Trying my hand at the MEAN stack.

mean 2-c6c9d2d665

I came up with the idea for a web application a while back but have been procrastinating around actually building it. I initially was going to build it using my bread and butter languages and frameworks (namely C#, ASP.Net, Entity Framework etc) but I’ve been hearing about this MEAN stack and wanted to broaden my horizons in the web dev world.

I have used Linux and OSX (I’m currently mostly using a Macbook right now) before and I am used to the Bash shell and have also used MySQL before so I wasn’t coming from a completely Microsoft focused point of view.

I have also been using JavaScript for years and lately been using more and more JavaScript frameworks in my commercial projects, like JQuery, Bootstrap and Knockout.

All this stood me in good stead for jumping into the NodeJS and Angular world and getting started creating this web app on the MEAN stack.

As a predominately Microsoft focused developer in my commercial career, moving over to creating an application on the MEAN stack  was a slow process and I was definitely less productive in getting the basics of my application up and running at first.  However in spite of this I was pleasantly surprised at how easy the MEAN stack was to get to grips with and how abundant the information was out on the web to help you get up and running.

I wanted to write down my rough experience of someone coming from the .Net world into the MEAN stack and which technologies I struggled with and which I needed to read up on.

What is this MEAN stack?

MEAN stands for MongoDB, Express, Angular and NodeJS.  MongoDB is the document database where all my data is persisted. Express is a NodeJS web server for serving up my REST API and my we front end. Angular is the popular client side web framework for building my application out and NodeJS is a server side JavaScript framework.

What should I get to know?

Bash shell

The main thing to brush up on is using the Bash shell to get your work done. Whether this is starting your NodeJS server, connecting to MongoDB or committing your changes to GitHub make sure your comfortable at the command line.

Package management.

Just like Nuget in .Net there are package managers in the MEAN world. Mainly you need to know NPM for node packages and every Node module you use will be installed with NPM.

Bower is used for installing client side frameworks into your project. I used this to install Angular, JQuery and Bootstrap.

What I did was split my projects into two. My backend services and my front end client. I used NPM for my backends libraries and Bower for my front end libraries. This seems to work well.

You will then need to learn the obvious technologies; MongoDB, Express, Angular and Node. There will also be external libraries like bcrypt that you will need to learn for encrypting and hashing passwords and sensitive data. A must for web applications.

Getting started with MongoDB

The first thing I needed to do was download MongoDB and install it on my local machine. This step probably took the longest as I needed to learn how to setup and connect to the database from my MacBook.  I then needed to learn to use the Mongoose library to persists my models in the databases. Coming from a RDBMS background I had to also get my head around the document storage approach to persistence. I already had some knowledge around this so it didn’t take long.

Build an API with NodeJS

My architecture approach was going to be service based. I built an API using Express and NodeJS and this was going to serve up all my data to the client. The client was then going to just make HTTP calls to the API from my Angular controllers.

I needed to learn about routing in express and how to load and save documents to MongoDB with Mongoose.

Authentication with Passport.

My next biggest problem was how to do authentication. I wanted to provide a simple form based login option and also provide and option to login with a Facebook account. I used the Passport library for NodeJS which supports most authentication methods around today.

I followed this great article series by Scott Smith that helped me get started with my CRUD and authentication pieces.

I chose to just use Basic Auth with HTTPS to start with and I integrated Facebook authentication on top to allow a user to create an account with their Facebook login details.

When the user hits the client Facebook login they are first  authenticated with Facebook and my application gets back a user id and other details about the user. My front end then calls an endpoint in my API that checks whether the user has previously registered, if they have it redirects them to their dashboard. If not they are redirected to a register page where they can enter a password and an account is then created in the database for them.

This all has to be over HTTPS as with basic auth the credentials are passed with each request. The password are also hashed within the database using the bcrypt library.

Front end development with Angular.

I did a great Pluralsight course on Angular fundamentals so I was up to speed on the basics of Angular. In my client I created controllers that make HTTP calls to my REST API and my dashboard page is essentially a single page application (SPA) with various components making calls to the API.  This is a basic service architecture and later means I can add OAuth authentication on my service layer and allow other clients to connect to it.

Continuous deployment, GitHub and Docker.

I wanted top get my basic application lifecycle management in place so I can version and deploy my source code into dev and production environments.

I chose to host my application on Azure as I was pretty comfortable with it and I had an account. Azure has great support for GitHub and Docker so I decided to use those to deploy my application.

First I wanted to setup my dev environment with CI. I created two GitHub repositories, one for my API project and one for my client front end. I decided to keep them as separate modules that can be deployed individually. This avoids tight coupling within my applications CI strategy.

I decided to use Azure WebSites to host my dev environment as the CI support for GitHub is excellent. I just needed to point my websites to the GitHub repository and each time I pushed a commit it would deploy the changes and even start my Node servers automatically.

For production I decided to use Docker containers. I created a Linux VM with Docker support in Azure then created a Bash build script that automatically SSHs into the VM, does a git pull to get latest code then builds and runs the docker container which stands up the Node servers.

This seems to be a good approach so far, as I build out the application I will update on the things I find that may be of interest to anyone moving to the MEAN stack.


Azure AD JavaScript authentication tutorial series (Part 1)

I have put together a video tutorial series that goes through step by step a full end to end solution that shows how to authenticate an Azure AD Web API application from JavaScript code using the adal.js library.

Now days I am finding myself designing my applications to use a web service layer to serve up data from data stores.  Providing REST API endpoints on top of your data gives alot of benefits when it comes to integrating your data across different client applications. JavaScript runs pretty much everywhere now and it’s the to go to language to build client side apps so accessing your REST endpoints from JavaScript is a really appealing solution and this is why pretty much everyone is doing JavaScript and REST now.

The JavaScript ecosystem today is massive with libraries to help you build pretty comprehensive applications. When I am building SharePoint Add-Ins I tend to expose the data using Web API and stick to using JavaScript in the application to render the data and build out the UI. Most if the time there is no need for server side code inside my client application.

Inevitably you will want to secure your web service layer at some point and if your are building on the Azure platform, then Azure AD is a great OAuth solution.

It is especially a good solution if you are building SharePoint Add-Ins in Office 365. When you are logged into your Office 365 SharePoint site you have already authenticated against your Azure AD and as long as you deploy your applications to the same Azure AD instance then you get automatically authenticated when accessing your Web API layer.

When building these apps I found that there was plenty of examples on authenticating from C# code but I found the examples lacking if I just wanted to use JavaScript to authenticate against my Web API.

The adal.js library comes in very handy here but I found all the examples were based around using it with Angular. Although Angular is a great framework for building client side apps I found most of the time it was overkill for what I wanted to do.  So these set of videos show how you might want to design and build a client side application and in this case a SharePoint Add-In that uses Azure AD authentication, Web API, JavaScript and TypeScript.

The general architecture looks like this.



The first video is up and it shows how to create a SQL Azure database, create a Web API layer and how to model and scaffold the data using Entity Framework.


Building Microservices

Book Review Building MicroservicesI haven’t done a book review in a while but I have just finished reading Building Microservices by Sam Newman and felt it deserved one.

Firstly I have to say I enjoyed reading this book from front to back. I found the chapters and subjects to be in depth enough to give a good understanding of the ideas but not too long to be overwhelming or tedious. I felt the book flowed from one chapter to another and kept me interested throughout.

I found this book to cover enough information to give some good ideas about designing and architecting systems using a microservice approach and gave good further reading links to follow up on any subjects that you may want to read more on.

The book starts off by giving an overview of what a microservice is and what it isn’t. It explains that a microservice should be small and focused on doing just one thing and doing it well. The book also does a good job of giving examples and also defining what a microservice shouldn’t be giving examples of stuff like shared databases and shared libraries which could introduce tight coupling to your systems.

The next subject is explaining the concept of the evolutionary architect and how architects should think of themselves as town planners instead of the traditional metaphor we take in comparing software architects to contruction architects and how we should think of service boundaries as zones like zoning in a town.

Bounded contexts get a mention and the book explains how we should model our service boundaries around existing business boundaries. It explains we should focus on loose coupling and high cohesion when designing our services.

Midway through the book it takes a turn into a more infrastructure focused ideas and explains the concepts of setting up your deployment environment using VM’s and containers. It touches on continuous deployments and continuous delivery ideas and explains how you might want to setup such an environment to facilitate your development cycles. It uses the ideas of fail fast with feedback and explains how monitoring of your whole environment will give you a higher degree of insight into the health of your system and the quality of your software.

There are lots of other concepts explained in the book and I find it does a good job of calling out good tools and libraries that can help in getting your whole microservice environment up and running.

Although a lot of the ideas explained in the book could be overkill for some smaller systems and im not sure microservices are the right approach in all scenarios. I definitely think when thinking about designing large scalable systems the microservice approach is definitely worth looking at. The good thing is the ideas explained in the book are not an all or nothing approach you can cherry pick the ideas and concepts that suit your system or environment.

All software developers and architects should check out this book if you have any dealing with designing and building services. I would definitely recommend it as a good read.

Paperback, 280 pages

Published February 20th 2015 by O’Reilly Media

ISBN: 1491950358 (ISBN13: 9781491950357)