We will build a movie API that allows you to add actor and movie information to a database and connect actors with movies, and vice versa. This will give you a hands-on feel for what Express.js offers. We will cover the following topics in this article:
(For more resources related to this topic, see here.)
Folder structure is a very controversial topic. Though there are many clean ways to structure your project, we will use the following code for the remainder of our article:
article
+-- app.js
+-- package.json +-- node_modules
¦+-- npm package folders +-- src
¦+-- lib
¦+-- models
¦+-- routes
+-- test
Let's take a look this at in detail:
Check node_modules into git for things you deploy, such as websites and apps. Do not check node_modules into git for libraries and modules intended to be reused.
Refer to the following article to read more about the rationale behind this:
The term CRUD refers to the four basic operations one can perform on data: create, read, update, and delete. Express gives us an easy way to handle those operations by supporting the basic methods GET, POST, PUT, and DELETE:
Express 4 has dramatically changed from version 3. A lot of the core modules have been removed in order to make it even more lightweight and less dependent. Therefore, we have to explicitly require modules when needed.
One helpful module is body-parser. It allows us to get a nicely formatted body when a POST or PUT HTTP request is received. We have to add this middleware before our business logic in order to use its result later. We write the following in src/lib/parser.js:
var bodyParser = require('body-parser');
module;exports = function(app) {
app.use(bodyParser.json());
app.use(bodyParser.urlencoded({ extended: false }));
};
The preceding code is then used in src/lib/app.js as follows:
var express = require('express'); var app = express();
require('./parser')(app);
module.exports = app;
The following example allows you to respond to a GET request on http://host/path. Once a request hits our API, Express will run it through the necessary middleware as well as the following function:
app.get('/path/:id', function(req, res, next) {
res.status(200).json({ hello: 'world'});
});
The first parameter is the path we want to handle a GET function. The path can contain parameters prefixed with :. Those path parameters will then be parsed in the request object.
The second parameter is the callback that will be executed when the server receives the request. This function gets populated with three parameters: req, res, and next.
The req parameter represents the HTTP request object that has been customized by Express and the middlewares we added in our applications. Using the path http://host/path/:id, suppose a GET request is sent to http://host/path/1?a=1&b=2. The req object would be the following:
{
params: { id: 1 }, query: { a: 1, b: 2 }
}
The params object is a representation of the path parameters. The query is the query string, which are the values stated after ? in the URL. In a POST request, there will often be a body in our request object as well, which includes the data we wish to place in our database.
The res parameter represents the response object for that request. Some methods, such as status() or json(), are provided in order to tell Express how to respond to the client.
Finally, the next() function will execute the next middleware defined in our application.
Retrieving a movie or actor from the database consists of submitting a GET request to the route: /movies/:id or /actors/:id. We will need a unique ID that refers to a unique movie or actor:
app.get('/actors/:id', function(req, res, next) {
//Find the actor object with this :id
//Respond to the client
});
Here, the URL parameter :id will be placed in our request object. Since we call the first variable in our callback function req as before, we can access the URL parameter by calling req.params.id.
Since an actor may be in many movies and a movie may have many actors, we need a nested endpoint to reflect this as well:
app.get('/actors/:id/movies', function(req, res, next) {
//Find all movies the actor with this :id is in
//Respond to the client
});
If a bad GET request is submitted or no actor with the specified ID is found, then the appropriate status code bad request 400 or not found 404 will be returned. If the actor is found, then success request 200 will be sent back along with the actor information. On a success, the response JSON will look like this:
{
"_id": "551322589911fefa1f656cc5", "id": 1,
"name": "AxiomZen", "birth_year": 2012, "__v": 0, "movies": []
}
In our API, creating a new movie in the database involves submitting a POST request to /movies or /actors for a new actor:
app.post('/actors', function(req, res, next) {
//Save new actor
//Respond to the client
});
In this example, the user accessing our API sends a POST request with data that would be placed into request.body. Here, we call the first variable in our callback function req. Thus, to access the body of the request, we call req.body.
The request body is sent as a JSON string; if an error occurs, a 400 (bad request) status would be sent back. Otherwise, a 201 (created) status is sent to the response object. On a success request, the response will look like the following:
{
"__v": 0, "id": 1,
"name": "AxiomZen", "birth_year": 2012,
"_id": "551322589911fefa1f656cc5", "movies": []
}
To update a movie or actor entry, we first create a new route and submit a PUT request to /movies/:id or /actors /:id, where the id parameter is unique to an existing movie/actor. There are two steps to an update. We first find the movie or actor by using the unique id and then we update that entry with the body of the request object, as shown in the following code:
app.put('/actors/:id', function(req, res) {
//Find and update the actor with this :id
//Respond to the client
});
In the request, we would need request.body to be a JSON object that reflects the actor fields to be updated. The request.params.id would still be a unique identifier that refers to an existing actor in the database as before. On a successful update, the response JSON looks like this:
{
"_id": "551322589911fefa1f656cc5",
"id": 1,
"name": "Axiomzen", "birth_year": 99, "__v": 0, "movies": []
}
Here, the response will reflect the changes we made to the data.
Deleting a movie is as simple as submitting a DELETE request to the same routes that were used earlier (specifying the ID). The actor with the appropriate id is found and then deleted:
app.delete('/actors/:id', function(req, res) {
//Remove the actor with this :id
//Respond to the client
});
If the actor with the unique id is found, it is then deleted and a response code of 204 is returned. If the actor cannot be found, a response code of 400 is returned. There is no response body for a DELETE() method; it will simply return the status code of 204 on a successful deletion.
Our final endpoints for this simple app will be as follows:
//Actor endpoints
app.get('/actors', actors.getAll);
app.post('/actors', actors.createOne);
app.get('/actors/:id', actors.getOne);
app.put('/actors/:id', actors.updateOne);
app.delete('/actors/:id', actors.deleteOne)
app.post('/actors/:id/movies', actors.addMovie);
app.delete('/actors/:id/movies/:mid', actors.deleteMovie);
//Movie endpoints
app.get('/movies', movies.getAll);
app.post('/movies', movies.createOne);
app.get('/movies/:id', movies.getOne);
app.put('/movies/:id', movies.updateOne);
app.delete('/movies/:id', movies.deleteOne);
app.post('/movies/:id/actors', movies.addActor);
app.delete('/movies/:id/actors/:aid', movies.deleteActor);
In Express 4, there is an alternative way to describe your routes. Routes that share a common URL, but use a different HTTP verb, can be grouped together as follows:
app.route('/actors')
.get(actors.getAll)
.post(actors.createOne);
app.route('/actors/:id')
.get(actors.getOne)
.put(actors.updateOne)
.delete(actors.deleteOne);
app.post('/actors/:id/movies', actors.addMovie);
app.delete('/actors/:id/movies/:mid', actors.deleteMovie);
app.route('/movies')
.get(movies.getAll)
.post(movies.createOne);
app.route('/movies/:id')
.get(movies.getOne)
.put(movies.updateOne)
.delete(movies.deleteOne);
app.post('/movies/:id/actors', movies.addActor);
app.delete('/movies/:id/actors/:aid', movies.deleteActor);
Whether you prefer it this way or not is up to you. At least now you have a choice!
We have not discussed the logic of the function being run for each endpoint. We will get to that shortly.
Express allows us to easily CRUD our database objects, but how do we model our objects?
Mongoose is an object data modeling library (ODM) that allows you to define schemas for your data collections. You can find out more about Mongoose on the project website: http://mongoosejs.com/.
To connect to a MongoDB instance using the mongoose variable, we first need to install npm and save Mongoose. The save flag automatically adds the module to your package.json with the latest version, thus, it is always recommended to install your modules with the save flag. For modules that you only need locally (for example, Mocha), you can use the savedev flag.
For this project, we create a new file db.js under /src/lib/db.js, which requires Mongoose. The local connection to the mongodb database is made in mongoose.connect as follows:
var mongoose = require('mongoose');
module.exports = function(app)
{
mongoose.connect('mongodb://localhost/movies', {
mongoose: { safe: true
}
}, function(err) { if (err)
{
return console.log('Mongoose - connection error:', err);
}
});
return mongoose;
};
In our movies database, we need separate schemas for actors and movies. As an example, we will go through object modeling in our actor database /src/models/actor.js by creating an actor schema as follows:
// /src/models/actor.js
var mongoose = require('mongoose');
var generateId = require('./plugins/generateId');
var actorSchema = new mongoose.Schema({
id: {
type: Number,
required: true,
index: {
unique: true
}
},
name: {
type: String,
required: true
},
birth_year: {
type: Number,
required: true
},
movies: [{
type : mongoose.Schema.ObjectId,
ref : 'Movie'
}]
});
actorSchema.plugin(generateId());
module.exports = mongoose.model('Actor', actorSchema);
Each actor has a unique id, a name, and a birth year. The entries also contain validators such as the type and boolean value that are required. The model is exported upon definition (module.exports), so that we can reuse it directly in the app.
Alternatively, you could fetch each model through Mongoose using mongoose.model('Actor', actorSchema), but this would feel less explicitly coupled compared to our approach of directly requiring it.
Similarly, we need a movie schema as well. We define the movie schema as follows:
// /src/models/movies.js
var movieSchema = new mongoose.Schema({
id: {
type: Number,
required: true,
index: {
unique: true
}
},
title: {
type: String,
required: true
},
year: {
type: Number,
required: true
},
actors: [{
type : mongoose.Schema.ObjectId,
ref : 'Actor'
}]
});
movieSchema.plugin(generateId());
module.exports = mongoose.model('Movie', movieSchema);
In both our movie and actor schemas, we used a plugin called generateId().
While MongoDB automatically generates ObjectID for each document using the _id field, we want to generate our own IDs that are more human readable and hence friendlier. We also would like to give the user the opportunity to select their own id of choice.
However, being able to choose an id can cause conflicts. If you were to choose an id that already exists, your POST request would be rejected. We should autogenerate an ID if the user does not pass one explicitly.
Without this plugin, if either an actor or a movie is created without an explicit ID passed along by the user, the server would complain since the ID is required.
We can create middleware for Mongoose that assigns an id before we persist the object as follows:
// /src/models/plugins/generateId.js
module.exports = function() {
return function generateId(schema){
schema.pre('validate',function(next, done) {
var instance = this;
var model = instance.model(instance.constructor.modelName);
if( instance.id == null ) {
model.findOne().sort("-id").exec(function(err,maxInstance) {
if (err){
return done(err);
} else {
var maxId = maxInstance.id || 0;
instance.id = maxId+1;
done();
}
})
} else {
done();
}
})
}
};
There are a few important notes about this code.
See what we did to get the var model? This makes the plugin generic so that it can be applied to multiple Mongoose schemas.
Notice that there are two callbacks available: next and done. The next variable passes the code to the next pre-validation middleware. That's something you would usually put at the bottom of the function right after you make your asynchronous call. This is generally a good thing since one of the advantages of asynchronous calls is that you can have many things running at the same time.
However, in this case, we cannot call the next variable because it would conflict with our model definition of id required. Thus, we just stick to using the done variable when the logic is complete.
Another concern arises due to the fact that MongoDB doesn't support transactions, which means you may have to account for this function failing in some edge cases. For example, if two calls to POST /actor happen at the same time, they will both have their IDs auto incremented to the same value.
Now that we have the code for our generateId() plugin, we require it in our actor and movie schema as follows:
var generateId = require('./plugins/generateId');
actorSchema.plugin(generateId());
Each key in the Mongoose schema defines a property that is associated with a SchemaType. For example, in our actors.js schema, the actor's name key is associated with a string SchemaType. String, number, date, buffer, boolean, mixed, objectId, and array are all valid schema types.
In addition to schema types, numbers have min and max validators and strings have enum and match validators. Validation occurs when a document is being saved (.save()) and will return an error object, containing type, path, and value properties, if the validation has failed.
We can use our anonymous or named functions as middleware. To do so, we would export our functions by calling module.exports in routes/actors.js and routes/movies.js:
Let's take a look at our routes/actors.js file. At the top of this file, we require the Mongoose schemas we defined before:
var Actor = require('../models/actor');
This allows our variable actor to access our MongoDB using mongo functions such as find(), create(), and update(). It will follow the schema defined in the file /models/actor.
Since actors are in movies, we will also need to require the Movie schema to show this relationship by the following.
var Movie = require('../models/movie');
Now that we have our schema, we can begin defining the logic for the functions we described in endpoints. For example, the endpoint GET /actors/:id will retrieve the actor with the corresponding ID from our database. Let's call this function getOne(). It is defined as follows:
getOne: function(req, res, next) { Actor.findOne({ id: req.params.id })
.populate('movies')
.exec(function(err, actor) {
if (err) return res.status(400).json(err); if (!actor) return res.status(404).json(); res.status(200).json(actor);
});
},
Here, we use the mongo findOne() method to retrieve the actor with id: req.params.id. There are no joins in MongoDB so we use the .populate() method to retrieve the movies the actor is in.
The .populate() method will retrieve documents from a separate collection based on its ObjectId.
This function will return a status 400 if something went wrong with our Mongoose driver, a status 404 if the actor with :id is not found, and finally, it will return a status 200 along with the JSON of the actor object if an actor is found.
We define all the functions required for the actor endpoints in this file. The result is as follows:
// /src/routes/actors.js
var Actor = require('../models/actor');
var Movie = require('../models/movie');
module.exports = {
getAll: function(req, res, next) {
Actor.find(function(err, actors) {
if (err) return res.status(400).json(err);
res.status(200).json(actors);
});
},
createOne: function(req, res, next) {
Actor.create(req.body, function(err, actor) {
if (err) return res.status(400).json(err);
res.status(201).json(actor);
});
},
getOne: function(req, res, next) {
Actor.findOne({ id: req.params.id })
.populate('movies')
.exec(function(err, actor) {
if (err) return res.status(400).json(err);
if (!actor) return res.status(404).json();
res.status(200).json(actor);
});
},
updateOne: function(req, res, next) {
Actor.findOneAndUpdate({ id: req.params.id }, req.body,function(err, actor) {
if (err) return res.status(400).json(err);
if (!actor) return res.status(404).json();
res.status(200).json(actor);
});
},
deleteOne: function(req, res, next) {
Actor.findOneAndRemove({ id: req.params.id }, function(err) {
if (err) return res.status(400).json(err);
res.status(204).json();
});
},
addMovie: function(req, res, next) {
Actor.findOne({ id: req.params.id }, function(err, actor) {
if (err) return res.status(400).json(err);
if (!actor) return res.status(404).json();
Movie.findOne({ id: req.body.id }, function(err, movie) {
if (err) return res.status(400).json(err);
if (!movie) return res.status(404).json();
actor.movies.push(movie);
actor.save(function(err) {
if (err) return res.status(500).json(err);
res.status(201).json(actor);
});
})
});
},
deleteMovie: function(req, res, next) {
Actor.findOne({ id: req.params.id }, function(err, actor) {
if (err) return res.status(400).json(err);
if (!actor) return res.status(404).json();
actor.movies = [];
actor.save(function(err) {
if (err) return res.status(400).json(err);
res.status(204).json(actor);
})
});
}
};
For all of our movie endpoints, we need the same functions but applied to the movie collection.
After exporting these two files, we require them in app.js (/src/lib/app.js) by simply adding:
require('../routes/movies'); require('../routes/actors');
By exporting our functions as reusable middleware, we keep our code clean and can refer to functions in our CRUD calls in the /routes folder.
Mocha is used as the test framework along with should.js and supertest. Testing supertest lets you test your HTTP assertions and testing API endpoints.
The tests are placed in the root folder /test. Tests are completely separate from any of the source code and are written to be readable in plain English, that is, you should be able to follow along with what is being tested just by reading through them. Well-written tests with good coverage can serve as a readme for its API, since it clearly describes the behavior of the entire app.
The initial setup to test our movies API is the same for both /test/actors.js and /test/movies.js:
var should = require('should'); var assert = require('assert');
var request = require('supertest');
var app = require('../src/lib/app');
In src/test/actors.js, we test the basic CRUD operations: creating a new actor object, retrieving, editing, and deleting the actor object. An example test for the creation of a new actor is shown as follows:
describe('Actors', function() {
describe('POST actor', function(){
it('should create an actor', function(done){
var actor = {
'id': '1',
'name': 'AxiomZen', 'birth_year': '2012',
};
request(app)
.post('/actors')
.send(actor)
.expect(201, done)
});
We can see that the tests are readable in plain English. We create a new POST request for a new actor to the database with the id of 1, name of AxiomZen, and birth_year of 2012. Then, we send the request with the .send() function. Similar tests are present for GET and DELETE requests as given in the following code:
describe('GET actor', function() {
it('should retrieve actor from db', function(done){
request(app)
.get('/actors/1')
.expect(200, done);
});
describe('DELETE actor', function() {
it('should remove a actor', function(done) {
request(app)
.delete('/actors/1')
.expect(204, done);
});
});
To test our PUT request, we will edit the name and birth_year of our first actor as follows:
describe('PUT actor', function() {
it('should edit an actor', function(done) {
var actor = {
'name': 'ZenAxiom',
'birth_year': '2011'
};
request(app)
.put('/actors/1')
.send(actor)
.expect(200, done);
});
it('should have been edited', function(done) {
request(app)
.get('/actors/1')
.expect(200)
.end(function(err, res) {
res.body.name.should.eql('ZenAxiom');
res.body.birth_year.should.eql(2011);
done();
});
});
});
The first part of the test modifies the actor name and birth_year keys, sends a PUT request for /actors/1 (1 is the actors id), and then saves the new information to the database. The second part of the test checks whether the database entry for the actor with id 1 has been changed. The name and birth_year values are checked against their expected values using .should.eql().
In addition to performing CRUD actions on the actor object, we can also perform these actions to the movies we add to each actor (associated by the actor's ID). The following snippet shows a test to add a new movie to our first actor (with the id of 1):
describe('POST /actors/:id/movies', function() {
it('should successfully add a movie to the actor',function(done) {
var movie = {
'id': '1',
'title': 'Hello World',
'year': '2013'
}
request(app)
.post('/actors/1/movies')
.send(movie)
.expect(201, done)
});
});
it('actor should have array of movies now', function(done){
request(app)
.get('/actors/1')
.expect(200)
.end(function(err, res) {
res.body.movies.should.eql(['1']);
done();
});
});
});
The first part of the test creates a new movie object with id, title, and year keys, and sends a POST request to add the movies as an array to the actor with id of 1. The second part of the test sends a GET request to retrieve the actor with id of 1, which should now include an array with the new movie input.
We can similarly delete the movie entries as illustrated in the actors.js test file:
describe('DELETE /actors/:id/movies/:movie_id', function() {
it('should successfully remove a movie from actor', function(done){
request(app)
.delete('/actors/1/movies/1')
.expect(200, done);
});
it('actor should no longer have that movie id', function(done){
request(app)
.get('/actors/1')
.expect(201)
.end(function(err, res) {
res.body.movies.should.eql([]);
done();
});
});
});
Again, this code snippet should look familiar to you. The first part tests that sending a DELETE request specifying the actor ID and movie ID will delete that movie entry. In the second part, we make sure that the entry no longer exists by submitting a GET request to view the actor's details where no movies should be listed.
In addition to ensuring that the basic CRUD operations work, we also test our schema validations. The following code tests to make sure two actors with the same ID do not exist (IDs are specified as unique):
it('should not allow you to create duplicate actors', function(done) {
var actor = {
'id': '1',
'name': 'AxiomZen',
'birth_year': '2012',
};
request(app)
.post('/actors')
.send(actor)
.expect(400, done);
});
We should expect code 400 (bad request) if we try to create an actor who already exists in the database.
A similar set of tests is present for tests/movies.js. The function and outcome of each test should be evident now.
In this article, we created a basic API that connects to MongoDB and supports CRUD methods. You should now be able to set up an API complete with tests, for any data, not just movies and actors!
We hope you found that this article has laid a good foundation for the Express and API setup.
To learn more about Express.js, the following books published by Packt Publishing (https://www.packtpub.com/) are recommended:
Further resources on this subject: