Validation, Authentication and Authorization-JS Tutorial-php.cn

Home

Web Front-end

JS Tutorial

Validation, Authentication and Authorization

Linda Hamilton

Jan 17, 2025 am 02:35 AM

Validation, Authentication and Authorization

Content Overview

This article expands on a previous tutorial covering basic CRUD API creation with Express.js, focusing on crucial security aspects: validation, authentication, and authorization. We'll build upon the previous example, so familiarity with that material is recommended. The complete project is available on GitHub (link provided below).

Key Concepts

Validation: Ensuring user-provided data conforms to predefined rules and standards. This is paramount for security, preventing vulnerabilities like SQL injection. Several resources highlight the importance of robust validation (links provided below).
Authentication: Verifying a user's identity. This typically involves checking credentials (e.g., username/email and password) against stored records.
Authorization: Determining what actions a user is permitted to perform. This controls access to resources based on user roles and permissions.

Implementing Validation

We'll create validation functions for name, amount, and date fields:

name: String, non-empty, 10-255 characters.
amount: Number or numeric string, positive, non-empty.
date: String, optional (defaults to current date if omitted), YYYY-MM-DD format.

These functions (located in validations.js) utilize type checking and basic format validation. More comprehensive validation (e.g., date range checks) could be added.

// validations.js (excerpt)
const isString = (arg) => typeof arg === "string";
const isNumber = (arg) => !isNaN(Number(arg));

function isValidName(name) { /* ... */ }
function isValidAmount(amount) { /* ... */ }
function isValidDate(date) { /* ... */ }

module.exports = { isValidName, isValidAmount, isValidDate };

Adding Authentication and Authorization

For demonstration, we'll use in-memory data storage (an array of objects) for users and expenses. This is not suitable for production.

The data.js file stores user and expense data:

// data.js (excerpt)
let users = [
    { id: "...", email: "...", password: "..." }, //Example User
    // ...more users
];

let expenditures = [
    { id: "...", userId: "...", name: "...", amount: ..., date: "..." }, //Example Expense
    // ...more expenses
];

module.exports = { expenditures, users };

Signup Endpoint (/users/signup)

This endpoint creates new users. It validates email and password, checks for email duplicates, generates a UUID, and (for this demo only) stores the raw password. A base64 encoded authentication token (email:UUID) is returned. Password hashing is omitted for simplicity but is crucial in a production environment.

Login Endpoint (/users/login)

This endpoint authenticates existing users. It validates credentials and returns a base64 encoded authentication token if successful.

Protected Endpoints

To protect endpoints (e.g., /expenditures), we'll require an authentication token in the request headers (Authorization header). The token is decoded, the user is verified, and only the user's own data is returned.

// validations.js (excerpt)
const isString = (arg) => typeof arg === "string";
const isNumber = (arg) => !isNaN(Number(arg));

function isValidName(name) { /* ... */ }
function isValidAmount(amount) { /* ... */ }
function isValidDate(date) { /* ... */ }

module.exports = { isValidName, isValidAmount, isValidDate };

Conclusion

This article provided a basic introduction to validation, authentication, and authorization in a Node.js/Express.js API. Remember that the security measures demonstrated here are simplified for educational purposes and should not be used in production systems. Production-ready applications require robust password hashing, secure token management (JWTs are recommended), and database integration.

Resources

(Remember to replace the bracketed placeholders with actual links.)

The above is the detailed content of Validation, Authentication and Authorization. For more information, please follow other related articles on the PHP Chinese website!

Statement

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

JavaScript Comments: A Guide to Using // and /* */May 13, 2025 pm 03:49 PM

JavaScriptusestwotypesofcomments:single-line(//)andmulti-line(//).1)Use//forquicknotesorsingle-lineexplanations.2)Use//forlongerexplanationsorcommentingoutblocksofcode.Commentsshouldexplainthe'why',notthe'what',andbeplacedabovetherelevantcodeforclari

Python vs. JavaScript: A Comparative Analysis for DevelopersMay 09, 2025 am 12:22 AM

The main difference between Python and JavaScript is the type system and application scenarios. 1. Python uses dynamic types, suitable for scientific computing and data analysis. 2. JavaScript adopts weak types and is widely used in front-end and full-stack development. The two have their own advantages in asynchronous programming and performance optimization, and should be decided according to project requirements when choosing.

Python vs. JavaScript: Choosing the Right Tool for the JobMay 08, 2025 am 12:10 AM

Whether to choose Python or JavaScript depends on the project type: 1) Choose Python for data science and automation tasks; 2) Choose JavaScript for front-end and full-stack development. Python is favored for its powerful library in data processing and automation, while JavaScript is indispensable for its advantages in web interaction and full-stack development.

Python and JavaScript: Understanding the Strengths of EachMay 06, 2025 am 12:15 AM

Python and JavaScript each have their own advantages, and the choice depends on project needs and personal preferences. 1. Python is easy to learn, with concise syntax, suitable for data science and back-end development, but has a slow execution speed. 2. JavaScript is everywhere in front-end development and has strong asynchronous programming capabilities. Node.js makes it suitable for full-stack development, but the syntax may be complex and error-prone.

JavaScript's Core: Is It Built on C or C ?May 05, 2025 am 12:07 AM

JavaScriptisnotbuiltonCorC ;it'saninterpretedlanguagethatrunsonenginesoftenwritteninC .1)JavaScriptwasdesignedasalightweight,interpretedlanguageforwebbrowsers.2)EnginesevolvedfromsimpleinterpreterstoJITcompilers,typicallyinC ,improvingperformance.

JavaScript Applications: From Front-End to Back-EndMay 04, 2025 am 12:12 AM

JavaScript can be used for front-end and back-end development. The front-end enhances the user experience through DOM operations, and the back-end handles server tasks through Node.js. 1. Front-end example: Change the content of the web page text. 2. Backend example: Create a Node.js server.

Python vs. JavaScript: Which Language Should You Learn?May 03, 2025 am 12:10 AM

Choosing Python or JavaScript should be based on career development, learning curve and ecosystem: 1) Career development: Python is suitable for data science and back-end development, while JavaScript is suitable for front-end and full-stack development. 2) Learning curve: Python syntax is concise and suitable for beginners; JavaScript syntax is flexible. 3) Ecosystem: Python has rich scientific computing libraries, and JavaScript has a powerful front-end framework.

JavaScript Frameworks: Powering Modern Web DevelopmentMay 02, 2025 am 12:04 AM

The power of the JavaScript framework lies in simplifying development, improving user experience and application performance. When choosing a framework, consider: 1. Project size and complexity, 2. Team experience, 3. Ecosystem and community support.

See all articles

Hot AI Tools

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress images for free

Clothoff.io

AI clothes remover

Video Face Swap

Swap faces in any video effortlessly with our completely free AI face swap tool!

Hot Article

Roblox: Grow A Garden - Complete Mutation Guide

3 weeks agoByDDD

How to fix KB5055612 fails to install in Windows 10?

3 weeks agoByDDD

Roblox: Bubble Gum Simulator Infinity - How To Get And Use Royal Keys

3 weeks agoBy尊渡假赌尊渡假赌尊渡假赌

Mandragora: Whispers Of The Witch Tree - How To Unlock The Grappling Hook

3 weeks agoBy尊渡假赌尊渡假赌尊渡假赌

Nordhold: Fusion System, Explained

3 weeks agoBy尊渡假赌尊渡假赌尊渡假赌

Hot Tools

PhpStorm Mac version

The latest (2018.2.1) professional PHP integrated development tool

DVWA

Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is very vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, to help web developers better understand the process of securing web applications, and to help teachers/students teach/learn in a classroom environment Web application security. The goal of DVWA is to practice some of the most common web vulnerabilities through a simple and straightforward interface, with varying degrees of difficulty. Please note that this software

SublimeText3 Chinese version

Chinese version, very easy to use

SecLists

SecLists is the ultimate security tester's companion. It is a collection of various types of lists that are frequently used during security assessments, all in one place. SecLists helps make security testing more efficient and productive by conveniently providing all the lists a security tester might need. List types include usernames, passwords, URLs, fuzzing payloads, sensitive data patterns, web shells, and more. The tester can simply pull this repository onto a new test machine and he will have access to every type of list he needs.

Dreamweaver Mac version

Visual web development tools

Hot Topics

1668

1426

1328

1273

1256