I'm starting to build a React Native app after having finished my first implementation of a node.js backend.
I was recommended using passport.js for authentication.
I don't know too much about this entire subject, but I do know my needs:
I can't have any sessions/users
I'd like to create some type of handshake using the phone's UUID(?)
I want only my mobile app to be able to address the API (ideally) and for "outsiders" to either be ignored or receive a 403 (ideally ignore? - I'm asking :) )
How do I go about doing that?
Related
I have developed my ethereum smart contract and I want to integrate it with my web application. But I don't know that is integration with ReactJS a better option or integration with nodejs a better one. Please give suggestions . Also I don't know how to do integration with backend through web3 library so please guide me about that.
When you are creating web3 app , most of the time you are not going to need a backend for that (Although you need a server to host your website) .
Working with and managing smart contracts are very easy at the front-end and there is no need for backend, but if your working on a large scale project , you are definitely going to need a backend for handling complex logics .
Next js is best option for both of that , containing node and react , also no need for manually configuring web server.
Better is next.js. I explained it here: https://ethereum.stackexchange.com/questions/129547/next-js-versus-react-which-to-use-when-for-your-dapp/130040#130040
Not every browser has metamask extension. By using next.js, when our
code is taken and rendered on the server, on the next server we can
reach out to the Ethereum network and do some initial calls like data
fetching, or alist of items in your smart contract. we execute all of
those requests on the server. That means when next.js produces Html
documents to send down to the user browser, it does not matter whether
or not users are using metamask. It does not matter whether or not
they have access to an Ethereum network. Because we already take care
of the data fetching for them. So all the users out there who are not
using metamask are going to see some information on the screen.
You've mentioned that you don't want to switch technologies, and while I agree with NextJS being a good platform to develop dApps on, I suggest you just use your current NodeJS server for anything that isn't web3 related and you use the web3js library from the frontend (your React) which would be very similar to a NextJS app anyway.
This way you don't have to switch technologies.
A novice javascript developer here!
A have a basic question on whats the best and secured way to make HTTP calls from a front application to a backend service that needs an authentication. My application is a SPA (using Vue.js) & getting data from Java services. Java services need authentication details and return sensitive user data.
I see there are a few options and I wanted to understand a better approach amongst all 3-
Making direct HTTP calls from javascript code- Concern for using this approach is, as Javascript code can also be viewed via dev tools in browser, wont it be easier for anyone to do an inspect and view all critical authentication details hence making overall integration less secure?
Making an HTTP call using Axios via Vue framework- Seems like Axios is Promise based HTTP client for the browser that lets you easily make HTTP calls without much code overhead. but is this secure? is Javascript code loaded in the browser? Or the front end code sends the request and axios makes the request from backend server where the application is hosted?
Using Node- If front end application has unique routes configured for each API call and in my application if I have a route mapping to use request module and node js backend code to make those HTTP calls, is that going to be a robust and secure way of integration?
Please let me know your thoughts and apologies if this is a dumb question!
Not dumb at all. You're just learning.
My first question to your answer 😅 will be: is your application server-side rendered or it's sap + backend?
If it's server-side rendered then I would say it's secured since Node will be sending pages with all required data. On the dev tool, you will only see static files being loaded.
However, if it's SAP, I am not sure whether there is a way to hide whatsoever you send to the server from the dev tool. The only one thing you will need to do is to make sure you encrypt whatever is sensitive to your application.
I am new to Stackoverflow so please forgive me if my question is bit difficult to understand. However, background of my problem is following.
I have created a NodeJS RESTful API based on the following tutorial -
https://www.codementor.io/olatundegaruba/nodejs-restful-apis-in-10-minutes-q0sgsfhbd
I have also created a Vue based frontend what I use to display data from database with GET request, POST new data to database and also PATCH/DELETE requests.
I need to create a login/registration system to secure my api endpoints so that the unauthorized person cannot see/delete/modify the content but I have no idea where to start or how to implement it.
My project frontend and backend repositories are visible on:
Frontend - https://github.com/umbluu/mufc-api-fe
Backend - https://github.com/umbluu/mufc-api-be
Can someone please point out some hints/tips how to proceed with my task?
I am using Angular 5 with Firebase, i understand the firebase credential in Angular has the chance to leak to client side when rendering the pages. But Firebase Products can use rules to secure it, i found it doesn't harm any to me.
But i have another question, what if I want to use SQL or any other services that require credential to perform authentication before executing an action, such as read/write from a SQL table.
When I using Node.js, the credential will declare in the server-side JS file, but apparently Angular is client-side framework. So i would like to know to solve this problem.
Thank you!
Code on your server/node app won't be available to the frontend.
Only data that's requested by the client via http requests is available to the Angular app.
So as long you don't return the critical data through your api you're good to go.
I'm new at Firebase, I'm starting making a project which has to include Firebase and angular2, but I am such confused about how to implement them. I don't know if a there's the need to have a Back-end implementation (like Java or NodeJs) to handle some security issues (like form validation, authentication, routing etc), or it's enough just implementing Angular2 to handle all these issues. I would be so Thankful about any helpful advice how I could implement these both technologies to build my project successfully. Thanks
first firebase is something like your backend firebase can safe get and send request as your backend apps...
and angular js will do the rest like you just said andd all the backend stuff you can handle by firebase :)
This is my simple explanation on how this 2 works together
Always keep in mind that Angular works only in front-end. Its domain is the look and feel, application events, sending data to server and anything else that has something to do with displaying data is coded in this area.
Backend services in the other hand interacts with your database, creating business logic, handling authentications, saving / sending of data and other stuff that interacts with the database is coded from here.
Now how these two interact is done by the frontend service to send HTTP requests to the Server which is the backend service. This is done by using Angulars $http service or the so called jQuery AJAX or the infamous XMLHttpRequest JavaScript native. New technologies today utilizes Web Sockets which is being used by Firebase and some other frameworks, Web Sockets offers a faster way sending / fetching data from server.
The server then interprets the data being sent and send appropriate response. For example getting user list, saving profile, getting reports, logging in, etc.. It would work in this workflow.
1) Angular sends http request to server to get list of users.
2) Backend service installed in the server then interprets the data being sent.
3) Backend service then gets list of users from the database.
4) Backend then sends the data back to the frontend service.
5) Frontend then recieves server response and displays the data to the view.
Also these two is coded separately. To have more detailed explations research about how frontend and backend services interact you can find so much resouces in Google.