Difference between revisions of "Module 6"

From CSE330 Wiki
Jump to navigationJump to search
Line 1: Line 1:
__NOTOC__
+
__NOTOC__  
In Module 6, you will learn JavaScript, the dominant client-side web language.  JavaScript is the third and final programming language you will learn in CSE 330.
+
Module 6 builds upon the JavaScript skills you learned in Module 5.
 
 
This article contains your assignments for Module 6.
 
  
 
== Reading ==
 
== Reading ==
Line 8: Line 6:
 
The following articles on the online class wiki textbook contain information that will help you complete the assignments.
 
The following articles on the online class wiki textbook contain information that will help you complete the assignments.
  
* [[JavaScript]]
+
* [[Node.JS]]
* [[AJAX and JSON]]
+
* [[Socket.IO]]
* [[jQuery]]
+
* [[Pong Game]]
* [[Web Application Security, Part 3]]
 
  
 
== Individual Assignments ==
 
== Individual Assignments ==
  
'''''IMPORTANT:'' Both of the individual assignments must be completed ''without'' using a JavaScript library like jQuery.'''  However, you may (and should) use jQuery for the group portion.
+
=== Install Node.JS ===
 
 
=== JavaScript Calculator ===
 
 
 
In Module 2, you made a calculator using PHP.  Now you will be making one using JavaScript.
 
 
 
* The web page should have two input fields and a radio button group for the operation, with the 4 basic math operations represented (add, subtract, multiply, divide).
 
* JavaScript should monitor all three fields and display the current result whenever the user changes any value in any field, without refreshing the page.
 
*: '''Tip 1:''' Consider using either the ''change'' or the ''keyup'' event on the text fields, and either the ''change'' or the ''click'' event on the radio buttons.
 
*: '''Tip 2:''' Re-read [[JavaScript|the JavaScript guide]] if you need help figuring our how to bind callback functions to events, or how to determine which radio button is currently selected.  (There are examples for both of these!)
 
* The calculator should be completely self-contained; i.e., you should not be making any requests to any other server-side or client-side scripts or web pages after the initial page load.
 
 
 
'''Tip:''' You can embed JavaScript code into an HTML document like this:
 
 
 
<source lang="html4strict">
 
<script type="text/javascript">
 
// your code here
 
</script>
 
</source>
 
 
 
'''Tip:''' If your code isn't working the way you expect, use a JavaScript error console.  In Chrome, for example, press Ctrl-Shift-I (or Cmd-Option-I) to open the WebKit inspector.
 
 
 
'''Important:''' It is best practice to fully separate the content, appearance, and behavior.  In previous modules, you may have lost points for using HTML tags that change the appearance of things <nowiki>(like <center> and <font>).</nowiki>  In this module, make sure that you define your event listeners in JavaScript as in <code>document.getElementById("xyz").addEventListener(...)</code> and '''''not''''' in the HTML like <code><button onclick="badExample();">Bad Example</button></code>.
 
 
 
=== Weather Widget ===
 
 
 
In this section, you will make a web page that displays the weather forecast using AJAX requests to a weather server.
 
 
 
# Make an empty HTML document; name it '''weather.html'''
 
#: Refer to the [[HTML and CSS]] guide for the skeleton of an HTML document
 
# Define a function in JavaScript; call it '''fetchWeather()'''.  You may write your JavaScript in an embedded script in your head tag.
 
# Inside your '''fetchWeather()''' function, make an AJAX request to the weather server.
 
#: We have a server that outputs the current weather in JSON format.  The format is documented in the [[#JSON Structure]] section below.
 
#: '''URL:''' http://classes.engineering.wustl.edu/cse330/content/weather_json.php
 
#: We kindly thank Yahoo Weather for providing us with up-to-date weather information.
 
#* '''IMPORTANT:''' Under normal circumstances, AJAX requests ''cannot'' be performed cross-domain for security reasons.  We have set the <code>Access-Control-Allow-Origin</code> header on our server to allow requests from your EC2 instances, or from localhost.  '''You will therefore need to upload your code to your EC2, or access it via localhost, in order for the AJAX requests to work.'''  This means that you cannot, for example, complete this part of the individual portion in JSFiddle.
 
# In your callback, process the JSON and use JavaScript to manipulate the HTML DOM to display the following information on your page:
 
#* Location
 
#** City, in a <nowiki><strong></nowiki> tag
 
#** State, not in any tag
 
#* Humidity
 
#* Current Temperature
 
#* Image for Tomorrow's Forecast (see [[#Weather Condition Images]] below for more information)
 
#* Image for the Day After Tomorrow's Forecast
 
# Finally, bind '''fetchWeather()''' to the DOMContentLoaded event so that your weather widget is automatically initialized when the page is loaded:
 
#: <source lang="javascript">document.addEventListener("DOMContentLoaded", fetchWeather, false);</source>
 
# In addition, add a button that runs your ''fetchWeather'' function when clicked.  This should update your widget with the current weather conditions.
 
 
 
Use the following HTML:
 
 
 
<source lang="html4strict">
 
<div class="weather" id="weatherWidget">
 
<div class="weather-loc"></div>
 
<div class="weather-humidity"></div>
 
<div class="weather-temp"></div>
 
<img class="weather-tomorrow" />
 
<img class="weather-dayaftertomorrow" />
 
</div>
 
</source>
 
 
 
Include the CSS file from here: http://classes.engineering.wustl.edu/cse330/content/weather.css
 
 
 
When everything is working, the weather widget should look something like this:
 
 
 
[[File:WeatherWidget.png]]
 
 
 
'''Important:''' The widget in this section needs to work in only Firefox and Chrome.  It does '''''not''''' need to work Internet Explorer.
 
 
 
==== Tips ====
 
 
 
===== JSON Structure =====
 
 
 
The JSON from our server looks like this:
 
  
<source lang="javascript">
+
Install Node.JS from Apt or Yum according to the instructions in the [[Node.JS]] guide.
{
 
   "updated": "Thu, 11 Oct 2012 5:54 pm CDT",
 
   "location": {
 
      "city": "St. Louis",
 
      "state": "MO"
 
   },
 
   "wind": {
 
      "chill": "62",
 
      "direction": "150",
 
      "speed": "3 mph"
 
   },
 
   "atmosphere": {
 
      "humidity": "50",
 
      "visibility": "10",
 
      "pressure": "30.12 in"
 
   },
 
   "current": {
 
      "code": "28",
 
      "text": "Mostly Cloudy",
 
      "temp": "62°F",
 
      "date": "Thu, 11 Oct 2012 5:54 pm CDT"
 
   },
 
   "tomorrow": {
 
      "code": "29",
 
      "text": "Clouds Early/Clearing Late",
 
      "low": "45°F",
 
      "high": "61°F"
 
   },
 
   "dayafter": {
 
      "code": "30",
 
      "text": "Partly Cloudy",
 
      "low": "53°F",
 
      "high": "65°F"
 
   },
 
   "credit": "http://us.rd.yahoo.com/dailynews/rss/weather/St._Louis__MO/*http://weather.yahoo.com/forecast/USMO0170_f.html"
 
}
 
</source>
 
  
===== Weather Condition Images =====
+
=== Static File Server in Node.JS ===
  
Each day's forecast has a code.  There are images associated with these codes.
+
The individual portion of Module 6 is short in order to give you enough time to complete the group portion.
  
One place to get the images is from here: <nowiki>http://us.yimg.com/i/us/nws/weather/gr/</nowiki>'''##'''<nowiki>ds.png</nowiki>
+
# Copy the example code from the Node.JS guide into a file called ''static_server.js'' or something of that nature.  Save it on your EC2 instance (but not in a place that Apache can serve!).
 
+
#: Ensure that you understand what the static file server script is doing… this might show up on a quiz!
Replace the '''##''' with the forecast code.  For example, for code 32, the URL would be: http://us.yimg.com/i/us/nws/weather/gr/32ds.png
+
# Make a directory parallel to ''static_server.js'' named ''static''.
 +
# Change "<STATIC DIRECTORY NAME>" on line 11 of the static fileserver example code to reflect the name of the directory you just made.
 +
# Save the following files in your ''static'' directory:
 +
#* ''hello.txt'', a text file containing "Hello World"
 +
#* ''brookings.jpg'', an image file you can download from here: http://classes.engineering.wustl.edu/cse330/content/brookings.jpg
 +
#* ''college.html'', an HTML document based on the [[HTML and CSS#Quick and Easy Page Layout|Quick and Easy HTML Layout]] containing an image tag pointing to ''brookings.jpg''
 +
#* ''phpinfo.php'', a PHP file containing the phpinfo command that generates a diagnostic page of the server:
 +
#: <source lang="php"><?php  phpinfo();  ?></source>
 +
# Boot up your Node.JS static fileserver, and from your browser, load all four of the files you created in step 4.
 +
#: Which ones work and which ones don't?  Why might this be the case?
  
 
== Group Project ==
 
== Group Project ==
  
I forgot if I already mentioned this, but '''start early on this project!''' It will take longer than you think, I promise!
+
In the group portion of Module 6, you will be building a multiplayer, networked Pong game using Node.JS and Socket.IOYour game must enable users to choose a nickname and play a game of Pong with others on your site ''without'' logging in (no need for a password or Open ID).
 
 
You are encouraged to use the advanced version control practices you learned in Module 5 when completing this assignment.
 
 
 
=== Calendar ===
 
 
 
Build a simple calendar that allows users to add and remove events dynamically.
 
 
 
You will use JavaScript to process user interactions at the web browser, without ever refreshing the browser after the initial web page load. You may use a JavaScript library of your choice, including Ext JS.
 
 
 
Your application should utilize AJAX to run server-side scripts that query your database to save and retrieve information, including user accounts and events.
 
 
 
We have also written some functions to help you get started: [[JavaScript Calendar Library]]
 
 
 
==== Examples ====
 
 
 
* https://calendar.google.com/
 
* http://www.zoho.com/calendar/
 
 
 
==== Server Side Language ====
 
 
 
 
 
Additionally, you may use a database of your choiceMySQL is probably the logical choice since you have been using it since Module 2, but if you're up for a challenge we encourage you to look at other database options like [[wikipedia:MongoDB|MongoDB]].
 
 
 
''* While it is fine to use the provided example for reference, copying it in its entirety is a violation of Academic Integrity and will result in a 0 for the group portion of this module.  Don't plagiarize.''
 
 
 
==== Requirements ====
 
 
 
* Support a month-by-month view of the calendar.
 
*: Show one month at a time, with buttons to move forward or backward.
 
*: There should be no limit to how far forward or backward the user can go.
 
* Users can register and log in to the website.
 
*: You may leverage your MySQL project code and database from module 3 to get started.
 
*: You may alternatively use [[Web Application Security, Part 2#OpenID|OpenID]] for user authentication.  Note that you will still need a Users table in order associate calendar events with a certain OpenID.
 
* Unregistered users should see no events on the calendar.
 
* Registered users can add events.
 
*: All events should have a date and time, but do not need to have a duration.
 
*: You do ''not'' need to support recurring events (where you add an event that repeats, for example, every monday).
 
* Registered users see only events that they have added.
 
*: Your AJAX should not ask the server for events from a certain username.  Instead, your AJAX should ask the server for events, and the server should respond with the events for only the currently-logged-in user (from the session).  Can you think of why?
 
* Registered users can delete their events, but not the events of others.
 
*: Again, the server should delete events based on the username present in the session.  (If it deletes only based on an Event ID, an attacker could feed any arbitrary Event ID to your server, even if he/she didn't own that event.)
 
* All user and event data should be kept in a database.
 
* At no time should the main page need to be reloaded.
 
*: User registration, user authentication, event addition, and event deletion should all be handled by JavaScript and AJAX requests to your server.
 
* Your page needs to work in the versions of Firefox and Chrome installed on the lab computers.
 
 
 
'''Tip:''' Run your database schema by a TA before implementing it.
 
 
 
=== Web Security and Validation ===
 
 
 
Your project needs to demonstrate that thought was put into web security and best practice.  For more information, see this week's Web Application Security guide: [[Web Application Security, Part 3]]
 
  
In particular:
+
If you want to reminisce and play some Pong on the command line before building it in Node.JS, here is the command, assuming you have '''emacs''' installed:
  
* '''Your application needs to prevent XSS attacks.'''  Be careful when transmitting data over JSON that will be reflected in an event title!  (Note: JSON data should be sanitized on the client side, not the server side.)
+
<source lang="bash">$ emacs -q --no-splash -f pong</source>
* '''Perform precautionary measures to prevent session hijacking attacks.'''
 
*: You should specify your session cookie to be HTTP-Only.  However, for the means of this module, you need not test for user agent consistency.
 
* '''Optional:''' Validate your JavaScript code using [http://www.jshint.com/ JSHint] '''''or''''' [http://jslint.com/ JSLint] for up to 3 points of extra credit.
 
  
You should continue the practices that you have learned in past weeks:
+
Press '''C-x C-c''' to exit emacs.
  
* Pass tokens in forms to prevent CSRF attacks.
+
Instructions on how to begin your group portion can be found here: [[Pong Game]]
*: '''Hint:''' You will need to send your CSRF tokens in your AJAX requests.  Remember that AJAX still submits forms and runs server-side scripts, just like the vanilla forms you've been using in Modules 2 and 3.
 
* Use prepared queries to prevent SQL Injection attacks.
 
* If storing passwords in a database, always store them salted and encrypted.
 
* Your page should validate with no errors through the W3C validator.
 
  
 
== Grading ==
 
== Grading ==
  
We will be grading the following aspects of your work.  There are 100 points total.
+
We will be grading the following aspects of your work.  There are 80 points total.
  
# '''JavaScript Calculator (10 Points):'''
+
# '''Individual Portion (25 Points):'''
#* Calculator successfully adds, subtracts, multiplies, and divides numbers (3 points)
+
#* Node.JS is installed on your EC2 instance (5 points)
#* The result is automatically computed when a value in either field is changed (3 points)
+
#* The ''hello.txt'', ''brookings.jpg'', and ''city.html'' files all load successfully (3 points each)
#* Calculator is written entirely in pure, conventional JavaScript with no external libraries (4 points)*
+
#* Visiting a file that does not exist inside the ''static'' directory results in a 404 (3 points)
#*: ''Note: be sure to fully separate content, appearance, and behavior.  This means that you should '''not''' use the event attributes on the HTML elements like onclick, onchange, and onkeyup.''
+
#* You can explain to the TA why ''phpinfo.php'' behaves the way it does when loaded through Node.JS (3 points)
# '''Weather Widget (15 Points):'''
+
#* Using Git, push your node.js app to bitbucket and clone it on your ec2 instance (5 points)
#* Widget performs an AJAX request to fetch the current weather (4 points)
+
# '''Pong Game (45 Points):'''
#* The HTML template is filled with the correct information, including an image (4 points)
+
#* '''''Matching Pairs of Players (10 Points):'''''
#* Button to reload the weather widget (2 points)
+
#** Players are able to specify a name for themselves (3 points)
#* Widget is written entirely in pure, conventional JavaScript with no external libraries (5 points)*
+
#** Players are able to initiate a game on their own (4 points)
# '''AJAX Calendar (60 Points):'''
+
#** When a game is started, both players need to consent (3 points)
#* '''''Calendar View (10 Points):'''''
+
#* '''''Gameplay (10 Points):'''''
#** The calendar is displayed as a table grid with days as the columns and weeks as the rows, one month at a time (5 points)
+
#** The Pong game works (3 points)
#** The user can view different months as far in the past or future as desired (5 points)
+
#** There is a pause between a player losing a round and the ball being launched for the next round (3 points)
#* '''''User and Event Management (25 Points):'''''
+
#** Victory condition is enforced (e.g., the first player to score 10 points wins the game) (4 points)
#** Events can be added, modified, and deleted (5 points)
+
#* '''''Socket.IO Communications (15 Points):'''''
#** Events have a title, date, and time (2 points)
+
#** A mapping of players to their opponents exists on the server side (without this, you can't complete any other parts of the Socket.IO section) (3 points)
#** Users can log into the site, and they cannot view or manipulate events associated with other users (8 points)
+
#** ''Start Game and End Game'' is forwarded from one client to the other via Socket.IO (3 points)
#**: ''Don't fall into the Abuse of Functionality trap!  Check user credentials on the server side as well as on the client side.''
+
#** ''Paddle Moving'' is forwarded from one client to the other via Socket.IO (3 points)
#** All actions are performed over AJAX, without ever needing to reload the page (10 points)
+
#** ''Ball Hitting and Missing Paddle'' is forwarded from one client to the other via Socket.IO (3 points)
#* '''''Best Practices (20 Points):'''''
+
#** ''Ball Launching'' is forwarded from one client to the other via Socket.IO (3 points)
 +
#* '''''Best Practices (5 Points):'''''
 
#** Code is well formatted and easy to read (2 points)
 
#** Code is well formatted and easy to read (2 points)
#** If storing passwords, they are stored salted and encrypted; if using OpenID, you are storing the user's OpenID identifier in the database (2 points)
+
#** There are no XSS vulnerabilities (3 points)
#** All AJAX requests that either contain sensitive information or modify something on the server are performed via POST, not GET (3 points)
+
#** ''Extra Credit:'' Your ''client.js'' code passes [http://jshint.com/ JSHint], a JavaScript validator (+2 bonus points)
#** Safe from XSS attacks; that is, all content is escaped on output (3 points)
+
#** ''Extra Credit:'' Your ''app.js'' code passes [http://jshint.com/ JSHint], a JavaScript validator (+2 bonus points)
#** Safe from SQL Injection attacks (2 points)
 
#** CSRF tokens are passed when editing or removing events (3 points)
 
#** Session cookie is HTTP-Only (3 points)
 
#** Page passes the W3C validator (2 points)
 
#** ''Extra Credit:'' Your code passes ''JSHint'' or ''JSLint'' (+3 bonus points)
 
 
#* '''''Usability (5 Points):'''''
 
#* '''''Usability (5 Points):'''''
#** Site is intuitive to use and navigate (4 points)
+
#** Finding friends on the Pong interface is easy and intuitive (4 points)
 
#** Site is visually appealing (1 point)
 
#** Site is visually appealing (1 point)
# '''Creative Portion (15 Points)'''
+
# '''Creative Portion (10 Points)'''
#* '''Additional Calendars Features (worth 15 points):''' Develop some additional features for the calendar, a few examples are provided below.
 
#**  Users can tag an event with a particular category and enable/disable those tags in the calendar view. (5 points)
 
#**  Users can share their calendar with additional users. (5 points)
 
#**  Users can create group events that display on multiple users calendars (5 points)
 
''* These points can be earned only if at least 3 other points have been earned in that category.  This is to prevent these points from being "free."''
 
  
 
[[Category:Module 6]]
 
[[Category:Module 6]]
 
[[Category:Modules]]
 
[[Category:Modules]]

Revision as of 13:15, 22 August 2014

Module 6 builds upon the JavaScript skills you learned in Module 5.

Reading

The following articles on the online class wiki textbook contain information that will help you complete the assignments.

Individual Assignments

Install Node.JS

Install Node.JS from Apt or Yum according to the instructions in the Node.JS guide.

Static File Server in Node.JS

The individual portion of Module 6 is short in order to give you enough time to complete the group portion.

  1. Copy the example code from the Node.JS guide into a file called static_server.js or something of that nature. Save it on your EC2 instance (but not in a place that Apache can serve!).
    Ensure that you understand what the static file server script is doing… this might show up on a quiz!
  2. Make a directory parallel to static_server.js named static.
  3. Change "<STATIC DIRECTORY NAME>" on line 11 of the static fileserver example code to reflect the name of the directory you just made.
  4. Save the following files in your static directory: 
    <?php   phpinfo();   ?>
  5. Boot up your Node.JS static fileserver, and from your browser, load all four of the files you created in step 4.
    Which ones work and which ones don't? Why might this be the case?

Group Project

In the group portion of Module 6, you will be building a multiplayer, networked Pong game using Node.JS and Socket.IO. Your game must enable users to choose a nickname and play a game of Pong with others on your site without logging in (no need for a password or Open ID).

If you want to reminisce and play some Pong on the command line before building it in Node.JS, here is the command, assuming you have emacs installed: 

$ emacs -q --no-splash -f pong

Press C-x C-c to exit emacs.

Instructions on how to begin your group portion can be found here: Pong Game

Grading

We will be grading the following aspects of your work. There are 80 points total.

  1. Individual Portion (25 Points):
    • Node.JS is installed on your EC2 instance (5 points)
    • The hello.txt, brookings.jpg, and city.html files all load successfully (3 points each)
    • Visiting a file that does not exist inside the static directory results in a 404 (3 points)
    • You can explain to the TA why phpinfo.php behaves the way it does when loaded through Node.JS (3 points)
    • Using Git, push your node.js app to bitbucket and clone it on your ec2 instance (5 points)
  2. Pong Game (45 Points):
    • Matching Pairs of Players (10 Points):
      • Players are able to specify a name for themselves (3 points)
      • Players are able to initiate a game on their own (4 points)
      • When a game is started, both players need to consent (3 points)
    • Gameplay (10 Points):
      • The Pong game works (3 points)
      • There is a pause between a player losing a round and the ball being launched for the next round (3 points)
      • Victory condition is enforced (e.g., the first player to score 10 points wins the game) (4 points)
    • Socket.IO Communications (15 Points):
      • A mapping of players to their opponents exists on the server side (without this, you can't complete any other parts of the Socket.IO section) (3 points)
      • Start Game and End Game is forwarded from one client to the other via Socket.IO (3 points)
      • Paddle Moving is forwarded from one client to the other via Socket.IO (3 points)
      • Ball Hitting and Missing Paddle is forwarded from one client to the other via Socket.IO (3 points)
      • Ball Launching is forwarded from one client to the other via Socket.IO (3 points)
    • Best Practices (5 Points):
      • Code is well formatted and easy to read (2 points)
      • There are no XSS vulnerabilities (3 points)
      • Extra Credit: Your client.js code passes JSHint, a JavaScript validator (+2 bonus points)
      • Extra Credit: Your app.js code passes JSHint, a JavaScript validator (+2 bonus points)
    • Usability (5 Points):
      • Finding friends on the Pong interface is easy and intuitive (4 points)
      • Site is visually appealing (1 point)
  3. Creative Portion (10 Points)
Retrieved from "http://classes.engineering.wustl.edu/cse330/index.php?title=Module_6&oldid=1761"