I'm using Parse Server and I have an external client that will make calls to my Parse API using a rest client. This client will be using the Parse JS lib and will be authenticated.
I can't expose the Parse Rest API cause I have a lot of business rules to check in other MongoDB database before return the response.
Can I create custom Express routes that are authenticated by Parse without cloud functions?
Parse Cloud Express helps but as I have a lot of business rules I'm looking to keep it as Express routes.
Related
I'm writing HTTP Google Cloud Functions using the framework provided by Google for nodejs based on express - testing on local for now. Samples don't provide an implementation of middlewares and HttpFunction type only has req and res as parameters. Is there a way to use middleware to handle authentication or body validation for a specific endpoint for instance ?
I am developing an App which consists of a NextJS frontend and a Rails API backend.
There is this /api route from NextJS where I can put "server side code".
Should I use this feature by sending my frontend requests first to that /api endpoint and then to the Rails API endpoint or is "ok" to directly send the requests to the Rails API endpoint?
For me that looks a bit like a "jump around the corner".
Are there true benefits using the NextJS frontend -> NextJS API -> Rails API approach?
No
From next js docs:
Use Cases
For new projects, you can build your entire API with API Routes. If
you have an existing API, you do not need to forward calls to the API
through an API Route.
Some other use cases for API
Routes are:
Masking the URL of an external service (e.g. /api/secret instead of https://company.com/secret-url)
Using Environment Variables on the server to securely access external services.
https://nextjs.org/docs/api-routes/introduction#use-cases
https://nextjs.org/docs/api-routes/introduction#use-cases
I have an admin site that has a react frontend, using redux actions, with a node.js app as the server which uses firebase-admin to do the work.
I want to use firestore's onsnapshot listener. but im not sure how this works within the HTTP protocol?
I can't use the firebase-admin from my frontend app, and i cant create realtime DB functionality from the backend within HTTP protocol.
The goal: to set snapshot listeners on my collections from rreact frontend without having to go through multiple authentication processes, considering ive got a separate auth system for admins with my express api.
Is there a solution for this?
EDIT:
my client app is currently initialized with firebase web app config data, but because im authenticating admins with my own express server, the firebase web SDK hasnt authenticated with firebase, so i dont have permission for the data i need. im not sure if i need a service account, or a web app config with extra setup or what
My recommendation is to integrate the Firebase JS SDK into your client app using signInWithCustomToken().
It's not too complicated to do. Though I suppose that depends a lot on how your current auth setup works.
The general idea is this:
Send auth request to your auth service.
Process the request like normal.
Evaluate if the user should have access to Firebase.
If they should, use firebase-admin to create a custom token and send it back to the user.
Use the token on the client to authenticate with Firebase.auth
You should make sure to have Firestore rules to allow admin users to access the data you need.
As an alternative that doesn't use the Firebase client SDK, you could have a long-running node process that opens an onSnapshot. Your react app could receive data from it using either Server-Sent Events or through a WebSocket
I am using Angular4 app for UI and I have a separate Node+Express app which handles rest api calls.
Angular app runs on a different port. and express app runs on a different port.
I try to use express-session framework on the server(express)app.
I use Microsoft ADAL services to authenticate the user. After successful authentication my approach was to make a rest api call from angular app to express server app by passing userEmail and set userEmail variable to req.session.userEmail. I expect the session to be available when a different route is being called to check if the session is available, but the session variable is always showing up as undefined.
What is the best solution here? My goal is to have a session management and prevent responding to unauthorized requests on the server side rest api calls.
We are currently working on a nodejs application which hosts API's (includes both get and post HTTP methods). These server API's in nodejs server are individually accessible or allowed to be called. Like /api/login (login api) is allowed to be called directly from clients.
Next, I want to introduce a service broker API which should be entry point to all API calls from client side. So, any client calling a specific API such as /api/login should go through service broker and then service broker should re-direct to requested API based on the specific service details as sent by clients.
Thereby, all clients should only be able to call only one API (i.e. broker service API - /broker/service). So, all requests from clients should first hit service broker API and then service broker should redirect to appropriate API's based on the input parameters passed to service broker from clients. Input parameters could contain the API URL and input data.
Currently, I'm able to connect directly to individual API's from clients. But, now I would like to introduce a new layer namely service broker and that broker service should decide which API the request should be redirected along with input data (sent from clients).
Note: Both broker service API and other functionality specific API's are hosted under same domain. So, there will not be any CORS issue. We are using "express" node module for handling HTTP API requests.
My initial question is whether this requirement can be achieved?
If yes, then can we perform internal redirection of API's in node server?
Can this be achieved with express node module?
Please help me in this regard.
If you really wanted to go this route, you could do something like this:
app.get('*', function(req, res){
the_route_passed = req.originalUrl;
//handle all of the routes here in your api function call.
});
What this will do is for every single route passed from the front-end will go through your function, and then you can grab the route that was passed req.originalUrl will be like /api/users/230 for user 230. Then you'll need to parse the route or however you want to do it and pass it through to your service broker.
This would be the best way to deal with not having to change anything on the front-end if you are already using Routing. The other way which might be better in the long run:
Send JSON on each request and configure it however you want, and then when you receive it you can figure out all the routing from the JSON request on each go. You'd have to rewrite all routes on the front-end to do this though which might be too much work.