I've chosen for my project Node.js+Express+Mongoose. Until now, I didn´t need to use ACL, but in this phase of project a I need to implement this.
NPM contains a few modules, but which one to choose?
Please tell me your experiences with ACL (Node.js+Express+Mongoose).
And If you know any tutorial it would be great :), but it's not so needed, what I exactly need to know what Node.js programmers are using for ACL.
Last possibility is write own acl-middleware, it could be interesting experience for me. I suppose :)
https://npmjs.org/package/acl
The most used ACL module. It has Express middleware for protect resources and mongo support too..
Update 9.2020:
the acl package has not been updated in 2 years
there is a fork with recent changes: https://github.com/flash-oss/node_acl
acl package has not been updated for the last 2 years. I’m the author of CASL - isomorphic permission management for JavaScript - https://github.com/stalniy/casl
According to npm trends it’s the mostly used library nowadays - https://www.npmtrends.com/acl-vs-#casl/ability
By the way it makes an integration with MongoDB and mongoose really easy!
Related
I want to create a workflow automation where an activity comes in and user can setup a multilevel workflow.
For frontend i am using https://reactflow.dev
How to structure things in nodejs backend. Things like database, accessing control flow statements, statements which requires crons.
You also may want to have a look at node-red.
It's an open-source product that does exactly that.
There's a set of built-in nodes.
You can develop your own nodes, or import 3rd party ones. Which are stored in NPM.
You can also just create a node with javascript or typescript code in it, on the fly.
You should check Flumejs: https://flume.dev/
https://flume.dev/docs/quick-start/
Also you should see this code sandbox example. Try to read the code
and all the dependencies: https://codesandbox.io/s/node-based-code-generation-test-forked-ll9flz?file=/src/App.tsx
I hope you find this helpful.
I am doing research on quickbooks online integration using node and angular 8.
The official intuit developer site provides two node packages.
one is official from intuit and one is from community.
I have glanced through both of them.
the official package is fairly universal. It essentially is just a API client to send a request to remote server and the payload is basic json format.
the community package seems a bit more specific but the documentation seems a bit confusing.
Which one would you choose to do the work and why?
I would love to hear your input.
Thanks :)
The Intuit provided library (intuit-oauth) is specifically for authenticating and getting the OAuth token you need to communicate with the Quickbooks API, the other library (node-quickbooks) is for making the actual calls against the API endpoints.
You will need both libraries, unless you are handling authentication in a different way.
Fwiw for whoever finds this useful:
I forked intuit-oauth, added typescript and fixed vulnerabilities that have been fixed in the PRs of their repo for years and never updated here: https://www.npmjs.com/package/intuit-oauth-ts
Additionally I forked node-quickbooks, updated the api to return promises rather than relying on callbacks, resolved the discovery URLs automatically, changed the format of response objects to be more sensible, and added (unfortunately only some) of the typescript definitions for it here: https://www.npmjs.com/package/qbo. I don't have enough time to add the definitions for all of the files (largey because the included ones should be completely exhaustive for every property in the QBO api, which is timeconsuming to define). If someone would like to contribute by adding more of the typescript definitions or adding all of them, I would really appreciate it.
I am interested in any example angular app using intuit-oauth
Trying to work it out but getting issues since there is no document for typescript.
I'm trying to setup a nodejs-express boilerplate for my new project, and this time I want to try doc-driven flow. I've checked couples of packages like swagger-node, swaggerize-express ...etc. They all provide great functionalities.
However, I don't see anything that could support incremental scaffolding when the Swagger file is updated. That means when the spec changes I have to manually check the diff and manually add/modify the new specs. That doesn't sound cool.
Does anyone could share something that is more reasonable? Thanks!!!
Edit:
After trying some frameworks, I decided to use swagger-express-middleware. This framework offers a convenient way to automatically check routes/parameters for your service.
You can use tools like swagger-maven-plugin to incrementally rebuild your server code, which means reading from your api definition and updating/building code as necessary. There are SAAS products like SwaggerHub which enable this as well, by merging code and pushing to git.
I am trying to make a separation in my new SailsJS app by creating modules/HMVC, just like ASP.NET MVC, and Codeigniter PHP. These frameworks provide a mechanism for handling such a separation. Do any one have an idea how to implement this in SailsJS?
There is some development taking place in that direction, I'm not quite sure whether or not anything usable already exists, at least I haven't been able to find anything final so far. Two threads where adding HMVC to sails was discussed are
https://github.com/balderdashy/sails/issues/1191
https://github.com/balderdashy/sails/issues/594
I think the most recent sails plugin/backend components system discussion is balderdashy/sails/pull/2083.
It looks like the most viable module solution today is balderdashy/sails-hook-subapps, an example of a sails hook. Hopefully, it works with 0.12.x and gets some attention/docs soon!
Additionally, the project sailorjs/sailorjs appears to do exactly this as a fork of sails from version 0.10.x, though I don't know if there are plans ot utilize that work in sails.js.
I'm a complete Node noob, so I apologize if this question has an obvious answer.
I'm looking to create a web app that will run plugins from untrusted sources (i.e. community submissions). So I need to lock down those plugins into a sandbox where only certain access is allowed (can't write to disk, etc.). Ideally, the plugin would only be able to use certain approved node packages and APIs.
Is this possible in Node? If so, can you point me toward a package or documentation that will get me started?
Here is a small list of projects that can help you:
https://github.com/gf3/sandbox
https://github.com/hflw/node-sandbox
https://github.com/bcoe/sandcastle
https://github.com/wearefractal/boxy
I suggest the first one (sandbox) since it's more mature.
I would also contribute to the list with my library: https://github.com/asvd/jailed. In addition to the sandboxing of the untrusted code (in a restricted subprocess), it gives an opportunity to export any set of functions inside the sandbox thus defining a custom API for the sandboxed code.