main init system in use today is [systemd](https://wiki.debian.org/systemd). Vous pouvez utiliser les systèmes init de deux manières dans votre application Express : -* Exécutez votre application dans un gestionnaire de processus, puis installez le gestionnaire de processus en tant que service avec le système init. Le gestionnaire de processus va redémarrer votre application lorsqu'elle plantera et le système init va redémarrer le gestionnaire de processus lorsque le système d'exploitation redémarrera. Il s'agit de la méthode recommandée. -* Exécutez votre application (et Node) directement avec le système init. Cette méthode est plus simple, mais vous ne profitez pas des avantages d'un gestionnaire de processus. +- Exécutez votre application dans un gestionnaire de processus, puis installez le gestionnaire de processus en tant que service avec le système init. Le gestionnaire de processus va redémarrer votre application lorsqu'elle plantera et le système init va redémarrer le gestionnaire de processus lorsque le système d'exploitation redémarrera. Il s'agit de la méthode recommandée. +- Exécutez votre application (et Node) directement avec le système init. Cette méthode est plus simple, mais vous ne profitez pas des avantages d'un gestionnaire de processus. ##### Systemd Systemd est un système Linux et un gestionnaire de services. La plupart des distributions Linux principales ont adopté systemd comme leur système init par défaut. -Un fichier de configuration de service systemd est appelé *fichier d'unité* et porte l'extension .service. Voici un exemple de fichier d'unité permettant de gérer une application Node directement (remplacez le texte en gras par les valeurs appropriées à votre système et votre application) : +Un fichier de configuration de service systemd est appelé _fichier d'unité_ et porte l'extension .service. Voici un exemple de fichier d'unité permettant de gérer une application Node directement (remplacez le texte en gras par les valeurs appropriées à votre système et votre application) : Replace the values enclosed in `` for your system and app: ```sh [Unit] -Description=Awesome Express App +Description= [Service] Type=simple -ExecStart=/usr/local/bin/node /projects/myapp/index.js -WorkingDirectory=/projects/myapp +ExecStart=/usr/local/bin/node +WorkingDirectory= User=nobody Group=nogroup @@ -301,99 +247,14 @@ Restart=always [Install] WantedBy=multi-user.target ``` -Pour plus d'informations sur systemd, voir la [page d'aide de systemd](http://www.freedesktop.org/software/systemd/man/systemd.unit.html). - -##### StrongLoop PM en tant que service systemd - -Vous pouvez facilement installer StrongLoop Process Manager en tant que service systemd. Une fois que c'est fait, lorsque le serveur redémarre, il redémarre automatiquement StrongLoop PM, qui redémarre ensuite toutes les applications qu'il gère. - -Pour installer StrongLoop PM en tant que service systemd : - -```bash -$ sudo sl-pm-install --systemd -``` - -Démarrez ensuite le service comme suit : - -```bash -$ sudo /usr/bin/systemctl start strong-pm -``` - -Pour plus d'informations, voir [Setting up a production host](https://docs.strongloop.com/display/SLC/Setting+up+a+production+host#Settingupaproductionhost-RHEL7+,Ubuntu15.04or15.10) dans la documentation StrongLoop. - -##### Upstart - -Upstart est un outil système disponible sur un grand nombre de distributions Linux et qui permet de démarrer des tâches et des services pendant le démarrage du système, de les arrêter pendant l'arrêt du système et de les superviser. Vous pouvez configurer votre application Express ou votre gestionnaire de processus en tant que service, puis Upstart le redémarrera automatiquement lorsqu'il plantera. - -Un service Upstart est défini dans un fichier de configuration de travail (également appelé "travail") portant l'extension `.conf`. L'exemple qui suit décrit comment créer un travail appelé "myapp" pour une application nommée "myapp" avec le fichier principal situé dans `/projects/myapp/index.js`. - -Créez un fichier nommé `myapp.conf` dans `/etc/init/` avec le contenu suivant (remplacez le texte en gras par les valeurs appropriées à votre système et votre application) : - -```sh -# When to start the process -start on runlevel [2345] - -# When to stop the process -stop on runlevel [016] - -# Increase file descriptor limit to be able to handle more requests -limit nofile 50000 50000 - -# Use production mode -env NODE_ENV=production - -# Run as www-data -setuid www-data -setgid www-data - -# Run from inside the app dir -chdir /projects/myapp - -# The process to start -exec /usr/local/bin/node /projects/myapp/index.js - -# Restart the process if it is down -respawn - -# Limit restart attempt to 10 times within 10 seconds -respawn limit 10 10 -``` - -REMARQUE : ce script nécessite Upstart 1.4 ou ultérieur, pris en charge sur Ubuntu 12.04-14.10. -Etant donné que le travail est configuré pour s'exécuter au démarrage du système, votre application sera démarrée avec le système d'exploitation et sera redémarrée automatiquement si l'application plante ou si le système tombe en panne. - -En plus de redémarrer automatiquement l'application, Upstart vous permet d'utiliser les commandes suivantes : - -* `start myapp` – Démarre l'application -* `restart myapp` – Redémarre l'application -* `stop myapp` – Arrête l'application - -Pour plus d'informations sur Upstart, voir [Upstart Intro, Cookbook and Best Practises](http://upstart.ubuntu.com/cookbook). - -##### StrongLoop PM en tant que service Upstart - -Vous pouvez facilement installer StrongLoop Process Manager en tant que service Upstart. Une fois que c'est fait, lorsque le serveur redémarre, il redémarre automatiquement StrongLoop PM, qui redémarre ensuite toutes les applications qu'il gère. - -Pour installer StrongLoop PM en tant que service Upstart 1.4 : - -```bash -$ sudo sl-pm-install -``` - -Exécutez ensuite le service comme suit : - -```bash -$ sudo /sbin/initctl start strong-pm -``` - -REMARQUE : sur les systèmes qui ne prennent pas en charge Upstart 1.4, les commandes sont légèrement différentes. Pour plus d'informations, voir [Setting up a production host](https://docs.strongloop.com/display/SLC/Setting+up+a+production+host#Settingupaproductionhost-RHELLinux5and6,Ubuntu10.04-.10,11.04-.10) dans la documentation StrongLoop. +Pour plus d'informations sur systemd, voir la [page d'aide de systemd](http://www.freedesktop.org/software/systemd/man/systemd.unit.html). ### Exécuter votre application dans un cluster Dans un système multicoeur, vous pouvez augmenter les performances d'une application Node en lançant un cluster de processus. Un cluster exécute plusieurs instances de l'application, idéalement une instance sur chaque coeur d'UC, répartissant ainsi la charge et les tâches entre les instances. - + IMPORTANT : étant donné que les instances d'application s'exécutent en tant que processus distincts, elles ne partagent pas le même espace mémoire. Autrement dit, les objets sont en local sur chaque instance de l'application. Par conséquent, vous ne pouvez pas conserver l'état dans le code de l'application. Vous pouvez toutefois utiliser un magasin de données en mémoire tel que [Redis](http://redis.io/) pour stocker les données de session et l'état. Cette fonctionnalité s'applique essentiellement à toutes les formes de mise à l'échelle horizontale, que la mise en cluster soit effectuée avec plusieurs processus ou avec plusieurs serveurs physiques. @@ -401,43 +262,52 @@ Dans les applications mises en cluster, les processus de traitement peuvent plan #### Utilisation du module cluster de Node -La mise en cluster peut être réalisée avec le [module cluster](https://nodejs.org/docs/latest/api/cluster.html) de Node. Ce module permet à un processus maître de générer des processus de traitement et de répartir les connexions entrantes parmi ces processus. Toutefois, plutôt que d'utiliser ce module directement, utilisez l'un des nombreux outils qui le font pour vous, à savoir [node-pm](https://www.npmjs.com/package/node-pm) ou [cluster-service](https://www.npmjs.com/package/cluster-service) par exemple. +Clustering is made possible with Node's [cluster module](https://nodejs.org/api/cluster.html). Ce module permet à un processus maître de générer des processus de traitement et de répartir les connexions entrantes parmi ces processus. -#### Utilisation de StrongLoop PM +#### Using PM2 -Si vous déployez votre application dans StrongLoop Process Manager (PM), vous pouvez alors utiliser la mise en cluster *sans* modifier votre code d'application. +If you deploy your application with PM2, then you can take advantage of clustering _without_ modifying your application code. You should ensure your [application is stateless](https://pm2.keymetrics.io/docs/usage/specifics/#stateless-apps) first, meaning no local data is stored in the process (such as sessions, websocket connections and the like). -Lorsque StrongLoop Process Manager (PM) exécute une application, il l'exécute automatiquement dans un cluster avec un nombre de processus de traitement égal au nombre de coeurs d'UC sur le système. Vous pouvez modifier manuellement le nombre de processus de traitement dans le cluster à l'aide de l'outil de ligne de commande slc sans arrêter l'application. +When running an application with PM2, you can enable **cluster mode** to run it in a cluster with a number of instances of your choosing, such as the matching the number of available CPUs on the machine. You can manually change the number of processes in the cluster using the `pm2` command line tool without stopping the app. -Par exemple, en supposant que vous avez déployé votre application sur prod.foo.com et que StrongLoop PM est en mode écoute sur le port 8701 (par défaut), pour définir la taille du cluster sur 8 à l'aide de slc : +To enable cluster mode, start your application like so: ```bash -$ slc ctl -C http://prod.foo.com:8701 set-size my-app 8 +# Start 4 worker processes +$ pm2 start npm --name my-app -i 4 -- start +# Auto-detect number of available CPUs and start that many worker processes +$ pm2 start npm --name my-app -i max -- start ``` -Pour plus d'informations sur la mise en cluster avec StrongLoop PM, voir [Clustering](https://docs.strongloop.com/display/SLC/Clustering) dans la documentation StrongLoop. +This can also be configured within a PM2 process file (`ecosystem.config.js` or similar) by setting `exec_mode` to `cluster` and `instances` to the number of workers to start. + +Once running, the application can be scaled like so: + +```bash +# Add 3 more workers +$ pm2 scale my-app +3 +# Scale to a specific number of workers +$ pm2 scale my-app 2 +``` + +For more information on clustering with PM2, see [Cluster Mode](https://pm2.keymetrics.io/docs/usage/cluster-mode/) in the PM2 documentation. ### Mettre en cache les résultats d'une demande Pour améliorer les performances en production, vous pouvez également mettre en cache le résultat des demandes, de telle sorte que votre application ne répète pas l'opération de traitement de la même demande plusieurs fois. -Utilisez un serveur de mise en cache tel que [Varnish](https://www.varnish-cache.org/) ou [Nginx](https://www.nginx.com/resources/wiki/start/topics/examples/reverseproxycachingexample/) (voir aussi [Nginx Caching](https://serversforhackers.com/nginx-caching/)) pour améliorer considérablement la vitesse et les performances de votre application. +Use a caching server like [Varnish](https://www.varnish-cache.org/) or [Nginx](https://blog.nginx.org/blog/nginx-caching-guide) (see also [Nginx Caching](https://serversforhackers.com/nginx-caching/)) to greatly improve the speed and performance of your app. ### Utiliser un équilibreur de charge Quel que soit le niveau d'optimisation d'une application, une instance unique ne peut traiter qu'un volume limité de charge et de trafic. Pour faire évoluer une application, vous pouvez exécuter plusieurs instances de cette application et répartir le trafic en utilisant un équilibreur de charge. La configuration d'un équilibreur de charge peut améliorer les performances et la vitesse de votre application et lui permettre d'évoluer plus largement qu'avec une seule instance. -Un équilibreur de charge est généralement un proxy inverse qui orchestre le trafic entrant et sortant de plusieurs instances d'application et serveurs. Vous pouvez facilement configurer un équilibreur de charge pour votre application à l'aide de [Nginx](http://nginx.org/en/docs/http/load_balancing.html) ou de [HAProxy](https://www.digitalocean.com/community/tutorials/an-introduction-to-haproxy-and-load-balancing-concepts). - -Avec l'équilibrage de charge, vous devrez peut-être vérifier que les demandes associées à un ID de session spécifique sont connectées au processus dont elles sont issues. Ce procédé est appelé *affinité de session* (ou *sessions persistantes*) et peut être effectué en utilisant un magasin de données tel que Redis pour les données de session (en fonction de votre application), comme décrit ci-dessus. Pour en savoir plus, voir [Using multiple nodes](https://socket.io/docs/v4/using-multiple-nodes/). - -#### Utilisation de StrongLoop PM avec un équilibreur de charge Nginx +Un équilibreur de charge est généralement un proxy inverse qui orchestre le trafic entrant et sortant de plusieurs instances d'application et serveurs. You can easily set up a load balancer for your app by using [Nginx](https://nginx.org/en/docs/http/load_balancing.html) or [HAProxy](https://www.digitalocean.com/community/tutorials/an-introduction-to-haproxy-and-load-balancing-concepts). -[StrongLoop Process Manager](http://strong-pm.io/) est intégré à un contrôleur Nginx, ce qui permet de paramétrer facilement les configurations d'environnement de production à plusieurs hôtes. Pour plus d'informations, voir [Scaling to multiple servers](https://docs.strongloop.com/display/SLC/Scaling+to+multiple+servers) (documentation StrongLoop). - +Avec l'équilibrage de charge, vous devrez peut-être vérifier que les demandes associées à un ID de session spécifique sont connectées au processus dont elles sont issues. Ce procédé est appelé _affinité de session_ (ou _sessions persistantes_) et peut être effectué en utilisant un magasin de données tel que Redis pour les données de session (en fonction de votre application), comme décrit ci-dessus. Pour en savoir plus, voir [Using multiple nodes](https://socket.io/docs/v4/using-multiple-nodes/). ### Utiliser un proxy inverse Un proxy inverse accompagne une application Web et exécute des opérations de prise en charge sur les demandes, en plus de diriger les demandes vers l'application. Il peut gérer les pages d'erreur, la compression, la mise en cache, le dépôt de fichiers et l'équilibrage de charge entre autres. -La transmission de tâches qui ne requièrent aucune connaissance de l'état d'application à un proxy inverse permet à Express de réaliser des tâches d'application spécialisées. C'est pour cette raison qu'il est recommandé d'exécuter Express derrière un proxy inverse tel que [Nginx](https://www.nginx.com/) ou [HAProxy](http://www.haproxy.org/) en production. +La transmission de tâches qui ne requièrent aucune connaissance de l'état d'application à un proxy inverse permet à Express de réaliser des tâches d'application spécialisées. For this reason, it is recommended to run Express behind a reverse proxy like [Nginx](https://www.nginx.org/) or [HAProxy](https://www.haproxy.org/) in production. diff --git a/fr/advanced/best-practice-security.md b/fr/advanced/best-practice-security.md old mode 100755 new mode 100644 index ac293abc54..16b74538ad --- a/fr/advanced/best-practice-security.md +++ b/fr/advanced/best-practice-security.md @@ -1,22 +1,47 @@ --- layout: page title: Meilleures pratiques de sécurité pour Express en production +description: Discover crucial security best practices for Express apps in production, including using TLS, input validation, secure cookies, and preventing vulnerabilities. menu: advanced lang: fr -description: Discover crucial security best practices for Express apps in production, - including using TLS, input validation, secure cookies, and preventing vulnerabilities. +redirect_from: " " --- # Meilleures pratiques en production : Sécurité ## Présentation -Le terme *"production"* fait référence à la phase du cycle de vie du logiciel au cours de laquelle une application ou une API est généralement disponible pour ses consommateurs ou utilisateurs finaux. En revanche, en phase de *"développement"*, l'écriture et le test de code se poursuivent activement et l'application n'est pas ouverte pour un accès externe. Les environnements système correspondants sont respectivement appelés environnement de *production* et environnement de *développement*. +Le terme _"production"_ fait référence à la phase du cycle de vie du logiciel au cours de laquelle une application ou une API est généralement disponible pour ses consommateurs ou utilisateurs finaux. En revanche, en phase de _"développement"_, l'écriture et le test de code se poursuivent activement et l'application n'est pas ouverte pour un accès externe. Les environnements système correspondants sont respectivement appelés environnement de _production_ et environnement de _développement_. Les environnements de développement et de production sont généralement configurés différemment et leurs exigences divergent grandement. Ce qui convient parfaitement en développement peut être inacceptable en production. Par exemple, dans un environnement de développement, vous pouvez souhaiter une consignation prolixe des erreurs en vue du débogage, alors que ce type de comportement présente des risques au niveau de sécurité en environnement de production. De plus, en environnement de développement, vous n'avez pas à vous soucier de l'extensibilité, de la fiabilité et des performances, tandis que ces éléments sont essentiels en environnement de production. +{% capture security-note %} + +If you believe you have discovered a security vulnerability in Express, please see +[Security Policies and Procedures](/en/resources/contributing.html#security-policies-and-procedures). + +{% endcapture %} + +{% include admonitions/note.html content=security-note %} + Cet article traite des meilleures pratiques en terme de sécurité pour les applications Express déployées en production. +- [Production Best Practices: Security](#production-best-practices-security) + - [Overview](#overview) + - [Don't use deprecated or vulnerable versions of Express](#dont-use-deprecated-or-vulnerable-versions-of-express) + - [hsts](https://github.com/helmetjs/hsts) définit l'en-tête `Strict-Transport-Security` qui impose des connexions (HTTP sur SSL/TLS) sécurisées au serveur. + - [Do not trust user input](#do-not-trust-user-input) + - [Prevent open redirects](#prevent-open-redirects) + - [hidePoweredBy](https://github.com/helmetjs/hide-powered-by) supprime l'en-tête `X-Powered-By`. + - [Reduce fingerprinting](#reduce-fingerprinting) + - [xssFilter](https://github.com/helmetjs/x-xss-protection) définit `X-XSS-Protection` afin d'activer le filtre de script intersites (XSS) dans les navigateurs Web les plus récents. + - [noCache](https://github.com/helmetjs/nocache) définit des en-têtes `Cache-Control` et Pragma pour désactiver la mise en cache côté client. + - [ieNoOpen](https://github.com/helmetjs/ienoopen) définit `X-Download-Options` pour IE8+. + - [Prevent brute-force attacks against authorization](#prevent-brute-force-attacks-against-authorization) + - [Ensure your dependencies are secure](#ensure-your-dependencies-are-secure) + - Désactivez au minimum l'en-tête X-Powered-By + - [Additional considerations](#additional-considerations) + ## N'utilisez pas de versions obsolètes ou vulnérables d'Express Les versions 2.x et 3.x d'Express ne sont plus prises en charge. Les problèmes liés à la sécurité et aux performances dans ces versions ne seront pas corrigés. Ne les utilisez pas ! Si vous êtes passé à la version 4, suivez le [guide de migration](/{{ page.lang }}/guide/migrating-4.html). @@ -27,53 +52,122 @@ Vérifiez également que vous n'utilisez aucune des versions vulnérables d'Expr Si votre application traite ou transmet des données sensibles, utilisez [TLS](https://en.wikipedia.org/wiki/Transport_Layer_Security) (Transport Layer Security) afin de sécuriser la connexion et les données. Cette technologie de l'information chiffre les données avant de les envoyer du client au serveur, ce qui vous préserve des risques d'hameçonnage les plus communs (et faciles). Même si les requêtes Ajax et POST ne sont pas clairement visibles et semblent "masquées" dans les navigateurs, leur trafic réseau n'est pas à l'abri d'une [détection de paquet](https://en.wikipedia.org/wiki/Packet_analyzer) ni des [attaques d’intercepteur](https://en.wikipedia.org/wiki/Man-in-the-middle_attack). -Vous connaissez sans doute le chiffrement SSL (Secure Socket Layer). [TLS est simplement une évolution de SSL](https://msdn.microsoft.com/en-us/library/windows/desktop/aa380515(v=vs.85).aspx). En d'autres termes, si vous utilisiez SSL auparavant, envisagez de passer à TLS. Nous recommandons généralement Nginx pour gérer TLS. Pour des informations de référence fiables concernant la configuration de TLS sur Nginx (et d'autres serveurs), voir [Configurations de serveur recommandées (wiki Mozilla)](https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_Server_Configurations). +Vous connaissez sans doute le chiffrement SSL (Secure Socket Layer). [TLS est simplement une évolution de SSL](https://msdn.microsoft.com/en-us/library/windows/desktop/aa380515\(v=vs.85\).aspx). En d'autres termes, si vous utilisiez SSL auparavant, envisagez de passer à TLS. Nous recommandons généralement Nginx pour gérer TLS. Pour des informations de référence fiables concernant la configuration de TLS sur Nginx (et d'autres serveurs), voir [Configurations de serveur recommandées (wiki Mozilla)](https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_Server_Configurations). Par ailleurs, un outil très pratique, [Let's Encrypt](https://letsencrypt.org/about/), autorité de certification gratuite, automatisée et ouverte fournie par le groupe de recherche sur la sécurité sur Internet, [ISRG (Internet Security Research Group)](https://letsencrypt.org/isrg/), vous permet de vous procurer gratuitement un certificat TLS. +## Do not trust user input + +For web applications, one of the most critical security requirements is proper user input validation and handling. This comes in many forms and we will not cover all of them here. +Ultimately, the responsibility for validating and correctly handling the types of user input your application accepts is yours. + +### Prevent open redirects + +An example of potentially dangerous user input is an _open redirect_, where an application accepts a URL as user input (often in the URL query, for example `?url=https://example.com`) and uses `res.redirect` to set the `location` header and +return a 3xx status. + +An application must validate that it supports redirecting to the incoming URL to avoid sending users to malicious links such as phishing websites, among other risks. + +Here is an example of checking URLs before using `res.redirect` or `res.location`: + +```js +app.use((req, res) => { + try { + if (new Url(req.query.url).host !== 'example.com') { + return res.status(400).end(`Unsupported redirect to host: ${req.query.url}`) + } + } catch (e) { + return res.status(400).end(`Invalid url: ${req.query.url}`) + } + res.redirect(req.query.url) +}) +``` + ## Utilisez Helmet [Helmet](https://www.npmjs.com/package/helmet) vous aide à protéger votre application de certaines des vulnérabilités bien connues du Web en configurant de manière appropriée des en-têtes HTTP. -Helmet n'est actuellement qu'une collection de neuf fonctions middleware plus petites qui définissent des en-têtes HTTP liés à la sécurité : +Helmet is a middleware function that sets security-related HTTP response headers. Helmet sets the following headers by default: -* [csp](https://github.com/helmetjs/csp) définit l'en-tête `Content-Security-Policy` pour la protection contre les attaques de type cross-site scripting et autres injections intersites. -* [hidePoweredBy](https://github.com/helmetjs/hide-powered-by) supprime l'en-tête `X-Powered-By`. -* [hsts](https://github.com/helmetjs/hsts) définit l'en-tête `Strict-Transport-Security` qui impose des connexions (HTTP sur SSL/TLS) sécurisées au serveur. -* [ieNoOpen](https://github.com/helmetjs/ienoopen) définit `X-Download-Options` pour IE8+. -* [noCache](https://github.com/helmetjs/nocache) définit des en-têtes `Cache-Control` et Pragma pour désactiver la mise en cache côté client. -* [noSniff](https://github.com/helmetjs/dont-sniff-mimetype) définit `X-Content-Type-Options` pour protéger les navigateurs du reniflage du code MIME d'une réponse à partir du type de contenu déclaré. -* [frameguard](https://github.com/helmetjs/frameguard) définit l'en-tête `X-Frame-Options` pour fournir une protection [clickjacking](https://www.owasp.org/index.php/Clickjacking). -* [xssFilter](https://github.com/helmetjs/x-xss-protection) définit `X-XSS-Protection` afin d'activer le filtre de script intersites (XSS) dans les navigateurs Web les plus récents. +- `Content-Security-Policy`: A powerful allow-list of what can happen on your page which mitigates many attacks +- `Cross-Origin-Opener-Policy`: Helps process-isolate your page +- `Cross-Origin-Resource-Policy`: Blocks others from loading your resources cross-origin +- `Origin-Agent-Cluster`: Changes process isolation to be origin-based +- `Referrer-Policy`: Controls the [`Referer`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referer) header +- `Strict-Transport-Security`: Tells browsers to prefer HTTPS +- `X-Content-Type-Options`: Avoids [MIME sniffing](https://developer.mozilla.org/en-US/docs/Web/HTTP/Basics_of_HTTP/MIME_types#mime_sniffing) +- `X-DNS-Prefetch-Control`: Controls DNS prefetching +- `X-Download-Options`: Forces downloads to be saved (Internet Explorer only) +- `X-Frame-Options`: Legacy header that mitigates [Clickjacking](https://en.wikipedia.org/wiki/Clickjacking) attacks +- `X-Permitted-Cross-Domain-Policies`: Controls cross-domain behavior for Adobe products, like Acrobat +- `X-Powered-By`: Info about the web server. Removed because it could be used in simple attacks +- `X-XSS-Protection`: Legacy header that tries to mitigate [XSS attacks](https://developer.mozilla.org/en-US/docs/Glossary/Cross-site_scripting), but makes things worse, so Helmet disables it + +Each header can be configured or disabled. To read more about it please go to [its documentation website][helmet]. Installez Helmet comme n'importe quel autre module : ```bash -$ npm install --save helmet +$ npm install helmet ``` Puis, pour l'utiliser dans votre code : ```js -/// ... +// ... const helmet = require('helmet') app.use(helmet()) -/// ... +// ... ``` -### Désactivez au minimum l'en-tête X-Powered-By +## Reduce fingerprinting -Si vous ne voulez pas utiliser Helmet, désactivez au minimum l'en-tête `X-Powered-By`. Les intrus peuvent utiliser cet en-tête (activé par défaut) afin de détecter les applications qui exécutent Express et lancer ensuite des attaques spécifiquement ciblées. +It can help to provide an extra layer of security to reduce the ability of attackers to determine +the software that a server uses, known as "fingerprinting." Though not a security issue itself, +reducing the ability to fingerprint an application improves its overall security posture. +Server software can be fingerprinted by quirks in how it responds to specific requests, for example in +the HTTP response headers. -Il est donc conseillé de neutraliser l'en-tête à l'aide de la méthode `app.disable()` comme suit : +By default, Express sends the `X-Powered-By` response header that you can +disable using the `app.disable()` method: ```js app.disable('x-powered-by') ``` -Si vous utilisez `helmet.js`, cette opération s'effectue automatiquement. +{% capture powered-advisory %} + +Disabling the `X-Powered-By header` does not prevent +a sophisticated attacker from determining that an app is running Express. It may +discourage a casual exploit, but there are other ways to determine an app is running +Express. + +{% endcapture %} + +{% include admonitions/note.html content=powered-advisory %} + +Express also sends its own formatted "404 Not Found" messages and formatter error +response messages. These can be changed by +[adding your own not found handler](/en/starter/faq.html#how-do-i-handle-404-responses) +and +[writing your own error handler](/en/guide/error-handling.html#writing-error-handlers): + +```js +// last app.use calls right before app.listen(): + +// custom 404 +app.use((req, res, next) => { + res.status(404).send("Sorry can't find that!") +}) + +// custom error handler +app.use((err, req, res, next) => { + console.error(err.stack) + res.status(500).send('Something broke!') +}) +``` ## Utilisez les cookies de manière sécurisée @@ -81,12 +175,12 @@ Pour garantir que les cookies n'ouvrent pas votre application aux attaques, n'ut Il existe deux modules principaux de session de cookie de middleware : -* [express-session](https://www.npmjs.com/package/express-session) qui remplace le middleware `express.session` intégré à Express 3.x. -* [cookie-session](https://www.npmjs.com/package/cookie-session) qui remplace le middleware `express.cookieSession` intégré à Express 3.x. +- [express-session](https://www.npmjs.com/package/express-session) qui remplace le middleware `express.session` intégré à Express 3.x. +- [cookie-session](https://www.npmjs.com/package/cookie-session) qui remplace le middleware `express.cookieSession` intégré à Express 3.x. -La principale différence entre ces deux modules tient à la manière dont ils sauvegardent les données de session des cookies. Le middleware [express-session](https://www.npmjs.com/package/express-session) stocke les données de session sur le serveur ; il ne sauvegarde que l'ID session dans le cookie lui-même, mais pas les données de session. Par défaut, il utilise le stockage en mémoire et n'est pas conçu pour un environnement de production. En production, vous devrez configurer un magasin de sessions évolutif (voir la liste des [magasins de sessions compatibles](https://github.com/expressjs/session#compatible-session-stores)). +La principale différence entre ces deux modules tient à la manière dont ils sauvegardent les données de session des cookies. Le middleware [express-session](https://www.npmjs.com/package/express-session) stocke les données de session sur le serveur ; il ne sauvegarde que l'ID session dans le cookie lui-même, mais pas les données de session. Par défaut, il utilise le stockage en mémoire et n'est pas conçu pour un environnement de production. En production, vous devrez configurer un magasin de sessions évolutif (voir la liste des [magasins de sessions compatibles](https://github.com/expressjs/session#compatible-session-stores)). -En revanche, le middleware [cookie-session](https://www.npmjs.com/package/cookie-session) implémente un stockage sur cookie, c'est-à-dire qu'il sérialise l'intégralité de la session sur le cookie, et non simplement une clé de session. Utilisez-le uniquement lorsque les données de session sont relativement peu nombreuses et faciles à coder sous forme de valeurs primitives (au lieu d'objets). Même si les navigateurs sont censés prendre en charge au moins 4096 octets par cookie, pour ne pas risquer de dépasser cette limite, limitez-vous à 4093 octets par domaine. De plus, n'oubliez pas que les données de cookie seront visibles du client et que s'il n'est pas nécessaire qu'elles soient sécurisées ou illisibles, express-session est probablement la meilleure solution. +En revanche, le middleware [cookie-session](https://www.npmjs.com/package/cookie-session) implémente un stockage sur cookie, c'est-à-dire qu'il sérialise l'intégralité de la session sur le cookie, et non simplement une clé de session. Utilisez-le uniquement lorsque les données de session sont relativement peu nombreuses et faciles à coder sous forme de valeurs primitives (au lieu d'objets). Même si les navigateurs sont censés prendre en charge au moins 4096 octets par cookie, pour ne pas risquer de dépasser cette limite, limitez-vous à 4093 octets par domaine. De plus, n'oubliez pas que les données de cookie seront visibles du client et que s'il n'est pas nécessaire qu'elles soient sécurisées ou illisibles, express-session est probablement la meilleure solution. ### N'utilisez pas de nom de cookie de session par défaut @@ -100,19 +194,18 @@ app.set('trust proxy', 1) // trust first proxy app.use(session({ secret: 's3Cur3', name: 'sessionId' -}) -) +})) ``` ### Définissez des options de sécurité de cookie Définissez les options de cookie suivantes pour accroître la sécurité : -* `secure` - Garantit que le navigateur n'envoie le cookie que sur HTTPS. -* `httpOnly` - Garantit que le cookie n'est envoyé que sur HTTP(S), pas au JavaScript du client, ce qui renforce la protection contre les attaques de type cross-site scripting. -* `domain` - Indique le domaine du cookie ; utilisez cette option pour une comparaison avec le domaine du serveur dans lequel l'URL est demandée. S'ils correspondent, vérifiez ensuite l'attribut de chemin. -* `path` - Indique le chemin du cookie ; utilisez cette option pour une comparaison avec le chemin demandé. Si le chemin et le domaine correspondent, envoyez le cookie dans la demande. -* `expires` - Utilisez cette option pour définir la date d'expiration des cookies persistants. +- `secure` - Garantit que le navigateur n'envoie le cookie que sur HTTPS. +- `httpOnly` - Garantit que le cookie n'est envoyé que sur HTTP(S), pas au JavaScript du client, ce qui renforce la protection contre les attaques de type cross-site scripting. +- `domain` - Indique le domaine du cookie ; utilisez cette option pour une comparaison avec le domaine du serveur dans lequel l'URL est demandée. S'ils correspondent, vérifiez ensuite l'attribut de chemin. +- `path` - Indique le chemin du cookie ; utilisez cette option pour une comparaison avec le chemin demandé. Si le chemin et le domaine correspondent, envoyez le cookie dans la demande. +- `expires` - Utilisez cette option pour définir la date d'expiration des cookies persistants. Exemple d'utilisation du middleware [cookie-session](https://www.npmjs.com/package/cookie-session) : @@ -132,23 +225,59 @@ app.use(session({ path: 'foo/bar', expires: expiryDate } -}) -) +})) ``` -## Autres considérations +## Implémentez la limitation de débit pour empêcher les attaques de force brute liées à l'authentification. + +Make sure login endpoints are protected to make private data more secure. + +A simple and powerful technique is to block authorization attempts using two metrics: + +1. The number of consecutive failed attempts by the same user name and IP address. +2. The number of failed attempts from an IP address over some long period of time. For example, block an IP address if it makes 100 failed attempts in one day. + +[rate-limiter-flexible](https://github.com/animir/node-rate-limiter-flexible) package provides tools to make this technique easy and fast. You can find [an example of brute-force protection in the documentation](https://github.com/animir/node-rate-limiter-flexible/wiki/Overall-example#login-endpoint-protection) + +## Ensure your dependencies are secure + +Using npm to manage your application's dependencies is powerful and convenient. But the packages that you use may contain critical security vulnerabilities that could also affect your application. The security of your app is only as strong as the "weakest link" in your dependencies. + +Since npm@6, npm automatically reviews every install request. Also, you can use `npm audit` to analyze your dependency tree. + +```bash +$ npm audit +``` + +If you want to stay more secure, consider [Snyk](https://snyk.io/). -Voici d'autres recommandations issues de l'excellente [liste de contrôle de sécurité Node.js](https://blog.risingstack.com/node-js-security-checklist/). Pour tous les détails sur ces recommandations, reportez-vous à cet article de blogue : +Snyk offers both a [command-line tool](https://www.npmjs.com/package/snyk) and a [Github integration](https://snyk.io/docs/github) that checks your application against [Snyk's open source vulnerability database](https://snyk.io/vuln/) for any known vulnerabilities in your dependencies. Install the CLI as follows: -* Implémentez la limitation de débit pour empêcher les attaques de force brute liées à l'authentification. Une façon de faire consiste à utiliser [StrongLoop API Gateway](https://web.archive.org/web/20240000000000/https://strongloop.com/node-js/api-gateway/) pour mettre en place une règle de limitation de débit. Sinon, vous pouvez utiliser des middleware tels que [express-limiter](https://www.npmjs.com/package/express-limiter), mais vous devrez alors modifier quelque peu votre code. -* Filtrez et nettoyez toujours les entrées utilisateur pour vous protéger contre les attaques de cross-site scripting (XSS) et d'injection de commande. -* Défendez-vous contre les attaques par injection SQL en utilisant des requêtes paramétrées ou des instructions préparées. -* Utilisez l'outil [sqlmap](http://sqlmap.org/) à code source ouvert pour détecter les vulnérabilités par injection SQL dans votre application. -* Utilisez les outils [nmap](https://nmap.org/) et [sslyze](https://github.com/nabla-c0d3/sslyze) pour tester la configuration de vos chiffrements, clés et renégociations SSL, ainsi que la validité de votre certificat. -* Utilisez [safe-regex](https://www.npmjs.com/package/safe-regex) pour s'assurer que vos expressions régulières ne sont pas exposées à des attaques ReDoS ([regular expression denial of service](https://www.owasp.org/index.php/Regular_expression_Denial_of_Service_-_ReDoS)). +```bash +$ npm install -g snyk +$ cd your-app +``` -## Eviter les autres vulnérabilités connues +Use this command to test your application for vulnerabilities: + +```bash +$ snyk test +``` + +### Eviter les autres vulnérabilités connues Gardez un oeil sur les recommandations [Node Security Project](https://npmjs.com/advisories) qui peuvent concerner Express ou d'autres modules utilisés par votre application. En règle générale, Node Security Project est une excellente ressource de connaissances et d'outils sur la sécurité de Node. Pour finir, les applications Express - comme toutes les autres applications Web - peuvent être vulnérables à une variété d'attaques Web. Familiarisez vous avec les [vulnérabilités Web](https://www.owasp.org/www-project-top-ten/) connues et prenez des précautions pour les éviter. + +## Autres considérations + +Voici d'autres recommandations issues de l'excellente [liste de contrôle de sécurité Node.js](https://blog.risingstack.com/node-js-security-checklist/). Pour tous les détails sur ces recommandations, reportez-vous à cet article de blogue : + +- Filtrez et nettoyez toujours les entrées utilisateur pour vous protéger contre les attaques de cross-site scripting (XSS) et d'injection de commande. +- Défendez-vous contre les attaques par injection SQL en utilisant des requêtes paramétrées ou des instructions préparées. +- Utilisez l'outil [sqlmap](http://sqlmap.org/) à code source ouvert pour détecter les vulnérabilités par injection SQL dans votre application. +- Utilisez les outils [nmap](https://nmap.org/) et [sslyze](https://github.com/nabla-c0d3/sslyze) pour tester la configuration de vos chiffrements, clés et renégociations SSL, ainsi que la validité de votre certificat. +- Utilisez [safe-regex](https://www.npmjs.com/package/safe-regex) pour s'assurer que vos expressions régulières ne sont pas exposées à des attaques ReDoS ([regular expression denial of service](https://www.owasp.org/index.php/Regular_expression_Denial_of_Service_-_ReDoS)). + +[helmet]: \ No newline at end of file diff --git a/fr/advanced/developing-template-engines.md b/fr/advanced/developing-template-engines.md old mode 100755 new mode 100644 index 95792a5df2..da95518aa5 --- a/fr/advanced/developing-template-engines.md +++ b/fr/advanced/developing-template-engines.md @@ -1,10 +1,10 @@ --- layout: page title: Développement de moteurs de modèles pour Express +description: Learn how to develop custom template engines for Express.js using app.engine(), with examples on creating and integrating your own template rendering logic. menu: advanced lang: fr -description: Learn how to develop custom template engines for Express.js using app.engine(), - with examples on creating and integrating your own template rendering logic. +redirect_from: " " --- # Développement de moteurs de modèles pour Express @@ -17,9 +17,10 @@ Le code suivant est un exemple d'implémentation d'un moteur de modèle très si const fs = require('fs') // this engine requires the fs module app.engine('ntl', (filePath, options, callback) => { // define the template engine fs.readFile(filePath, (err, content) => { - if (err) return callback(new Error(err)) + if (err) return callback(err) // this is an extremely simple template engine - const rendered = content.toString().replace('#title#', ` ${options.title} `) + const rendered = content.toString() + .replace('#title#', `${options.title} `) .replace('#message#', `${options.message}
`) return callback(null, rendered) }) @@ -34,6 +35,7 @@ Votre application est désormais en mesure d'afficher le rendu des fichiers `.nt #title# #message# ``` + ENsuite, créez la route suivante dans votre application. ```js @@ -41,4 +43,5 @@ app.get('/', (req, res) => { res.render('index', { title: 'Hey', message: 'Hello there!' }) }) ``` -Lorsque vous effectuerez une demande à la page d'accueil, `index.ntl` sera rendu au format HTML. + +Lorsque vous effectuerez une demande à la page d'accueil, `index.ntl` sera rendu au format HTML. \ No newline at end of file diff --git a/fr/advanced/healthcheck-graceful-shutdown.md b/fr/advanced/healthcheck-graceful-shutdown.md new file mode 100644 index 0000000000..843ff78c9b --- /dev/null +++ b/fr/advanced/healthcheck-graceful-shutdown.md @@ -0,0 +1,34 @@ +--- +layout: page +title: Health Checks and Graceful Shutdown +description: Learn how to implement health checks and graceful shutdown in Express apps to enhance reliability, manage deployments, and integrate with load balancers like Kubernetes. +menu: advanced +lang: fr +redirect_from: " " +--- + +# Health Checks and Graceful Shutdown + +## Graceful shutdown + +When you deploy a new version of your application, you must replace the previous version. The process manager you're using will first send a SIGTERM signal to the application to notify it that it will be killed. Once the application gets this signal, it should stop accepting new requests, finish all the ongoing requests, clean up the resources it used, including database connections and file locks then exit. + +### Exemple + +```js +const server = app.listen(port) + +process.on('SIGTERM', () => { + debug('SIGTERM signal received: closing HTTP server') + server.close(() => { + debug('HTTP server closed') + }) +}) +``` + +## Health checks + +A load balancer uses health checks to determine if an application instance is healthy and can accept requests. For example, [Kubernetes has two health checks](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/): + +- `liveness`, that determines when to restart a container. +- `readiness`, that determines when a container is ready to start accepting traffic. When a pod is not ready, it is removed from the service load balancers. \ No newline at end of file diff --git a/fr/advanced/security-updates.md b/fr/advanced/security-updates.md old mode 100755 new mode 100644 index efb6b8e23b..556cdda32c --- a/fr/advanced/security-updates.md +++ b/fr/advanced/security-updates.md @@ -1,10 +1,10 @@ --- layout: page title: Express security updates +description: Review the latest security updates and patches for Express.js, including detailed vulnerability lists for different versions to help maintain a secure application. menu: advanced lang: fr -description: Review the latest security updates and patches for Express.js, including - detailed vulnerability lists for different versions to help maintain a secure application. +redirect_from: " " --- # Mises à jour de sécurité @@ -16,32 +16,73 @@ Les vulnérabilités Node.js affectent directement Express. Cependant, [gardez u La liste ci-dessous répertorie les vulnérabilités Express qui ont été corrigées dans la mise à jour de la version spécifiée. +{% capture security-policy %} +If you believe you have discovered a security vulnerability in Express, please see +[Security Policies and Procedures](/{{page.lang}}/resources/contributing.html#security-policies-and-procedures). +{% endcapture %} + +{% include admonitions/note.html content=security-policy %} + ## 4.x - * 4.11.1 - * Correction de la vulnérabilité de divulgation de racine dans `express.static`, `res.sendfile` et `res.sendFile` - * 4.10.7 - * Correction de la vulnérabilité de redirection ouverte dans `express.static` ([advisory](https://npmjs.com/advisories/35), [CVE-2015-1164](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1164)). - * 4.8.8 - * Correction des vulnérabilités de traversée de répertoire dans `express.static` ([advisory](http://npmjs.com/advisories/32) , [CVE-2014-6394](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6394)). - * 4.8.4 - * Node.js 0.10 peut divulguer des `fd` dans certaines situations qui affectent `express.static` et `res.sendfile`. Des demandes malveillantes pouvaient entraîner la divulgation de `fd`, ainsi que des erreurs `EMFILE` et une absence de réponse du serveur. - * 4.8.0 - * Les tableaux creux qui possèdent des index très élevés dans la chaîne de requête pouvaient entraîner la saturation de mémoire et la panne du serveur. - * Les objets contenant des chaînes de requête extrêmement imbriquées pouvaient entraîner le blocage du processus et figer temporairement le serveur. +- 4.21.2 + - The dependency `path-to-regexp` has been updated to address a [vulnerability](https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-rhx6-c78j-4q9w). +- 4.21.1 + - The dependency `cookie` has been updated to address a [vulnerability](https://github.com/jshttp/cookie/security/advisories/GHSA-pxg6-pf52-xh8x), This may affect your application if you use `res.cookie`. +- 4.20.0 + - Fixed XSS vulnerability in `res.redirect` ([advisory](https://github.com/expressjs/express/security/advisories/GHSA-qw6h-vgh9-j6wx), [CVE-2024-43796](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43796)). + - The dependency `serve-static` has been updated to address a [vulnerability](https://github.com/advisories/GHSA-cm22-4g7w-348p). + - The dependency `send` has been updated to address a [vulnerability](https://github.com/advisories/GHSA-m6fv-jmcg-4jfg). + - The dependency `path-to-regexp` has been updated to address a [vulnerability](https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-9wv6-86v2-598j). + - The dependency `body-parser` has been updated to addres a [vulnerability](https://github.com/advisories/GHSA-qwcr-r2fm-qrc7), This may affect your application if you had url enconding activated. +- 4.19.0, 4.19.1 + - Fixed open redirect vulnerability in `res.location` and `res.redirect` ([advisory](https://github.com/expressjs/express/security/advisories/GHSA-rv95-896h-c2vc), [CVE-2024-29041](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29041)). +- 4.17.3 + - The dependency `qs` has been updated to address a [vulnerability](https://github.com/advisories/GHSA-hrpp-h998-j3pp). This may affect your application if the following APIs are used: `req.query`, `req.body`, `req.param`. +- 4.16.0 + - The dependency `forwarded` has been updated to address a [vulnerability](https://npmjs.com/advisories/527). This may affect your application if the following APIs are used: `req.host`, `req.hostname`, `req.ip`, `req.ips`, `req.protocol`. + - The dependency `mime` has been updated to address a [vulnerability](https://npmjs.com/advisories/535), but this issue does not impact Express. + - The dependency `send` has been updated to provide a protection against a [Node.js 8.5.0 vulnerability](https://nodejs.org/en/blog/vulnerability/september-2017-path-validation/). This only impacts running Express on the specific Node.js version 8.5.0. +- 4.15.5 + - The dependency `debug` has been updated to address a [vulnerability](https://snyk.io/vuln/npm:debug:20170905), but this issue does not impact Express. + - The dependency `fresh` has been updated to address a [vulnerability](https://npmjs.com/advisories/526). This will affect your application if the following APIs are used: `express.static`, `req.fresh`, `res.json`, `res.jsonp`, `res.send`, `res.sendfile` `res.sendFile`, `res.sendStatus`. +- 4.15.3 + - The dependency `ms` has been updated to address a [vulnerability](https://snyk.io/vuln/npm:ms:20170412). This may affect your application if untrusted string input is passed to the `maxAge` option in the following APIs: `express.static`, `res.sendfile`, and `res.sendFile`. +- 4.15.2 + - The dependency `qs` has been updated to address a [vulnerability](https://snyk.io/vuln/npm:qs:20170213), but this issue does not impact Express. Updating to 4.15.2 is a good practice, but not required to address the vulnerability. +- 4.11.1 + - Correction de la vulnérabilité de divulgation de racine dans `express.static`, `res.sendfile` et `res.sendFile` +- 4.10.7 + - Correction de la vulnérabilité de redirection ouverte dans `express.static` ([advisory](https://npmjs.com/advisories/35), [CVE-2015-1164](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1164)). +- 4.8.8 + - Correction des vulnérabilités de traversée de répertoire dans `express.static` ([advisory](http://npmjs.com/advisories/32) , [CVE-2014-6394](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6394)). +- 4.8.4 + - Node.js 0.10 peut divulguer des `fd` dans certaines situations qui affectent `express.static` et `res.sendfile`. Des demandes malveillantes pouvaient entraîner la divulgation de `fd`, ainsi que des erreurs `EMFILE` et une absence de réponse du serveur. +- 4.8.0 + - Les tableaux creux qui possèdent des index très élevés dans la chaîne de requête pouvaient entraîner la saturation de mémoire et la panne du serveur. + - Les objets contenant des chaînes de requête extrêmement imbriquées pouvaient entraîner le blocage du processus et figer temporairement le serveur. ## 3.x - * 3.19.1 - * Correction de la vulnérabilité de divulgation de racine dans `express.static`, `res.sendfile` et `res.sendFile` - * 3.19.0 - * Correction de la vulnérabilité de redirection ouverte dans `express.static` ([advisory](https://npmjs.com/advisories/35), [CVE-2015-1164](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1164)). - * 3.16.10 - * Correction des vulnérabilités de traversée de répertoire dans `express.static`. - * 3.16.6 - * Node.js 0.10 peut divulguer des `fd` dans certaines situations qui affectent `express.static` et `res.sendfile`. Des demandes malveillantes pouvaient entraîner la divulgation de `fd`, ainsi que des erreurs `EMFILE` et une absence de réponse du serveur. - * 3.16.0 - * Les tableaux creux qui possèdent des index très élevés dans la chaîne de requête pouvaient entraîner la saturation de mémoire et la panne du serveur. - * Les objets contenant des chaînes de requête extrêmement imbriquées pouvaient entraîner le blocage du processus et figer temporairement le serveur. - * 3.3.0 - * La réponse 404 à une tentative de substitution de méthode non prise en charge était susceptible d'entraîner des attaques de type cross-site scripting. ++ **Express 3.x N'EST PLUS PRIS EN CHARGE** + +Les problèmes de performances et de sécurité connus et inconnus n'ont pas été traités depuis la dernière mise à jour (1er août 2015). Il est fortement recommandé d'utiliser la dernière version d'Express. + +If you are unable to upgrade past 3.x, please consider [Commercial Support Options](/{{ page.lang }}/support#commercial-support-options). + ++ +- 3.19.1 + - Correction de la vulnérabilité de divulgation de racine dans `express.static`, `res.sendfile` et `res.sendFile` +- 3.19.0 + - Correction de la vulnérabilité de redirection ouverte dans `express.static` ([advisory](https://npmjs.com/advisories/35), [CVE-2015-1164](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1164)). +- 3.16.10 + - Correction des vulnérabilités de traversée de répertoire dans `express.static`. +- 3.16.6 + - Node.js 0.10 peut divulguer des `fd` dans certaines situations qui affectent `express.static` et `res.sendfile`. Des demandes malveillantes pouvaient entraîner la divulgation de `fd`, ainsi que des erreurs `EMFILE` et une absence de réponse du serveur. +- 3.16.0 + - Les tableaux creux qui possèdent des index très élevés dans la chaîne de requête pouvaient entraîner la saturation de mémoire et la panne du serveur. + - Les objets contenant des chaînes de requête extrêmement imbriquées pouvaient entraîner le blocage du processus et figer temporairement le serveur. +- 3.3.0 + - La réponse 404 à une tentative de substitution de méthode non prise en charge était susceptible d'entraîner des attaques de type cross-site scripting. \ No newline at end of file diff --git a/fr/api.md b/fr/api.md old mode 100755 new mode 100644 index b125d5745a..0b89e19f7b --- a/fr/api.md +++ b/fr/api.md @@ -1,28 +1,21 @@ --- layout: api -version: 4x -title: Express 4.x - Référence de l'API +version: 5x +title: Express 5.x - Référence de l'API +description: Access the API reference for Express.js detailing all modules, methods, and properties for building web applications with this version. lang: fr -description: Access the API reference for Express.js detailing all modules, methods, - and properties for building web applications with this version. +redirect_from: " " --- -- -API 4.x
- - - {% include api/en/4x/express.md %} ++diff --git a/fr/changelog/index.md b/fr/changelog/index.md new file mode 100644 index 0000000000..7c128a5aa9 --- /dev/null +++ b/fr/changelog/index.md @@ -0,0 +1,635 @@ +--- +layout: page +title: Express changelog +description: Stay updated with the release changelog for Express.js, detailing new features, bug fixes, and important changes across versions. +lang: fr +sitemap: false +redirect_from: + - " " + - " " +--- + + + +5.x API
+ {% include api/en/5x/express.md %} - {% include api/en/4x/app.md %} - + {% include api/en/5x/app.md %} - {% include api/en/4x/req.md %} - + {% include api/en/5x/req.md %} - {% include api/en/4x/res.md %} - + {% include api/en/5x/res.md %} - {% include api/en/4x/router.md %} - + {% include api/en/5x/router.md %}+ +# Release changelog + +All the latest updates, improvements, and fixes to Express + +## Express v5 + +{: id="5.x"} + +### 5.1.0 - Release date: 2025-03-31 + +{: id="5.0.1"} + +The 5.1.0 minor release includes some new features and improvements: + +- Support for sending responses as Uint8Array +- Added support for ETag option in `res.sendFile()` +- Added support for adding multiple links with the same rel with `res.links()` +- Performance: Use loop for acceptParams +- [body-parser@2.2.0](https://github.com/expressjs/body-parser/releases/tag/v2.2.0) + - Remove legacy node.js support checks for Brotli & `AsyncLocalStorage` + - Remove `unpipe` & `destroy` +- [router@2.2.0](https://github.com/pillarjs/router/releases/tag/v2.2.0) + - Restore `debug`. Now with the `router` scope instead of `express`. + - Remove legacy node.js support checks for `setImmediate` + - Deprecate non-native promise support + - Remove `after`, `safe-buffer`, `array-flatten`, `setprotoypeof`, `methods`, `utils-merge` +- [finalhandler@2.1.0](https://github.com/pillarjs/finalhandler/releases/tag/v2.1.0) + - Remove legacy node.js support checks for `headersSent`, `setImmediate`, & http2 support + - Remove `unpipe` +- Transitioned all remaining dependencies to use `^` ranges instead of locked versions +- Add package.json funding field to highlight our OpenCollective +- See [Changelog v5.1.0](https://github.com/expressjs/express/releases/tag/v5.1.0) + +### 5.0.1 - Release date: 2024-10-08 + +{: id="5.0.1"} + +The 5.0.1 patch release includes one security fix: + +- Update [jshttps/cookie](https://www.npmjs.com/package/cookie) to address a [vulnerability](https://github.com/advisories/GHSA-pxg6-pf52-xh8x). + +### 5.0.0 - Release date: 2024-09-09 + +{: id="5.0.0"} + +Check the [migration guide](/{{page.lang}}/guide/migrating-5.html) with all the changes in this new version of Express. + +## Express v4 + +{: id="4.x"} + +### 4.21.2 - Release date: 2024-11-06 + +{: id="4.21.2"} + +The 4.21.2 patch release includes one security fix: + +- Update [pillajs/path-to-regexp](https://www.npmjs.com/package/path-to-regexp) to address a [vulnerability](https://github.com/advisories/GHSA-rhx6-c78j-4q9w). + +### 4.21.1 - Release date: 2024-10-08 + +{: id="4.21.1"} + +The 4.21.1 patch release includes one security fix: + +- Update [jshttps/cookie](https://www.npmjs.com/package/cookie) to address a [vulnerability](https://github.com/advisories/GHSA-pxg6-pf52-xh8x). + +### 4.21.0 - Release date: 2024-09-11 + +{: id="4.21.0"} + +The 4.21.0 minor release includes one new feature: + +- Deprecate `res.location("back")` and `res.redirect("back")` magic string + +### 4.20.0 - Release date: 2024-09-10 + +{: id="4.20.0"} + +The 4.20.0 minor release includes bug fixes and some new features, including: + +- The [`res.clearCookie()` method](/{{ page.lang }}/4x/api.html#res.clearCookie) deprecates `options.maxAge` and `options.expires` options. +- The [`res.redirect()` method](/{{ page.lang }}/4x/api.html#res.redirect) removes HTML link rendering. +- The [`express.urlencoded()` method](/{{ page.lang }}/4x/api.html#express.urlencoded) method now has a depth level of `32`, whereas it was previously `Infinity`. +- Adds support for named matching groups in the routes using a regex +- Removes encoding of `\`, `|`, and `^` to align better with URL spec + +For a complete list of changes in this release, see [History.md](https://github.com/expressjs/express/blob/master/History.md#4200--2024-09-10) + +### 4.19.2 - Release date: 2024-03-25 + +{: id="4.19.2"} + +- Improved fix for open redirect allow list bypass + +For a complete list of changes in this release, see [History.md](https://github.com/expressjs/express/blob/master/History.md#4192--2024-03-25) + +### 4.19.1 - Release date: 2024-03-20 + +{: id="4.19.1"} + +- Allow passing non-strings to res.location with new encoding handling checks + +For a complete list of changes in this release, see [History.md](https://github.com/expressjs/express/blob/master/History.md#4191--2024-03-20) + +### 4.19.0 - Release date: 2024-03-20 + +{: id="4.19.0"} + +- Prevent open redirect allow list bypass due to encodeurl +- deps: cookie@0.6.0 + +For a complete list of changes in this release, see [History.md](https://github.com/expressjs/express/blob/master/History.md#4190--2024-03-20) + +### 4.18.3 - Release date: 2024-02-29 + +{: id="4.18.3"} + +The 4.18.3 patch release includes the following bug fix: + +-
+
- + Fix routing requests without method. ([commit](https://github.com/expressjs/express/commit/74beeac0718c928b4ba249aba3652c52fbe32ca8)) + +
-
+
- + Fix regression routing a large stack in a single route. ([commit](https://github.com/expressjs/express/commit/7ec5dd2b3c5e7379f68086dae72859f5573c8b9b)) + +
-
+
- + Fix the condition where if an Express application is created with a very large stack of routes, and all of those routes are sync (call `next()` synchronously), then the request processing may hang. + +
-
+
- + The [`app.get()` method](/{{ page.lang }}/4x/api.html#app.get) and the [`app.set()` method](/{{ page.lang }}/4x/api.html#app.set) now ignores properties directly on `Object.prototype` when getting a setting value. + + +
- + The [`res.cookie()` method](/{{ page.lang }}/4x/api.html#res.cookie) now accepts a "priority" option to set the Priority attribute on the Set-Cookie response header. + + +
- + The [`res.cookie()` method](/{{ page.lang }}/4x/api.html#res.cookie) now rejects an Invalid Date object provided as the "expires" option. + + +
- + The [`res.cookie()` method](/{{ page.lang }}/4x/api.html#res.cookie) now works when `null` or `undefined` is explicitly provided as the "maxAge" argument. + + +
- + Starting with this version, Express supports Node.js 18.x. + + +
- + The [`res.download()` method](/{{ page.lang }}/4x/api.html#res.download) now accepts a "root" option to match [`res.sendFile()`](/{{ page.lang }}/4x/api.html#res.sendFile). + + +
- + The [`res.download()` method](/{{ page.lang }}/4x/api.html#res.download) can be supplied with an `options` object without providing a `filename` argument, simplifying calls when the default `filename` is desired. + + +
- + The [`res.format()` method](/{{ page.lang }}/4x/api.html#res.format) now invokes the provided "default" handler with the same arguments as the type handlers (`req`, `res`, and `next`). + + +
- + The [`res.send()` method](/{{ page.lang }}/4x/api.html#res.send) will not attempt to send a response body when the response code is set to 205. + + +
- + The default error handler will now remove certain response headers that will break the error response rendering, if they were set previously. + + +
- + The status code 425 is now represented as the standard "Too Early" instead of "Unordered Collection". + +
-
+
- + Update to [qs module](https://www.npmjs.com/package/qs) for a fix around parsing `__proto__` properties. + +
-
+
- + Fix handling of `undefined` in `res.jsonp` when a callback is provided. + + +
- + Fix handling of `undefined` in `res.json` and `res.jsonp` when `"json escape"` is enabled. + + +
- + Fix handling of invalid values to the `maxAge` option of `res.cookie()`. + + +
- + Update to [jshttp/proxy-addr module](https://www.npmjs.com/package/proxy-addr) to use `req.socket` over deprecated `req.connection`. + + +
- + Starting with this version, Express supports Node.js 14.x. + + +
-
+
- + The change to the `res.status()` API has been reverted due to causing regressions in existing Express 4 applications. + +
-
+
- + The `express.raw()` and `express.text()` middleware have been added to provide request body parsing for more raw request payloads. This uses the [expressjs/body-parser module](https://www.npmjs.com/package/body-parser) module underneath, so apps that are currently requiring the module separately can switch to the built-in parsers. + + +
- + The `res.cookie()` API now supports the `"none"` value for the `sameSite` option. + + +
- + When the `"trust proxy"` setting is enabled, the `req.hostname` now supports multiple `X-Forwarded-For` headers in a request. + + +
- + Starting with this version, Express supports Node.js 10.x and 12.x. + + +
- + The `res.sendFile()` API now provides and more immediate and easier to understand error when a non-string is passed as the `path` argument. + + +
- + The `res.status()` API now provides and more immediate and easier to understand error when `null` or `undefined` is passed as the argument. + +
-
+
- + Fix issue where `"Request aborted"` may be logged in `res.sendfile`. + +
-
+
- + Fix issue where a plain `%` at the end of the url in the `res.location` method or the `res.redirect` method would not get encoded as `%25`. + + +
- + Fix issue where a blank `req.url` value can result in a thrown error within the default 404 handling. + + +
- + Fix the generated HTML document for `express.static` redirect responses to properly include `
+ 
+ 
+