Have created a web application with nodeJs, I have a situation now
consider a table with the columns
username, password, ip addresses, database name, dbusername, dbpassword etc...
The login from the web app should connect to this table and authenticate the user.
While authenticating the db detail columns are read for that user.
And after successful login the nodejs connection should use this loaded db (only for this user).
Now, Open one more instance of the app and login with different user, this time the node should use the db for this user (might be same / different).
Being a single threaded model is it possible to have dynamic connection for each user in nodeJS?
Does opening and closing connections (with different db config) work well in this case?
Thanks,
Saran
express-session comes with functionalities that manages sessions. https://github.com/expressjs/session
passport.js is a very good solution for authentication in node.js. http://passportjs.org/
There are many tutorials out there for passport.js and session management.
For example: https://scotch.io/tutorials/easy-node-authentication-setup-and-local
Also sessions have nothing to do with single-threaded model. Even if you are multiple threaded you don't keep the connection up for each user after sending them the page. Cookies are used to identify who is visiting the site. Node.js have native functions that can also launch a cluster of Node.js processes to take advantage of the multi-core systems. In that case session can still be managed even across processes by using things like redis.
About clusters: https://nodejs.org/api/cluster.html
Related
Actually am looking for a technical explanation for the thing that I am doing. am not an expert for orcaldb for nodejs.
I have a nodejs application used as API with Expressjs, connecting with the database is done with orcaledb single connection, BUT I am using user impersonation to make the connection to be able to take the user privileges in Oracle.
oracledb.getConnection({
user: dbConfig.user + ((user_Id === '') ? '' : '[' + user_Id + ']'),
password: dbConfig.password,
connectString: dbConfig.connectString
}
what am asking is;
Using the connection in this way do behave as Pool connection sense the user is changed every time, or its single connection. the main-user have got grant access for sub-user. main-user[sub-user].
any help is appreciated
BUT I am using user impersonation to make the connection to be able to take the user privileges in Oracle
The term for the feature you're using is "proxy authentication".
Using the connection in this way do behave as Pool connection sense the user is changed every time, or its single connection.
It's still a single connection. The two features are distinct: connection pool and proxy authentication. You can use either one independently or both together.
The idea behind the pool is to reduce the overhead associated with creating new connections (new process, memory allocation, etc.). Since you're working with an Express web server, chances are you're creating a multi-user application. That's the type of application that would benefit from a connection pool (as opposed to a job that runs every hour, for example).
There are several uses for proxy authentication, but one of the primary uses is identity preservation. In other words, rather than connect as a single generic user, you can proxy connect as the end user. This allows for better integration with security features such as roles and auditing.
To combine both, see the section of the doc on Pool Proxy Authentication.
I have an app that receives data from several sources in realtime using logins and passwords. After data is recieved it's stored in memory store and replaced after new data is available. Also I use sessions with mongo-db to auth user requests. Problem is I can't scale this app using pm2, since I can use only one connection to my datasource for one login/password pair.
Is there a way to use different login/password for each cluster or get cluster ID inside app?
Are memory values/sessions shared between clusters or is it separated? Thank you.
So if I understood this question, you have a node.js app, that connects to a 3rd party using HTTP or another protocol, and since you only have a single credential, you cannot connect to said 3rd party using more than one instance. To answer your question, yes it is possibly to set up your clusters to use a unique use/pw combination, the tricky part would be how to assign these credentials to each cluster (assuming you don't want to hard code it). You'd have to do this assignment when the servers start up, and perhaps use a a data store to hold these credentials and introduce some sort of locking mechanism for each credential (so that each credential is unique to a particular instance).
If I was in your shoes, however, what I would do is create a new server, whose sole job would be to get this "realtime data", and store it somewhere available to the cluster, such as redis or some persistent store. The server would then be a standalone server, just getting this data. You can also attach a RESTful API to it, so that if your other servers need to communicate with it, they can do so via HTTP, or a message queue (again, Redis would work fine there as well.
'Realtime' is vague; are you using WebSockets? If HTTP requests are being made often enough, also could be considered 'realtime'.
Possibly your problem is like something we encountered scaling SocketStream (websockets) apps, where the persistent connection requires same requests routed to the same process. (there are other network topologies / architectures which don't require this but that's another topic)
You'll need to use fork mode 1 process only and a solution to make sessions sticky e.g.:
https://www.npmjs.com/package/sticky-session
I have some example code but need to find it (over a year since deployed it)
Basically you wind up just using pm2 for 'always-on' feature; sticky-session module handles the node clusterisation stuff.
I may post example later.
I've gotten some great feedback from Stackoverflow and wanted to check on one more idea.
Currently I've got a webapp that runs nodejs on a PAAS (Heroku and trying out bluemix). The server is being configured to talk to a Couchdb (hosted on cloudant). There are two types of data saved to the db, first, user data (each user will have it's own database), and second, app data itself (metrics, user account info (auth/admin stuff).
After some great feedback from here, the idea is that after the user logs in, they will sync there local (browser) pouchdb instance with Cloudant (probably proxied through my server as was recommended here).
Now the question is, for the app/admin data, maybe I run a couchdb instance on my server so i'm not making repeated network calls for things like user logins, metrics data, etc. The data would not be very big, and is already separated from the user data calls. The point is to have a faster/local instance for authentication mainly, changes/updates get synced outside of user requests.
The backend is in express web framework and it looks like my options are pouchdb.... to sync to the Cloudant instance?
If I want local db access (backed a Couchdb instance), on a node/express server running on a PAAS, is that the recommended setup?
Thanks vm for any feedback,
Paul
Not sure if you found a solution, but this is what I would try.
Because heroku clears any temp data, you wouldn't be able to run a default express-pouch database, you will need to change pouch db from using file system to using LevelDOWN adapter.(Link to Pouchdb adapters: https://pouchdb.com/adapters.html)
Some of these adapters would include:
https://github.com/watson/mongodown
https://github.com/kesla/mysqldown
https://github.com/hmalphettes/redisdown
You can easily get heroku mondo, mysql, or redis addon, and connect that to you express-pouchdb backend.
This way you will be able to keep your data.
I am building a really simple web application with Node.js. The purpose of this application is to allow a user to edit settings of some running computations from a browser. I would like to restrict the application to allow only one user at a time, so to avoid any conflicts. If another user connects to the application while some user is already there, the second one should be notified, that the application is in use by another user.
What is a preffered way to achieve this with Node.js?
I would recommend you build a simple session object ("model") that manages the connected users and only allows one connected session at a time. Perhaps sessions could timeout after 90 seconds of inactivity.
Here's a quick sessions tutorial which shows you how to use a raw session (req.session), a redis backend, or a mongodb backend. A basic express middleware could be used to manage the sessions and set a limit of 1.
If you want something more advanced, maybe look into Passport.
I am creating a TCP based game server for iOS, it involves registration and login.
Users will be stored as a collection in MongoDB.
when login is done, I generate a unique session id - How ?
I wanted to know what all data remains with node server and what can be stored in db.
data like session tokens, or collection of sockets if I am maintaining a persistent connection etc.
Node.JS does not have any sessions by default. In fact, there is a plug-in for managing sessions with MongoDB.
It's not clear that you really need sessions however. If you're opening a direct socket with socket.io, that is a defacto session.
Node.js itself does not manage sessions for you. It simply exposes an API to underlying unix facilities for Socket communication. HTTP in it self is a stateless protocol and does not have sessions either. SSH on the other hand is a stateful protocol, but I do not think either one would be good for you.
Creating a uniuqe ID is really simple, all you need to do is hash some data about the user. Their SHA(IP address + time + username). See: http://nodejs.org/api/crypto.html
One approach a lot of applications take is to create their own protocol and send messages using that. You will have to handle a lot of cases with that. And I myself have never dealt with mobile where you have serious connectivity challenges and caching requirements that are not a big problem on desktops.
To solve these problem, founder of Scribd started a company called Parse which should make it much easier for your to do things. Have a look at their website: https://parse.com/.
If you want to do some authentication however, have a look at Everyauth, it provides a lot of that for you. You can find it here: https://github.com/bnoguchi/everyauth/.