node.js - Explain to Mean.io beginner how Mean.io sample package's authentication works -


i'm learning mean.io this tutorial video, shows example package (created mean package mymodule. described under "packages" on docs). in understanding how given authentication/authorization works.

the default sample package/module has simple user authentication on client side

myapp/packages/mymodule/public/views/index.html contains:

    <li>       <a href="mymodule/example/anyone">server route can access</a>     </li>     <li>       <a href="mymodule/example/auth">server route requires authentication</a>     </li>     <li>       <a href="mymodule/example/admin">server route requires admin user</a>     </li>

on server side,

myapp/packages/mymodule/server/routes/mymodule.js, contains:

// package past automatically first parameter module.exports = function(mymodule, app, auth, database) {    app.get('/mymodule/example/anyone', function(req, res, next) {     res.send('anyone can access this');   });    app.get('/mymodule/example/auth', auth.requireslogin, function(req, res, next) {     res.send('only authenticated users can access this');   });    app.get('/mymodule/example/admin', auth.requiresadmin, function(req, res, next) {     res.send('only users admin role can access this');   });    ... };

the magic of different authentication relies on second argument of app.get() additional authentication callback: none, auth.requireslogin, or auth.requiresadmin.

this authentication magic (also on github):

myapp/packages/access/server/config/authorization.js:

/**  * generic require login routing middleware  */ exports.requireslogin = function(req, res, next) {   if (!req.isauthenticated()) {     return res.send(401, 'user not authorized');   }   next(); };  /**  * generic require admin routing middleware  * basic role checking - future release full permission system  */ exports.requiresadmin = function(req, res, next) {   if (!req.isauthenticated() || !req.user.hasrole('admin')) {     return res.send(401, 'user not authorized');   }   next(); };

question a: why "exports.requireslogin" , "exports.requiresadmin" in authorization.js instead of "somethingelse.requireslogin" , "somethingelse.requiresadmin"? "exports" related myapp/packages/access/server/config/passport.js's exports: module.exports = function(passport) { ...}, github? if so, in circumstances can use "exports"?

since authentication's authorization rules written in package "access" , used in package "mymodule", mean.io packages not independent of each other. access package registered on

myapp/packages/access/app.js, github:

var mean = require('meanio'),   module = mean.module,   passport = require('passport');  var access = new module('access');  access.register(function(database) {    // register auth dependency    var auth = require('./server/config/authorization');   require('./server/config/passport')(passport);    // backwards compatibility   mean.register('auth', function() {     return auth;   });    mean.register('passport', function() {     return passport;   });    access.passport = passport;   access.middleware = auth;    return access; });

question b: mean.io automatically link packages or there code link packages somewhere? linked due part "this backwards compatibility" shown below? if so, can "auth" used? packages myapp/packages/? how in mean.io base app directory myapp/?

var auth = require('./server/config/authorization');  // backwards compatibility   mean.register('auth', function() {     return auth;   });

question c: why "access.passport = passport;", "middleware" "access.middleware = auth;"? what happen if "access.auth = auth"?

regarding question (on use of exports)

in node.js, assigning values exports object makes values available code requires source file.

for example, given file foo.js:

exports.foo = "foo"; exports.bar = "bar";

and file main.js:

var foo = require('foo.js'); console.log('foo=',foo.foo,'; bar=',foo.bar);

running node main.js output foo= foo ; bar= bar.

see, example, node's module documentation or this write-up on require , exports.

regarding question b (on package "linking")

the answer question complement answer question a.

there code "link" packages. require statement.

in app.js source code, first line (reading var mean = require('meanio')) set local variable mean whatever values assigned exports object when meanio.js and/or meanio module loaded.

same passport = require('passport'). in case, local variable passport equal value of exports after index.js in passport module loaded.

regarding question c

i'm not entirely sure asking here, let me take stab @ it.

in case:

1) var mean = require('meanio') in line 1 "imports" meanio module, such local variable mean more or less set equal value of exports in meanio module.

2) module = mean.module in line 2 sets local variable module equal value of mean.module, must have been assigned in meanio module.

3) var access = new module('access') instantiating instance of module class, assigning local variable access.

4) access.passport = passport assigns instance variable named passport within instance of meanio.module named access (to value of passport module required on line #3)

5) access.middleware = auth assigns instance variable named middleward within instance of meanio.module named access (to value returned require('./server/config/authorization') in line 11).

i'm not familiar "meanio" module, based on code looks configuring meanio.module("access") instance (named access) assigning specific "magic" variable names.

in other words, rather access.passport = passport; access.middleware = auth might have access.setpassport(passport); access.setmiddleware(auth) or (rather line 5) var access = new module('access',passport,auth).

that is, author of "meanio" module seems have decided use special variable names configure class rather "setter" methods or parameters passed constructor. assume somewhere in meanio code you'll find reference this.middleware , this.passport, code assuming have "filled in" instance variables happens in last few lines in code sample.

if add access.auth = auth happen access object have new attributed named auth value equal of local variable auth.

if used access.auth instead of access.middleware, assume whatever code in access class using this.middleware fail, since no value ever assigned access.middleware , access.auth not 1 of "magic" variable names meanio looking for.


Comments

Post a Comment

Popular posts from this blog

javascript - Jquery show_hide, what to add in order to make the page scroll to the bottom of the hidden field once button is clicked -

i have button on website when clicked, reveals map. button can seen when page first loads up, when clicked, section holding map slides open , goes out of screen since page loads @ top (normal). want page scroll down bottom of div select when button pushed, if map out of screen. if page scrolled down, , clicks show map button, don't want page jump bottom of map. i tried figure out myself, no luck. seasoned jquery coders able give me guidance? many thanks! map = mapdiv.gmap3("get"); infobox = new infobox({ pixeloffset: new google.maps.size(-220, -310), closeboxurl: '', enableeventpropagation: true }); mapdiv.delegate('.infobox .close','click',function () { infobox.close(); }); jquery(".slidingdiv").hide(); jquery(".show_hide").show(); jquery('.show_hide').click(function(){ lastcenter=map.getcenter(); jquery(".slidingdiv&quo
Read more

javascript - Highcharts multi-color line -

Image
i looking create highchart multi-colored line. if goes down under value, become red, , when comes on value, become green . here picture example: or maybe highcharts have other charts models differentiate high or low level color? you can achieve coloring using lineargradient coloring: color: { lineargradient: { x1: 0, x2: 0, y1: 0, y2: 1 }, stops: [ [0, 'red'], [0.25, 'yellow'], [0.50, 'green'], [0.75, 'yellow'], [1, 'red'] ] } here 0 in stops relates minimum value of series , 1 maximum value, , in between percentages between values. if find percentages according values prior creating chart use correct stops values make relate specific values in data (at least approximately). see this jsfiddle example .
Read more

javascript - Enter key does not work in search box -

tried search guys sorry. input in search box doesnt work (or search) when hit enter when user clicks search button. doing wrong? here code. thanks. <script type="text/javascript"> $(document).ready(function() { $("#submit").click(function() { var url = "http://asla.org/awardssearch.html"; url += "?s=" + $('#googlecse').val(); window.location = url; }); $('#googlecse').keydown(function(event) { if (event.keycode == '13') { $("#submit").click(); } else { //do nothing :) } }); }); </script> <form class="navbar-form navbar-right" role="search"> <div class="search"> <input id="googlecse" type="text" onblur="if(this.value=='')this.value=this.defaultvalue;" onfocus="if(this.value==this.defaultvalue)t
Read more