Header image

Crawl Website Đơn Giản Với Postman

20/12/2022

1.48k

Mở đầu

Trong kiểm thử API, chúng ta không xa lạ gì với Postman, một tool kiểm thử API rất phổ biến và được sử dụng trong nhiều trường hợp khác nhau. Nếu như bạn chưa rõ API là gì, có thể tham khảo lại bài viết giới thiệu về API cơ bản của mình tại ĐÂY.

Trong bài viết này, mình sẽ hướng dẫn các bạn cách crawl đơn giản một website bằng Postman nhằm kiểm tra xem các link hay hình ảnh có trong website đó có bị die hay lỗi gì không? 

Crawl Website là việc lấy thông tin từ website , trích xuất ra những thông tin người sử dụng cần, đồng thời cũng tìm những link có trong trang web đó và tự động truy cập vào những link đó. Quá trình đó sẽ lặp đi lặp lại đến khi thu thập đủ thông tin người dùng cần. 

Ví dụ dự án của bạn có một website như Landing Page hoặc trang chủ chẳng hạn, và trong trang lại có các hình ảnh, các hyperlink dẫn tới các trang con hoặc các website khác. Sau một thời gian bạn cần kiểm tra lại xem những hyperlink đó có còn hoạt động hay không. Thay vì phải click thủ công từng link một thì Postman có thể giúp bạn đơn giản hoá và tiết kiệm thời gian hơn cho việc này rất nhiều. Trước khi đi sâu vào bài viết, bạn cần có một số kiến thức về các khái niệm dưới đây:

  • Script trong Postman
  • Runner trong Postman
  • Có một ít kiến thức cơ bản về Javascript

Khâu chuẩn bị

Để bắt đầu, máy tính của bạn cần cài đặt Postman, tất nhiên rồi. Sau đó chúng ta sẽ tạo một Collection chứa hai Request với tên bất kỳ và hai biến collection. Trong ví dụ dưới đây, mình sẽ tạo Collection tên Crawl Website cùng 2 request:

  • Input check: Request này dùng để kiểm tra đầu vào trước khi crawl.
  • URL check: Request chính dùng để crawl website.
  • 2 biến collection gồm có: 
    • rootUrl: URL gốc của trang cần check
    • startUrl: URL bắt đầu khi chạy test, ở đây mình sẽ để rootUrl và startUrl chung 1 URL

Input check

Input check

Giờ chúng ta cùng thiết lập cho request đầu tiên. Ở request này, mình sẽ code tại phần Pre-request nhằm kiểm tra các đầu vào trong quá trình crawl website. Dưới đây là danh sách các function mình cần tạo trong request này

  • Kiểm tra danh sách biến có trong collection
  • Kiểm tra giá trị URL gán vào biến có định dạng hợp lệ
  • Tạo biến Global để sử dụng cho request tiếp theo

Như mình đã nói ở phần mở đầu, các bạn cần có kiến thức cơ bản về javascript để có thể hiểu hơn và tuỳ biến lại code phù hợp với nhu cầu của dự án. Mình sẽ có gắng giải thích đơn giản để những bạn ít biết về code vẫn có thể sử dụng được.

Ở request này, URL của request chúng ta sẽ để biến {{startUrl}} với phương thức là GET.

Input check

Kiểm tra danh sách biến có trong collection

Trước khi kiểm tra được danh sách các biến có trong collection, ta sẽ chuyển các biến đó thành object và gán vào biến postmanVariables

<strong>const</strong> postmanVariables = pm.collectionVariables.toObject();

Sau đó ta kiểm tra các biến cần sử dụng đã có trong collection hay chưa

pm.expect(postmanVariables).to.have.all.keys("startUrl", "rootUrl");

Kiểm tra giá trị URL gán vào biến có định dạng hợp lệ

Để kiểm tra giá trị URL gán vào biến có định dạng hợp lệ, ta sẽ sử dụng Regex. Đầu tiên ta sẽ gán định dạng URL viết dưới dạng regex vào biến urlRegex và so sánh các giá trị URL trong 2 biến collection là startURL và rootURL có giống với urlRegex hay không.

const urlRegex = /^https?:\/\//;
pm.expect(postmanVariables.startUrl, 'startUrl does not match URL pattern').to.match(urlRegex);
pm.expect(postmanVariables.rootUrl, 'rootUrl does not match URL pattern').to.match(urlRegex);

Tạo biến Global để sử dụng cho request tiếp theo

Kết thúc script mình sẽ tạo biến 3 biến là link, url, index cho request tiếp theo. Ở đây mình sử dụng biến Global để cho dễ truy cập và lấy giá trị giữa các request, tuỳ thuộc vào tính chất dự án, bạn có thể sửa lại thành biến cho 1 environment cũng không có vấn đề gì nhé. 

  • links: Mảng các link ta lấy được khi crawl một trang
pm.globals.set("links", "[]");
  • url: URL đang test
pm.globals.set("url", postmanVariables.startUrl);
  • index: Số thứ tự của URL cần test trong mảng links ta crawl được
pm.globals.set("index", -1);

URL check

URL check

Sau khi thiết lập xong request Pre-check, ta chuyển sang request URL check, đây sẽ là request chạy chính của mình. 

Ở request này, URL của request chúng ta sẽ để biến {{url}} với phương thức là GET.

URL check

Dưới đây là danh sách các function sẽ sử dụng trong request này:

  • Kiểm tra link lỗi
  • Lấy các hyperlink có trong website
  • Lọc các link không liên và lặp crawl
  • Kết thúc vòng lặp

Trước khi bắt đầu thì ta sẽ gán giá trị URL của 2 biến collection và 3 biến Global thành các biến Local cho dễ sử dụng

const startUrl = pm.collectionVariables.get("startUrl");
const rootUrl = pm.collectionVariables.get("rootUrl");
const links = JSON.parse(pm.globals.get("links"));
const currentUrl = pm.globals.get("url");
const currentIndex = parseInt(pm.globals.get("index"));

Kiểm tra link lỗi

Giờ ta sẽ tạo 1 hàm để kiểm tra xem link mình lấy về có bị lỗi hay không. Hiện tại thì link chúng ta test ban đầu chính là URL bạn gán vào biến startUrl.

pm.test(`Link to "${currentUrl}" works`, function () {
    try {
        pm.response.to.not.be.error;
    }
    catch (error) {
        console.log(`FAILED :: ${currentUrl}`);
        console.log(`FAILED :: status code is ${pm.response.code}`);
        
        throw error;
    }
});

Trong đó hàm try để kiểm tra xem link đó có trả về response lỗi hay không và hàm catch dùng để log lại thông tin lỗi. Tuỳ vào nhu cầu bạn có thể log thêm những thông tin khác bạn muốn kiểm tra nhé.

Lấy các hyperlink có trong webiste

Sau khi ta đã kiểm tra link ban đầu không bị lỗi, ta sẽ chạy hàm lấy các hyperlink có trong URL đó như sau:

if (currentUrl.includes(startUrl)) {
    const $ = cheerio.load(pm.response.text());
    
    $("a").each(function () {
        const newLink = $(this).attr("href");
        
        if (!links.includes(newLink)) {
            links.push(newLink);
        }
    });

    $("img").each(function () {
        const newLink = $(this).attr("src");
        
        if (!links.includes(newLink)) {
            links.push(newLink);
        }
    });
}

Để lấy dữ liệu từ trang web, ta sẽ crawl HTML của web đó và tìm kiếm thông tin ta cần từ các tag có trong HTML lấy về. Trong bài viết này mình sẽ thư viện Cheerio để lấy HTML của website cần test và gán nó vào biến $. Sau khi có được HTML rồi, ta sẽ tạo vòng lặp each để tìm các tag <a> và tag <img>, sau đó  lấy các URL trong attribute “href” ở trong <a> và “src” ở trong <img>. Tiếp đến ta sẽ gán nó vào biến newLink. Ngoài ra tuỳ thuộc vào nhu cầu và tính chất của trang web, các bạn có thể bổ sung thêm các thẻ và attribute có chứa URL cần test như <link> chẳng hạn.

Vì ta chỉ cần check mỗi link 1 lần nên mình sẽ viết thêm 1 hàm if để kiểm tra xem URL lấy được đã được lấy trước đó hay chưa, nếu chưa thì sẽ bỏ link đó vào mảng links. Ở bước này bạn cũng có thể bổ sung thêm các điều kiện khác để check link lấy được tuỳ thuộc vào nhu cầu của bạn như không lấy link ads hay action link,…

Lọc các link không liên quan và lặp crawl

Chúng ta đã đi được hơn nữa quãng đường rồi. Sau khi lấy được các link có trong web và bỏ vào mảng links, giờ ta sẽ viết 1 function để trích xuất các link đó và chạy tiếp cũng như lọc những link không liên quan.

const [nextUrl, nextIndex] = getNextUrlAndIndex(links, currentIndex);
function getNextUrlAndIndex (links = [], index = 0) {
    const nextIndex = index + 1;
    
    if (links.length - 1 === nextIndex) {
        return [];
    }
    
    const linkUrl = links[nextIndex];
    
    if (!linkUrl) {
        // Skip null links
        console.log('Encountered a null link.');
        
        // Try to get the next link
        return getNextUrlAndIndex(links, nextIndex);
    }
    
    if (/^https?:\/\//.test(linkUrl)) {
        // Return if not a relative link
        return [linkUrl, nextIndex];
    }
    
    // If the link is relative, prepend with rootUrl
    const cleanedRoot = rootUrl.replace(/\/$/, '');
    const cleanedPath = linkUrl.replace(/^[\.\/]+/, '');
    
    return [[cleanedRoot, cleanedPath].join('/'), nextIndex];
}

Function này ta sẽ sử dụng biến links chứa mảng link đã lấy và biến index nhằm trích xuất vị trí link ta muốn chạy tiếp.

Hàm if đầu tiên sẽ check nếu như ta chạy xong hết mảng link thì sẽ trả về mảng rỗng.

Hàm if thứ 2 sẽ kiểm tra loại trừ các loại link mà bạn không muốn test, ở đây mình sẽ loại trừ null link, ngoài ra bạn có thể bổ sung thêm các loại link khác như link download chẳng hạn.

Hàm if tiếp theo sẽ dùng regex để kiểm tra xem link đó có nằm trong các trang con của mình hay không. Mình sẽ check bằng logic nếu như đầu URL đó giống với biến rootUrl thì sẽ truy cập tiếp vào trang đó và lấy tiếp các URL có trong trang con và lặp lại đến khi nào không còn tìm thấy nữa thì thôi.

Kết thúc vòng lặp

Cuối cùng chúng ta sẽ chạy 1 hàm if để kết thúc vòng lặp crawl này

if (nextUrl) {
    // Update global variables
    pm.globals.set("links", JSON.stringify(links));
    pm.globals.set("url", nextUrl);
    pm.globals.set("index", nextIndex);

    postman.setNextRequest("Check URL");
}
else {
    console.log("No more links to check!");
    
    // Clear global variables
    pm.globals.clear("links");
    pm.globals.clear("url");
    pm.globals.clear("index");
    
    // End the loop
    postman.setNextRequest(null);
}

Trong hàm if này nếu như vẫn còn get được link từ website thì sẽ tiếp tục gán vào biến Local để chạy tiếp bằng hàm postman.setNextRequest(“Check URL”);. Nếu như hết link thì mình sẽ đặt lệnh clear biến global để cho gọn phần biến tránh ảnh hưởng cho những lần chạy sau và set Next Request về null để kết thúc vòng lặp.

Kết

Vậy là chúng ta đã hoàn thành một collection crawl website đơn giản bằng Postman. Hi vọng các bạn có thể áp dụng được vào trong dự án của mình và hẹn gặp các bạn ở những bài viết tiếp theo.

Reference

Crawl Website

Regex

Postman Collection

Related Blog

Knowledge

Software Development

+0

    Mastering AWS Lambda: An Introduction to Serverless Computing

    Imagine this: you have a system that sends emails to users to notify them about certain events at specific times of the day or week. During peak hours, the system demands a lot of resources, but it barely uses any for the rest of the time. If you were to dedicate a server just for this task, managing resources efficiently and maintaining the system would be incredibly complex. This is where AWS Lambda comes in as a solution to these challenges. Its ability to automatically scale, eliminate server management, and, most importantly, charge you only for the resources you use simplifies everything. Hello everyone! I’m Đang Đo Quang Bao, a Software Engineer at SupremeTech. Today, I’m excited to introduce the series' first episode, “Mastering AWS Lambda: An Introduction to Serverless Computing.” In this episode, we’ll explore: The definition of AWS Lambda and how it works.The benefits of serverless computing.Real-world use cases. Let’s dive in! What is AWS Lambda? AWS Lambda is a serverless computing service that Amazon Web Services (AWS) provides. It executes your code in response to specific triggers and scales automatically, charging you only for the compute time you use. How Does AWS Lambda Work? AWS Lambda operates on an event-driven model, reacting to specific actions or events. In simple terms, it executes code in response to particular triggers. Let’s explore this model further to gain a more comprehensive understanding. The above is a simplified workflow for sending emails to many users simultaneously, designed to give you a general understanding of how AWS Lambda works. The workflow includes: Amazon EventBridge:Role: EventBridge acts as the starting point of the workflow. It triggers the first AWS Lambda function at a specific time each day based on a cron schedule.How It Works:Configured to run automatically at 00:00 UTC or any desired time.Ensures the workflow begins consistently without manual intervention.Amazon DynamoDB:Role: DynamoDB is the primary database for user information. It holds the email addresses and other relevant metadata for all registered users.How It Works:The first Lambda function queries DynamoDB to fetch the list of users who need to receive emails.AWS Lambda (1st Function):Role: This Lambda function prepares the user data for email sending by fetching it from DynamoDB, batching it, and sending it to Amazon SQS.How It Works:Triggered by EventBridge at the scheduled time.Retrieves user data from DynamoDB in a single query or multiple paginated queries.Split the data into smaller batches (e.g., 100 users per batch) for efficient processing.Pushes each batch as a separate message into Amazon SQS.Amazon SQS (Simple Queue Service).Role: SQS serves as a message queue, temporarily storing user batches and decoupling the data preparation process from email-sending.How It Works:Each message in SQS represents one batch of users (e.g., 100 users).Messages are stored reliably and are processed independently by the second Lambda function.AWS Lambda (2nd Function):Role: This Lambda function processes each user batch from SQS and sends emails to the users in that batch.How It Works:Triggered by SQS for every new message in the queue.Reads the batch data (e.g., 100 users) from the message.Sends individual emails to each user in the batch using Amazon SES.Amazon SES (Simple Email Service).Role: SES handles the actual email delivery, reliably ensuring messages reach users’ inboxes.How It Works:Receives the email content (recipient address, subject, body) from the second Lambda function.Delivers emails to the specified users.Provides feedback on delivery status, including successful deliveries, bounces, and complaints. As you can see, AWS Lambda is triggered by external events or actions (AWS EventBridge schedule) and only "lives" for the duration of its execution. >>> Maybe you are interested: The Rise of Serverless CMS Solutions Benefits of AWS Lambda No Server Management:Eliminate the need to provision, configure, and maintain servers. AWS handles the underlying infrastructure, allowing developers to focus on writing code.Cost Efficiency:Pay only for the compute time used (measured in milliseconds). There are no charges when the function isn’t running.Scalability:AWS Lambda automatically scales horizontally to handle thousands of requests per second.Integration with AWS Services:Lambda integrates seamlessly with services like S3, DynamoDB, and SQS, enabling event-driven workflows.Improved Time-to-Market:Developers can deploy and iterate applications quickly without worrying about managing infrastructure. Real-World Use Cases for AWS Lambda AWS Lambda is versatile and can be applied in various scenarios. Here are some of the most common and impactful use cases: Real-Time File ProcessingExample: Automatically resizing images uploaded to an Amazon S3 bucket.How It Works:An upload to S3 triggered a Lambda function.The function processes the file (e.g., resizing or compressing an image).The processed file is stored back in S3 or another storage system.Why It’s Useful:Eliminates the need for a dedicated server to process files.Automatically scales based on the number of uploads.Building RESTful APIsExample: Creating a scalable backend for a web or mobile application.How It Works:Amazon API Gateway triggers AWS Lambda in response to HTTP requests.Lambda handles the request, performs necessary logic (e.g., CRUD operations), and returns a response.Why It’s Useful:Enables fully serverless APIs.Simplifies backend management and scaling.IoT ApplicationsExample: Processing data from IoT devices.How It Works:IoT devices publish data to AWS IoT Core, which triggers Lambda.Lambda processes the data (e.g., analyzing sensor readings) and stores results in DynamoDB or ElasticSearch.Why It’s Useful:Handles bursts of incoming data without requiring a dedicated server.Integrates seamlessly with other AWS IoT services.Real-Time Streaming and AnalyticsExample: Analyzing streaming data for fraud detection or stock market trends.How It Works:Events from Amazon Kinesis or Kafka trigger AWS Lambda.Lambda processes each data stream in real time and outputs results to an analytics service like ElasticSearch.Why It’s Useful:Allows real-time data insights without managing complex infrastructure.Scheduled TasksExample: Running daily tasks/reports or cleaning up expired data.How It Works:Amazon EventBridge triggers Lambda at scheduled intervals (e.g., midnight daily).Lambda performs tasks like querying a database, generating reports, or deleting old records.Why It’s Useful:Replaces traditional cron jobs with a scalable, serverless solution. Conclusion AWS Lambda is a powerful service that enables developers to build highly scalable, event-driven applications without managing infrastructure. Lambda simplifies workflows and accelerates time-to-market by automating tasks and seamlessly integrating with other AWS services like EventBridge, DynamoDB, SQS, and SEStime to market. We’ve explored the fundamentals of AWS Lambda, including its definition, how it works, its benefits, and its application in real-world use cases. It offers an optimized and cost-effective solution for many scenarios, making it a vital tool in modern development. At SupremeTech, we’re committed to harnessing innovative technologies to deliver impactful solutions. This is just the beginning of our journey with AWS Lambda. In upcoming episodes, we’ll explore implementing AWS Lambda in different programming languages and uncover best practices for building efficient serverless applications. Stay tuned, and let’s continue mastering AWS Lambda together!

    25/12/2024

    26

    Bao Dang D. Q.

    Knowledge

    +1

    • Software Development

    Mastering AWS Lambda: An Introduction to Serverless Computing

    25/12/2024

    26

    Bao Dang D. Q.

    Automate your git flow with git hooks

    Knowledge

    +0

      Automate Your Git Workflow with Git Hooks for Efficiency

      Have you ever wondered how you can make your Git workflow smarter and more efficient? What if repetitive tasks like validating commit messages, enforcing branch naming conventions, or preventing sensitive data leaks could happen automatically? Enter Git Hooks—a powerful feature in Git that enables automation at every step of your development process. If you’ve worked with webhooks, the concept of Git Hooks might already feel familiar. Like API events trigger webhooks, Git Hooks are scripts triggered by Git actions such as committing, pushing, or merging. These hooks allow developers to automate tasks, enforce standards, and improve the overall quality of their Git workflows. By integrating Git Hooks into your project, you can gain numerous benefits, including clearer commit histories, fewer human errors, and smoother team collaboration. Developers can also define custom rules tailored to their Git flow, ensuring consistency and boosting productivity. In this SupremeTech blog, I, Đang Đo Quang Bao, will introduce you to Git Hooks, explain how they work, and guide you through implementing them to transform your Git workflow. Let’s dive in! What Are Git Hooks? Git Hooks are customizable scripts that automatically execute when specific events occur in a Git repository. These events might include committing code, pushing changes, or merging branches. By leveraging Git Hooks, you can tailor Git's behavior to your project's requirements, automate repetitive tasks, and reduce the likelihood of human errors. Imagine validating commit messages, running tests before a push, or preventing large file uploads—all without manual intervention. Git Hooks makes this possible, enabling developers to integrate useful automation directly into their workflows. Type of Git Hooks Git Hooks come in two main categories, each serving distinct purposes: Client-Side Hooks These hooks run on the user’s local machine and are triggered by actions like committing or pushing changes. They are perfect for automating tasks like linting, testing, or enforcing commit message standards. Examples:pre-commit: Runs before a commit is finalized.pre-push: Executes before pushing changes to a remote repository.post-merge: Triggers after merging branches. Server-Side Hooks These hooks operate on the server hosting the repository and are used to enforce project-wide policies. They are ideal for ensuring consistent workflows across teams by validating changes before they’re accepted into the central repository. Examples: pre-receive: Runs before changes are accepted by the remote repository.update: Executes when a branch or tag is updated on the server. My Journey to Git Hooks When I was working on personal projects, Git management was fairly straightforward. There were no complex workflows, and mistakes were easy to spot and fix. However, everything changed when I joined SupremeTech and started collaborating on larger projects. Adhering to established Git flows across a team introduced new challenges. Minor missteps—like inconsistent commit messages, improper branch naming, accidental force pushes, or forgetting to run unit tests—quickly led to inefficiencies and avoidable errors. That’s when I discovered the power of Git Hooks. By combining client-side Git Hooks with tools like Husky, ESLint, Jest, and commitlint, I could automate and streamline our Git processes. Some of the tasks I automated include: Enforcing consistent commit message formats.Validating branch naming conventions.Automating testing and linting.Preventing accidental force pushes and large file uploads.Monitoring and blocking sensitive data in commits. This level of automation was a game-changer. It improved productivity, reduced human errors, and allowed developers to focus on their core tasks while Git Hooks quietly enforced the rules in the background. It transformed Git from a version control tool into a seamless system for maintaining best practices. Getting Started with Git Hooks Setting up Git Hooks manually can be dull, especially in team environments where consistency is critical. Tools like Husky simplify the process, allowing you to manage Git Hooks and integrate them into your workflows easily. By leveraging Husky, you can unlock the full potential of Git Hooks with minimal setup effort. I’ll use Bun as the JavaScript runtime and package manager in this example. If you’re using npm or yarn, replace Bun-specific commands with their equivalents. Setup Steps 1. Initialize Git: Start by initializing a Git repository if one doesn’t already exist git init 2. Install Husky: Use Bun to add Husky as a development dependency bun add -D husky 3. Enable Husky Hooks: Initialize Husky to set up Git Hooks for your project bunx husky init 4. Verify the Setup: At this point, a folder named .husky will be created, which already includes a sample of pre-commit hook. With this, the setup for Git Hooks is complete. Now, let’s customize it to optimize some simple processes. Examples of Git Hook Automation Git Hooks empowers you to automate tedious yet essential tasks and enforce team-wide best practices. Below are four practical examples of how you can leverage Git Hooks to improve your workflow: Commit Message Validation Ensuring consistent and clear commit messages improves collaboration and makes Git history easier to understand. For example, enforce the following format: pbi-203 - refactor - [description…] [task-name] - [scope] - [changes] Setup: Install Commitlint: bun add -D husky @commitlint/{config-conventional,cli} Configure rules in commitlint.config.cjs: module.exports = {     rules: {         'task-name-format': [2, 'always', /^pbi-\d+ -/],         'scope-type-format': [2, 'always', /-\s(refactor|fix|feat|docs|test|chore|style)\s-\s[[^\]]+\]$/]     },     plugins: [         {             rules: {                 'task-name-format': ({ raw }) => {                     const regex = /^pbi-\d+ -/;                     return [regex.test(raw),                         `❌ Commit message must start with "pbi-<number> -". Example: "pbi-1234 - refactor - [optimize function]"`                     ];                 },                 'scope-type-format': ({ raw}) => {                     const regex = /-\s(refactor|fix|feat|docs|test|chore|style)\s-\s[[^\]]+\]$/;                     return [regex.test(raw),                         `❌ Commit message must include a valid scope and description. Example: "pbi-1234 - refactor - [optimize function]".                         \nValid scopes: refactor, fix, feat, docs, test, chore, style`                     ];                 }             }         }     ] } Add Commitlint to the commit-msg hook: echo "bunx commitlint --edit \$1" >> .husky/commit-msg With this, we have completed the commit message validation setup. Now, let’s test it to see how it works. Now, developers will be forced to follow this committing rule, which increases the readability of the Git History. Automate Branch Naming Conventions Enforce branch names like feature/pbi-199/add-validation. First, we will create a script in the project directory named scripts/check-branch-name.sh. #!/bin/bash # Define allowed branch naming pattern branch_pattern="^(feature|bugfix|hotfix|release)/pbi-[0-9]+/[a-zA-Z0-9._-]+$" # Get the current branch name current_branch=$(git symbolic-ref --short HEAD) # Check if the branch name matches the pattern if [[ ! "$current_branch" =~ $branch_pattern ]]; then   echo "❌ Branch name '$current_branch' is invalid!"   echo "✅ Branch names must follow this pattern:"   echo "   - feature/pbi-<number>/<description>"   echo "   - bugfix/pbi-<number>/<description>"   echo "   - hotfix/pbi-<number>/<description>"   echo "   - release/pbi-<number>/<description>"   exit 1 fi echo "✅ Branch name '$current_branch' is valid." Add the above script execution command into the pre-push hook. echo "bash ./scripts/check-branch-name.sh" >> .husky/pre-push Grant execute permissions to the check-branch-name.sh file. chmod +x ./scripts/check-branch-name.sh Let’s test the result by pushing our code to the server. Invalid case: git checkout main git push Output: ❌ Branch name 'main' is invalid! ✅ Branch names must follow this pattern:   - feature/pbi-<number>/<description>   - bugfix/pbi-<number>/<description>   - hotfix/pbi-<number>/<description>   - release/pbi-<number>/<description> husky - pre-push script failed (code 1) Valid case: git checkout -b feature/pbi-100/add-new-feature git push Output: ✅ Branch name 'feature/pbi-100/add-new-feature' is valid. Prevent Accidental Force Pushes Force pushes can overwrite shared branch history, causing significant problems in collaborative projects. We will implement validation for the prior pre-push hook to prevent accidental force pushes to critical branches like main or develop. Create a script named scripts/prevent-force-push.sh. #!/bin/bash # Define the protected branches protected_branches=("main" "develop") # Get the current branch name current_branch=$(git symbolic-ref --short HEAD) # Check if the current branch is in the list of protected branches if [[ " ${protected_branches[@]} " =~ " ${current_branch} " ]]; then # Check if the push is a force push for arg in "$@"; do   if [[ "$arg" == "--force" || "$arg" == "-f" ]]; then     echo "❌ Force pushing to the protected branch '${current_branch}' is not allowed!"     exit 1   fi done fi echo "✅ Push to '${current_branch}' is valid." Add the above script execution command into the pre-push hook. echo "bash ./scripts/prevent-force-push.sh" >> .husky/pre-push Grant execute permissions to the check-branch-name.sh file. chmod +x ./scripts/prevent-force-push.sh Result: Invalid case: git checkout main git push -f Output: ❌ Force pushing to the protected branch 'main' is not allowed! husky - pre-push script failed (code 1) Valid case: git checkout main git push Output: ✅ Push is valid. Monitor for Secrets in Commits Developers sometimes unexpectedly include sensitive data in commits. We will set up a pre-commit hook to scan files for sensitive patterns before committing to prevent accidental commits containing sensitive information (such as API keys, passwords, or other secrets). Create a script named scripts/monitor-secrets-with-values.sh. #!/bin/bash # Define sensitive value patterns patterns=( # Base64-encoded strings "([A-Za-z0-9+/]{40,})={0,2}" # PEM-style private keys "-----BEGIN RSA PRIVATE KEY-----" "-----BEGIN OPENSSH PRIVATE KEY-----" "-----BEGIN PRIVATE KEY-----" # AWS Access Key ID "AKIA[0-9A-Z]{16}" # AWS Secret Key "[a-zA-Z0-9/+=]{40}" # Email addresses (optional) "[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}" # Others (e.g., passwords, tokens) ) # Scan staged files for sensitive patterns echo "🔍 Scanning staged files for sensitive values..." # Get the list of staged files staged_files=$(git diff --cached --name-only) # Initialize a flag to track if any sensitive data is found found_sensitive_data=false # Loop through each file and pattern for file in $staged_files; do # Skip binary files if [[ $(file --mime-type -b "$file") == "application/octet-stream" ]]; then   continue fi # Scan each pattern using grep -E (extended regex) for pattern in "${patterns[@]}"; do   if grep -E -- "$pattern" "$file"; then     echo "❌ Sensitive value detected in file '$file': Pattern '$pattern'"     found_sensitive_data=true     break   fi done done # If sensitive data is found, prevent the commit if $found_sensitive_data; then echo "❌ Commit aborted. Please remove sensitive values before committing." exit 1 fi echo "✅ No sensitive values detected. Proceeding with committing." Add the above script execution command into the pre-commit hook. echo "bash ./scripts/monitor-secrets-with-values.sh" >> .husky/pre-commit Grant execute permissions to the monitor-secrets-with-values.sh file. chmod +x ./scripts/monitor-secrets-with-values.sh Result: Invalid case: git add private git commit -m “pbi-002 - chore - add unexpected private file” Result: 🔍 Scanning staged files for sensitive values... -----BEGIN OPENSSH PRIVATE KEY----- ❌ Sensitive value detected in file 'private': Pattern '-----BEGIN OPENSSH PRIVATE KEY-----' ❌ Commit aborted. Please remove sensitive values before committing. husky - pre-commit script failed (code 1) Valid case: git reset private git commit -m “pbi-002 - chore - remove unexpected private file” Result: 🔍 Scanning staged files for sensitive values... ✅ No sensitive values detected. Proceeding with commit. [main c575028] pbi-002 - chore - remove unexpected private file 4 files changed, 5 insertions(+) create mode 100644 .env.example create mode 100644 .husky/commit-msg create mode 100644 .husky/pre-commit create mode 100644 .husky/pre-push Conclusion "Humans make mistakes" in software development; even minor errors can disrupt workflows or create inefficiencies. That’s where Git Hooks come in. By automating essential checks and enforcing best practices, Git Hooks reduces the chances of errors slipping through and ensures a smoother, more consistent workflow. Tools like Husky make it easier to set up Git Hooks, allowing developers to focus on writing code instead of worrying about process compliance. Whether it’s validating commit messages, enforcing branch naming conventions, or preventing sensitive data from being committed, Git Hooks acts as a safety net that ensures quality at every step. If you want to optimize your Git workflow, now is the time to start integrating Git Hooks. With the proper setup, you can make your development process reliable but also effortless and efficient. Let automation handle the rules so your team can focus on building great software.

      24/12/2024

      35

      Bao Dang D. Q.

      Knowledge

      +0

        Automate Your Git Workflow with Git Hooks for Efficiency

        24/12/2024

        35

        Bao Dang D. Q.

        Knowledge

        Software Development

        +0

           Exploring API Performance Testing with Postman

          Hello, tech enthusiasts and creative developers! I’m Vu, the author of SupremeTech’s performance testing series. In the article “The Ultimate Guide to JMeter Performance Testing Tool,” we explored JMeter's strengths and critical role in performance testing. Today, I’m introducing an exciting and straightforward way to do API performance testing using Postman. What is Postman? Postman is a robust API (Application Programming Interface) platform that empowers developers to quickly design, test, document, and interact with APIs. It is a widely used tool for testing APIs, which is valuable in software development, primarily web or mobile app development. Why Use Postman for API Testing? Postman is favored by software developers, testers, and API specialists because of its many advantages: User-Friendly Interface: Postman’s intuitive design makes it easy to use.Supports Diverse HTTP Methods: It handles requests such as GET, POST, PUT, DELETE, PATCH, OPTIONS, and more.Flexible Configuration: Easily manage API request headers, parameters, and body settings.Test Automation with Scripts: Write JavaScript code within the Tests tab to automate API response validation.Integration with CI/CD: Postman's CLI tool, Newman, seamlessly integrates with CI/CD pipelines, enabling automated API testing in development workflows.API Documentation and Sharing: Create and share API documentation with team members or clients effortlessly. Performance API Testing on Postman As of mid-2024, Postman introduced a new feature allowing users to perform API performance testing quickly and conveniently. With just a few simple steps, you can evaluate your API’s performance under high load and ensure its strength. Step 1: Select the Collection for Performance Testing Open Postman and navigate to the Collections tab on the left sidebar.Choose the Collection or Folder you want to test. Step 2: Launch the Collection Runner After selecting your desired Collection or Folder, click Run Collection to open the Collection Runner window.In the Runner, select the APIs you want to include in the performance test.Switch to the Performance tab and choose a simulation method:Fixed: Simulates a fixed number of users.Ramp Up: Starts with a few users and gradually increases.Spike: Introduces a sudden surge in traffic followed by a reduction.Peak: Increases traffic to a high level and sustains it for a period. Step 3: Adjust Virtual Users and Test Duration Configure the Virtual Users and Test Duration settings to simulate the desired load.Start with smaller values, then gradually increase them to gain a clear understanding of your API's performance under varying conditions. Step 4: Run the Test Click Run to start the performance test.During the test, Postman will send API requests and provide real-time data on:Response Time: The API's duration to respond to a request.Error Rate: The percentage of failed requests.Throughput: The number of API requests the system can handle per second. Step 5: Analyze the Report Once the test is complete, Postman generates a detailed report, including: Response Time: Tracks the duration it takes for APIs to process requests.Error Rate: Highlights any issues encountered during testing.Throughput: Measures the system's capacity to process requests under load. Use these metrics to evaluate whether your API performs efficiently under heavy traffic. These insights will guide you in optimizing your API for better performance. Leverage Customization for Realistic User Simulation Postman allows you to customize request data for each virtual user. You can upload a CSV or JSON file with unique datasets if you want different data for each user. This feature enables a more accurate simulation of real-world user behavior. After each test run, Postman provides an easy-to-understand report highlighting the areas for improvement. You can track performance changes and compare test results to identify weaknesses and refine your API. Test and Optimize Your API with Postman With Postman’s new performance testing feature, API optimization has never been easier. It helps you quickly identify and address potential issues to ensure your system is always ready to handle user demands effectively and reliably.   For more details and step-by-step guidance, check out the following resources on the Postman website:   OverviewRun a performance testView performance test metricsDebug performance test errorsInject data into virtual users Start your API performance optimization journey with Postman and prepare your system to meet every demand seamlessly. >>> Explore more articles about performance testing: SupremeTech’s Expertise in the Process of Performance Testing

          23/12/2024

          29

          Vu Nguyen Q.

          Knowledge

          +1

          • Software Development

           Exploring API Performance Testing with Postman

          23/12/2024

          29

          Vu Nguyen Q.

          Knowledge

          Software Development

          +0

            From Raw Data to Perfect API Responses: Serialization in NestJS

            Hello, My name is Dzung. I am a developer who has been in this game for approximately 6 years. I've just started exploring NestJS and am excited about this framework's capabilities. In this blog, I want to share the knowledge I’ve gathered and practiced in NestJS. Today's topic is serialization! As you know, APIs are like the messengers of your application, delivering data from the backend to the client side. Without proper control, they might spill too much information, such as passwords or internal settings. This is where serialization in NestJS steps in, turning messy, raw data into polished, purposeful API responses. With the power of serialization, you can control exactly what your users see, hide sensitive fields, format nested objects, and deliver secure, efficient, and downright beautiful responses. In this blog, we’ll explore how serialization in NestJS works, why it’s a must-have skill for any developer, and how to implement it step by step. Your APIs will go from raw and unrefined to clean and professional by the end. Let’s dive in! What Happens Without Serialization? Let’s look at what happens when you don’t use serialization in your NestJS application. Imagine you’re building a user management system, and you create an API endpoint to fetch user details. Here’s your User entity: Now, you write a simple endpoint to fetch a user: What happens when you call this endpoint? The API sends the entire user object straight to the client—every single field included: The consequences of lacking Serialization in the NestJS application Security Risks: Sensitive data, like passwords, should never be exposed in API responses.Data Overload: Users and clients don’t need internal flags or timestamps—they just add noise.Lack of Professionalism: Messy, unfiltered responses make your API look unpolished and unreliable. Next, we’ll see how to clean up this mess and craft polished API responses using NestJS serialization techniques. The Differences in Applying Serialization By implementing serialization in your NestJS application, you can take full control over what data is exposed in your API responses. Let’s revisit the previous example and clean it up. Step 1: Install class-transformer To get started with serialization, you need the class-transformer package. Install it with: Step 2: Update the User Entity with Exposed or Excluded Decorator Use class-transformer decorators to specify which fields should be exposed or excluded. Only the ID and email fields will be included in the response. Step 3: Apply the Serializer Interceptor NestJS provides a built-in ClassSerializerInterceptor to handle serialization. You can apply it at different levels: Per-Controller Globally To apply serialization to all controllers, add the interceptor to the application setup: When the Get User Endpoint is called, this is what your API will now return: Why Serialization Makes a Difference Security: Sensitive fields are automatically excluded, keeping your data safe.Clarity: Only the necessary fields are sent, reducing noise and improving usability.Professionalism: Clean and consistent responses give your API a polished look. Dynamic Serialization with Group What if you want to show different data to users, such as admins versus regular users? The class-transformer package supports groups, allowing you to expose fields based on context. Example: In the controller, specify the group for the transformation: When the Get User Endpoint is called, this is what your API will now return: By incorporating serialization into your NestJS application, you not only improve security but also enhance the user experience by providing streamlined, predictable, and professional API responses. Now that you know how serialization works in NestJS, you can apply these techniques to your projects, creating safer, cleaner, and more maintainable APIs. SupremeTech has lots of experience and produces web or app services. Let’s schedule a call now if you want to work with us. Also, now we are hiring! Please check open positions for career opportunities.

            20/12/2024

            37

            Dung Nguyen Q.

            Knowledge

            +1

            • Software Development

            From Raw Data to Perfect API Responses: Serialization in NestJS

            20/12/2024

            37

            Dung Nguyen Q.

            Customize software background

            Want to customize a software for your business?

            Meet with us! Schedule a meeting with us!