I want to send a link to the email address for account verification and to reset the password. Later I had a frontend+backend structure, I want to know how can I do this in REST api way. If I host 2 frontend app in https://example1.com and https://example2.com how can I write a flexible backend in nodejs
Part 1: Sending Emails
To send emails, you need to have an SMTP server. For SMTP server, you can either configure one by your own or subscribe for email services like sendgrid.
Sendgrid provides APIs, which allows you to send transactional or promotional emails.
Part 2: Middleware
You may have to rent a linux server, install Node JS on it and use Express JS for developing and deploying the backend with REST API support. Your frontend apps https://example1.com and https://example2.com can be hosted using Apache and they can communicate to the middleware which is developed using Express JS.
Part 2: Database Connectivity from Middleware
You can install MariaDB in server and connect your node js program to MariaDB using the node module mysql.
This is just a high level advice. You will have to spend some time yourself to get everything configured and wired, or take the help of experienced engineers.
Related
I have come across a challenge for that I need your opinion. We have a Front-end app in Vue that is publicly open and doesn't authenticate users through Login, the app doesn't have a backend. Currently, the app has a JSON data file that we manually update monthly. Based on my research and knowledge I have come to the conclusion, we can't put our SOAP web service endpoint with credentials since everyone will see the service user name and password in the browser. Even though the data is publicly displayed on the app but we want to secure the SOAP web service endpoint and credentials.
Currently, I only see two options:
We build the backend and authenticate(Login) the user in the app.
Build a backend (Node and Express server with Loopback) that consumes that SOAP service and converts that data in JSON format and consumes that data through Publicly open REST API endpoint with Read-Only option and only allow frontend app IP or Address to request data and reject the other IP request.
Both methods require the backend to secure the SOAP endpoint but the second option reduces the frontend work since it will convert the data from XML to JSON, my concern with this option is that it will be an open endpoint in REST API, can that jeopardize the SOAP credentials?
This is the Loopback diagram converting SOAP to REST.
I would like to know if anyone else has another idea or option to resolve this or do you see a problem with the above methods.
I'm trying to accept billing subscription using the Stripe API in my Electron app. I would create an endpoint in the 'main' file but I guess it's insecure and not the right place to do that.
What's the most secure payment flow in Electron apps? Would I need to do this using a simple web page and a nodeJs server?
You must not include your secret key in any client application. Your Electron client needs to make calls to your remote server where you can make secret key API calls securely.
Yes, if you want to build a server in the JS/Node ecosystem, you can use Stripe's stripe-node client and build a server like this example.
I have an admin site that has a react frontend, using redux actions, with a node.js app as the server which uses firebase-admin to do the work.
I want to use firestore's onsnapshot listener. but im not sure how this works within the HTTP protocol?
I can't use the firebase-admin from my frontend app, and i cant create realtime DB functionality from the backend within HTTP protocol.
The goal: to set snapshot listeners on my collections from rreact frontend without having to go through multiple authentication processes, considering ive got a separate auth system for admins with my express api.
Is there a solution for this?
EDIT:
my client app is currently initialized with firebase web app config data, but because im authenticating admins with my own express server, the firebase web SDK hasnt authenticated with firebase, so i dont have permission for the data i need. im not sure if i need a service account, or a web app config with extra setup or what
My recommendation is to integrate the Firebase JS SDK into your client app using signInWithCustomToken().
It's not too complicated to do. Though I suppose that depends a lot on how your current auth setup works.
The general idea is this:
Send auth request to your auth service.
Process the request like normal.
Evaluate if the user should have access to Firebase.
If they should, use firebase-admin to create a custom token and send it back to the user.
Use the token on the client to authenticate with Firebase.auth
You should make sure to have Firestore rules to allow admin users to access the data you need.
As an alternative that doesn't use the Firebase client SDK, you could have a long-running node process that opens an onSnapshot. Your react app could receive data from it using either Server-Sent Events or through a WebSocket
if anyone could give me a clear high level answer that would be great. I want to integrate a payment gateway into my app eg: Strip/Braintree, and I have gotten it all working to the testing part but now I am wondering for me to move it to production do I need to host the back end server for retrieving the tokens myself?
Currently I hosted the test server locally to test that it works. But what now? Do I need to host this on a server for all time so my app can get its tokens?
Please help.
Yes, you have to.
You can start with a Virtual Machine at DigitalOcean or Vultr. Replicate your test environment there, then harden the server, etc.
If you're new to that then I recommend you to find someone who has experience setting up servers in production environments.
Thanks for your help. I spoke with Stripe and below was there response. They confirmed that you do need a server backend all the time.
--
Unfortunately, we don’t provide any hosted solutions when working with app based payment flows—you would need to have a back-end setup in place or use a serverless solution such as Heroku, both for your eventual move to a production environment and also while in development to test your back-end.
Generally speaking, you’ll use our SDKs when building your app to implement our client-side framework enabling you to securely collect and tokenize payment details from customers from within your app. However, the back-end server is where you’ll actually make requests to Stripe when you need to create a charge, refund a payment or take some other API related action.
Additionally, your back-end server will play a critical role as that’s where you’ll need to generate the ephemeral keys that will be used as the client-side session credentials for the app’s user. The use of ephemeral keys will facilitate the retrieval and updating of customer objects in Stripe for a given user (the persistent creation and use of individual customer objects is a default behavior for our mobile SDKs), but will ensure that your Stripe account’s secret API keys remain protected (public API keys are still used in the client).
I have an API set up on my server (node.js) which potential clients can send request to. One such client would like for me to set up a structure where they would pay only for the amount of their users who would connect to my API. They are creating a mobile application. Regardless mobile or web, I'm not sure how I would be able to track their individual users, to make sure it is their users who are sending requests to my server and not the client himself. The client can make one request and send to 1000 of their users instead of 1000 of the client's users directly connecting to my server.
The only feasible solution I can think of is creating a plugin which they would insert into their app and it would connect directly to our server, bypassing the client's server. Something like a Facebook Share/Like, Google +1 button. Creating the plugin would require to create the entire request and dynamic layout in each platform language, which is outside my scope at the moment.
Is there any way to have the end-users connect directly to my server through the client's app, bypassing the client in the middle, allowing me to know how many users will be connecting?