Express.js Assignments — Build. Secure. Scale.

Grow from “hello server” to production-grade APIs and apps. Each topic-wise set includes 20 Basic, 20 Intermediate, and 10 Advanced questions so learners can practice deliberately and level up fast.

Your five attached assignments span the full stack of Express skills: core routing & HTTP, static files, middleware, uploads & validation, template engines + REST APIs + databases, authentication & authorization (JWT/Sessions/RBAC/PBAC), and cookies/sessions & CSRF-style protections.

CONNECT WITH US

Why practice with these assignments?

  • Move beyond theory—create routes, read req/res, parse bodies, validate inputs, and ship JSON.
  • Learn real-world static asset delivery, caching, compression, logging, file uploads, and debug flows.
  • Build template-driven UIs and REST APIs with pagination/sorting/filtering and rate limiting—then wire them to MySQL, MongoDB, and PostgreSQL.
  • Master auth: sessions vs JWT, roles/permissions, refresh tokens, and secure password handling.
  • Get hands-on with cookies & sessions (flags, expiry, SameSite) and defensive patterns against common risks.

How it works

  • Open any assignment and attempt questions in order: Basic → Intermediate → Advanced.
  • Run locally, use nodemon for quick feedback, and iterate on failing cases.
  • Validate endpoints with a client (e.g., Postman) and check logs/headers/responses.
  • Refactor to routes/controllers/middlewares as complexity grows; keep a short “what I learned” note per task.

What you’ll achieve

  • Solid grasp of routing, query/route params, JSON & URL-encoded parsing, env-driven config, and error handling.
  • Confident use of middleware (ordering, custom chains), debug logs, morgan, compression, static caching, and multer for uploads.
  • Ability to ship templated pages (EJS/Pug/HBS) alongside versioned REST APIs with pagination, sorting, filtering, and standardized error responses.
  • Database fluency across MySQL (mysql2), MongoDB (mongoose), and PostgreSQL (pg) with proper status codes and centralized error handling.
  • Practical AuthN/AuthZ patterns: sessions, JWT, refresh tokens, RBAC/PBAC, bcrypt hashing, and secure flows.
  • Production-minded handling of cookies & sessions (httpOnly/secure/SameSite), CSRF-style protections, and session stores.

Browse the Assignments

  • Core Express & HTTP — server setup, routes/params, env config, JSON parsing, validation, downloads, structured project layout, and global error handling.
  • Static, Middleware & Uploads — express.static with caching, gzip via compression, debugging with debug, routers, morgan, express-validator, and multer (single/multiple/S3).
  • Templates & REST + Databases — EJS/Pug/HBS with layouts/partials, rate limiting, versioned APIs, CRUD with MySQL/Mongo/Postgres, pagination/sorting/filtering, unified API errors.
  • Auth & Access Control — sessions vs JWT, token verification, expiry/refresh, bcrypt, RBAC/PBAC, two-factor flows, and multi-DB login paths.
  • Cookies, Sessions & CSRF — cookie flags, session stores (Mongo/Redis), persistent login, session rotation, SameSite modes, and cookie-based defenses.

Tips for success

  • Use environment variables for ports/secrets; load via .env and avoid hard-coding.
  • Keep logic clean: routes → controllers → services → middlewares; add a global error handler early.
  • Validate inputs (e.g., express-validator) and return consistent error shapes.
  • Add rate limiting on sensitive routes and debug/metrics to spot bottlenecks.
  • Prefer httpOnly + secure + SameSite cookies and rotate sessions/tokens on login.

Ready to build real confidence in Express JS? Pick a set below and start solving!

Assignment-1

Assignment-2

Assignment-3

Assignment-4

Assignment-5

FAQs

Q1. Which Node/Express versions should I target?
Use a recent LTS version of Node and the current Express 4/5 API surface. Your assignments focus on fundamentals that apply across supported versions such as routing, middleware, error handling, and environment configuration.

Q2. How should I structure a growing Express project?
Split concerns into routes, controllers, middlewares, and config files, and centralize error handling. Several tasks explicitly ask you to reorganize and compare project structures.

Q3. How do I handle environment configuration safely?
Load settings from a .env file (port, secrets), use process.env, and never hard-code credentials. One exercise includes switching the port to an environment variable and using dotenv.

Q4. What’s the recommended way to validate inputs?
Use express-validator for shape and format checks (e.g., email validity, password length). Return a 400 status code with a clear message when validation fails. You’ll integrate this into routes like /register.

Q5. How do I design consistent API errors?
Create a global error handler and a custom ApiError class. Respond with a structure like { success: false, message, code } along with the proper status code.

Q6. When should I use sessions vs JWT?
Sessions (server-stored) are suited for traditional web apps, while JWTs (stateless) work better for APIs and mobile apps. You’ll implement both, add refresh tokens, and compare their behavior.

Q7. What cookie settings should I use in production?
Enable httpOnly, secure (for HTTPS), and SameSite (often lax or strict). Add sensible expiries and use session rotation to prevent fixation attacks.

Q8. How do I implement file uploads safely?
Use Multer for handling uploads. Validate file type and size, support multiple uploads where required, and optionally stream files to S3 or another storage service for durability.

Q9. Do the assignments cover databases? Which ones?
Yes. You will practice with MySQL (mysql2), MongoDB (mongoose), and PostgreSQL (pg) using CRUD operations, validation, and parameterized queries.

Q10. How can I test endpoints while developing?
Use Postman to hit endpoints, verify responses and error structures, and simulate error scenarios. Several assignments include explicit Postman-based checks.