← Cheatsheets
Tags: nodejs, express, nestjs, middleware, error-handling,
file-upload, jwt, backend
Last updated: 2026-06-26
Node.js (Express / NestJS) Cheatsheet
Quick Reference
| Concept | Express | NestJS |
| Route |
app.get("/", handler) |
@Get() decorator |
| Middleware |
app.use(fn) |
Class with @Injectable() |
| Validation |
Manual / joi |
class-validator + Pipes |
| DI |
Manual / TSyringe |
Built-in IoC container |
| File upload |
multer |
@UploadedFile() |
| Guards |
Manual middleware |
@UseGuards() |
| JWT |
Manual / passport |
@nestjs/jwt |
Express
Basic Server
const express = require("express");
const app = express();
app.use(express.json());
app.get("/", (req, res) => res.json({ ok: true }));
app.listen(3000);
Middleware Chain
// Global
app.use(logger);
// Route-specific
app.get("/admin", auth, adminOnly, (req, res) => {
res.json({ admin: req.user });
});
// Error-handling (4 params)
app.use((err, req, res, next) => {
res.status(err.status || 500)
.json({ error: err.message });
});
File Upload (Multer)
const multer = require("multer");
const upload = multer({ dest: "uploads/" });
app.post("/upload", upload.single("file"),
(req, res) => {
res.json({ filename: req.file.originalname });
});
JWT Authentication
const jwt = require("jsonwebtoken");
function auth(req, res, next) {
const token = req.headers.authorization
?.split(" ")[1];
if (!token) return res.status(401)
.json({ error: "Unauthorized" });
try {
req.user = jwt.verify(token,
process.env.JWT_SECRET);
next();
} catch {
res.status(403)
.json({ error: "Invalid token" });
}
}
Router
const router = express.Router();
router.use(auth);
router.get("/profile", (req, res) =>
res.json(req.user));
app.use("/api", router);
NestJS
Controllers & Providers
@Controller("users")
export class AppController {
constructor(private service: AppService) {}
@Get()
findAll() { return this.service.findAll(); }
@Get(":id")
findOne(@Param("id") id: string) {
return this.service.findOne(id);
}
@Post()
create(@Body() dto: CreateUserDto) {
return this.service.create(dto);
}
}
DTO & Validation
import { IsString, IsEmail, MinLength }
from "class-validator";
export class CreateUserDto {
@IsString() @MinLength(2)
name: string;
@IsEmail()
email: string;
}
// Enable globally:
app.useGlobalPipes(new ValidationPipe());
Guards (Auth)
@Injectable()
export class AuthGuard implements CanActivate {
canActivate(ctx: ExecutionContext): boolean {
const req = ctx.switchToHttp().getRequest();
const token = req.headers.authorization
?.split(" ")[1];
req.user = this.jwt.verify(token);
return true;
}
}
@UseGuards(AuthGuard)
@Get("me")
me(@Req() req) { return req.user; }
Exception Filters
@Catch(HttpException)
export class HttpExceptionFilter
implements ExceptionFilter {
catch(exc: HttpException,
host: ArgumentsHost) {
const res = host.switchToHttp()
.getResponse<Response>();
res.status(exc.getStatus()).json({
statusCode: exc.getStatus(),
message: exc.message,
});
}
}
Tips
- Express: Mount error-handling middleware
last, after all routes.
- NestJS: Use
ValidationPipe + DTO
classes for automatic request validation.
- Both: Always
await promises in async
handlers.
- NestJS: Modules provide excellent separation —
create one per feature.