🚀 JavaScript - Partie 8

Backend Node.js Avancé | Serveurs, WebSockets, Sécurité, Microservices, Docker

⚡ Niveau Backend Architect
0%

1. Serveur HTTP Haute Performance Core

Créez des serveurs optimisés avec clustering et compression.

// Cluster Node.js pour utiliser tous les CPU const cluster = require('cluster'); const http = require('http'); const numCPUs = require('os').cpus().length; if (cluster.isMaster) { console.log(`Master ${process.pid} démarre`); for (let i = 0; i < numCPUs; i++) cluster.fork(); cluster.on('exit', (worker) => console.log(`Worker ${worker.process.pid} mort`)); } else { http.createServer((req, res) => { res.writeHead(200); res.end('Hello world\n'); }).listen(8000); } // Compression avec gzip const compression = require('compression'); app.use(compression({ level: 6, threshold: 1024 })); // Rate limiting const rateLimit = require('express-rate-limit'); const limiter = rateLimit({ windowMs: 15 * 60 * 1000, max: 100 }); app.use('/api', limiter);
🖥️ Simulation Serveur Haute Performance

2. WebSocket & Socket.io Realtime

Applications temps réel avec Socket.io.

// Serveur Socket.io const socketIO = require('socket.io'); const io = socketIO(server, { cors: { origin: '*' } }); io.on('connection', (socket) => { console.log('Nouveau client:', socket.id); socket.on('message', (data) => { io.emit('broadcast', { user: socket.id, message: data }); }); socket.on('typing', () => { socket.broadcast.emit('user-typing', socket.id); }); socket.on('disconnect', () => { console.log('Client déconnecté'); io.emit('user-left', socket.id); }); }); // Client const socket = io('http://localhost:3000'); socket.emit('message', 'Hello World!'); socket.on('broadcast', (data) => console.log(data));
💬 Chat Temps Réel (Simulation)
🔌 Serveur WebSocket démarré sur port 3000

3. Authentification JWT & Sessions Security

Sécurisez vos APIs avec JWT, bcrypt, et OAuth.

// JWT Authentication const jwt = require('jsonwebtoken'); const bcrypt = require('bcrypt'); // Hashage de mot de passe const saltRounds = 10; const hashedPassword = await bcrypt.hash(password, saltRounds); const isValid = await bcrypt.compare(inputPassword, hashedPassword); // Génération JWT const token = jwt.sign( { userId: user.id, email: user.email, role: user.role }, process.env.JWT_SECRET, { expiresIn: '24h' } ); // Middleware d'authentification function authenticateToken(req, res, next) { const authHeader = req.headers['authorization']; const token = authHeader && authHeader.split(' ')[1]; if (!token) return res.sendStatus(401); jwt.verify(token, process.env.JWT_SECRET, (err, user) => { if (err) return res.sendStatus(403); req.user = user; next(); }); } // Refresh Token const refreshTokens = []; app.post('/refresh', (req, res) => { const refreshToken = req.body.token; if (!refreshTokens.includes(refreshToken)) return res.sendStatus(403); const newToken = jwt.sign({ user: req.user }, process.env.JWT_SECRET); res.json({ token: newToken }); });
🔐 Simulation Authentification

4. Base de Données Avancée Database

Connection pools, transactions, migrations, ORM/ODM.

// Connection Pool (PostgreSQL) const { Pool } = require('pg'); const pool = new Pool({ user: 'user', password: 'pass', host: 'localhost', database: 'mydb', max: 20, idleTimeoutMillis: 30000 }); // Transaction const client = await pool.connect(); try { await client.query('BEGIN'); await client.query('INSERT INTO users (name) VALUES ($1)', ['Alice']); await client.query('UPDATE accounts SET balance = balance - $1', [100]); await client.query('COMMIT'); } catch(e) { await client.query('ROLLBACK'); } finally { client.release(); } // Migration (exemple simple) const migrations = [ 'CREATE TABLE IF NOT EXISTS users (id SERIAL, name TEXT)', 'ALTER TABLE users ADD COLUMN email TEXT', 'CREATE INDEX idx_users_name ON users(name)' ]; async function runMigrations() { for (const sql of migrations) await pool.query(sql); } // MongoDB avec transactions const session = await mongoose.startSession(); session.startTransaction(); try { await User.create([{ name: 'Alice' }], { session }); await Order.create([{ userId: alice._id }], { session }); await session.commitTransaction(); } catch(e) { await session.abortTransaction(); } finally { session.endSession(); }
🗄️ Simulation Base de Données

5. Sécurité Avancée Security

Helmet, CORS, XSS protection, SQL injection, CSRF.

// Helmet - Sécurise les headers HTTP const helmet = require('helmet'); app.use(helmet()); app.use(helmet.contentSecurityPolicy({ directives: { defaultSrc: ["'self'"], styleSrc: ["'self'", "'unsafe-inline'"] } })); // CORS configuration const cors = require('cors'); app.use(cors({ origin: ['https://monapp.com', 'https://admin.monapp.com'], methods: ['GET', 'POST', 'PUT', 'DELETE'], allowedHeaders: ['Content-Type', 'Authorization'], credentials: true, maxAge: 86400 })); // Validation des entrées avec Joi const Joi = require('joi'); const userSchema = Joi.object({ name: Joi.string().min(3).max(30).required(), email: Joi.string().email().required(), age: Joi.number().integer().min(0).max(150) }); // Prévention SQL injection (paramètres préparés) const safeQuery = 'SELECT * FROM users WHERE email = $1'; await pool.query(safeQuery, [userEmail]); // CSRF Protection const csrf = require('csurf'); app.use(csrf({ cookie: true })); app.get('/form', (req, res) => res.json({ csrfToken: req.csrfToken() }));
🛡️ Simulation Sécurité

6. Logging & Monitoring Observability

Winston, Morgan, ELK stack, métriques Prometheus.

// Winston - Logging avancé const winston = require('winston'); const logger = winston.createLogger({ level: 'info', format: winston.format.json(), transports: [ new winston.transports.File({ filename: 'error.log', level: 'error' }), new winston.transports.File({ filename: 'combined.log' }), new winston.transports.Console({ format: winston.format.simple() }) ] }); // Morgan - HTTP logging const morgan = require('morgan'); app.use(morgan('combined')); app.use(morgan(':method :url :status :response-time ms')); // Métriques Prometheus const client = require('prom-client'); const httpRequestDuration = new client.Histogram({ name: 'http_request_duration_seconds', help: 'Duration of HTTP requests in seconds', labelNames: ['method', 'route', 'status_code'] }); app.use((req, res, next) => { const end = httpRequestDuration.startTimer(); res.on('finish', () => { end({ method: req.method, route: req.route?.path, status_code: res.statusCode }); }); next(); });
📊 Simulation Logging & Monitoring

7. Architecture Microservices Microservices

Message brokers, API Gateway, Service Discovery.

// RabbitMQ / AMQP const amqp = require('amqplib'); async function setupRabbitMQ() { const connection = await amqp.connect('amqp://localhost'); const channel = await connection.createChannel(); await channel.assertQueue('orders'); // Publisher channel.sendToQueue('orders', Buffer.from(JSON.stringify(order))); // Consumer channel.consume('orders', (msg) => { const order = JSON.parse(msg.content.toString()); console.log('Reçu:', order); channel.ack(msg); }); } // API Gateway avec express-gateway const gateway = require('express-gateway'); gateway().run({ apiEndpoints: { users: { host: 'users-service:3001' }, orders: { host: 'orders-service:3002' } }, policies: ['proxy', 'rate-limit', 'jwt'], pipelines: { users: { apiEndpoints: ['users'], policies: [{ jwt: {} }, { proxy: {} }] } } }); // Service Discovery avec Consul const consul = require('consul')(); consul.agent.service.register({ name: 'user-service', address: 'localhost', port: 3001, check: { http: 'http://localhost:3001/health', interval: '10s' } });
🏗️ Simulation Microservices

8. Docker & Containerisation DevOps

Dockerfile, docker-compose, multi-stage builds.

# Dockerfile pour Node.js FROM node:18-alpine AS builder WORKDIR /app COPY package*.json ./ RUN npm ci --only=production FROM node:18-alpine RUN apk add --no-cache tini USER node WORKDIR /app COPY --from=builder --chown=node:node /app/node_modules ./node_modules COPY --chown=node:node . . EXPOSE 3000 ENTRYPOINT ["/sbin/tini", "--"] CMD ["node", "server.js"] # docker-compose.yml version: '3.8' services: api: build: . ports: ["3000:3000"] environment: { NODE_ENV: production, DB_URL: postgresql://db:5432/mydb } depends_on: [db, redis] db: image: postgres:15 environment: { POSTGRES_PASSWORD: secret } volumes: [pgdata:/var/lib/postgresql/data] redis: image: redis:7-alpine ports: ["6379:6379"] volumes: { pgdata: }
🐳 Simulation Docker

9. Tests Backend Testing

Supertest, Jest, Mocking, Test containers.

// Supertest - Test API const request = require('supertest'); const app = require('../app'); describe('User API', () => { test('GET /api/users', async () => { const response = await request(app) .get('/api/users') .expect(200) .expect('Content-Type', /json/); expect(response.body).toHaveProperty('users'); expect(Array.isArray(response.body.users)).toBe(true); }); test('POST /api/users', async () => { const newUser = { name: 'Alice', email: 'alice@test.com' }; const response = await request(app) .post('/api/users') .send(newUser) .expect(201); expect(response.body.name).toBe('Alice'); }); }); // Mock de base de données jest.mock('../db', () => ({ query: jest.fn().mockResolvedValue({ rows: [{ id: 1, name: 'Test' }] }) })); // Test containers (Docker) const { GenericContainer } = require('testcontainers'); const container = await new GenericContainer('postgres:15') .withExposedPorts(5432) .start();
🧪 Simulation Tests Backend

10. Mini-projet : API REST Complète Project

API RESTful avec authentification, validation, logging, et documentation.

🛠️ API TaskMaster Pro (Backend complet)
GET /api/tasks
POST /api/tasks
PUT /api/tasks/:id
DELETE /api/tasks/:id
POST /api/auth/login
POST /api/auth/register

11. Déploiement Production Deployment

PM2, Nginx reverse proxy, Load balancing, Monitoring.

# PM2 - Process Manager pm2 start server.js -i max --name "api" pm2 save pm2 startup pm2 logs api pm2 monit # Nginx Reverse Proxy server { listen 80; server_name api.monapp.com; location / { proxy_pass http://localhost:3000; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection 'upgrade'; proxy_set_header Host $host; proxy_cache_bypass $http_upgrade; } } # Load Balancing avec PM2 pm2 start server.js -i 4 pm2 scale api 8 # Health check endpoint app.get('/health', (req, res) => { const health = { status: 'UP', timestamp: new Date(), uptime: process.uptime(), memory: process.memoryUsage(), version: process.version }; res.json(health); });
🚀 Simulation Production

🏆 Compétences acquises - Backend Avancé

✅ Serveur HTTP haute performance (clustering, rate limiting)
✅ WebSocket & Socket.io (temps réel)
✅ Authentification JWT & Sessions
✅ Base de données (pools, transactions, migrations)
✅ Sécurité (Helmet, CORS, validation)
✅ Logging & Monitoring (Winston, Prometheus)
✅ Microservices (RabbitMQ, API Gateway)
✅ Docker & Containerisation
✅ Tests backend (Supertest, mocks)
✅ Déploiement (PM2, Nginx, load balancing)

📚 Ressources pour aller plus loin :

  • 🔗 NestJS - Framework backend modulaire (TypeScript)
  • 🔗 Fastify - Alternative plus rapide à Express
  • 🔗 GraphQL avec Apollo Server
  • 🔗 gRPC pour microservices haute performance
  • 🔗 Kafka - Streaming d'événements
  • 🔗 Kubernetes - Orchestration de conteneurs