Reputation: 93
Node+Express: Multiple authentication strategies according to page and user type
I am new to node and I want to start building the following application:
The app should be a catalog of services offered by certain businesses. Users should be able to start and track the status of processes along with listed services providers.
So there are four databases:
- Admins
- Users
- Businesses
- Processes
And three types of users:
- Admin = Me (Authentication: username+password)
- Business (Authentication: username+password)
- User (Authentication: facebook)
Admins should have CRUD permissions to all databases. Businesses can only perform CRUD to their own profile (provided service) and update relevant processes. Users can perform CRUD to their on going processes.
I read a lot about npm modules like everyauth, mongoose-auth, passport but I have difficulties understanding their relationships with databases like mongodb especially when I have three types of users with three different permissions and four databases. I dont know how pages can check for three different types of cookies.
Should I create three different login and regestration systems? If yes, how?
Can someone please help me out..not with code..but with a concept or a relevant tutorial.
Passport requires the following for username & password configuration:
What I can't understand is:
- Where is the resulting database?
- How can I connect a mongodb database that I can access later?
- How should the app.get() look like to redirect users to corresponding login page?
- How can I implement this for three different login pages (adminLogin, businessLogin, userLogin) with three corresponding databases (admin, business, user)?
- How can I check if correct type of cookie is available on three different home pages (adminHome, businessHome, userHome)?
Upvotes: 3
Views: 3498
Answers (1)
Reputation: 16705
My recommendations:
- Use "express".
- Use "passport". Note that "mongoose-auth" is built on "everyauth", and they will work fine, but I like the flexibility of the "strategies" concept from "passport", and the "express" integration is better. You can use any database/method (like LDAP) with Passport Local strategy to store credentials, and this is explained in the passport tutorials. Also the Passport Facebook strategy is already defined and ready to use.
- If at all possible, have separate express routes (URLs) for each of the three user groups. Managing multiple authentication strategies on the same routes gets deceptively complicated and unreliable.
- It's highly unlikely that Businesses or Users will ever need to directly access the databases. Therefore the databases will only need a web-server to db-server connection. Hence if your web servers are secure you may not need the DB authentication at all, and even if you do need it, that connection is only for Admins. However you should read these Mongo security recommendations to be aware of potential security issues.
Upvotes: 4
Related Questions
- Best way to handle authentication in Express?
- MongoDB design for multiple auth user accounts
- Authentication Practices with Node Express
- how to implement role based authentification with nodejs?
- Differentiated Login Response Based on Database Field: Express + Node + MongoDB
- Manage authentication of different types of users in express.js using passport.js
- Node.js - How do I set up separate authentication for different routes?
- Using passport to allow two completely different types of "user" to authenticate
- Nodejs Authentication
- Mongo user document structure with three user types