Lork
A lightweight Node.js framework built from the ground up, focusing on core web server functionalities and implementing critical components from scratch.Overview
Lork is a lightweight Node.js framework built from the ground up with a focus on understanding and implementing core web server functionalities.Instead of relying on third-party libraries, critical components were implemented from scratch, including raw HTTP protocol handling, multipart form data parsing, cookie management, and session handling.
Key Features
Custom HTTP Server Framework: Built a lightweight server framework with routing, request handling, and response enhancements on top of Node.js.Session Management System: Developed a flexible session management system with support for both memory stores and MongoDB storage solutions.Authentication Framework: Implemented a first-party local authentication system with secure password handling and session management.Middleware Architecture: Designed an extensible middleware system allowing seamless integration of custom functionality.
Technologies Used
Node.js: Core platform for building the frameworkJavaScript: Primary programming languageHTTP Module: Native Node.js module for handling HTTP requestsCrypto: For implementing secure cookie signing and authentication
Technical Challenges
Multipart Form Data Parsing: Although not implemented in the final version of lork, I created a custom parser for handling multipart form data, crucial for processing file uploads and complex form submissions. This provided valuable insights into HTTP protocol handling and parsing complex data formats.Session Security: Implemented a session security system with signed session IDs, HTTPS-only cookies, and protection against XSS and CSRF attacks. Sessions are stored in-memory or MongoDB with automatic cleanup of expired sessions.Routing and Middleware Design: Created a flexible routing system with dynamic route parameters and a custom middleware architecture for pre-processing steps like authentication checks, logging, and request validation.Authentication: Implemented a first-party local authentication system with secure password hashing, token-based session management, and protection against various attack vectors.
Learnings
Gained understanding of HTTP protocols and web server architectureLearned about raw request/response handling and data parsingDeveloped expertise in security considerations for web frameworksAcquired a good understanding of concepts that most developers rely on third-party libraries for.