Electron Login / Register etc

Question

I am pretty new to making Electron apps. After asking a question on Stack Overflow (Properly Using Electron) I followed the advice I was given and created a desktop application in Electron.

I have another app created in NodeJS that handles my database methods.

I am not sure where to start with this problem, as there are hundreds of options online, and I am not sure which ones suit my needs.

Should I:

• Have a client application made in Electron and a server made in NodeJS that handles the database
  OR
• Have a client application and connect to my database from Electron?

If I were to do it all in a client app, I think that would cause major security issues, so I am unsure what to do. The problem is as simple as creating a login/system application, but I have no idea how to incorporate it into Electron.

Where do I start? How do I approach this?

Answer 1

If all you need is a login and your server already manages the database I would keep this logic on the server. This is also something the answer to your previous question states.

• Your client sends a POST request containing the username, password over HTTPS (SSL encryption), this can happen in the renderer process.
• Your Server checks if the password and user are valid.
• Server returns your client if the authentification was valid, via token.
  • Either the main process (Electron-NodeJs) persists the token (File)
  • Or the Render process (Electron-Chromium) persists the token (Web Storage)

This is the most simple example which is neglecting advanced security concerns, if you want to make it more secure you definitely should look for general advise about web security like crypto-pbkdf2 and how to handle the tokens. But this is not electron specific.