Understanding how to use NodeJS to create a simple backend

Question

I have been trying to develop a rather simple server in nodejs. Basically, what I am going for is a simple API that requires authentication (simple username/password style). What I do not need is any kind of frontend functionality (templating etc.). My problem is, I can't seem to get my head around the approach of express/node.

Specifically, my questions are:

• How do I wire in the authentication? Do I pass several handlers into every route that requires authentication, or is there a more elegant way to do this?
• How does the Express middleware (like app.use(express.bodyParser())) work? Do they alter contents of the request or response object? Specifically, if I use the body parser (internally formidable?), where do I access the request data this is supposed to parse?
• When using authentication and I have, say, credentials stored in a database with more information about the individual client associated, at what point do I extract that information? I.e., when a user logs in, do I fetch the user record on login and pass it on, or do I fetch it in every handler that requires the information?
• Ultimately, do you know of an open source application that I could take a look at? I'd like to see something that has simple authentication and maybe even utilizes formidable, since uploading a file is one of my requirements.

As I mentioned earlier, I believe my problem is ultimately a difficulty with the function-oriented approach in node (also, I have rather limited experience in webservice programming). If you know a resource where I could read up on how to approach architecting a nodejs app, please don't hesitate to point me to it.

Answer 1

How do I wire in the authentication? Do I pass several handlers into every route that requires authentication, or is there a more elegant way to do this?

You should use the session middleware. Here is some pseudo code:

var http = require('http');
var app = express();

var authorize = function(req, res, next) {
    if(req.session && req.session.appname && req.session.appname === true) {
        // redirect to login page
        return;
    }
    next();
}

app.use(express.session());
app.all('/admin*', authorize, function(req, res, next) {

});

How does the Express middleware (like app.use(express.bodyParser())) work? Do they alter contents of the request or response object? Specifically, if I use the body parser (internally formidable?), where do I access the request data this is supposed to parse?

Every middleware have an access to the request and response object. So, yes, it modifies it. Normally attach properties to it. This means that inside your handler (which is also a middleware) you may write:

if(req.body && req.body.formsubmitted && req.body.formsubmitted === 'yes') {
    var data = {
        title: req.body.title,
        text: req.body.text,
        type: req.body.type
    }
    // store the data
}

When using authentication and I have, say, credentials stored in a database with more information about the individual client associated, at what point do I extract that information? I.e., when a user logs in, do I fetch the user record on login and pass it on, or do I fetch it in every handler that requires the information?

I think that you should do the things the same way as in any other server side language. Keep the state of the user (logged/not-logged) inside a session. You may also keep the user's id and fetch the data for him whatever you need. It depends of your case, but you have the ability to cache information. Because node is not like PHP for example, I mean it's not dieing.

Ultimately, do you know of an open source application that I could take a look at? I'd like to see something that has simple authentication and maybe even utilizes formidable, since uploading a file is one of my requirements.

Yep. I wrote an article about really simple MVC web site with admin panel. It is available here. And the code of it is here.