krakenjs! Tim Messerschmidt @SeraAndroid DevCon Tel Aviv, 2014

A story of!technical debt

Our Traditional Application Stacks

C++ Java

Environments & Lean UX

Prototyping Production

The Application Stack

C++ XML

Java JSP

Node JS

Moving away from good old Java

A big push for using Open Source within the company

Rapid development and deployment

Environments & Lean UX

Prototyping Production

Node.js Java (Rhino)

Dust  Dust  

Trying out Node in Production

New stack at PayPal

C++ Java Node

Dust

Performance Java stack

paypal-engineering.com/2013/11/22/node-js-at-paypal

Performance Node stack

paypal-engineering.com/2013/11/22/node-js-at-paypal

Using npm at PayPal Enables standard services like •  Monitoring •  Logging •  Security •  Analytics •  Authentication •  Packaging

Release the!Kraken!

What is Kraken? A JS suite on top of Express Preconfigured with different best practices and tools:

•  Dust for templates •  LESS as CSS preprocessor •  RequireJS as JS file and module loader •  Grunt for running tasks •  Runtime updates for UI code

But why?!

Project structure Opinionated about separation of logic and presentation

•  /config •  /controllers •  /models •  /public/templates •  /locales •  /tests

Lusca

Kappa Adaro

Makara

Makara Local content bundles Internationalization support for Node apps var i18n = require('makara');var provider = i18n.create(config);provider.getBundle('index', 'en_US', function (err, bundle) { var string = bundle.get('key');});

Property files for Makara index.title=KrakenJS at DevConindex.speaker=Tim Messerschmidtindex.greeting=Ahoi {attendeeName}!# A listindex.speakers[0]=Mitchell Hashimotoindex.speakers[1]=Arthur ViegersIndex.speakers[2]=Johnny Miller# A mapindex.sponsors[PP]=PayPalindex.sponsors[GH]=mongoDB# And subkeysindex.conference.language=JS

Makara in use Defining multiple values /locales/US/en/index.properties•  index.greeting=Hello {name}!

/locales/ES/es/index.properties•  index.greeting=Hola {name}!

Accessing keys in templates <h1>{@pre type="content" key="index.greeting"/}</h1>

Lusca Sensible security settings to prevent common vulnerabilities

•  Cross-site request forgery support •  Clickjacking / X-Frame-Options •  Output escaping against XSS via Dust •  Content Security Policy

Lusca configuration Configuration in middleware.json

"appsec": {"csrf": true,"csp": false,"p3p": false,"xframe": "SAMEORIGIN”

}

… or using Lusca’s function calls

Lusca against CSRF A token is added to the session automatically

var express = require('express'),appsec = require('lusca'),server = express();

server.use(appsec.csrf());

The template needs to return the token:

<input type="hidden" name="_csrf" value="{_csrf}”>

Adaro Brings Dust as default templating engine Designed to work together with Makara

dustjs.onLoad = function (name, context, callback) {// Custom file read/processing piplinecallback(err, str);

}app.engine('dust', dustjs.dust({ cache: false }));app.set('view engine', 'dust');

Templating with Dust Layout

<html> <body> {>"{_main}"/} </body></html>

Content page as partial

<div>Hello!</div>dust.render(’partial', { layout: ’template' }, ...);

Templating with Dust Sections

{#modules} {name}, {description}{~n}{/modules}

View context

{ modules: [ { name: “Makara”, description: “i18n” }, { name: “Lusca”, description: “security settings” }]

}

Templating with Dust Conditionals

{#modules}{name}, {description}{~n}

{:else}No modules supported :(

{/modules}{?modules}

modules exists!{/modules}{^modules}

No modules!{/modules}

Kappa Serves as NPM Proxy Enables support for private npm repos Based on npm-delegate hapi support Global or local installation

npm install -g kappakappa -c config.json

Configuring Kraken Lives in /config/app.json

Development vs. Production environments •  2nd configuration allowed:

–  app-development.json

•  Usage of NODE_ENV for environment

nconf for credentials and other variables

Setting up your app app.configure = function configure(nconf, next) {

// Async method run on startup. next(null);

};app.requestStart = function requestStart(server) { // Run before most express middleware has been registered.};app.requestBeforeRoute = function requestBeforeRoute(server) { // Run before any routes have been added.};app.requestAfterRoute = function requestAfterRoute(server) { // Run after all routes have been added.};

The Generator

Getting started sudo npm install -g generator-krakenyo kraken ,'""`. / _ _ \ |(@)(@)| Release the Kraken! ) __ ( /,'))((`.\ (( (( )) )) `\ `)(' /'

Kraken 1.x and the road ahead

Summary Results of using Node at PayPal •  Teams between 1/3 to 1/10 of Java teams •  Doubled requests per second •  35% decrease in average response time •  Lines of code shrunk by factor 3 to 5 •  Development twice as fast •  JS both on frontend and backend

Thanks! Tim Messerschmidt @SeraAndroid tmesserschmidt@paypal.com slideshare.com/paypal