Menu
I'm creating API for our frontend and I have trouble finding easiest solution for basic Node.js/Express authorization needs. I already have authentication in place, but I want to secure specific API routes.
Example case: user can only fetch (and edit) it's own profile so he can't fetch someone else's just providing email address
I've read about sessions and I've read about JWT. Not really sure which way to go - I don't need anything fancy, just something that will protect users data from being fetched by unauthorized users.
I'm using MariaDB and local authentication strategy (email/password).
336
If you have local authentication strategy already implemented, I'll add JWT for the API resources you want to protect. It's quite easy with passport libraries.
With JWT you can get the user that is sending the request and make all the security checks you need.
127
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
