I'm currently working on my friend's (who is a photographer) portfolio website using the following technologies:
Node.js
Express
MongoDB and Mongoose
ejs
I'm a beginning developer and have been struggling for a while now with authentication. I know how to use the passport package to create an administrator user, but since I don't want to implement a user system for a portfolio website, I'm not sure how I should go about making an admin.
The admin would be my friend, and he and only he should be able to see express routes meant for replacing pictures, uploading them, and in short just making post requests to the database. I know I should probably use some form of middleware like with the Passport package, but else than that I have no idea how to go about this.
Thanks in advance!
You can use HTTP Auth for this purpose, check this NPM Module
What happens is, you will define a custom username and password, and use the package as a middleware for your routes, now whenever a user visits the page, the browser will automatically show a popup asking for username and password. In this case, you will not need to implement a user system.
A similar question and answer is posted here
Related
I am trying to integrate docusign with a React Native app I am building. My desired workflow is to have the user launch a remote signing envelope based on a template.
From the Node JS examples, eg009 seems to be the end result I am after. However, I am wanting to complete this with Axios/Fetch and Javascript.
My intended flow is to have the user enter in their name and email, and their spouses name and email. From there they press a submit button which sends the API call, and that is the extent of what the app does.
I am wanting the API call to then start the template flow, sending a document to sign via email to both that were entered into the app. I want the users to authorize themselves from the email, not the app. After both parties have signed, I want it sent to a third static email.
I do not want the users to have to authorize inside the app or be redirected anywhere. It seems a JWT would be best.
Does this seem possible? How would you suggest going about this?
I appreciate the help!
Looks like the JWT grant flow is the right fit for you here. Please see this article for more details: https://developers.docusign.com/platform/auth
There's no good solution for running DocuSign API calls from client as a result of CORS limitations.
Larry has some blog posts on this topic - https://www.docusign.com/blog/dsdev-building-single-page-applications-with-docusign-and-cors-part-2
You could use something like AWS lambda which is not a server per-se, but gives you server capabilities without the hassle of a server.
Check also the latest blog by Larry on this topic which superficially covers using React for single-page apps.
I am not familiar with user authentication in Node.js, now I am trying to create a website with a login system. I have managed to make it work using the code snippets from the website, but I don't really understand why we need the passport.js as a middleware to do the authentication.
Registration:
Let's take passport-local as an example, when we are using the passport middleware, we basically is trying to create a new document in the database, then can we do it without passport, such as using the MongoClient directly, with checkings of duplicates, and store the password after encryption.
Login:
We can simply check the user's email or username against our database, and then check the password after email or username is matched. This, as well, can be done without passport. After user identity has been confirmed we can use the express-session to store the session in the cookie for login persistence.
A video about the process that I described above can be found here.
I understand that there must be some very important functionality that I neglect, but after browsing many web resources, including stackoverflow, youtube, passport.js's docs and many others, I still didn't understand what does passport.js do and why we need it.
Apologies in advance if the question seems silly.
To me it's unnecessary.
It's not saving me any work. I have to write the configuration, the callback, and the user schema. To me, it's just easier for me to just write a middleware for that.
And I don't see there is any security enforcement I am getting cuz I am writing my own verify callback anyway.
So, I don't see any reason that I should use it.
Passport is a middleware for express.js. It supports various login types, Basic, Token, Local (username, password), OAuth, OAuth2, etc. We can combine these to allow users to authenticate by signing in with Google, FB, or whatever service with very minimal amount of code. We can also use this to combine external auth services so users can choose to login with one of the selected Strategies, e.g. Google, Twitter. It's much quicker to use passport for authentication than to build one yourself from scratch. This is why we use passport. You don't need passport, it just makes developing quicker. Read more from their website => https://www.passportjs.org/
We can know if the person trying to access routes, etc, is or is not a user. Can we know if a specific user is online, or if a specific user is visiting a specific page?
req.user
Is not sufficient here.
Passport is providing the mechanism to authenticate the user. The situation that you want to implement needs the different modules. Like whether user is online or not can be done using the socket.io module. and user is visiting specific page can be track by server side caching and redis is the one of the way as said by #Darkrum.
I am creating a NodeJS app which requires that the user registers; I'm using passport to manage the autentication ('local' strategy) but now i need to modify the strategy. I need that, first the user registers, then a mail is send to one (or more) administrators with a Link to aprove or not the registration. I remember that in Moodle it is something called "email-based self-registration".
I know i can do this manually, but I suppose that passport or other library has this functionality implemented. ¿someone knows if it is possible?
Thank you in advance.
Passport only does user authentication.
Take a look at Drywall, which uses Express and Passport. http://jedireza.github.io/drywall/
I am trying to create a web app using meteor. I am hoping to use the app on my college campus and I wanted to use the college's authentication service so students could login with their college email address and password. I need to query (with HTTP POST request) https://www.bowdoin.edu/apps/mobile/login.php to get a 0 indicating incorrect user info, or anything else to indicate the user can successful log in. I would like to use the meteor accounts-ui styling and login format and simply authenticate using the POST request. I also want to keep the functionality that allows users to have an id associated with their email address so any user content in the app will stay associated with that user when they log in again. I would like this to be implemented in a way that uses as much code from the accounts-base and accounts-password packages meteor has. The only unique login feature in this case is a post request compared to the Oauth typical of other services.
If you want to use Meteor's built in Accounts package, I think your college's authentication service needs to support OAuth. Per http://docs.meteor.com/#meteor_loginwithexternalservice:
Meteor.loginWithExternalService([options], [callback])
These functions initiate the login process with an external service (eg:
Facebook, Google, etc), using OAuth. When called they open a new
pop-up window that loads the provider's login page. Once the user has
logged in with the provider, the pop-up window is closed and the
Meteor client logs in to the Meteor server with the information
provided by the external service.
See that section of the docs and try to build your own accounts-bowdoin package similar to the examples (accounts-github, etc.); see https://github.com/meteor/meteor/tree/d477c8d03bb078f7e8e85dbe4b51db7ae5689573/packages/github and https://github.com/meteor/meteor/tree/d477c8d03bb078f7e8e85dbe4b51db7ae5689573/packages/accounts-github for example.