如何以及为什么应该使用Node.js构建物联网设备
In this article, we will discuss why and how you can use Node.js for the server-side of your Internet of Things (IoT) devices.
在本文中,我们将讨论为什么以及如何将Node.js用于物联网(IoT)设备的服务器端。
了解商机 (Understand the business opportunity)
In 2019, the market revenue of IoT reached $212 billion. There are about 26.66 billion connected IoT devices worldwide, and this number is set to reach 75.44 billion by 2025.
2019年, 物联网的市场收入达到2120亿美元。 全球约有266.6亿个联网的IoT设备,到2025年,这一数字将达到754.4亿。
The UN estimates that, in February 2020, the world population is currently 7.7 billion people. Simple math tells us that the average person owns around 3 to 4 IoT devices. Do you have one? Maybe a smartwatch? A smart TV? Or a smart car?
联合国估计,到2020年2月, 世界人口目前为77亿。 简单的数学告诉我们,普通人拥有大约3到4个IoT设备。 你是否有一个? 也许是智能手表? 智能电视? 还是智能车?
Moving further, the population is expected to reach 8.1 billion people in 2025. The same math calculation shows us that, in 2025, an average person will have from 9 to 10 smart devices in their possession.
再往前看,预计2025年人口将达到81亿。相同的数学计算表明,到2025年,普通人将拥有9到10台智能设备。
Do you see where I am going with this? Do you want to join this lucrative market niche and make your IoT device one of these 9 to 10?
你知道我要去哪里吗? 您是否想加入这个利润丰厚的市场领域,并使您的物联网设备成为这9到10的其中之一?
选择正确的框架 (Choose the right framework)
The client-side of an IoT device is represented by the hardware itself. It is programmed with C, C++, or Lua – low-level and difficult programming languages. But there is not much you can do about it because of hardware limitations.
物联网设备的客户端由硬件本身表示。 它使用C,C ++或Lua(低级且困难的编程语言)进行编程。 但是由于硬件限制,您对此无能为力。
Along with high performance, users of IoT devices prioritize low cost and energy-efficiency. Thus, at least for now, you should keep working with low-level languages.
除了高性能之外,物联网设备的用户还优先考虑低成本和高能效。 因此,至少到目前为止,您应该继续使用低级语言。
On the other hand, the server side of IoT applications offers you more freedom of choice. Here, you are not limited by the hardware, so you can choose any coding language and framework you prefer.
另一方面,物联网应用程序的服务器端为您提供了更多的选择*。 在这里,您不受硬件的限制,因此可以选择任何喜欢的编码语言和框架。
I believe that the right one is Node.js. Here is why.
我相信正确的是Node.js。 这就是为什么。
Node.js快速高效 (Node.js is fast and performant)
First of all, any IoT device is constantly working with dynamically changing data. This means that you need a framework which can handle real-time applications and heavy data flows.
首先,任何物联网设备都在不断地处理动态变化的数据。 这意味着您需要一个可以处理实时应用程序和大量数据流的框架。
Node.js is built on Google’s V8 JS engine, which is highly effective and perfectly scalable. Thanks to this feature, Node.js is the number one framework to be used with real-time apps and platforms. Constantly changing data is not a challenge for it either.
Node.js建立在Google的V8 JS引擎上,该引擎高效且可完美扩展。 得益于此功能, Node.js是与实时应用程序和平台一起使用的第一框架。 不断变化的数据也不是挑战。
Node.js易于与IoT协议集成 (Node.js is easy to integrate with IoT protocols)
IoT applications actively use a publish-subscribe-based messaging protocol, MQTT. In turn, for transportation and encapsulation, this protocol uses WebSockets. Both MQTT and WebSockets are well-supported and easily integrated with Node.js.
物联网应用程序积极使用基于发布-订阅的消息传递协议MQTT。 反过来,对于传输和封装,此协议使用WebSockets。 MQTT和WebSockets都得到了良好的支持,并易于与Node.js集成。
Node.js模块促进物联网开发 (Node.js modules facilitate IoT development)
Node.js is augmented with npm, the Node Package Manager, which features a lot of useful IoT modules. There are about 80 packages for Intel IoT Edison, Arduino, or Raspberry Pi. Also, it features over 30 packages for different sensors, beacons, and other tools.
Node.js增强了Node Package Manager,即npm,它具有许多有用的IoT模块。 大约有80个用于Intel IoT Edison,Arduino或Raspberry Pi的软件包。 此外,它还具有30多种用于不同传感器,信标和其他工具的软件包。
This is why Internet of Things development is simpler and faster with Node.js IoT modules.
这就是使用Node.js IoT模块使物联网开发更简单,更快的原因。
Node.js资源高效且可扩展 (Node.js is resource-efficient and scalable)
In general, developers prefer working with Node.js because it does not require a lot of resources. The CPU and RAM are not overloaded.
通常,开发人员更喜欢使用Node.js,因为它不需要很多资源。 CPU和RAM不会过载。
Also, Node.js is highly scalable, which is absolutely necessary for most modern companies.
另外,Node.js具有高度可伸缩性,这对于大多数现代公司而言绝对是必需的。
当心挑战 (Beware of the challenges)
Entering the IoT niche can lead you down a path to success. No wonder, then, that there are a lot of challenges and traps awaiting you on your way – success is never easy to achieve. And the first and foremost challenge you should be aware of is security.
进入物联网利基市场可以引导您走上成功之路。 因此,难怪在您前进的路上有许多挑战和陷阱在等待着您-成功绝非易事。 您应该意识到的首要挑战是安全性。
Security is one of the top problems in IoT sphere, and one of the first pitfalls you will stumble upon. So what should you do?
安全性是物联网领域的首要问题之一,也是您会偶然发现的第一个陷阱。 那你该怎么办?
安全认证 (Secure authentication)
Let’s start with authentication. There are a lot of tools for authentication in Node.js: tokens, JSON web tokens, Auth0, and so on. Each has its advantages and disadvantages. To start, you should look at them from the perspective of IoT.
让我们从身份验证开始。 Node.js中有很多用于身份验证的工具:令牌,JSON Web令牌,Auth0等。 每种都有其优点和缺点。 首先,您应该从物联网的角度来看它们。
On the one hand, tokens are effective but not 100 percent safe. They are a cool way to set up authentication as they let you identify a specific user and decide whether to grant or deny them access. A token can be encrypted with any algorithm.
一方面,令牌是有效的,但不是100%安全的 。 它们是设置身份验证的好方法,因为它们使您可以识别特定用户并决定是授予还是拒绝他们的访问权限。 令牌可以使用任何算法进行加密。
However, the hardware (scanners, sensors, hubs, or other IoT things) should store this token or login/password data in firmware. This means that attackers can steal the token if they have physical access to the hardware. The same story goes for JWT or Auth0.
但是,硬件(扫描仪,传感器,集线器或其他IoT物品)应将此令牌或登录名/密码数据存储在固件中。 这意味着,如果攻击者可以物理访问硬件,则可以窃取令牌。 对于JWT或Auth0同样适用。
On the other hand, we can use any tools for authentication on the server side. You can easily integrate any authentication tool on the Node.js platform.
另一方面,我们可以在服务器端使用任何工具进行身份验证。 您可以轻松地在Node.js平台上集成任何身份验证工具。
There are a lot of npm packages which allow you to do this manually: Auth0, Passport, and JWT. There are also packages for integration with cloud IoT services: @azure-iot/authentication, aws-iot-device-sdk, and so on.
有很多npm软件包可让您手动执行此操作:Auth0,Passport和JWT。 还有一些用于与云IoT服务集成的软件包:@ azure-iot / authentication,aws-iot-device-sdk等。
安全的HTTP请求 (Secure HTTP requests)
Next, be careful with HTTP requests from your IoT devices. You should check if you get a request from a proper IoT device.
接下来,请小心来自物联网设备的HTTP请求。 您应该检查是否从适当的IoT设备收到请求。
Firstly, you should implement HTTPS with your IoT devices. Hardware is not a browser and you should implement HTTPS manually on it. For the server-side, you can either do it manually or use hosting with HTTPS configuration and certificates.
首先,您应该在物联网设备上实施HTTPS。 硬件不是浏览器,您应该在其上手动实现HTTPS。 对于服务器端,您可以手动执行操作,也可以将主机与HTTPS配置和证书一起使用。
In Node.js, it is quite easy to implement:
在Node.js中,实现起来非常容易:
const express = require('express');
const https = require('https');
const http = require('http');
const fs = require('fs');
const options = {
key: fs.readFileSync('path/to/your/key.pem'),
cert: fs.readFileSync(path/to/your/certificate.cert')
};
const app = express();
http.createServer(app).listen(80);
https.createServer(options, app).listen(443);
HTTPS uses SSL or TLS protocols for data encryption. However, to be sure that you have gotten a request from the necessary server or client, use additional data encryption. For example, this is how you can use a signature:
HTTPS使用SSL或TLS协议进行数据加密。 但是,为确保已从必要的服务器或客户端收到请求,请使用其他数据加密。 例如,这是使用签名的方法:
const fetch = require('node-fetch');
const verifier = crypto.createVerify('RSA-SHA1')
const SIGNATURE_FORMAT = 'base64';
//check if it trusted url for your certificate
const trustedUrl = ‘https://trustedUrl/’
const isTrustedUrl = trustedUrl.match(url);
If (isTrustedUrl) {
verifier.update(req.body, 'utf8')
fetch(isTrustedUrl)
.then(certificate => {
// check signature
const isValidSignature = verifier.verify(certificate, reg.header.signature, SIGNATURE_FORMAT);
})
.catch(err => console.log(err));
}
To wrap up this part:
要结束这一部分:
- First, you have to check the trusted URL of your certificate. 首先,您必须检查证书的可信URL。
- Then, you sign a request body with the public key from your certificate. 然后,使用证书中的公钥在请求正文上签名。
- Finally, you compare the signed body with the signature from headers. 最后,将签名的正文与标头中的签名进行比较。
It is extremely important to know that you're getting requests from the proper devices and that you're not facing a middle attack.
知道您正在从适当的设备收到请求并且没有遇到中间攻击,这一点非常重要。
看看这些例子 (Check out these examples)
浅间 –跟踪员工的流动 (Asama – tracking the movement of your employees)
Asama is a micro-location system, which uses smartwatches and Bluetooth beacons to track movement and activity of employees. Beacons transmit a regular signal.
Asama是一个微定位系统,它使用智能手表和蓝牙信标来跟踪员工的活动和活动。 信标发送常规信号。
According to these signals, the smartwatch defines the location of an employee. The smartwatch also analyzes whether the right person is wearing it and if the employee is sleeping or working.
根据这些信号,智能手表定义员工的位置。 智能手表还分析合适的人是否佩戴它,以及员工是否正在睡觉或工作。
The data is then transmitted to the mobile app, which is installed and configured on the employer’s phone. The system is powered by Node.js in IoT.
然后,数据将传输到移动应用程序,该应用程序已在雇主的电话上安装和配置。 该系统由物联网中的Node.js驱动。
This way, managers can track their employees in real time, find the person they need right away, and optimize the workspace. Also, at the end of the week the employer receives an extensive report on employee activity. All this helps to boost the company's performance and productivity.
这样,管理人员可以实时跟踪其员工,立即找到他们需要的人,并优化工作区。 此外,在一周结束时,雇主还会收到有关员工活动的详尽报告。 所有这些都有助于提高公司的绩效和生产力。
This solution might not suit a business with a small office and flexible hours. Yet, it works perfectly for industrial plants, construction sites, factories, warehouses, shopping centers, supermarkets, hotels, security agencies, restaurants, or stores.
此解决方案可能不适合办公室较小且工作时间灵活的企业。 但是,它非常适用于工厂,建筑工地,工厂,仓库,购物中心,超级市场,酒店,安全机构,饭店或商店。
It's well-suited anywhere you as an employer need to know if employees are coming too late or leaving too early, being absent at the working place, not working actively throughout the day, or not following routes and schedules.
作为雇主,它非常适合您需要知道员工来得太迟或离开得太早,不在工作地点,不是一整天都在积极工作,还是不遵循路线和时间表的情况。
PREE –查找您的物品 (PREE – finding your belongings)
PREE is a system of BLE beacons and mobile software which helps people stop losing their stuff. It is a lifesaver for those who often forget their phone, bag, keys, wallet, or any other valuable belongings.
PREE是BLE信标和移动软件的系统,可帮助人们避免丢失自己的东西。 对于那些经常忘记手机,包,钥匙,钱包或任何其他贵重物品的人来说,这是一个救命稻草。
The user can see the location of their item in real time and share it with trusted contacts. Once the item is out of range, they will get a notification, and so will their friends or family members. It doesn't spam others with notifications when they are not needed – for example, when at home, the user can mute them for a certain area.
用户可以实时查看其项目的位置,并与受信任的联系人共享。 物品超出范围后,他们会收到通知,他们的朋友或家人也会收到通知。 当不需要时,它不会向其他人发送通知,例如,在家时,用户可以在特定区域将其静音。
This Internet of Things IoT system is built with Node.js, Express, and Mongo on the backend and Ionic with Cordova for the frontend. The combination of these frameworks ensures the best user experience.
该物联网物联网系统是在后端使用Node.js , Express和Mongo构建的,在前端使用Ionic和Cordova构建的。 这些框架的组合确保了最佳的用户体验。
验证你的想法 (Validate your idea)
Once you have an idea for an IoT product, start with validating it. You can do this in two ways:
一旦您对物联网产品有了想法,请先进行验证。 您可以通过两种方式执行此操作:
- Hire an idea validation team, who will help you test the viability of your product before you invest in development, or 雇用一个想法验证团队,在您进行开发投资之前,该团队将帮助您测试产品的可行性,或者
-
Hire a software design and development team, who will launch an extensive product discovery process.
雇用软件设计和开发团队,他们将启动广泛的产品发现过程。
后记 (Postscript)
I would like to send a huge thank you to Volodya Andrushchak, the IoT guru at KeenEthics, for contributing and basically breathing life into to this article.
我要向KeenEthics的物联网专家Volodya Andrushchak致以深深的谢意,感谢他为本文做出了贡献,并从根本上振奋了我的生命。
If you have enjoyed the article, you should definitely read some more about Node.js: What are the Advantages of Node.JS? or NodeJS vs Python: How to Choose the Best Technology to Develop Your Web App's Back End.
如果您喜欢这篇文章,则绝对应该阅读有关Node.js的更多信息: Node.JS的优点是什么? 或NodeJS与Python:如何选择最佳技术来开发Web应用程序的后端 。
The original article posted on KeenEthics blog can be found here: IoT and Node.JS: How to Catch the Opportunity?
可以在以下网址找到发布在KeenEthics博客上的原始文章: IoT和Node.JS:如何抓住机遇?
翻译自: https://www.freecodecamp.org/news/iot-and-node-js-how-to-catch-the-opportunity/