How to deal with authorization in Node.js?

E

evg_962017-09-23 16:08:35

Node.js

evg_96, 2017-09-23 16:08:35

I am taking a course from learn.js.ru to node.js (offline).
I got to the lesson about authorization, which specifically explains how to work with passport.js.
Before this lesson, it seemed to me that all the topics were difficult, but now it seems to me that everything before this was baby talk.
In general, I have no idea how to understand this topic.
The author of the course immediately began to show the code divided into ~ 10 modules ... some kind of sessions, working with mongoose, serialization, deserialization, cryptography, strategies, working with passport, etc.
For 40 minutes of broadcasting, I did not understand anything at all, absolutely nothing. The first time is such that I am generally confused and did not understand anything.
I tried to look for other tutorials in Russian, videos, articles, but I didn’t find anything worthwhile, infa is practically absent.
I do not know what to do. In reality, hands are already falling, xs how to move forward. The stupor is concrete.
How to deal with all this?

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

A

Abcdefgk, 2017-09-24
@Abcdefgk

Well, they intimidated a person - cryptography-cryptography.
The passport module is a ready-made module for that, that it will do all this cryptography-schmiptography itself. You just need to master a few points.
1. Install and configure the express-session and coockie-parser modules in the project
Without them, passport will not work - and what will be the point of its work if it enters the session and writes the user after registration.authorization? ("session" is a special sub-object in the request object - req.session - where passport itself enters the user sub-object after authorization)
2. Understand that passport is a general module that ensures the operation of additional modules that contain, just, all sorts of different authorization strategies - a local strategy, via Facebook (passport-facebook), via Google (passport-google-oauth) and etc.
3. For authorizations through social networks, in each case you need to figure out how to create "applications" in them - from there, for strategies, you will need to take the user ID and Key that these additional modules will request.
4. One large module file for authorization is created - like auth.js - where the passport itself is requested, plus the necessary (optional) strategies are requested. The top of the file looks like this:
var passport = require('passport')
, FacebookStrategy = require('passport-facebook').Strategy
, GoogleStrategy = require('passport-google-oauth').OAuth2Strategy;
and for each of the strategies, code is written, which is already all in the documentation of the passport module - you need to take it from there and, of course, figure it out. Not in cryptography-scriptogravity, but in this particular code.
(Well, study the book carefully - I said in another place which one)

D

Decadal, 2017-09-23
@Decadal

I think the author of the lessons assumed that the students already have some knowledge in the background, because the explanation of each individual topic that you voiced will take a lot of time.
Stop at this lesson, get acquainted separately with the session mechanism, separately with password encryption, and work with the database, and then go through it again