I have a react/redux app that I want to communicate with a Node.js app (probably Express) through its API. The Node.js app has a CloudantDB and contains sensitive info. Each user can only access his/her part of the DB.
我有一个react / redux应用程序,我想通过它的API与Node.js应用程序(可能是Express)进行通信。 Node.js应用程序具有CloudantDB并包含敏感信息。每个用户只能访问他/她的数据库部分。
How would you recommend I secure the API endpoints and establish a user Auth? I was thinking to use Passport.js on the Node.js app and have it interact with a Jason Web Token Auth on the react side. Thanks!
您如何建议我保护API端点并建立用户身份验证?我想在Node.js应用程序上使用Passport.js并让它在反应方面与Jason Web Token Auth进行交互。谢谢!
2 个解决方案
#1
1
There are several ways.
有几种方法。
Token, Cookies, JWT
令牌,Cookies,JWT
JWT is the most simplest way, (I think) and the most feature rich..
JWT是最简单的方式,(我认为)和最丰富的功能..
But its up to you..
但它取决于你..
#2
0
You may want to check out https://github.com/cloudant-labs/envoy which is an express based app that you can extend to use Passport.js
您可以查看https://github.com/cloudant-labs/envoy这是一个基于快速的应用程序,您可以扩展为使用Passport.js
Most importantly it limits the scope of what a user can pull from the DB and store in browser.
最重要的是,它限制了用户从数据库中提取和存储在浏览器中的范围。
#1
1
There are several ways.
有几种方法。
Token, Cookies, JWT
令牌,Cookies,JWT
JWT is the most simplest way, (I think) and the most feature rich..
JWT是最简单的方式,(我认为)和最丰富的功能..
But its up to you..
但它取决于你..
#2
0
You may want to check out https://github.com/cloudant-labs/envoy which is an express based app that you can extend to use Passport.js
您可以查看https://github.com/cloudant-labs/envoy这是一个基于快速的应用程序,您可以扩展为使用Passport.js
Most importantly it limits the scope of what a user can pull from the DB and store in browser.
最重要的是,它限制了用户从数据库中提取和存储在浏览器中的范围。