React / Redux前端与Node.js API Auth通信
[英]React/Redux frontend communicating with Node.js API Auth
问题描述
I have a react/redux app that I want to communicate with a Node.js app (probably Express) through its API. 
我有一个react / redux应用程序,我想通过其API与Node.js应用程序(可能是Express)进行通信。 The Node.js app has a CloudantDB and contains sensitive info. Node.js应用程序具有CloudantDB并包含敏感信息。 Each user can only access his/her part of the DB. 每个用户只能访问他/她的数据库部分。
How would you recommend I secure the API endpoints and establish a user Auth ? 您如何建议我保护API端点并建立用户Auth ? I was thinking to use Passport.js on the Node.js app and have it interact with a Jason Web Token Auth on the react side. 我当时想在Node.js应用程序上使用Passport.js ,并使其与React端的Jason Web令牌Auth交互。 Thanks! 谢谢!
2 个解决方案
解决方案1
1 已采纳 2016-07-26 20:14:11
There are several ways. 有几种方法。
Token, Cookies, JWT 令牌,Cookie,JWT
JWT is the most simplest way, (I think) and the most feature rich.. JWT是最简单的方法(我认为),并且功能最丰富。
But its up to you.. 但这取决于你。
解决方案2
0 2016-07-27 11:01:17
You may want to check out https://github.com/cloudant-labs/envoy which is an express based app that you can extend to use Passport.js 您可能想查看https://github.com/cloudant-labs/envoy ,这是一个基于Express的应用程序,可以扩展以使用Passport.js。
Most importantly it limits the scope of what a user can pull from the DB and store in browser. 最重要的是,它限制了用户可以从数据库中提取并存储在浏览器中的范围。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.