Reputation: 1178
Migrating to Sails.js 0.12 - middleware migration
I am migrating an old sails.js project which was written in 0.10.5 to 0.12.x. Since the original code was written a long time ago and may have some "non-conforming" code I decided to re-build the project by starting a new sails project and slowly migrating the models/controllers/services while keeping only necessary policies and configuration files.
So far I managed to get the project to lift and now I am starting to deal with the authentication. Ideally, I intend to move to use passport with jwt to replace existing express-jwt.
My old config/http.js looks like so:
module.exports.http = {
bodyParser: function() {
//return require('body-parser')({limit: '900mb'});
var opts = { limit:'50mb' };
var fn;
// Default to built-in bodyParser:
fn = require('skipper');
return fn(opts);
},
customMiddleware: function(app) {
var bodyParser = require('body-parser');
var expressJwt = require('../libs/express-jwt');
var experssJwtConfig = require('./jwt.js').jwt;
app.use(function(req, res, next) {
res.setHeader("Access-Control-Allow-Origin", "*");
next();
});
app.use('/api', expressJwt({secret: experssJwtConfig.secret}));
app.use(bodyParser.json());
app.use(bodyParser.urlencoded());
if(process.env.NODE_ENV == 'development') {
// just for local/development - serve static files
}
}
}
If I understand correctly (I am not well versed in the stack) this code overrides the default body parser (using skipper allowing large files - this is specified in bodyParser), and in addition, changes the middleware used:
Includes a middleware to add
Access-Control-Allow-Origin.For routes under 'api' it invokes the express-jwt middleware which in this implementation (not sure it's the default behavior) looks for the token and then add the user to the request object (which is then used in most of the controllers).
Adds body parser's (
body-parser)jsonandurlencodeto the middleware chain.
My question here is whether I should keep it more or less the same or should I change it? Are there any obvious anti-patterns or security risks? If I use skipper, do I need the body parser json/urlencode middleware?
Would I be able to achieve comparable flows using more standard passport/jwt code? If so, can I achieve this kind of stack with sails-auth or should I role my own?
Upvotes: 0
Views: 204
Answers (1)
Reputation: 3526
Yes, you can remove the custom middleware. Latest pattern is easier to manage. For starters,
Access-Control-Allow-Origincan be set inconfig/cors.jsYou can use
passport-jwtin a more sailsy way by making use ofsails-authmodule. And splitting the logic intoservices, usingpoliciesto manage the flow etc. The problem withsails-authis, the module in npm has been published over an year ago. It has several bugs. The GitHub repo though has stable version.
I have made a bare minimum auth server in sails, which you can extend for various passport strategies. The server supports local, bearer, JWT strategies out of the box.
Upvotes: 1
Related Questions
- How to migrate the database in sails.js?
- How to use express middleware in SailsJS?
- Sails.js - Serving sails route via express middleware
- Migrating Sequelize migrations
- using sails.config in middleware
- Custom Middleware in sail.js
- Node.js v4 migration (for sails.js or node.js)
- SailsJS Models and Migrations
- database migrations with sails and mongodb
- How to mount a Sails.js app as express middleware