BACKEND APPLICATION DEVELOPMENT

SWDBD401
Develop a Backend Application using Node Js

Competence
RQF Level: 4 Learning Hours
100
Credits: 10

Sector: ICT and Multimedia

Trade: Software Development

Module Type: Specific

Curriculum: ICTSWD4002 – TVET Certificate IV in Software Development

Copyright: © Rwanda TVET Board, 2023

1200 Issue Date: September 2023

1|Page
Purpose statement This module describes the skills, knowledge and attitude required to
develop a backend application using NodeJS. This module is intended to
prepare students pursuing TVET Level 4 in Software Development. At the
end of this module the student will be able to develop RESTFUL APIs with
Node JS, secure, test and manage backend application
Learning assumed ▪ Apply Network Fundamentals
to be in place ▪ Develop a Database
▪ Design Backend Application
▪ Apply Data Structure and Algorithm Fundamentals using JavaScript
Delivery modality Training delivery 100% Assessment Total 100%

Theoretical content 30% 30%

Practical work:
Group project and 20% Formative
50%
presentation 70% assessment 70%
Individual project 50%
/Work
Summative Assessment 50%

2|Page
 Elements of Competence and Performance Criteria

Elements of Performance criteria

competence
1.1 Development environment is properly arranged based on coding
architecture methodology

[Link]
1.2 Server and database connection are properly established according to
RESTFUL APIs
development environment
with Node JS

1.3 RESTFUL APIs are effectively implemented based on backend

functionalities

2.1 Data encryption is correctly applied based on system security

2.2 Third-party libraries are carefully checked based on system security

[Link]
Backend
2.3 User Authentication, Authorization and Accountability (AAA) are
Application
carefully applied based on NPM Universal Access Control (UAC)

2.4 Environment variables are carefully Secured according to system security

3.1 Unit tests are appropriately conducted based on software testing

techniques
3. Test Backend
Application 3.2 Usability is correctly tested according to expected results

3.3 Security is properly tested based on system threats

4.1 Application is appropriately deployed based on FURPS requirements

[Link]
Backend 4.2 Backend is effectively maintained according to the system Functionalities
Application
4.3 Application documentation is properly generated according to the

3|Page
 system backend

Intended Knowledge, Skills and Attitude

Knowledge Skills Attitude

✓ Describe [Link] Key ✓ Install Node Js Modules and ✓ Team work
Concepts packages ✓ Be critical thinker
✓ Describe API ✓ Connect node Js to the ES5 ✓ Being Innovative
✓ Describe data encryption in or ES6 server ✓ Being creative
securing RESTFUL APIs ✓ Establish database ✓ Practical oriented
✓ Describe Environment connection ✓ Detail oriented
Variables ✓ Develop RESTFUL APIs ✓ Be honesty
✓ Use of Middleware services ✓ Passion for Learning
✓ Perform CRUD operations ✓ Problem-Solving Mindset
using MySQL Database ✓ Collaboration and
✓ Use HTTP Status code Communication
✓ Integrate and use Third- ✓ Attention to Security
Party Libraries ✓ Ethical Coding
✓ Maintain and Update third-
Party libraries
✓ Implement Authentication,
Authorization and
Accountability
✓ Manage Environment
Variables
✓ Test Backend Application

Course content

Learning outcomes At the end of the module the learner will be able to:

1. Develop RESTFUL APIs with Node JS

2. Secure Backend Application

3. Test Backend Application

4. Manage Backend Application

Learning outcome 1: Develop RESTFUL APIs with Node JS Learning hours: 45

4|Page
 Indicative content

• Setup Node. Js Environment

✓ Description of [Link] Key Concepts

[Link]

Routes

NPM

Express Js

Backend Application

Class

Object

Method

Properties

Dependencies

APIs

Postman

Nodemon

DBMS (SQL Based, NoSQL Based)

✓ Installation of Node Js Modules and packages

[Link] and NPM

Express Js

Postman

Nodemon

5|Page
 ✓ Configuration of MySQL Server

• Connection of Node Js to the ES5 or ES6 server

✓ Creation of basic server with Express Js

✓ Application of Client Libraries

HTTP

HTTPs

Axios

Request

✓ Establishment of server connection

Setup Connection parameters

Create / send Request

Handle the response

✓ Test of Server Connection

• Establishment of database connection

✓ Create Database

✓ Schema Setup

✓ Configure Database Connection

✓ Test Database Connection

• Develop RESTFUL APIs

✓ Define endpoints and HTTP Methods

Create POST End Point

Create all Items GET endpoint

Create specific ID GET endpoint

6|Page
 Create PUT endpoint

Create DELETE endpoint

✓ Implementation of API endpoints

✓ Use of Middleware services

Types of middleware services

Error Handling

Logging

Input validation

✓ Perform CRUD operations using MySQL Database

✓ Use HTTP Status code

✓ Debugging RESTFUL APIs

Resources required for the learning outcome

Equipment ▪ Computer

Materials ▪ Internet

▪ Books

▪ Tutorials

▪ Code samples

▪ Online communities

Tools ▪ Browser

▪ NodeJS

▪ ExpressJs IDE

7|Page
 ▪ Text Editor

▪ Node Packages

▪ MySQL Workbench

▪ Postman

▪ Swagger

▪ MochaNodemon

Facilitation ▪ Brainstorming
techniques ▪ Group Discussion
▪ Jig Saw
▪ Demonstration Visual Aids
Formative ▪ Written assessment
assessment methods ▪ Performance
/(CAT) ▪ Oral assessment

Learning outcome 2: Secure Backend Application Learning hours: 20

Indicative content

• Data encryption in securing RESTFUL APIs

✓ Introduction to data encryption

Types of data encryption

Encryption techniques

Benefits and importance of data encryption

✓ Steps in securing RESTFUL APIs

8|Page
 Install the crypto module

Create a key for encryption

Use the key to encrypt data

Convert the data to a buffer

Encrypt the data

Store the encrypted data

• Integrating and Using Third-Party Libraries

✓ Installing Node Js Package Manager (NPM)

✓ Incorporating common [Link] third-party libraries

Express

Lodash

[Link]

✓ Interacting with third-party libraries

Callbacks

Promises

async/await

• Maintaining and Updating Third-Party Libraries

✓ Monitoring of library dependencies and version numbers

Package. Json

Npm-shrinkwrap. json

9|Page
 ✓ Checking for library updates and security vulnerabilities using tools

NPM outdated

NPM audit

Snyk

✓ Updating third-party libraries safely

Versioning

semver rules

✓ Strategies for managing and testing library updates

staging environments

Version control systems.

• Implementation of Authentication

✓ Principles of authentication

✓ Role of authentication in system security

✓ Implementing user authentication in [Link] using frameworks

Passport

JWT (JSON Web Tokens)

Social Auth. (Google, Facebook, …)

✓ Using authentication middleware to protect routes and resources

✓ Best practices for password storage and handling sensitive data

• Implementation of Authorization

10 | P a g e
 ✓ Principles of authorization

✓ Role of authorization in system security

✓ Implementing role-based and attribute-based access control in [Link]

✓ Using authorization middleware to manage user permissions

✓ Implementing custom authorization logic for specific use cases

• Implementation of Accountability

✓ Principles of accountability

✓ Roles of Accountability in system security

✓ Implementing logging and auditing features in [Link] using popular libraries

Winston

Morgan

✓ Logs management

Best practices for securely storing log data and protecting it from unauthorized
access

Audit logs to detect security events and system errors

• Secure Environment Variables

✓ Types of information stored in environment variables

Database credentials

API keys

Encryption keys

11 | P a g e
 ✓ Potential security risks of storing sensitive information in environment variables

✓ Best practices for managing and securing environment variables in [Link]

✓ Implementing security measures for protecting environment variables

Encrypting secrets

Decrypting secrets

✓ Storing environment variables in a secure location

key management service

a. env file

✓ Management and loading environment variables in [Link] applications using dotenv

✓ Best practices for safely passing environment variables to other services and
applications

• Monitor and Manage Environment Variables

✓ Implementing logging and auditing features to detect unauthorized access to

environment variables

✓ Monitoring changes to environment variables and detecting any suspicious activity

✓ Best practices for managing and rotating environment variables to prevent data
breaches

Resources required for the indicative content

Equipment ▪ Computer

Materials ▪ Internet

▪ Books

12 | P a g e
 ▪ Tutorials

▪ Code samples

▪ Online communities

Tools ▪ Browser

▪ [Link]

▪ Text Editor

▪ Express. Js

▪ Postman

▪ Git

▪ Swagger

▪ Middleware services and libraries

Facilitation ▪ Brainstorming
techniques ▪ Group Discussion
▪ Jig Saw
▪ Demonstration Visual Aids
Formative ▪ Written assessment
assessment methods ▪ Performance
/(CAT) ▪ Oral assessment

Learning outcome 3: Test Backend Application Learning hours: 20

Indicative content

13 | P a g e
 • Implementation of Unit testing
✓ Introduction to unit tests
Importance of Unit Testing

Unit Testing Process

Unit Testing tools

Frameworks

Libraries

✓ Mocha Testing Framework

Installation and Configuration

Writing Unit tests

Running Tests

✓ Chai assertion library

Installation and configuration

Writing assertions

Chai Expect and Should APIs

✓ Monitor Test results

• Implementation of Usability testing
✓ Introduction to Usability tests
Importance of Usability Testing

Usability Testing Process

Usability Testing tools

✓ Postman Testing Tool

14 | P a g e
 Installation of Postman

Create a collection

Define Request

Write test Cases

Run tests

Iterate and improve

✓ Puppeteer Testing Tool

Installation of Puppeteer

Define test scenarios

Automate user interaction

Measure page performance

Test accessibility
Generate Report
• Implementation of Security Testing
✓ Introduction [Link] Security
Injection Attacks

Broken Authentication and Session Management

Cross-Site Scripting (XSS)

Cross-Site Request Forgery (CSRF)

Security Misconfiguration

Insecure Cryptographic Storage

15 | P a g e
 Insufficient Authorization

Insufficient Logging and Monitoring

✓ Tools for Security Testing in [Link]

Overview of Security Testing Tools

Static Analysis Tools

Dynamic Analysis Tools

Testing Frameworks (Open Worldwide Application Security Project, Mocha, Chai)

✓ Secure Coding Practices in [Link]

✓ Testing Techniques for [Link] Security

✓ Best Practices for [Link] Security Testing

Security Testing Lifecycle

Reporting Security Vulnerabilities

Remediation and Mitigation

Compliance and Regulations

✓ Implement of Security Testing in Nodejs
Implement Authentication and Authorization
Test input validation
Use SSL / TLS encryption

Test Error Handling

Regularly update dependencies

✓ Application of Penetration Testing steps
Identification scope of the test

16 | P a g e
 Gathering API Information

Identify Vulnerabilities

Perform manual testing

Document findings

Remediate Vulnerabilities

Re-test

✓ Perform penetration Testing using OWASP

Installation of OWASP tool

Perform scan

Exploit vulnerabilities

Interpret Scan report

Document results

Resources required for the indicative content

Equipment ▪ Computer

Materials ▪ Internet

▪ Books

▪ Tutorials

▪ Code samples

▪ Online communities

17 | P a g e
Tools ▪ Browser

▪ [Link]

▪ Text Editor

▪ Express. Js

▪ Postman

▪ Mocha

▪ Chai

▪ SuperTest

▪ Sinon
▪ Istanbul
▪ Newman
Facilitation ▪ Brainstorming
techniques ▪ Group Discussion
▪ Jig Saw
▪ Demonstration Visual Aids
Formative ▪ Written assessment
assessment methods ▪ Performance
/(CAT) ▪ Oral assessment

18 | P a g e
Learning outcome 4: Manage Backend Application Learning hours: 15

Indicative content

• Preparation of deployment Environment

✓ Description of NodeJS application deployment

✓ Types of NodeJS application deployment

Manual Deployment

Continuous Deployment

Docker-based deployment

✓ NodeJS Application Deployment tools

NodeJS Runtime

Package Manager

Operating system

Webserver

Database

• Implementation of Manual Deployment of NodeJS application

✓ Copy the application source code to the server

✓ Installation of dependencies

✓ Start the application using command line

• Maintenance of NodeJS application

19 | P a g e
 ✓ Best practices for maintenance

Update

Monitor

Perform test

✓ Developing a maintenance plan

Identification of maintenance requirements

Schedule regular updates

Automate maintenance tasks

Monitor application performance

Test regularly

Disaster recovery plan

Document changes

✓ Continuous maintenance and improvement of NodeJS applications

Upgrade and maintain previously developed functionalities,

develop new functionalities,

Secure new and previously developed functionalities,

Test new functionalities,

Deploy new changes

• Application of NodeJS Documentation Tools and Frameworks

✓ Documentation Overview

20 | P a g e
 ✓ The importance of documentation

✓ Types of documentation

✓ Overview of popular documentation tools and frameworks

Use Swagger/Postman for API documentation

Writing clear and concise comments

Using documentation generators

✓ Best practices for documentation

✓ Publishing Documentation

Options for hosting documentation

Using GitHub for collaborative documentation

Documentation Maintenance

Resources required for the indicative content

Equipment ▪ Computer

Materials ▪ Internet

Tools ▪ Browser

▪ [Link]

▪ Text Editor

▪ Express. Js

▪ Postman

▪ GitHub

21 | P a g e
 ▪ Swagger

▪ OWASP

▪ Webserver
▪ MySQL Workbench
▪ Winston
▪ PM2
▪ Redis
▪ AWS Lamda
Facilitation ▪ Brainstorming
techniques ▪ Group Discussion
▪ Jig Saw
▪ Demonstration Visual Aids
Formative ▪ Written assessment
assessment methods ▪ Performance
/(CAT) ▪ Oral assessment

22 | P a g e
 Integrated/Summative assessment

Integrated situation
XM Bakeries is a Bakery Business located in Kigali City, Nyarugenge district, Gitega Sector. It deals
in Producing and selling bread to different customers. The Business purchases raw products like
Flour, Sugar, Food Color Paste and other ingredients for baking bread. The Sales Manager Records
daily sales and inventory information in Microsoft Excel using his laptop. The file system being
used does not allow him to Track inventory levels for various products, the system does not allow
customers to place orders remotely and Sales reports are not generated automatically as required
by the Company management.

The Company has hired you to develop a web application using [Link] and MySQL.

1. The system should enable users to add products theirs price, category and Quantity.

2. The system should enable users to Search for products based on various criteria such as
price range, category and Quantity.

3. The system should provide customers the ability to place orders, track product location
being delivered, view previously placed orders and purchases report.

4. The system should provide users with the ability to filter and sort the searched results
based on their preferences.

5. The system should also allow users to Track inventory levels for various products, generate
reports on sales data and inventory levels and allow users to manage customer information
in real time

Instructions

• NodeJS shall be deployed using Firebase.

• Use NodeJS Middleware services to handle authentication, input validation and handle

23 | P a g e
 errors

• The above tasks should be completed in 8 Hours

Resources
▪ (Browser, [Link], Text Editor, Express. Js, Postman,
Tools GitHub, Swagger, OWASP, Webserver, MySQL Workbench,
Winston, PM2, Redis, AWS Lamda)

Equipment ▪ Computer

Materials/ Consumables ▪ Internet

Assessment criteria Observation Marks

Assessable
(Based on performance Indicator allocation
outcomes Yes No
criteria)

Learning 1.1 Development Ind.1: NodeJS 2

outcome 1: environment is properly Development tools
Develop arranged based on are selected
RESTFUL APIs coding architecture
Ind.2: NodeJS 3
with Node JS methodology
Environment is
setup

(29%) 1.2 Server and database Ind.1: NodeJS is 3

connection are properly connected to the
established according to server
development
Ind.2: Database 3
environment
connection is
established

24 | P a g e
 1.3 RESTFUL APIs are Ind 1: RESTFUL 9
effectively implemented APIs is serving
based on backend third party apps.
functionalities

Learning 2.1. Data encryption is Ind.1: Data is 3

outcome 2: correctly applied based encrypted
Secure on system security
Backend
2.2. Third-party libraries Ind.1 Third-Party 3
Application
are carefully checked Libraries are
based on system security integrated and
used
(29%)

Ind.2 Third-Party 3
Libraries are
updated

Ind.1 3
Authentication is
implemented

Ind.2 2
2.3 User Authentication,
Authorization is
Authorization and
implemented
Accountability (AAA) are
Ind.3 2
carefully applied based
Accountability is
on NPM Universal Access
implemented
Control (UAC)

Ind. 4: 2
Environment
Variables are
Secured

25 | P a g e
 Ind. 5: 2
Environment
variables are used

Learning 3.1. Unit tests are Ind.1 Unit Testing 5

outcome 3: appropriately conducted is implemented
Test Backend based on software
Application testing techniques

3.2. Usability is correctly Ind.1 Usability 5

tested according to Testing is
(21%)
expected results implemented

3.3 Security is correctly Ind.1 Security 5

tested according to Testing is
expected results implemented

Ind.1: Deployment 3
4.1 Application is environment is
appropriately deployed prepared
based on FURPS
requirements Ind.2: Application 5
Learning is Deployed
Outcome 4.
4.2 Backend is effectively Ind.1: Web 4
Manage
maintained according to Application is
Backend
the system maintained
Application
Functionalities
(21%)
4.3 Application Ind.1: 3
documentation is Documentation is
properly generated performed using
according to the system Postman
backend

26 | P a g e
Total marks 70

Percentage Weightage 100%

Minimum Passing line % (Aggregate): 70%

References:

1. Develop RESTFUL APIs with Node JS

2. (2023, May 02). Express - [Link] web application framework ([Link])
3. (2023, May 02). Documentation | [Link] ([Link])
4. (2023, May 02). [Link]
5. (2023, May 04). [Link]
6. Secure Backend Application
7. (2023, May 03). [Link]
8. (2023, May 04). [Link]
simple-api-for-authentication-registration-and-user-management
9. (2023, May 04). [Link]
application-with-nodejs/
10. Test Backend Application
11. (2023,May 04). [Link]
12. (2023, May 04). [Link]
13. Manage a Backend Application
14. (2023, May 04). [Link]
application/
15. (2023, May 04). [Link]
16. (2023, May 04). [Link]
17. Hughes, C., & Wilson, I. (2018). [Link] 8 the right way: Practical, server-side
JavaScript that scales. Pragmatic Bookshelf.
18. Millspaugh, A. (2019). Beginning [Link]: Developing Web Applications and Beyond.
Apress.
19. Osmani, A. (2018). [Link] design patterns: Build better software with reusable
code. O'Reilly Media.

27 | P a g e
 20. Pitt, A. (2019). Hands-On RESTful Web Services with TypeScript 3: Design and
develop scalable RESTful APIs for your applications with TypeScript 3 and [Link] 12.
Packt Publishing.
21. Rauch, G. (2018). [Link] at scale: Building distributed applications with DNode,
ZeroMQ, and Node. O'Reilly Media.
22. Shaver, B. (2017). Professional [Link]: Building Javascript Based Scalable Software.
Wiley.
23. Cantelon, M., Harter, T., & Holowaychuk, T. (2013). [Link] in Action. Manning
Publications.
24. Ruben, T., & Teixeira, D. (2015). Beginning [Link]. Apress.
25. Hughes-Croucher, T., & Wilson, M. (2012). Node: Up and Running: Scalable Server-
Side Code with JavaScript. O'Reilly Media.
26. Kärrberg, P. (2019). [Link] Design Patterns - Second Edition. Packt Publishing.
27. Mehta, S. (2015). [Link] Blueprints. Packt Publishing.
28. Hallett, G., & Winchester, S. (2016). Professional [Link]: Building Javascript-Based
Scalable Software. John Wiley & Sons.
29. Bretz, M. (2014). Building Node Applications with MongoDB and Backbone. O'Reilly
Media.

28 | P a g e