Best IT Recipes

Authorization approaches and design patterns for Node.js applications

I am creating a multi-page administration interface for an internal enterprise software platform. Think of a lot of glue logic linking various APIs, db requests, and shell scripts.

We will use node.js, express framework (including jade patterns) and LDAP for authentication.

I'm struggling to find information on design patterns and authorization best practices in node applications. Preferably, I would like to use a role-based model, as my users are familiar with this approach and its care and nutrition.

I am new to node.js, so please do not assume that I have already seen a module or a popular blog post. There is probably a ton of information, and I just don't know where to look.

Thanks in advance for any information you can provide!

+49
security design-patterns authorization express
Nov 24 '12 at 10:23
source share
4 answers

According to your first question, you want to perform some authorization procedure in NodeJ. I have studied and used the number of NodeJ APIs. I would prefer to use the API for enterprise applications.

  • For authentication: Passport or Satellizer , if you develop SPA (front-end) in AngularJS.

  • For authorization: ACL . Role-based security for REST methods and APIs.

Secondly, you need some approach to implementation and development in NodeJ.

  • Lightweight and my favorite design template and Framework for NodeJs: MVC framework, SailsJs . For its launch-ready and modular architecture. Managing codes is easy in the long run (most practical requirements for an enterprise application). Simple service. SailsJs is also pre-configured with Socket.io , with which you can create real-time modules, widgets, chat widgets in your project in your project.

  • Express You can use Express and create your own MVC project structure. It is also popular and reliable. You can find popular seed projects of the same on Yeoman

  • Redis As a level of caching or session. It is always useful to use a separate caching or session layer, since it will not block you from scaling your application in the cloud to the nth instance.

  • You can use Redis and Socket.io to create real-time features such as Geographical location , user presence (online / offline), chat, notification, and more.

  • ORM: Waterline . For his simple search approach. This is also the built-in and default ORM SailsJs. You can also use Sequelizejs if you are not using SailsJs. I would recommend using the native connectors provided by database providers.

  • Database: as per your requirement. Waterline ORM supports PostgreSQL, MySQL, MongoDB, etc.

  • My favorite viewing engine: EJS. There is no need to learn new things to develop your presentation level. It is also a built-in and standard SailsJs viewer, so I'm a fan of SailsJs.

I think I have covered all the important information for creating an enterprise application in NodeJ. I'm not saying that the above packages are better, but in the aggregate they are best suited for any enterprise scenario. There are other well-known packages that you can use to suit your own requirements.

+38
Jul 13 '14 at 13:02
source share

The following is the information:

Hope this makes the launch easier.

+12
Nov 27 '12 at 8:13
source share

I have to say Node -Authorization is also a good candidate. The idea was borrowed from SAP (ERP provider), it is an object-oriented authorization. And it can also be used as accompaniment with other frameworks like Passport and Express.

+1
Feb 04 '17 at 12:55 on
source share

Another option is to use CASL , which is very well integrated with MongoDB. There is also an article on how to enable CASL-based authorization in the expressjs application - https://medium.com/@sergiy.stotskiy/authorization-with-casl-in-express-app-d94eb2e2b73b

0
Jul 26 '17 at 11:18
source share


More articles:


All Articles