English 中文(简体)
网页,使用主干,前端和后遗症
原标题:Web site using backbone for frontend and nodejs for backend

I m developing a new web site that will be a single paged app with some dialog/modal windows. I want to use backbone for frontend. This will call backend using ajax/websockets and render the resulting json using templates.
As a backend I ll use nodejs express app, that will return the json needed for client, it ll be some kind of api. This will not use server side views.
Client will use facebook, twitter, etc. for authentication and maybe custom registration form.
Client static resources, such as css, js, and html files will be handled by nginx (CDN later).

Questions that I have now:

  • How can I determine that a given user has the right to do some action in api(i.e. delete a building, create new building)? This is authorization question, I thought of giving user a role when they login and based on it determine their rights. Will this work?
  • Similar to the above question, will this role based security be enough to secure the api? Or I need to add something like tokens or request signing?
  • Is this architecture acceptable or I m over engineering and complicating it?
最佳回答

Passport是用于认证碎片的选项。 我是开发商,因此,如果你使用,我可以自由地向我提问。

时间:2012-05-13 21:18:47
问题回答
  • I thought of giving user a role when they login and based on it determine their rights. Will this work?
    • Yes this will work. You can check for a certain role on the user after it s been fetched from the server. You can then display different UI elements depending on this role.
  • Will this role based security be enough to secure the api? Or I need to add something like tokens or request signing?
    • It wont be enough. Anyone could hop into the console and set something like user.admin = true. In your API you ll need to validate a user token from the request, making sure that the related user has the appropriate permissions.
  • Is this architecture acceptable or I m over engineering and complicating it?
    • At the least you should have an API validation layer. That would make a decent enough start, and wouldn t be over-engineering.
时间:2012-05-12 16:34:25

http://everyauth.com/“rel=“nofollow”>。 它是连接/压缩的认证中继器。 它几乎支持每一个 o-社会网络。

For role management you could give node-roles a try. I didn t use it myself but it should help you out, because it checks the role on the server side. Of course that is only useful if your API is implemented in node.js. If that s not the case, you have to "proxy" the API calls over your node.js app.

我希望我能帮助你们!

时间:2012-05-13 09:41:54


上一篇:
下一篇:


相关问题
selected text in iframe

How to get a selected text inside a iframe. I my page i m having a iframe which is editable true. So how can i get the selected text in that iframe.

时间:2009-11-13 04:26:50 回答:3 展示:1
How to fire event handlers on the link using javascript

I would like to click a link in my page using javascript. I would like to Fire event handlers on the link without navigating. How can this be done? This has to work both in firefox and Internet ...

时间:2009-11-13 04:03:02 回答:2 展示:1
How to Add script codes before the </body> tag ASP.NET

Heres the problem, In Masterpage, the google analytics code were pasted before the end of body tag. In ASPX page, I need to generate a script (google addItem tracker) using codebehind ClientScript ...

时间:2009-11-13 03:31:36 回答:3 展示:1
Clipboard access using Javascript - sans Flash?

Is there a reliable way to access the client machine s clipboard using Javascript? I continue to run into permissions issues when attempting to do this. How does Google Docs do this? Do they use ...

时间:2009-11-09 14:57:38 回答:8 展示:1
javascript debugging question

I have a large javascript which I didn t write but I need to use it and I m slowely going trough it trying to figure out what does it do and how, I m using alert to print out what it does but now I ...

时间:2009-11-09 14:29:27 回答:2 展示:1
Parsing date like twitter

I ve made a little forum and I want parse the date on newest posts like twitter, you know "posted 40 minutes ago ","posted 1 hour ago"... What s the best way ? Thanx.

时间:2009-11-09 14:21:27 回答:2 展示:1
热门标签

友情链接

Allggapp Alljchome-教程家园 mvfinale.com-影视剧情大结局大全