Introduction to Server-Side Programming

Albert KipchirchirAlbert Kipchirchir
7 min read

Server-side programming with JavaScript has transformed web development, enabling developers to use a single language across the entire stack. With Node.js as the runtime and frameworks like Express.js, JavaScript empowers developers to build scalable, dynamic, and secure web applications. This article dives into the essentials of server-side programming with JavaScript, exploring rendering models, key properties of server-side languages, practical examples with EJS templating, and advanced considerations like performance and security. Designed to take about 12 minutes to read, this technical guide provides a comprehensive introduction for developers looking to master server-side JavaScript.

Understanding Rendering Models: CSR, SSR, and SSG

Modern web applications rely on different rendering strategies to deliver content to users. Understanding Client-Side Rendering (CSR), Server-Side Rendering (SSR), and Static Site Generation (SSG) is crucial for choosing the right approach for your project.

Client-Side Rendering (CSR)

In CSR, the server sends a minimal HTML skeleton, and JavaScript frameworks like React, Angular, or Vue.js dynamically populate the content in the browser. This approach shines for highly interactive applications, such as single-page apps (SPAs).

  • Pros:

    • Rich interactivity and smooth transitions after the initial load.

    • Reduces server load by offloading rendering to the client.

  • Cons:

    • Slower initial page load, as the browser must download and execute JavaScript.

    • SEO challenges, as search engines may struggle to index dynamic content.

Server-Side Rendering (SSR)

With SSR, the server generates the complete HTML for a page and sends it to the browser. This approach ensures users see meaningful content quickly, even before JavaScript loads.

  • Pros:

    • Faster initial page load, improving user experience.

    • SEO-friendly, as search engines can easily crawl fully rendered HTML.

  • Cons:

    • Higher server load, as rendering happens on the server.

    • Navigation between pages may be slower compared to CSR.

Static Site Generation (SSG)

SSG pre-builds HTML pages at build time, serving them as static files. Tools like Next.js, Gatsby, and Hugo excel in this approach, making it ideal for content-heavy sites like blogs or documentation.

  • Pros:

    • Lightning-fast load times, as pages are pre-rendered.

    • Cost-effective hosting, as static files require minimal server resources.

  • Cons:

    • Less suited for real-time or highly dynamic content.

    • Rebuilding is required for content updates.

Modern applications often combine these approaches. For example, Next.js supports hybrid rendering, blending SSR for dynamic pages and SSG for static ones. Server-side programming with JavaScript underpins SSR and supports APIs for CSR and SSG, making it a versatile skill for developers.

What is Server-Side Programming?

Server-side programming involves writing code that runs on a server, the machine that handles incoming requests, processes data, and sends responses to clients (browsers, mobile apps, or other servers). Unlike client-side JavaScript, which manipulates the browser’s DOM, server-side JavaScript manages:

  • Database operations: Querying and updating databases like MongoDB or PostgreSQL.

  • User authentication: Verifying user identities and managing sessions.

  • Business logic: Processing data, calculations, or workflows.

  • API responses: Serving JSON or XML for front-end or third-party consumption.

  • Security: Handling encryption, input validation, and protection against attacks.

  • View rendering: Generating dynamic HTML with templating engines like EJS.

Node.js, a JavaScript runtime built on Chrome’s V8 engine, enables server-side programming by allowing JavaScript to run outside the browser. Paired with frameworks like Express.js, it simplifies building robust servers, unifying front-end and back-end development in a single language.

Key Properties of a Server-Side Programming Language

For a language to excel in server-side programming, it must support the following properties. JavaScript, with Node.js, meets these requirements effectively.

  1. Handling HTTP Requests/Responses

    • The language must process incoming HTTP requests (GET, POST, etc.) and send structured responses (HTML, JSON, etc.). Node.js uses modules like http or Express.js to streamline this process.

  2. Concurrency and Scalability

    • Servers handle multiple simultaneous users. Node.js’s non-blocking, event-driven architecture leverages an event loop to manage concurrency efficiently, making it ideal for real-time applications like chat apps.

  3. Database Connectivity

    • Seamless integration with databases (e.g., MongoDB, PostgreSQL, MySQL) is essential. Libraries like mongoose (for MongoDB) or sequelize (for SQL databases) make this straightforward in Node.js.

  4. Security Features

    • The language must support encryption, input sanitization, and protection against common vulnerabilities like SQL injection, XSS, and CSRF. Middleware like helmet in Express.js enhances security.

  5. Middleware and Framework Support

    • Frameworks simplify server development. Express.js provides middleware for tasks like authentication, logging, and error handling, reducing boilerplate code.

  6. Template Rendering

    • Dynamic HTML generation is critical for SSR. Templating engines like EJS, Pug, or Handlebars allow developers to embed server-side data into HTML.

  7. API Development (REST/GraphQL)

    • Modern servers often expose APIs for front-end or third-party consumption. Node.js supports building REST APIs with Express.js and GraphQL APIs with libraries like apollo-server.

  8. Cross-Platform Portability

    • The language should run on various operating systems (Linux, Windows, macOS) and environments (cloud, containers). Node.js’s cross-platform nature ensures portability.

Using EJS for Templating in Node.js

EJS (Embedded JavaScript) is a lightweight templating engine that integrates JavaScript with HTML, enabling dynamic page generation. It’s particularly useful for SSR, where the server renders HTML based on dynamic data.

Example: Rendering a User Profile Page

Below is a simple Node.js server using Express.js and EJS to render a user profile page.

server.js:

const express = require('express');
const app = express();

// Set EJS as the view engine
app.set('view engine', 'ejs');

// Route to render user profile
app.get('/', (req, res) => {
  const user = {
    name: 'Alice',
    hobbies: ['reading', 'coding', 'hiking'],
    lastLogin: new Date().toLocaleString()
  };
  res.render('index', { user });
});

// Start server
app.listen(3000, () => {
  console.log('Server running at http://localhost:3000/');
});

index.ejs:

<!DOCTYPE html>
<html lang="en">
<head>
  <meta charset="UTF-8">
  <title>User Profile</title>
  <style>
    body { font-family: Arial, sans-serif; padding: 20px; }
    h1 { color: #333; }
    ul { list-style-type: disc; margin-left: 20px; }
  </style>
</head>
<body>
  <h1>Welcome, <%= user.name %>!</h1>
  <p><strong>Last Login:</strong> <%= user.lastLogin %></p>
  <p><strong>Your Hobbies:</strong></p>
  <ul>
    <% user.hobbies.forEach(function(hobby) { %>
      <li><%= hobby %></li>
    <% }); %>
  </ul>
</body>
</html>

How It Works

  1. The server defines a user object with dynamic data (name, hobbies, and last login time).

  2. The res.render method passes the user data to the index.ejs template.

  3. EJS processes the template, embedding the user’s data into the HTML (e.g., <%= user.name %> outputs “Alice”).

  4. The server sends the fully rendered HTML to the browser.

When a user visits http://localhost:3000/, they see a personalized page with their name, hobbies, and last login time. This demonstrates how EJS simplifies SSR by combining server-side logic with HTML rendering.

Advanced Considerations: Performance and Security

To build production-ready server-side JavaScript applications, consider the following:

Performance Optimization

  • Caching: Use in-memory stores like Redis to cache database queries or rendered templates, reducing server load.

  • Load Balancing: Distribute traffic across multiple Node.js instances using tools like NGINX or PM2.

  • Compression: Enable Gzip compression in Express.js to reduce response sizes, speeding up page loads.

  • Asynchronous Operations: Leverage Node.js’s asynchronous capabilities (e.g., async/await) to avoid blocking the event loop.

Security Best Practices

  • Input Sanitization: Use libraries like express-validator to prevent injection attacks.

  • Helmet Middleware: Protect against common vulnerabilities (e.g., XSS, clickjacking) by setting secure HTTP headers.

  • Environment Variables: Store sensitive data (e.g., API keys, database credentials) in .env files using the dotenv package.

  • Rate Limiting: Implement rate limiting with express-rate-limit to prevent abuse or DDoS attacks.

Example: Adding Security with Helmet

const express = require('express');
const helmet = require('helmet');
const app = express();

app.use(helmet()); // Adds security headers
app.set('view engine', 'ejs');

app.get('/', (req, res) => {
  res.render('index', { user: { name: 'Alice' } });
});

app.listen(3000, () => console.log('Server running'));

This simple addition of helmet enhances the server’s security by setting headers like X-Content-Type-Options and Content-Security-Policy.

Bringing It All Together

Server-side programming with JavaScript ties together various aspects of web development:

  • CSR: Relies on server-side APIs to provide data to client-side frameworks.

  • SSR: Uses templating engines like EJS to render HTML on the server.

  • SSG: Pre-renders pages, often with server-side logic during the build process.

With Node.js and Express.js, developers can:

  • Build REST or GraphQL APIs for dynamic data.

  • Render dynamic HTML with EJS or other templating engines.

  • Handle complex business logic securely.

  • Integrate with databases like MongoDB or PostgreSQL.

The unification of JavaScript across the stack eliminates context-switching between languages, streamlining development and enabling full-stack developers to work efficiently.

Conclusion

Server-side programming with JavaScript, powered by Node.js and frameworks like Express.js, offers a robust foundation for building modern web applications. Whether you’re rendering dynamic pages with EJS, serving APIs, or integrating databases, JavaScript’s versatility makes it a top choice for full-stack development. By understanding rendering models (CSR, SSR, SSG), leveraging templating engines, and applying performance and security best practices, you can create web experiences that are fast, secure, and scalable.

To dive deeper, consider exploring:

  • Next.js for hybrid SSR/SSG applications.

  • MongoDB or PostgreSQL for database integration.

  • GraphQL for advanced API development.

Start building your server-side JavaScript project today, and unlock the power of a unified JavaScript stack!

0
Subscribe to my newsletter

Read articles from Albert Kipchirchir directly inside your inbox. Subscribe to the newsletter, and don't miss out.

Programming Blogsprogramming languages

Written by

Albert Kipchirchir
Albert Kipchirchir