Friday, 21 April 2017

Securing routes on Express and NodeJs

I'm looking the best way to "restrict" specific routes, I'm going to explain it with an example:

I have two users:

-user1 id:123

-user2 id:456

Client Side (Angular):

//LOGGED AS USER 123
$http.post('www.domain.com/api/user/123')
.then(function (data) {
  // here I should receive the data from user 123
})

The code above it's easy to do, but I want to rescrict this endpoint (from server side) only for user 123. If user 456 try to get that endpoint shoul be kicked. Example:

//LOGGED AS USER 456
$http.post('www.domain.com/api/user/123')
.then(function (data) {
  // should return error (forbidden resource)
})

As you can see, if your are logged as user 456, you could get data from "api/user/123", but you could get from "api/user/456"

QUESTION:

What is the best way to do it with Node/Express/JWT ??



via Julián B

No comments:

Post a Comment