kraken at devcon tlv
DESCRIPTION
This presentation was being held at DevCon TLV 2014. It covers PayPal's recent move to NodeJS and it's Open Source suite called krakenJS.TRANSCRIPT
krakenjs! Tim Messerschmidt @SeraAndroid DevCon Tel Aviv, 2014
A story of!technical debt
Our Traditional Application Stacks
C++ Java
Environments & Lean UX
Prototyping Production
The Application Stack
C++ XML
Java JSP
Node JS
Moving away from good old Java
A big push for using Open Source within the company
Rapid development and deployment
Environments & Lean UX
Prototyping Production
Node.js Java (Rhino)
Dust Dust
Trying out Node in Production
New stack at PayPal
C++ Java Node
Dust
Performance Java stack
paypal-engineering.com/2013/11/22/node-js-at-paypal
Performance Node stack
paypal-engineering.com/2013/11/22/node-js-at-paypal
Using npm at PayPal Enables standard services like • Monitoring • Logging • Security • Analytics • Authentication • Packaging
Release the!Kraken!
What is Kraken? A JS suite on top of Express Preconfigured with different best practices and tools:
• Dust for templates • LESS as CSS preprocessor • RequireJS as JS file and module loader • Grunt for running tasks • Runtime updates for UI code
But why?!
Project structure Opinionated about separation of logic and presentation
• /config • /controllers • /models • /public/templates • /locales • /tests
Lusca
Kappa Adaro
Makara
Makara Local content bundles Internationalization support for Node apps var i18n = require('makara');var provider = i18n.create(config);provider.getBundle('index', 'en_US', function (err, bundle) { var string = bundle.get('key');});
Property files for Makara index.title=KrakenJS at DevConindex.speaker=Tim Messerschmidtindex.greeting=Ahoi {attendeeName}!# A listindex.speakers[0]=Mitchell Hashimotoindex.speakers[1]=Arthur ViegersIndex.speakers[2]=Johnny Miller# A mapindex.sponsors[PP]=PayPalindex.sponsors[GH]=mongoDB# And subkeysindex.conference.language=JS
Makara in use Defining multiple values /locales/US/en/index.properties• index.greeting=Hello {name}!
/locales/ES/es/index.properties• index.greeting=Hola {name}!
Accessing keys in templates <h1>{@pre type="content" key="index.greeting"/}</h1>
Lusca Sensible security settings to prevent common vulnerabilities
• Cross-site request forgery support • Clickjacking / X-Frame-Options • Output escaping against XSS via Dust • Content Security Policy
Lusca configuration Configuration in middleware.json
"appsec": {"csrf": true,"csp": false,"p3p": false,"xframe": "SAMEORIGIN”
}
… or using Lusca’s function calls
Lusca against CSRF A token is added to the session automatically
var express = require('express'),appsec = require('lusca'),server = express();
server.use(appsec.csrf());
The template needs to return the token:
<input type="hidden" name="_csrf" value="{_csrf}”>
Adaro Brings Dust as default templating engine Designed to work together with Makara
dustjs.onLoad = function (name, context, callback) {// Custom file read/processing piplinecallback(err, str);
}app.engine('dust', dustjs.dust({ cache: false }));app.set('view engine', 'dust');
Templating with Dust Layout
<html> <body> {>"{_main}"/} </body></html>
Content page as partial
<div>Hello!</div>dust.render(’partial', { layout: ’template' }, ...);
Templating with Dust Sections
{#modules} {name}, {description}{~n}{/modules}
View context
{ modules: [ { name: “Makara”, description: “i18n” }, { name: “Lusca”, description: “security settings” }]
}
Templating with Dust Conditionals
{#modules}{name}, {description}{~n}
{:else}No modules supported :(
{/modules}{?modules}
modules exists!{/modules}{^modules}
No modules!{/modules}
Kappa Serves as NPM Proxy Enables support for private npm repos Based on npm-delegate hapi support Global or local installation
npm install -g kappakappa -c config.json
Configuring Kraken Lives in /config/app.json
Development vs. Production environments • 2nd configuration allowed:
– app-development.json
• Usage of NODE_ENV for environment
nconf for credentials and other variables
Setting up your app app.configure = function configure(nconf, next) {
// Async method run on startup. next(null);
};app.requestStart = function requestStart(server) { // Run before most express middleware has been registered.};app.requestBeforeRoute = function requestBeforeRoute(server) { // Run before any routes have been added.};app.requestAfterRoute = function requestAfterRoute(server) { // Run after all routes have been added.};
The Generator
Getting started sudo npm install -g generator-krakenyo kraken ,'""`. / _ _ \ |(@)(@)| Release the Kraken! ) __ ( /,'))((`.\ (( (( )) )) `\ `)(' /'
Kraken 1.x and the road ahead
Summary Results of using Node at PayPal • Teams between 1/3 to 1/10 of Java teams • Doubled requests per second • 35% decrease in average response time • Lines of code shrunk by factor 3 to 5 • Development twice as fast • JS both on frontend and backend
Thanks! Tim Messerschmidt @SeraAndroid [email protected] slideshare.com/paypal