5 articles found
Middleware is how Express works. Not just a feature of it -- it is the whole thing. This is the talk I give to every new hire: the five middleware types, execution order, why next() trips everyone up, async error handling, and the patterns we actually use in production.
I shipped JWT auth with tokens that never expired, stored in localStorage, to production. This is the post-mortem. Covers JWT structure, why your token strategy probably has holes, access and refresh tokens done right, password hashing with bcrypt, and the storage debate that never ends.
I spent a solid week tightening security on an Express app and wrote down everything that tripped me up — rate limiting, security headers, CORS, input sanitization, and cookie hardening. This is that list, dressed up as a blog post.
A frustration-driven tutorial on handling file uploads in Express.js with Multer. What went wrong, why it went wrong, and the actual config that fixed it -- covering storage engines, file filtering, size limits, image resizing with Sharp, and uploading to S3.
Every Express tutorial ends at app.get('/hello'). Here's what I've actually learned shipping Express APIs to production -- project layout, error handling that doesn't make you cry, validation, and the middleware patterns our team relies on.