Node.js 应用程序的授权方法和设计模式
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/13546249/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Authorization approaches and design patterns for Node.js applications
提问by Dave Snigier
I am building a multiple page admin interface for an internal enterprise software platform. Think lots of glue logic tying together various APIs, db queries, and shell scripts.
我正在为内部企业软件平台构建一个多页面管理界面。考虑将各种 API、数据库查询和 shell 脚本捆绑在一起的大量胶水逻辑。
We will be using node.js, the express framework (including jade templates), and LDAP for authentication.
我们将使用 node.js、express 框架(包括 jade 模板)和 LDAP 进行身份验证。
I am struggling to find information regarding design patterns and best practices for authorization in node applications. Preferably, I would like to use the role-based model since my users are familiar with that approach and its care and feeding.
我正在努力寻找有关节点应用程序中授权的设计模式和最佳实践的信息。最好,我想使用基于角色的模型,因为我的用户熟悉这种方法及其护理和喂养。
I am new to node.js so please don't assume I've already seen a module or popular blog post. It's probable that there's a wealth of information and I simply do not know where to look.
我是 node.js 的新手,所以请不要假设我已经看过一个模块或流行的博客文章。很可能有大量的信息,我就是不知道去哪里找。
Thanks in advance for any information you are able to provide!
预先感谢您提供的任何信息!
采纳答案by Amreesh Tyagi
As per your first question, you want some authorization process implementation in NodeJs. I have explored and used number of APIs of NodeJs. I would prefer following APIs for enterprise applications.
根据您的第一个问题,您希望在 NodeJs 中实现一些授权流程。我已经探索并使用了许多 NodeJs 的 API。我更喜欢遵循企业应用程序的 API。
For Authentication: Passportor Satellizerif developing SPA (front-end) in AngularJS.
For Authorization: ACL. Role based security on Methods and REST APIs. I would like to mention casbinif you want to use RABC, ABAC as well.
对于身份验证:如果在 AngularJS 中开发 SPA(前端),则使用Passport或Satellizer。
对于授权:ACL。方法和 REST API 上基于角色的安全性。如果您还想使用 RABC、ABAC,我想提一下casbin。
Second, you want some implementation and development approach in NodeJs.
其次,您需要在 NodeJs 中使用一些实现和开发方法。
Easy and my favourite design pattern and Framework for NodeJs: MVC framework , SailsJs. For its ready to start and modular architecture. Code management is easy in long run (Most practical requirement for an enterprise application). Easy maintenance. SailsJs is also preconfigured with Socket.io, using which you can create real time modules, widgets, chat widgets with in your project.
ExpressYou can use Express and design your own custom MVC project structure. This is also popular and robust. You can find popular seed projects of the same on Yeoman
RedisAs a caching or session layer. It is always good to use seperate caching or session layer, because it won't block you to scale your application on cloud to nth instances.
You can use Redisand Socket.ioto create real-time features like Geo-location, user-presence(online/offline), chat, push-notification and many more.
ORM: Waterline. For its easy querying approach. It is also the inbuilt and default ORM of SailsJs. You can also use Sequelizejs, if not using SailsJs. I would recommend to use native connectors provided by DB providers.
Database: As per your requirement. Waterline ORM supports PostgreSQL, MySQL, MongoDB and more..
- My faviourite view engine: EJS. No need to learn new things for developing your presentation layer. It is also the inbuilt and default view engine of SailsJs, that's why I am a fan of SailsJs.
简单且我最喜欢的 NodeJs 设计模式和框架:MVC 框架,SailsJs。因其准备就绪和模块化架构。从长远来看,代码管理很容易(企业应用程序的最实际要求)。易于维护。SailsJs 还预配置了Socket.io,您可以使用它在项目中创建实时模块、小部件、聊天小部件。
Express您可以使用 Express 并设计您自己的自定义 MVC 项目结构。这也是流行和强大的。您可以在Yeoman上找到相同的热门种子项目
Redis作为缓存或会话层。使用单独的缓存或会话层总是好的,因为它不会阻止您将云上的应用程序扩展到第 n 个实例。
ORM:水线。由于其简单的查询方法。它也是 SailsJs 的内置和默认 ORM。您还可以使用Sequelizejs如果不使用SailsJs。我建议使用 DB 提供商提供的本机连接器。
数据库:根据您的要求。Waterline ORM 支持 PostgreSQL、MySQL、MongoDB 等。
- 我最喜欢的视图引擎:EJS。无需学习用于开发表示层的新事物。它也是 SailsJs 的内置和默认视图引擎,这就是为什么我是 SailsJs 的粉丝。
I think, I have covered all important information to create an Enterprise application in NodeJs. I don't say, above packages are best, but collaboratively, they can be best fitted to any enterprise scenario. There are other known packages, which you can use according to your own requirement.
我想,我已经涵盖了在 NodeJs 中创建企业应用程序的所有重要信息。我不是说,上面的包是最好的,但是协作起来,它们可以最适合任何企业场景。还有其他已知的软件包,您可以根据自己的要求使用它们。
回答by zemirco
Here are some information to get started:
以下是一些入门信息:
- passportis a popular module for authentication
- express auth exampleshows how do implement simple authentication without extra modules
- express route middleware exampleexplains how to implement role based authentication
- blog poston nodejs.org about the ldapjs module
- 护照是一种流行的身份验证模块
- express auth 示例展示了如何在没有额外模块的情况下实现简单的身份验证
- 快速路由中间件示例解释了如何实现基于角色的身份验证
- nodejs.org 上关于ldapjs 模块的博客文章
Hope that makes it easier to start.
希望这能让你更容易开始。
回答by Sergii Stotskyi
Another option is to use CASLwhich is very good integrated with MongoDB. Also there is an article of how to itegrate authorization based on CASL into expressjs app - https://medium.com/@sergiy.stotskiy/authorization-with-casl-in-express-app-d94eb2e2b73b
另一种选择是使用与 MongoDB 非常好的集成的CASL。还有一篇关于如何将基于 CASL 的授权集成到 expressjs 应用程序的文章 - https://medium.com/@sergiy.stotskiy/authorization-with-casl-in-express-app-d94eb2e2b73b
回答by Kai Zhang
I should say Node-Authorizationis also a good candidate. The idea is borrowed from SAP(ERP provider), it is an object oriented authorization. And it can also be used as an accompaniment with other frameworks like: Passport and Express.
我应该说节点授权也是一个不错的选择。这个想法是从SAP(ERP供应商)借来的,它是一种面向对象的授权。它也可以用作其他框架的伴奏,例如:Passport 和 Express。
