Node.js应用程序的授权方法和设计模式 [英] Authorization approaches and design patterns for Node.js applications

问题描述

我正在为内部企业软件平台构建多页管理界面.想一想将各种API，数据库查询和Shell脚本捆绑在一起的大量粘合逻辑.

I am building a multiple page admin interface for an internal enterprise software platform. Think lots of glue logic tying together various APIs, db queries, and shell scripts.

我们将使用node.js，express框架(包括jade模板)和LDAP进行身份验证.

We will be using node.js, the express framework (including jade templates), and LDAP for authentication.

我正在努力寻找有关节点应用程序中授权的设计模式和最佳实践的信息.最好是，我希望使用基于角色的模型，因为我的用户熟悉该方法及其护理和提供方法.

I am struggling to find information regarding design patterns and best practices for authorization in node applications. Preferably, I would like to use the role-based model since my users are familiar with that approach and its care and feeding.

我是node.js的新手，所以请不要以为我已经看过模块或热门博客文章.可能有很多信息，我根本不知道在哪里看.

I am new to node.js so please don't assume I've already seen a module or popular blog post. It's probable that there's a wealth of information and I simply do not know where to look.

提前感谢您能够提供的任何信息！

Thanks in advance for any information you are able to provide!

推荐答案

根据您的第一个问题，您希望在NodeJ中实现一些授权过程.我已经探索并使用了许多NodeJ的API.我希望遵循用于企业应用程序的API.

As per your first question, you want some authorization process implementation in NodeJs. I have explored and used number of APIs of NodeJs. I would prefer following APIs for enterprise applications.

• 用于身份验证:护照或

• For Authentication: Passport or Satellizer if developing SPA (front-end) in AngularJS.

用于授权: ACL .基于方法和REST API的基于角色的安全性.如果要同时使用RABC，ABAC，我想提及 casbin .

For Authorization: ACL . Role based security on Methods and REST APIs. I would like to mention casbin if you want to use RABC, ABAC as well.

第二，您需要在NodeJ中实现和开发的方法.

Second, you want some implementation and development approach in NodeJs.

• 轻松和我最喜欢的NodeJs设计模式和框架:MVC框架 SailsJs .为其准备好启动和模块化体系结构.从长远来看，代码管理很容易(企业应用程序的大多数实际要求).易于维护. SailsJs还使用 Socket.io 进行了预配置，您可以在其中使用它来创建实时模块，小部件，聊天小部件.项目.

• Easy and my favourite design pattern and Framework for NodeJs: MVC framework , SailsJs . For its ready to start and modular architecture. Code management is easy in long run (Most practical requirement for an enterprise application). Easy maintenance. SailsJs is also preconfigured with Socket.io, using which you can create real time modules, widgets, chat widgets with in your project.

Express 您可以使用Express并设计自己的自定义MVC项目结构.这也很流行而且很健壮.您可以在 Yeoman

Express You can use Express and design your own custom MVC project structure. This is also popular and robust. You can find popular seed projects of the same on Yeoman

Redis 作为缓存或会话层.最好使用单独的缓存或会话层，因为它不会阻止您将应用程序在云上扩展到第n个实例.

Redis As a caching or session layer. It is always good to use seperate caching or session layer, because it won't block you to scale your application on cloud to nth instances.

您可以使用 Redis 和 Socket.io 创建实时功能，例如地理位置-，用户状态(在线/离线)，聊天，推送通知等等.

You can use Redis and Socket.io to create real-time features like Geo-location , user-presence(online/offline), chat, push-notification and many more.

ORM:水线.因其简单的查询方法.它也是SailsJs的内置和默认ORM.如果不使用SailsJs，也可以使用 Sequelizejs .我建议使用数据库提供程序提供的本机连接器.

ORM: Waterline . For its easy querying approach. It is also the inbuilt and default ORM of SailsJs. You can also use Sequelizejs, if not using SailsJs. I would recommend to use native connectors provided by DB providers.

数据库:根据您的要求. Waterline ORM支持PostgreSQL，MySQL，MongoDB等.

Database: As per your requirement. Waterline ORM supports PostgreSQL, MySQL, MongoDB and more..

我认为，我已经介绍了在NodeJ中创建企业应用程序的所有重要信息.我并不是说，上述软件包是最好的，但是从协作的角度来看，它们可以最适合任何企业场景.还有其他已知的软件包，您可以根据自己的需求使用它们.

I think, I have covered all important information to create an Enterprise application in NodeJs. I don't say, above packages are best, but collaboratively, they can be best fitted to any enterprise scenario. There are other known packages, which you can use according to your own requirement.

这篇关于Node.js应用程序的授权方法和设计模式的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！