CSE 340 Terminology Reference

This reference guide provides definitions for key terms used throughout CSE 340: Web Backend Development. Use this as a quick reference when you encounter unfamiliar terminology in assignments, reading materials, or project work. Terms are organized by category to help you find related concepts together.

Core Technical Terms

Framework

A pre-built structure that provides a foundation for building applications. Frameworks enforce specific patterns and provide tools that handle common tasks, allowing developers to focus on application-specific logic rather than reinventing basic functionality. Express.js is a web application framework for Node.js.

Library / Package

A collection of pre-written code that provides specific functionality you can import and use in your application. Unlike frameworks, libraries give you more control over how and when to use their features. In Node.js, packages are distributed through npm (Node Package Manager).

Routing

The process of determining how an application responds to specific URL paths and HTTP methods. Routes map URLs to handler functions that generate responses. For example, app.get('/about', handler) creates a route that responds to GET requests at the /about path.

Middleware

Functions that execute during the request-response cycle, between receiving a request and sending a response. Middleware can modify request and response objects, end the request-response cycle, or pass control to the next middleware function. Common uses include logging, authentication, parsing request bodies, and serving static files.

Package.json

A JSON file that contains metadata about a Node.js project, including project name, version, dependencies, scripts, and other configuration. This file allows npm to identify the project and manage its dependencies. Running npm install reads this file to install all required packages.

Request Object (req)

An object representing the HTTP request that Express passes to route handlers and middleware. Contains information about the request including URL parameters (req.params), query strings (req.query), request body (req.body), headers, and HTTP method.

Response Object (res)

An object representing the HTTP response that Express sends back to the client. Provides methods to send responses such as res.send(), res.json(), res.render(), and res.redirect(). Also used to set status codes and headers.

Request–Response Lifecycle

The complete process from when a server receives an HTTP request to when it sends back an HTTP response. In Express, this lifecycle includes routing, middleware execution, controller logic, and response generation. Understanding this flow is essential for debugging and building effective web applications.

Environment File (.env)

A file that stores configuration variables and sensitive information like database credentials, API keys, and server settings. These variables are loaded into the application at runtime using packages like dotenv. Environment files should never be committed to version control and are typically listed in .gitignore.

Path Types

Absolute Path

A complete path from the root of the file system to a specific file or directory. On Unix-based systems, absolute paths start with / (e.g., /home/user/project/file.js). On Windows, they start with a drive letter (e.g., C:\Users\project\file.js).

Relative Path

A path that is relative to the current working directory or current file location. Uses ./ to reference the current directory and ../ to reference the parent directory (e.g., ../models/data.js).

Root-Relative Path

A path relative to the project or server root, typically starting with / in web contexts. In web applications, /css/style.css refers to the CSS file from the root of the web server, regardless of the current page location.

Application Structure & Architecture

Model–View–Controller (MVC)

An architectural pattern that separates an application into three interconnected components: Models (data and business logic), Views (user interface and presentation), and Controllers (handle requests and coordinate between Models and Views). This separation improves code organization, maintainability, and testability.

Model

The component responsible for managing application data, business logic, and rules. Models interact with databases, validate data, and contain the core functionality of the application. In MVC architecture, models are independent of the user interface.

View

The component responsible for presenting data to users. Views generate the user interface by rendering templates with data provided by controllers. In web applications, views typically produce HTML that is sent to the browser.

Controller

The component that handles user requests, processes input, interacts with models to retrieve or modify data, and selects appropriate views to render responses. Controllers act as intermediaries between models and views, coordinating the application flow.

Brownfield Project

A project that involves updating, modifying, or integrating with an existing system or codebase. Brownfield development requires understanding existing code, working within established constraints, and often refactoring legacy code while maintaining functionality.

Greenfield Project

A project that involves building an entirely new system from scratch without constraints from existing code or systems. Greenfield projects offer more freedom in technology choices and architecture decisions but require building everything from the ground up.

Refactoring

The process of improving code structure, readability, and maintainability without changing its external behavior or functionality. Refactoring might involve renaming variables, extracting functions, reorganizing files, or simplifying complex logic while ensuring the application still works the same way.

Web Fundamentals

HTTP Status Codes

Three-digit codes that indicate the result of an HTTP request. Status codes are grouped into five categories:

1xx Informational

The request was received and is being processed. These are rarely used in typical web applications. Example: 100 Continue.

2xx Success

The request was successfully received, understood, and processed. Examples: 200 OK (successful GET request), 201 Created (successful POST that created a resource).

3xx Redirection

Further action is needed to complete the request, typically redirecting to another URL. Examples: 301 Moved Permanently, 302 Found (temporary redirect), 304 Not Modified.

4xx Client Error

The request contains invalid data or cannot be fulfilled due to client error. Examples: 400 Bad Request, 401 Unauthorized, 403 Forbidden, 404 Not Found.

5xx Server Error

The server failed to fulfill a valid request. Examples: 500 Internal Server Error, 503 Service Unavailable.

GET vs POST Methods

GET and POST are HTTP methods with different purposes. GET requests retrieve data from the server and should not modify server state. GET parameters are visible in the URL and have length limitations. POST requests submit data to the server, typically to create or update resources. POST data is sent in the request body, not visible in the URL, and has no practical size limit.

Query Parameters

Optional key-value pairs appended to a URL after a question mark, used to pass data to the server. Multiple parameters are separated by ampersands. Example: /search?term=express&sort=relevance. In Express, query parameters are accessed via req.query.

Route Parameters

Named segments in a URL path that capture values and make them available to the application. Defined with a colon prefix in route patterns. Example: /users/:id matches /users/123 and makes 123 available in req.params.id. Route parameters are part of the path structure and typically required.

Flash Message

A temporary message stored in the session that is displayed once to the user after a redirect and then automatically deleted. Flash messages are commonly used to show success confirmations, error messages, or notifications after form submissions or other actions that result in a redirect.

Security Concepts

Authentication

The process of verifying the identity of a user or system. Authentication answers the question "Who are you?" Common authentication methods include username and password, multi-factor authentication, and token-based systems. Successful authentication typically results in creating a session or issuing a token.

Authorization

The process of determining what an authenticated user is allowed to do. Authorization answers the question "What can you do?" It controls access to resources and functionality based on user permissions or roles. Authorization always follows authentication.

Access Control

The practice of managing and enforcing permissions that determine who can view or modify specific resources. Access control ensures users can only access data and functionality appropriate to their role or permission level.

Role-Based Access Control (RBAC)

An access control approach that assigns permissions to roles rather than individual users. Users are then assigned one or more roles, inheriting the permissions of those roles. This simplifies permission management in applications with many users. Example: "admin," "editor," and "viewer" roles with different permission sets.

Access Control List (ACL)

A list or table that specifies which users or systems can access particular resources and what operations they can perform. ACLs provide fine-grained control by explicitly listing permissions for each user or group on each resource.

Principle of Least Privilege

A security principle stating that users and systems should have only the minimum permissions necessary to complete their tasks. This limits potential damage from accidents, errors, or malicious actions by restricting access to only what is essential.

Defense in Depth

A security strategy that uses multiple layers of protection to defend against threats. If one security measure fails, others remain in place to prevent breaches. Examples include combining firewalls, authentication, input validation, encrypted connections, and access controls.

Cross-Site Scripting (XSS)

A security vulnerability that occurs when unescaped user input is injected into a webpage, allowing malicious scripts to execute in other users' browsers. XSS attacks can steal session cookies, redirect users, or modify page content. Prevention includes properly escaping output, validating input, and using Content Security Policy headers.

Database & Data Concepts

Table

A structured collection of data organized in rows and columns within a database. Each table represents a specific entity or concept (like users, products, or orders). Columns define the attributes of the entity, while rows contain individual records or instances.

Data Persistence

The characteristic of data that continues to exist after the application or process that created it has ended. Persistent data is typically stored in databases or files, as opposed to temporary data stored in memory that disappears when the application stops.

Primary Key

A column or combination of columns that uniquely identifies each row in a database table. Primary keys must contain unique values and cannot be null. Every table should have a primary key to ensure each record can be distinctly identified and referenced.

Foreign Key

A column or combination of columns in one table that references the primary key of another table. Foreign keys establish relationships between tables and enforce referential integrity, ensuring that relationships between tables remain consistent.

NOT NULL Constraint

A database constraint that prevents a column from containing null values. When applied, the database will reject any insert or update operation that attempts to leave that column empty. Used for columns that must always have a value.

DEFAULT Constraint

A database constraint that specifies a default value for a column when no value is provided during insertion. If a row is inserted without specifying this column, the database automatically uses the default value. Example: a created_at column with a default of the current timestamp.

JavaScript Concepts

Template Literals / Template Strings

String literals that allow embedded expressions and multi-line strings, defined using backticks instead of quotes. Template literals use ${expression} syntax to insert variables or expressions into strings. Example: `Hello, ${name}! You have ${count} messages.`

Arrow Functions

A concise syntax for writing functions using the => operator. Arrow functions have shorter syntax than traditional function expressions and inherit the this value from their surrounding scope. Example: const add = (a, b) => a + b

Promises

Objects that represent the eventual completion or failure of an asynchronous operation. Promises provide methods like .then() and .catch() for handling results. Modern JavaScript also supports the async/await syntax for working with promises in a more synchronous-looking style.

Modules

Reusable pieces of code that can be exported from one file and imported into another, promoting code organization and reusability. JavaScript has two module systems:

CommonJS

The original Node.js module system using require() to import and module.exports to export. Example: const express = require('express')

ES Modules (ESM)

The modern JavaScript module standard using import and export statements. Example: import express from 'express'. ES Modules are now fully supported in Node.js and are the preferred approach for new projects.

UX & UI Concepts

User Interface (UI)

The visual and interactive components of an application that users directly interact with, including buttons, forms, menus, layouts, and styling. UI focuses on the look and presentation of the application.

User Experience (UX)

The overall experience and satisfaction a user has when interacting with an application. UX encompasses usability, accessibility, performance, aesthetics, and how the application makes users feel. Good UX considers the entire user journey, not just individual interface elements.