Tags: nodejs, express, nestjs, middleware, error-handling, file-upload, jwt, backend Last updated: 2026-06-26

Node.js (Express / NestJS) Cheatsheet

Quick Reference

ConceptExpressNestJS
Route app.get("/", handler) @Get() decorator
Middleware app.use(fn) Class with @Injectable()
Validation Manual / joi class-validator + Pipes
DI Manual / TSyringe Built-in IoC container
File upload multer @UploadedFile()
Guards Manual middleware @UseGuards()
JWT Manual / passport @nestjs/jwt

Express

Basic Server

const express = require("express");
const app = express();
app.use(express.json());
app.get("/", (req, res) => res.json({ ok: true }));
app.listen(3000);

Middleware Chain

// Global
app.use(logger);

// Route-specific
app.get("/admin", auth, adminOnly, (req, res) => {
  res.json({ admin: req.user });
});

// Error-handling (4 params)
app.use((err, req, res, next) => {
  res.status(err.status || 500)
    .json({ error: err.message });
});

File Upload (Multer)

const multer = require("multer");
const upload = multer({ dest: "uploads/" });
app.post("/upload", upload.single("file"),
  (req, res) => {
    res.json({ filename: req.file.originalname });
  });

JWT Authentication

const jwt = require("jsonwebtoken");

function auth(req, res, next) {
  const token = req.headers.authorization
    ?.split(" ")[1];
  if (!token) return res.status(401)
    .json({ error: "Unauthorized" });
  try {
    req.user = jwt.verify(token,
      process.env.JWT_SECRET);
    next();
  } catch {
    res.status(403)
      .json({ error: "Invalid token" });
  }
}

Router

const router = express.Router();
router.use(auth);
router.get("/profile", (req, res) =>
  res.json(req.user));
app.use("/api", router);

NestJS

Controllers & Providers

@Controller("users")
export class AppController {
  constructor(private service: AppService) {}

  @Get()
  findAll() { return this.service.findAll(); }

  @Get(":id")
  findOne(@Param("id") id: string) {
    return this.service.findOne(id);
  }

  @Post()
  create(@Body() dto: CreateUserDto) {
    return this.service.create(dto);
  }
}

DTO & Validation

import { IsString, IsEmail, MinLength }
  from "class-validator";

export class CreateUserDto {
  @IsString() @MinLength(2)
  name: string;
  @IsEmail()
  email: string;
}

// Enable globally:
app.useGlobalPipes(new ValidationPipe());

Guards (Auth)

@Injectable()
export class AuthGuard implements CanActivate {
  canActivate(ctx: ExecutionContext): boolean {
    const req = ctx.switchToHttp().getRequest();
    const token = req.headers.authorization
      ?.split(" ")[1];
    req.user = this.jwt.verify(token);
    return true;
  }
}
@UseGuards(AuthGuard)
@Get("me")
me(@Req() req) { return req.user; }

Exception Filters

@Catch(HttpException)
export class HttpExceptionFilter
    implements ExceptionFilter {
  catch(exc: HttpException,
        host: ArgumentsHost) {
    const res = host.switchToHttp()
      .getResponse<Response>();
    res.status(exc.getStatus()).json({
      statusCode: exc.getStatus(),
      message: exc.message,
    });
  }
}

Tips