Friday, March 4, 2022

NFR : None Functional Requirement in Software Engineering or Application Development : Part 1

Here is the link of all of my posts on topic NFR:

Links:

NFR(None Functional Requirement) is abbreviated as Non Functional Requirement. In any application development or maintenance work, the NFRs are least discussed but most required activities. Generally, the NFRs of an application are not discussed by Business team. Its Developer's team's responsibility to discuss all the NFRs with business teams and try to understand and create a document of the discussion regarding NFRs implementation with Business team. There may be several discussion points regarding NFRs with Business team like:

  1. Expected minimum or maximum load on application
  2. What is the pick time and off pick time of the application usage
  3. Is the application public facing or only client's employee facing
  4. Application downtime required for build deployment or any upgradation
  5. Response throughput in terms of millisecond required for a feature
  6. Negotiation in business requirement to achieve the required throughput.
  7. Whether the application's feature is read extensive or write extensive to decide how frequently data should be flushed in caching if caching is implemented
  8. Whether customer requires latest data as soon as it is updated in system to decide whether to implement caching
  9. Cost of any 3rd party API that Business can bear.
  10. Cost of skilled resources that Business should bear till the time the application becomes stable(Should be discussed more by Management team)
  11. Tradeoff analysis and discuss with Business team about conflict between different NFRs.
There are several types of Non Functional Requirements. Few important NFRs are as follows:
  1. Scalability
  2. Performance
  3. Testability
  4. Security
  5. Extensibility
  6. Observability
  7. Maintainability
The actual list of NFRs are very vast. Here, I have included only few that are mostly required to be considered in Application development.

In my next blog, I will discuss about the above mentioned NFRs in short.

Posted by Jitendra at 5:50 AM 0 comments

Node Express application Security: Set Request Size Limit for JSON data and file uploading

 Here, we are going to discuss about securing our Node Express application if any unwanted user tries to impact performance of our application by sending a very huge input JSON data or by uploading a very large file. 

Generally, Express allows 100KB JSON data by default. If we try to input more than 100KB JSON data, it will return 413 error code. In case of file uploading by using Multer package, there is not any defult file size limit. So, in can case of file uploading, we should apply some file size limit in Node Js code. Lets discuss about JSON input data and file uploading separately.

JSON input data: As told above, Express allows by default 100KB JSON data which is pretty good in most of the scenarios. If in some scenarios, we need to send JSON data of size more than 100KB, then we have to increase the default JSON data size limit. We can achieve it by using the below two middlewares.

app.use(express.json({limit: '10mb', extended: true}));
app.use(express.urlencoded({limit: '10mb', extended: true}));

Now, this express application will allow us to send JSON data of up to 10mb size.

File upload size limit: Generally, we use Multer package to upload incoming files. Here, we can restrict the security threat by providing the max file size limit in multer. It can be done in the following way.

const multer = require('multer');
const upload = multer({limits: { fileSize: 1024 * 1024 * 150 }}); //150Mb

Here, we are defining the maximum allowed file size limit as 150mb. This size applies for both single file upload and multiple file upload. So, if we are uploading a single file of size say 200mb or two files together with each file having size about 100mb that is 100+100=200mb then, in both the cases, the file size limit is exceeding the defined file size that is 150mb. So, in these cases, it will give error with 500 status code with error message as "File too large".

I have created below two routes for handling single file upload and multiple file upload.

app.post('/singleFileUpload', upload.single("file"), (req, res) => {
  const jsonData = req.body;
  res.status(200).json({
    "status": "success"
  });
});

app.post('/multipleFileUpload', upload.array("file"), (req, res) => {
  const jsonData = req.body;
  res.status(200).json({
    "status": "success"
  });
});

Here, I am giving my code that will help in reproducing the outcome of above discussion.

package.json

{
  "name": "node_test",
  "version": "1.0.0",
  "description": "",
  "main": "index.js",
  "scripts": {
    "test": "echo \"Error: no test specified\" && exit 1",
    "start": "nodemon ./app"
  },
  "author": "",
  "license": "ISC",
  "dependencies": {
    "express": "^4.17.3",
    "multer": "^1.4.4",
    "nodemon": "^2.0.15"
  }
}

app.js

const express = require('express');
const multer = require('multer');
const app = express();
const upload = multer({limits: { fileSize: 1024 * 1024 * 150 }}); //50Mb

//middleware
app.use(express.json({limit: '10mb', extended: true}));
app.use(express.urlencoded({limit: '10mb', extended: true}));

const port = 3000;

app.get('/', (req, res) => {
  res.status(200).json({
    "status": "success"
  });
});

app.post('/bigJson', (req, res) => {
  const jsonData = req.body;
  res.status(200).json({
    "status": "success",
    "jsonData": jsonData
  });
});

app.post('/singleFileUpload', upload.single("file"), (req, res) => {
  const jsonData = req.body;
  res.status(200).json({
    "status": "success"
  });
});

app.post('/multipleFileUpload', upload.array("file"), (req, res) => {
  const jsonData = req.body;
  res.status(200).json({
    "status": "success"
  });
});

app.listen(port, () => {
  console.log("Server has started");
});




Posted by Jitendra at 5:37 AM 0 comments
Subscribe to: Posts (Atom)