Scribd Logo
Upload

Welcome to Scribd!

  • Node JS: by Chandan Naresh

    Uploaded by

    Chandan Naresh
    11 views8 pages

    Original Title

    Node JS-eval

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    11 views8 pages

    Node JS: by Chandan Naresh

    Uploaded by

    Chandan Naresh

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 8

    NODE JS

    By Chandan Naresh
    AUTHENTICATION –
    AUTHORIZATION
    Process of validating if the user is genuine /valid to access sensitive data/resources.
    Process of providing access only to applied area of the web application.
    Common authentication strategies
     Window auth
     LDAP Auth
     Email-Id/Password Auth
     Token Auth
     Google Auth
     Facebook Auth
     Phone Number Auth
     OpenID

    Authentication Libraries
     Passport.js, Auth0 SDK, firebase sdk, firebase admin
    JWT TOKEN AUTH FLOW

    GET: http://localhost:3000/user/data
    POST: http://localhost:3000/login Token: 383802899899

    1. Validate and
    sanitize input
    2. Check
    id/password
    exists in db
    3. Generate jwt
    token
    4. Send the token
    JSON WEB TOKEN
    Open standard RFC 7519 implementation to represent claims securely between two
    parties
    Use SHA246/RSA algoritm to sign the token
    Generated on Server – Send to client
    Cannot be tampered
    Use for authorization on subsequent client request over resources/routes/endpoint
    Jsonwebtoken package to generate token
    NODE JS – EXPRESS
    VALIDATOR
    Middleware library for input validation and sanitization
     npm i express-validator

    Features includes
     Sanitization [example, normalizeEmail(), trim(), escape(), toBoolean()]
     Validation [example, check(),body(),cookie(),header(),param(),query(),oneOf(),checkSchema()]

    Example
    import { body, validationResult } from 'express-validator';

    app.post(
    '/user',
    // username must be an email
    body('username').isEmail(),
    // password must be at least 5 chars long
    body('password').isLength({ min: 5 }),
    (req: express.Request, res: express.Response) => {
    // Finds the validation errors in this request and wraps them in an object with handy functions
    const errors = validationResult(req);
    if (!errors.isEmpty()) {
    return res.status(400).json({ errors: errors.array() });
    }

    User.create({
    username: req.body.username,
    password: req.body.password,
    }).then(user => res.json(user));
    },
    );
    BCRYPT
    Hashing library to hash password
    Bcrypt npm
    Used on Server
    Example:
    bcrypt.hash(myPlaintextPassword, saltRounds, function(err, hash)
    { // Store hash in your password DB. });

    // Load hash from your password DB.


    bcrypt.compare(myPlaintextPassword, hash, function(err, result)
    { // result == true });
    bcrypt.compare(someOtherPlaintextPassword, hash, function(err,
    result) { // result == false });
    SECURITY CONSIDERATION
    Ensure proper Sanitization of input data
    Nodes/Endpoint should be restricted with Authorization middleware
    Password should be saved in hash format.
    Token timeout should be limited
    Log invalid/failed authentication attempt
    Disable webserver directory listening
    THANK YOU

    You might also like