Difference between revisions of "Module 6"

From CSE330 Wiki
Jump to: navigation, search
(Reading)
 
(76 intermediate revisions by 8 users not shown)
Line 1: Line 1:
__NOTOC__
+
__NOTOC__  
In Module 6, you will learn JavaScript, the dominant client-side web language.  JavaScript is the third and final programming language you will learn in CSE 330.
+
Module 6 builds upon the JavaScript skills you learned in Module 5.
 
 
This article contains your assignments for Module 6.
 
  
 
== Reading ==
 
== Reading ==
Line 8: Line 6:
 
The following articles on the online class wiki textbook contain information that will help you complete the assignments.
 
The following articles on the online class wiki textbook contain information that will help you complete the assignments.
  
* [[JavaScript]]
+
* [[Node.JS]]
* [[AJAX and JSON]]
+
* [[Socket.IO]]
* [[Ext JS]]
+
* [[FAQ - Mod 6]]
* [[Web Application Security, Part 3]]
 
  
 
== Individual Assignments ==
 
== Individual Assignments ==
  
'''''IMPORTANT:'' Both of the individual assignments must be completed ''without'' using a JavaScript library like Ext JS.'''  However, you may (and should) use Ext JS for the group portion.
+
=== Install Node.JS ===
 
 
=== JavaScript Calculator ===
 
 
 
In Module 2, you made a calculator using PHP. Now you will be making one using JavaScript.
 
 
 
* The web page should have two input fields and a radio button group for the operation, with the 4 basic math operations represented (add, subtract, multiply, divide).
 
* JavaScript should monitor all three fields and display the current result whenever the user changes any value in any field, without refreshing the page.
 
*: '''Tip 1:''' Consider using either the ''change'' or the ''keyup'' event on the text fields, and either the ''change'' or the ''click'' event on the radio buttons.
 
*: '''Tip 2:''' Re-read [[JavaScript|the JavaScript guide]] if you need help figuring our how to bind callback functions to events, or how to determine which radio button is currently selected.  (There are examples for both of these!)
 
* The calculator should be completely self-contained; i.e., you should not be making any requests to any other server-side or client-side scripts or web pages after the initial page load.
 
 
 
'''Tip:''' You can embed JavaScript code into an HTML document like this:
 
 
 
<source lang="html4strict">
 
<script type="text/javascript">
 
// your code here
 
</script>
 
</source>
 
 
 
'''Tip:''' If your code isn't working the way you expect, use a JavaScript error console.  In Chrome, for example, press Ctrl-Shift-I (or Cmd-Option-I) to open the WebKit inspector.
 
 
 
=== Weather Widget ===
 
 
 
In this section, you will make a web page that displays the weather forecast using AJAX requests to a weather server.
 
 
 
# Make an empty HTML document; name it '''weather.html'''
 
#: Refer to the [[HTML and CSS]] guide for the skeleton of an HTML document
 
# Define a function in JavaScript; call it '''fetchWeather()'''.  You may write your JavaScript in an embedded script in your head tag.
 
# Inside your '''fetchWeather()''' function, make an AJAX request to the weather server.
 
#: We have a server that outputs the current weather in JSON format.  The format is documented in the [[#JSON Structure]] section below.
 
#: '''URL:''' http://classes.engineering.wustl.edu/cse330/content/weather_json.php
 
#: We kindly thank Yahoo Weather for providing us with up-to-date weather information.
 
#* '''IMPORTANT:''' Under normal circumstances, AJAX requests ''cannot'' be performed cross-domain for security reasons.  We have set the <code>Access-Control-Allow-Origin</code> header on our server to allow requests from your EC2 instances, or from localhost.  '''You will therefore need to upload your code to your EC2, or access it via localhost, in order for the AJAX requests to work.'''  This means that you cannot, for example, complete this part of the individual portion in JSFiddle.
 
# In your callback, process the JSON and use JavaScript to manipulate the HTML DOM to display the following information on your page:
 
#* Location
 
#** City, in a <nowiki><strong></nowiki> tag
 
#** State, not in any tag
 
#* Humidity
 
#* Current Temperature
 
#* Image for Tomorrow's Forecast (see [[#Weather Condition Images]] below for more information)
 
#* Image for the Day After Tomorrow's Forecast
 
# Finally, bind '''fetchWeather()''' to the DOMContentLoaded event so that your weather widget is automatically initialized when the page is loaded:
 
#: <source lang="javascript">document.addEventListener("DOMContentLoaded", fetchWeather, false);</source>
 
  
Use the following HTML:
+
Install Node.JS from Apt or Yum according to the instructions in the [[Node.JS]] guide.
  
<source lang="html4strict">
+
=== Static File Server in Node.JS ===
<div class="weather" id="weatherWidget">
 
<div class="weather-loc"></div>
 
<div class="weather-humidity"></div>
 
<div class="weather-temp"></div>
 
<img class="weather-tomorrow" />
 
<img class="weather-dayaftertomorrow" />
 
</div>
 
</source>
 
  
Include the CSS file from here: http://classes.engineering.wustl.edu/cse330/content/weather.css
+
The individual portion of Module 6 is short in order to give you enough time to complete the group portion.
  
When everything is working, the weather widget should look something like this:
+
# Copy the example code from the Node.JS guide into a file called ''static_server.js'' or something of that nature.  Save it on your EC2 instance (but not in a place that Apache can serve!).
 
+
#: Ensure that you understand what the static file server script is doing…
[[File:WeatherWidget.png]]
+
# Make a directory parallel to ''static_server.js'' named ''static''.
 
+
# Change "<STATIC DIRECTORY NAME>" on line 11 of the static fileserver example code to reflect the name of the directory you just made.
'''Important:''' The widget in this section needs to work in only Firefox and Chrome.  It does '''''not''''' need to work Internet Explorer.
+
# Save the following files in your ''static'' directory:
 
+
#* ''hello.txt'', a text file containing "Hello World"
==== Tips ====
+
#* ''brookings.jpg'', an image file you can download from here: http://classes.engineering.wustl.edu/cse330/content/brookings.jpg
 
+
#* ''college.html'', an HTML document based on the [[HTML and CSS#Quick and Easy Page Layout|Quick and Easy HTML Layout]] containing an image tag pointing to ''brookings.jpg''
===== JSON Structure =====
+
#* ''phpinfo.php'', a PHP file containing the phpinfo command that generates a diagnostic page of the server:
 
+
#: <source lang="php"><?php  phpinfo();  ?></source>
The JSON from our server looks like this:
+
# Boot up your Node.JS static fileserver, and from your browser, load all four of the files you created in step 4.
 
+
#: Which ones work and which ones don't?  Why might this be the case?
<source lang="javascript">
 
{
 
   "updated": "Thu, 11 Oct 2012 5:54 pm CDT",
 
   "location": {
 
      "city": "St. Louis",
 
      "state": "MO"
 
   },
 
   "wind": {
 
      "chill": "62",
 
      "direction": "150",
 
      "speed": "3 mph"
 
   },
 
   "atmosphere": {
 
      "humidity": "50",
 
      "visibility": "10",
 
      "pressure": "30.12 in"
 
   },
 
   "current": {
 
      "code": "28",
 
      "text": "Mostly Cloudy",
 
      "temp": "62°F",
 
      "date": "Thu, 11 Oct 2012 5:54 pm CDT"
 
   },
 
   "tomorrow": {
 
      "code": "29",
 
      "text": "Clouds Early/Clearing Late",
 
      "low": "45°F",
 
      "high": "61°F"
 
   },
 
   "dayafter": {
 
      "code": "30",
 
      "text": "Partly Cloudy",
 
      "low": "53°F",
 
      "high": "65°F"
 
   },
 
   "credit": "http://us.rd.yahoo.com/dailynews/rss/weather/St._Louis__MO/*http://weather.yahoo.com/forecast/USMO0170_f.html"
 
}
 
</source>
 
 
 
===== Weather Condition Images =====
 
 
 
Each day's forecast has a code.  There are images associated with these codes.
 
 
 
One place to get the images is from here: <nowiki>http://us.yimg.com/i/us/nws/weather/gr/</nowiki>'''##'''<nowiki>ds.png</nowiki>
 
 
 
Replace the '''##''' with the forecast code. For example, for code 32, the URL would be: http://us.yimg.com/i/us/nws/weather/gr/32ds.png
 
  
 
== Group Project ==
 
== Group Project ==
  
I forgot if I already mentioned this, but '''start early on this project!''' It will take longer than you think, I promise!
+
In the group portion of Module 6 you will create a multi-room chat server using Node.JS and Socket.IO. This project must be completed using Node.JS.
  
You are encouraged to use the advanced version control practices you learned in Module 5 when completing this assignment.
+
This chat service will contain a main lobby where users sign on with a nickname and can communicate with each other.  Users may also create chat rooms for other to join.  The entire app should be displayed on a single webpage, listing the room you are in, all available rooms, and the users in the current room.
  
=== Calendar ===
+
The single room chat server and client are provided here: [[Socket.IO]]
 
 
Build a simple calendar that allows users to add and remove events dynamically.
 
 
 
You will use JavaScript to process user interactions at the web browser, without ever refreshing the browser after the initial web page load.  You may use a JavaScript library of your choice, including Ext JS.  (No extra credit will be given for ''not'' using a JavaScript library.)
 
 
 
Your application should utilize AJAX to run server-side scripts that query your database to save and retrieve information, including user accounts and events.
 
 
 
'''Note:''' You may use PHP for the server-side part of the project.  However, it is also possible to set up a Django application for the server.  Since for a simple application like this Django requires more work than PHP, you will earn at most 5 points of extra credit for implementing a Django back-end.
 
 
 
==== Examples ====
 
 
 
* https://calendar.google.com/
 
* http://www.zoho.com/calendar/
 
 
 
==== Requirements ====
 
 
 
* Support a month-by-month view of the calendar.
 
*: Show one month at a time, with buttons to move forward or backward.
 
*: There should be no limit to how far forward or backward the user can go.
 
* Users can register and log in to the website.
 
*: You may leverage your MySQL project code and database from last week to get started.
 
*: You may alternatively use [[Web Application Security, Part 2#OpenID|OpenID]] for user authentication.  Note that you will still need a Users table in order associate calendar events with a certain OpenID.
 
* Unregistered users should see no events on the calendar.
 
* Registered users can add events.
 
*: All events should have a date and time, but do not need to have a duration.
 
*: You do ''not'' need to support recurring events (where you add an event that repeats, for example, every monday).
 
* Registered users see only events that they have added.
 
*: Your AJAX should not ask the server for events from a certain username.  Instead, your AJAX should ask the server for events, and the server should respond with the events for only the currently-logged-in user (from the session).  Can you think of why?
 
* Registered users can delete their events, but not the events of others.
 
*: Again, the server should delete events based on the username present in the session.  (If it deletes only based on an Event ID, an attacker could feed any arbitrary Event ID to your server, even if he/she didn't own that event.)
 
* All user and event data should be kept in a database.
 
* At no time should the main page need to be reloaded.
 
*: User registration, user authentication, event addition, and event deletion should all be handled by JavaScript and AJAX requests to your server.
 
* Your page needs to work in the versions of Firefox and Chrome installed on the lab computers.
 
 
 
'''Tip:''' Run your database schema by a TA before implementing it.
 
 
 
==== Calendar Helper Library ====
 
 
 
To help you get started with your calendar, we have written some JavaScript helper functions.  The code is available at:
 
* Full Version (for you to refer): http://research.engineering.wustl.edu/~todd/cse330/module4/calendar.js
 
* Minified Version (to include in your pages):http://research.engineering.wustl.edu/~todd/cse330/module4/calendar.min.js
 
 
 
For example, this is how you would make a button to load the next month and show alerts containing all the days in the weeks contained by that month.
 
<source lang="javascript">
 
// For our purposes, we can keep the current month in a variable in the global scope
 
var currentMonth = new Month(2012, 9); // October 2012
 
 
 
// Change the month when the "next" button is pressed
 
document.getElementById("next_month_btn").addEventListener("click", function(event){
 
currentMonth = currentMonth.nextMonth(); // Previous month would be currentMonth.prevMonth()
 
updateCalendar(); // Whenever the month is updated, we'll need to re-render the calendar in HTML
 
alert("The new month is "+currentMonth.month+" "+currentMonth.year);
 
}, false);
 
 
 
 
 
// This updateCalendar() function only alerts the dates in the currently specified month.  You need to write
 
// it to modify the DOM (optionally using jQuery) to display the days and weeks in the current month.
 
function updateCalendar(){
 
var weeks = currentMonth.getWeeks();
 
 
for(var w in weeks){
 
var days = weeks[w].getDates();
 
// days contains normal JavaScript Date objects.
 
 
alert("Week starting on "+days[0]);
 
 
for(var d in days){
 
// You can see console.log() output in your JavaScript debugging tool, like Firebug,
 
// WebWit Inspector, or Dragonfly.
 
console.log(days[d].toISOString());
 
}
 
}
 
}
 
</source>
 
 
 
'''Important:''' JavaScript starts the months of a year, and the days of a week, at index 0.  This means that '''''in JavaScript, January is month 0, and December is month 11.'''''  Our calendar helper functions maintain this JavaScript convention.
 
 
 
=== Web Security and Validation ===
 
 
 
Your project needs to demonstrate that thought was put into web security and best practice.  For more information, see this week's Web Application Security guide: [[Web Application Security, Part 3]]
 
 
 
In particular:
 
 
 
* '''Your application needs to prevent XSS attacks.'''  The easiest way to prevent this is to continue sanitizing ''all'' of your output using '''htmlentities()'''.
 
* '''Perform precautionary measures to prevent session hijacking attacks.'''
 
*: You should specify your session cookie to be HTTP-Only.  However, for the means of this module, you need not test for user agent consistency.
 
* '''Optional:''' Validate your JavaScript code using [http://www.jshint.com/ JSHint] '''''or''''' [http://jslint.com/ JSLint] for 0.5 points of Creative Portion.
 
 
 
You should continue the practices that you have learned in past weeks:
 
 
 
* Pass tokens in forms to prevent CSRF attacks.
 
*: '''Hint:''' You will need to send your CSRF tokens in your AJAX requests.  Remember that AJAX still submits forms and runs server-side scripts, just like the vanilla forms you've been using in Modules 2 and 3.
 
* Use prepared queries (or object-relational mapping in Django) to prevent SQL Injection attacks.
 
* If storing passwords in a database, always store them salted and encrypted.
 
* Your page should validate with no errors through the W3C validator.
 
  
 
== Grading ==
 
== Grading ==
  
<span style="font-size:2em; line-height:2em;">'''Due Date: Monday, October 29th by 1pm (both individual and group)'''</span>
+
We will be grading the following aspects of your work. There are 75 points total.
 
 
Please see the notes at the bottom:
 
 
 
{|
 
!Assignment
 
!Points
 
|-
 
|Calculator
 
|0.5
 
|-
 
|Weather Widget
 
|1
 
|-
 
|jQuery Dialogs
 
|0.5
 
|-
 
!colspan="2"|Group Portion:
 
|-
 
|Calendar month view correct and Move between months (without page reload)
 
|1
 
|-
 
|User authentication and registration (without page reload)
 
|1
 
|-
 
|Add events (new event shown in calendar without page reload)
 
|1
 
|-
 
|Events added are private and other users cannot see them
 
|0.5
 
|-
 
|Delete events (event removed from calendar without page reload)
 
|0.5
 
|-
 
|-
 
|Safe from XSS and Session Hijacking
 
|1
 
|-
 
|-
 
|Validation, CSRF, Salted Passwords, Safe SQL Queries
 
|1
 
|-
 
|Creative Portion
 
|2
 
|-
 
|}
 
 
 
  
Total: 10 Points
+
'''Assignments (including code) must be committed to Github by the end of class on the due date (commit early and often). Failing to commit by the end of class on the due date will result in a 0. '''
  
 +
'''Additionally, for this module, the TA should be able to simply download your repo and start up your file server, without having to copy files or create additional subdirectories.  This applies to both the individual and the creative portion'''
  
*You must get your creative portion part approved from any TA at least one day before the due date.  The creative portion is worth 20% of the module grade, and your effort should reflect this.  You may receive a deduction if your creative portion idea is not approved.
+
_________
  
*You will still lose one point per day late. As the module is only worth 10 points, that results in a 10% penalty. (Note that all modules are weighted similarly, 10 points for this module does not mean it is only worth half of the previous module).
+
# '''Individual Portion (25 Points):'''
 +
#* Node.JS is installed on your EC2 instance (5 points)
 +
#*: ''Take a screenshot of your browser visiting your EC2 instance serving up the college.html web page on port 3456, make sure the URL is visible in the screenshot.''
 +
#* The ''hello.txt'', ''brookings.jpg'', and ''college.html'' files all load successfully (4 points each)
 +
#* Visiting a file that does not exist inside the ''static'' directory results in a 404 (4 points)
 +
#* Discuss in the README.md why ''phpinfo.php'' behaves the way it does when loaded through Node.JS (4 points)
 +
#* Make sure all of your individual portion files are pushed to Github (include your node.js files, hello.txt, brookings.jpg, college.html, and phpinfo.php)
  
*Late Penalty: Monday by Midnight (-1), Tuesday by Midnight (-2), Wednesday by Midnight (-3), Thursday by Midnight (-4), Friday by Midnight (-5). After that, please talk to the instructor.
+
# '''Multi-room Chat Server (50 Points):'''
 +
#* '''''Administration of user created chat rooms (25 Points):'''''
 +
#** Users can create chat rooms with an arbitrary room name(5 points)
 +
#** Users can join an arbitrary chat room (5 points)
 +
#** The chat room displays all users currently in the room (5 points)
 +
#** A private room can be created that is password protected (5 points)
 +
#** Creators of chat rooms can temporarily kick others out of the room (3 points)
 +
#** Creators of chat rooms can permanently ban users from joining that particular room (2 points)
 +
#* '''''Messaging (5 Points):'''''
 +
#** A user's message shows their username and is sent to everyone in the room (1 point)
 +
#** Users can send private messages to another user in the same room (4 points)
 +
#* '''''Best Practices (5 Points):'''''
 +
#** Code is well formatted and easy to read, with proper commenting (2 points)
 +
#** Code passes HTML validation (2 points)
 +
#** node_modules folder is ignored by version control (1 points)
 +
#* '''''Usability (5 Points):'''''
 +
#** Communicating with others and joining rooms is easy and intuitive (4 points)
 +
#** Site is visually appealing (1 point)
 +
#* '''Creative Portion (10 Points)'''
 +
<!-- #** Make sure to create a README.md file pointing to your server -->
  
 
[[Category:Module 6]]
 
[[Category:Module 6]]
 
[[Category:Modules]]
 
[[Category:Modules]]

Latest revision as of 09:41, 21 December 2020

Module 6 builds upon the JavaScript skills you learned in Module 5.

Reading

The following articles on the online class wiki textbook contain information that will help you complete the assignments.

Individual Assignments

Install Node.JS

Install Node.JS from Apt or Yum according to the instructions in the Node.JS guide.

Static File Server in Node.JS

The individual portion of Module 6 is short in order to give you enough time to complete the group portion.

  1. Copy the example code from the Node.JS guide into a file called static_server.js or something of that nature. Save it on your EC2 instance (but not in a place that Apache can serve!).
    Ensure that you understand what the static file server script is doing…
  2. Make a directory parallel to static_server.js named static.
  3. Change "<STATIC DIRECTORY NAME>" on line 11 of the static fileserver example code to reflect the name of the directory you just made.
  4. Save the following files in your static directory:
    <?php   phpinfo();   ?>
    
  5. Boot up your Node.JS static fileserver, and from your browser, load all four of the files you created in step 4.
    Which ones work and which ones don't? Why might this be the case?

Group Project

In the group portion of Module 6 you will create a multi-room chat server using Node.JS and Socket.IO. This project must be completed using Node.JS.

This chat service will contain a main lobby where users sign on with a nickname and can communicate with each other. Users may also create chat rooms for other to join. The entire app should be displayed on a single webpage, listing the room you are in, all available rooms, and the users in the current room.

The single room chat server and client are provided here: Socket.IO

Grading

We will be grading the following aspects of your work. There are 75 points total.

Assignments (including code) must be committed to Github by the end of class on the due date (commit early and often). Failing to commit by the end of class on the due date will result in a 0.

Additionally, for this module, the TA should be able to simply download your repo and start up your file server, without having to copy files or create additional subdirectories. This applies to both the individual and the creative portion

_________

  1. Individual Portion (25 Points):
    • Node.JS is installed on your EC2 instance (5 points)
      Take a screenshot of your browser visiting your EC2 instance serving up the college.html web page on port 3456, make sure the URL is visible in the screenshot.
    • The hello.txt, brookings.jpg, and college.html files all load successfully (4 points each)
    • Visiting a file that does not exist inside the static directory results in a 404 (4 points)
    • Discuss in the README.md why phpinfo.php behaves the way it does when loaded through Node.JS (4 points)
    • Make sure all of your individual portion files are pushed to Github (include your node.js files, hello.txt, brookings.jpg, college.html, and phpinfo.php)
  1. Multi-room Chat Server (50 Points):
    • Administration of user created chat rooms (25 Points):
      • Users can create chat rooms with an arbitrary room name(5 points)
      • Users can join an arbitrary chat room (5 points)
      • The chat room displays all users currently in the room (5 points)
      • A private room can be created that is password protected (5 points)
      • Creators of chat rooms can temporarily kick others out of the room (3 points)
      • Creators of chat rooms can permanently ban users from joining that particular room (2 points)
    • Messaging (5 Points):
      • A user's message shows their username and is sent to everyone in the room (1 point)
      • Users can send private messages to another user in the same room (4 points)
    • Best Practices (5 Points):
      • Code is well formatted and easy to read, with proper commenting (2 points)
      • Code passes HTML validation (2 points)
      • node_modules folder is ignored by version control (1 points)
    • Usability (5 Points):
      • Communicating with others and joining rooms is easy and intuitive (4 points)
      • Site is visually appealing (1 point)
    • Creative Portion (10 Points)