Is passing an app to modules good practice?

[RGBboy]

I have been reading various examples on setting up a scalable application and have a question with regards to passing an application to various components to be augmented. An example of what I mean:

// app.js

var app = require('express')(),

  component = require('component');

component(app) // pass app to a component

// component.js

exports = module.exports = function (app) {

  app.component = this;

  app.use(...)

  app.get(...)

  etc.

}

At the moment I can see potential security problems if the component is a 3rd party module and you are giving it a complete application to play with, as well as potential clobbering of properties.

However on the other hand there are potential benefits too. The nodejitsu guys posted an article on IoC that follows a similar approach:

http://blog.nodejitsu.com/ioc-and-dependency-injection-with-broadway

One benefit I could see was the ability to see if a component dependency already exists. For example:

// anotherComponent.js // Depends on component to be attached to application. 

exports = module.exports = function (app) {

  if (!app.component) {

    throw new Error('Another Component requires application to have Component');

  }

  app. anotherComponent = this;

  app.component.doSomething(...)

  etc.

}

Is this good practice? Or is it opening up a can of security worms?

[Paul Vencill]

It's a pretty common practice.

--
You received this message because you are subscribed to the Google Groups "Express" group.
To view this discussion on the web visit https://groups.google.com/d/msg/express-js/-/683bpOH2tqkJ.
To post to this group, send email to expre...@googlegroups.com.
To unsubscribe from this group, send email to express-js+...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/express-js?hl=en.