Is it necessary to use HTTPS between web server and API server? - node.js

I have an web server which render HTML webpage to user and recieve request from front-end.
Then I also have a Node.js web app that recieve API request from web server and response it.
Node.js web app stores very important contents so I want keep it secure.
The flow of data is like below.
User <-> Web server <-> Node App
So I'm planning setup TLS on my web server so user's web browser and server will communicate under HTTPS.
But the case of Node App, I cannot install SSL Certification because I cannot connect SSH with this app.
Web server has a secure authentication key for connect with Node App and Only this web server is connecting with Node App.
In this case, is it necessary to use HTTPS between Web server and Node app?

Related

Configuring NGINX to work with SAML Signing Certificate

I've built an app using PHP (Laravel), and now we've deployed it to a client who wants to use Azure Single Sign On rather than the apps native username/password functionality.
The plan is for them to handle the SSO authentication via App Registration, and then send user details via a SAML request.
However the 'SAMLResponse' I get is encoded. They have sent me a .cer file (and an XML file for some reason), and I think I need to apply these to the server, but I don't know how.
The below is the setup their end, and I've red highlighted the files they've sent me.
I have full control over the server, which is Ubuntu 18.04 running NGINX. They also handle the SSL side of things separately, so NGINX is currently listening on port 80.

Windows Authentication on IIS and Proxy to Node with User/Roles in Header?

I am running IIS and Node in parallel on a Windows Server. Is it possible to allow IIS intercept HTTPS requests, authentic them using Windows Authentication (Negotiate/NTLM), then proxy the requirements onto Node as HTTP requests with username and security groups in the header for Node to process?
As far as I know, it is possible to use windows authentication before proxy request. Windows authentication is to authenticate people through the local Windows network. There is no proxy server or even a proxy server. Protocol does not authenticate HTTP sessions, but authenticates the underlying TCP connection.
IIS can also proxy the request to Node, as long as the request is rewritten using ARR and URL rewrite.
However, IIS itself cannot obtain the user name and security group information, and requires the help of ASP.NET applications.

How to access web-app through an Azure Application proxy with an access token

I have a web app configured in my Azure AD.
On a machine, i have installed a connector and configured an application proxy with that connector.
I am now trying to connect from an Android mobile application to the web app through the application proxy.
If I use a WebView inside my app, I can load the User access URL, enter my credentials and I receive a cookie for use by following connections.
I need to be able to use other HTTP clients that do not have the possibility to show UI.
I was wondering if it was possible to somehow request access and refresh tokens, and add those to future requests. or if possible convert them to a cookie in some manner and add that in a header.
Your client app can simply use MSAL (or ADAL, or another OpenID Connect client library) to sign the user in and an access token for the App Proxy app. Then you can include that token in the Authorization header in requests to the endpoint from App Proxy. App Proxy will recognize it, validate it, and (if everything checks out) proxy the call down to the App Proxy connector, where the rest of the process happens as normal.
Here are the relevant docs: https://learn.microsoft.com/en-us/azure/active-directory/manage-apps/application-proxy-configure-native-client-application

How to redirect to client URL from node js hosted on different server?

I have a web application with client in Angular2 and server REST API in node js with express, both hosted on separate servers. Trying to integrate nodejs with PayPal with node-rest-paypal SDK. The problem is how do I redirect back to client once payment is completed. Below is the flow I am following.
user clicks on Pay button
client app sends pay info to server
server app creates PayPal payment and receives PayPal url
server app sends PayPal url back to client app
client app uses that url and redirects user to PayPal
user completes/cancels payment on PayPal website
PayPal returns back to configured return url i.e. to server app
server app executes/cancels payment and saves info in the DB
how to redirect from server back to client?
Return and cancel URLs are configured to redirect to node server.
One thing I could think of is to send push notification to client with help of node socket.io. But I am not sure, if that is the only and best way to tackle this problem. Please guide me in the right direction, even if I am missing some basic thing here.
Thanks in advance.

Facebook login in parse after migration

I completed all the steps of migrating from parse to my local server windows server 2012R2 deployed mongoDB and the parse server and the node.js and python on the server and of course installed the webserver role on the window.
I am now successfully listening to port 1337 for connections and I connected my node.js to the mongoDB and also accepted connections successfully to the database via port 27017. Entered my new app keys and client keys and updated them on my application. But my application has facebook login. And for sure when I open the app to login it gives me an error in the console saying "facebook auth is not configured". Ordinary user login is working but the Facebook one is not.
I think there was a way that I can add my facebook app ID to the nodejs index file where I updated all the keys. But I really don't know how to do it. If any body has experience in deploying parse on his own web server please advise.
Thanks.

Resources