In the context of testing, what is the main difference between a mock and a stub?
- Stubs are used for functions, while mocks are used for objects
- Mocks record and verify interactions, while stubs only simulate behavior
- Stubs are only used in integration tests, while mocks are used in unit tests
- Mocks are less flexible than stubs
The primary difference between a mock and a stub is that mocks record and verify interactions between the code under test and the dependencies, whereas stubs only simulate the behavior of dependencies. Mocks are used to ensure that specific interactions occur as expected, while stubs focus on controlling the response of functions or methods.
In Express.js, how can middleware be utilized to implement authorization checks for different routes?
- Middleware can't be used for authorization checks in Express.js.
- Middleware functions can be added to route definitions to execute specific authorization logic before handling a request.
- Middleware can only be used for logging purposes in Express.js.
- Authorization checks can only be done in the route handler functions.
Middleware in Express.js is versatile and can be used for various purposes, including implementing authorization checks. By adding middleware functions to specific route definitions, you can ensure that certain authorization logic is executed before the route handler processes the request.
How can the 'done' callback be used in asynchronous testing with Mocha?
- done is used to terminate the Mocha test suite prematurely.
- done is used to indicate that the test is asynchronous and should wait for it to complete.
- done is used to skip a test case in Mocha.
- done is not used in Mocha for asynchronous testing.
In Mocha, the done callback is used to indicate that a test is asynchronous and should wait for it to complete before considering the test case finished. It prevents the test case from finishing prematurely. The other options provide incorrect information about the use of done.
How can you create an object in JavaScript that does not inherit the prototype from Object?
- Object.create(null)
- Object() constructor
- {} constructor
- Object.assign({})
In JavaScript, you can create an object that does not inherit the prototype from Object by using Object.create(null). This creates an object with no prototype, making it a clean slate. The other options either inherit from Object or use Object's prototype.
In Express, how can you enable Cross-Origin Resource Sharing (CORS) for your API?
- app.use(cors())
- app.enable(cors)
- app.allow(CORS)
- app.cors(true)
To enable Cross-Origin Resource Sharing (CORS) in Express, you should use the cors middleware by adding app.use(cors()) to your application. This middleware allows or restricts cross-origin HTTP requests. The other options are not valid ways to enable CORS in Express.
What is the primary purpose of using JSON Web Tokens (JWT) in authentication?
- Storing user passwords securely
- Encoding user data in URL parameters
- Storing user sessions on the server
- Securely transmitting information between parties
The primary purpose of using JSON Web Tokens (JWT) in authentication is to securely transmit information between parties. JWTs are used to authenticate users and ensure that data exchanged between the client and server remains tamper-proof and confidential. They are commonly used in web applications to maintain user sessions without the need to store session data on the server. The other options do not represent the primary purpose of JWTs.
Which of the following is used to consume a Promise?
- then()
- catch()
- finally()
- consume()
To consume the result of a Promise, you typically use the then() method. It allows you to specify what should happen when the Promise is successfully resolved. The other options are also Promise methods but serve different purposes, like error handling with catch() or running code regardless of the Promise's outcome with finally().
You are responsible for the security of a web application. You have to ensure that only trusted domains can interact with your server. How would you configure CORS to allow only specific domains to make requests to your server?
- Set the Access-Control-Allow-Origin header to * in the server response.
- Use wildcard subdomains in the Access-Control-Allow-Origin header.
- Specify the trusted domains in the Access-Control-Allow-Origin header.
- Disable CORS entirely to prevent any external access.
To restrict CORS to specific domains, you should specify the trusted domains in the Access-Control-Allow-Origin header. Option A would allow any domain, option B uses wildcard subdomains, which may not be secure, and option D is not secure and disables CORS.
You are implementing a Single Sign-On (SSO) solution for various microservices in your organization. How would you design the OAuth flows to ensure secure and seamless access to all services for the end-users?
- Use OAuth 2.0 Authorization Code Flow
- Use OAuth 2.0 Implicit Flow
- Use OAuth 2.0 Resource Owner Password Credentials (ROPC) Flow
- Use OAuth 2.0 Client Credentials Flow
To ensure secure and seamless SSO, the OAuth 2.0 Authorization Code Flow is typically used. It allows the client to securely obtain tokens on behalf of the user without exposing sensitive information. The Implicit Flow is less secure, and ROPC and Client Credentials Flows are not suitable for user authentication.
You are building an Express.js API and need to ensure that the API can only be accessed with a valid authentication token. How would you implement middleware to secure your API?
- Use a middleware function to check the authentication token for each API route and grant access only if the token is valid.
- Implement authentication within each route handler, verifying the token before processing the request.
- Rely on HTTPS encryption to secure the API and avoid using authentication middleware.
- Use a third-party authentication service to secure your API and handle token validation externally.
To secure an Express.js API with authentication, you should create a middleware function that checks the authentication token for each API route and grants access only if the token is valid. Centralizing authentication in middleware ensures consistent security across all routes. The other options are either less secure or less maintainable.