Authorization approaches and design patterns for Node.js applications

Dave Snigier picture Dave Snigier · Nov 24, 2012 · Viewed 45.6k times · Source

I am building a multiple page admin interface for an internal enterprise software platform. Think lots of glue logic tying together various APIs, db queries, and shell scripts.

We will be using node.js, the express framework (including jade templates), and LDAP for authentication.

I am struggling to find information regarding design patterns and best practices for authorization in node applications. Preferably, I would like to use the role-based model since my users are familiar with that approach and its care and feeding.

I am new to node.js so please don't assume I've already seen a module or popular blog post. It's probable that there's a wealth of information and I simply do not know where to look.

Thanks in advance for any information you are able to provide!

Answer

Amreesh Tyagi picture Amreesh Tyagi · Jul 13, 2014

As per your first question, you want some authorization process implementation in NodeJs. I have explored and used number of APIs of NodeJs. I would prefer following APIs for enterprise applications.

  • For Authentication: Passport or Satellizer if developing SPA (front-end) in AngularJS.

  • For Authorization: ACL . Role based security on Methods and REST APIs. I would like to mention casbin if you want to use RABC, ABAC as well.

Second, you want some implementation and development approach in NodeJs.

  • Easy and my favourite design pattern and Framework for NodeJs: MVC framework , SailsJs . For its ready to start and modular architecture. Code management is easy in long run (Most practical requirement for an enterprise application). Easy maintenance. SailsJs is also preconfigured with Socket.io, using which you can create real time modules, widgets, chat widgets with in your project.

  • Express You can use Express and design your own custom MVC project structure. This is also popular and robust. You can find popular seed projects of the same on Yeoman

  • Redis As a caching or session layer. It is always good to use seperate caching or session layer, because it won't block you to scale your application on cloud to nth instances.

  • You can use Redis and Socket.io to create real-time features like Geo-location , user-presence(online/offline), chat, push-notification and many more.

  • ORM: Waterline . For its easy querying approach. It is also the inbuilt and default ORM of SailsJs. You can also use Sequelizejs, if not using SailsJs. I would recommend to use native connectors provided by DB providers.

  • Database: As per your requirement. Waterline ORM supports PostgreSQL, MySQL, MongoDB and more..

  • My faviourite view engine: EJS. No need to learn new things for developing your presentation layer. It is also the inbuilt and default view engine of SailsJs, that's why I am a fan of SailsJs.

I think, I have covered all important information to create an Enterprise application in NodeJs. I don't say, above packages are best, but collaboratively, they can be best fitted to any enterprise scenario. There are other known packages, which you can use according to your own requirement.