stackoom
  简体   繁体   中英

RESTful API in Node.js - Is Filtering Possible With Authorization

 原文  2016-03-01 09:25:06       javascript/ node.js/ api/ rest/ express

Question

I have a web application and a RESTful API to communicate with the DB. The frontend of the web application posts/gets/puts to the backend with Angular HTTP, which in turn handles authentication, posts/gets/puts to the api and returns the result. The backend authenticates itself as an admin to the API via JWT, but authenticates the users with cookie based sessions. So, in a way the API is stateless but the web server uses states.

I have been looking for options to have an authorization mechanism to filter query results based on users. For example I have a questions endpoint where I return a list of questions only created by the company of the logged in user.

1- I have been doing on the web server (basically filtering): 

router.get('/questions', passportConf.isAuthenticated, function(req, res) {
    restler.get(process.env.API_URL + '/questions/?organisation=' + req.user.organisation._id).on('complete', function(questions) {
      res.json({
        data: questions
      });
    });
});

2- However the other option is the put questions endpoint nested under the user's organisation endpoint, such as: 

/user/organisation/questions

3- Or basically I can put the user in the body of the request made to the API, which will filter based on the organisation of the user that is on the body of the request.

4- Finally, I can skip the cookie based session auth on the web server, make my request directly to the API from frontend and authenticate users using JWT (which is the same how to filter question in the first point).

I am fairly new to Node.js and I was wondering if there's a module or a common practice to handle particularly filtering in 1 or 4.

1 answers

solution1
 -1  2016-03-01 09:35:57

Please note that this is just a response from an user who has tried to follow the pattern practices.

I have been using Express framework. Using express, you can handle http requests fairly easily, and this is one of the most popular frameworks for web Development using Nodejs.

To solve the authorization problem, I would add a middleware (which can be a function) that would make filtering possible. For example, if router is the name of the router which would handle all the requests and send replies, I would add the following code in router.js , the file where all router specific logic will be saved: 

router.use(function isAuthorized(req, res, next){
    // Add your filtering code here
});

In this case, it would be, 

router.use(passportConf.isAuthenticated);

Use this once, and every hit in your router will have to go through this middleware.

Now, we are trying to incorporate 'GET' request: 

var http = require('http'); //basic node.js module, needed for handling http requests

router.get('/questions', function(req, res) {
    var url = process.env.API_URL;
    var opt = {host: url, path : '/questions/?organisation=' + req.user.organisation._id}
    http.request(opt, function(questions){
        res.json({data: questions});
    }).end();
});

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Implement Restful api in node.js creating a dynamically restful api for node.js Express + node.js API filtering Node.JS authorization RestFul API with express and node.js crashed everytime how to fix that? Corrected scalable structure for a big RESTful API with node.js Node.js Mocha Testing Restful API Endpoints and Code Coverage How to outsource Node.js RESTful API calls? EmEditor js macro: is it possible to use node.js API? How to create simple restful api for login and signup using node.js mongodb express.js
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM