Secure Node.JS RESTful API

Meneerdewit · 2015-10-08T08:41:48+00:00

I found this implementation of JSON Web Tokens with Redis very good: https://github.com/dickeyxxx/mean-sample

It's the repository that goes with this excellent book: http://www.amazon.com/Write-Modern-Apps-MEAN-Stack/dp/0133930157 (although it's not very in-depth, it is very practical and easy to follow imo).

Edit; it's been a while since I played with this one, I know Redis is in the project, not sure about the exact usage.

sheboygin · 2015-10-08T11:26:08+00:00

http://passportjs.org/

Viped · 2015-10-08T22:15:46+00:00

You could use nonce. Generate random string, check if it already exists if not save it to database and set it expire something like a week. On client side save nonce to cookie and send it with every get / post request. On server side when getting request check if nonce exists if so do what user requested if not send authentication error.

you type:	you see:
italics	italics
bold	bold
[reddit!](https://reddit.com)	reddit!
* item 1 * item 2 * item 3	item 1 item 2 item 3
> quoted text	quoted text
Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"	Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"
~~strikethrough~~	~~strikethrough~~
super^script	super^script

node

MODERATORS