How to create REST API with security token?

Wed Feb 08 2017 12:19:49 GMT+0100 (Central European Standard Time), Peter Širka

How to create REST API with security token?

Sometimes we need a simple security mechanism for our REST API and oftentimes we search complicated solutions, but why? The implementation of security token is so easy.

Definition files

Create a definition file tokens.js:

  • this definition file willhandle creating default tokens
  • database checks whether the token exists (Total.js +v2.4)
function create(token, name) {
    NOSQL('tokens').insert({ token: token, name: name, created: F.datetime }, true).where('token', token);
}

create('d88ad6cd-1112-4fc9-a20a-6ff75ed4d2da', 'Android');
create('5df4b659-bc1d-4e4d-9e37-0fa2ad70f8d1', 'iOS');

Create a definition file auth.js:

const SESSION = {};

F.onAuthorize = function(req, res, flags, callback) {

    // We read the X-Token header from the current request
    var token = req.headers['x-token'];
    if (!token)
        return callback(false);

    // We check whether the token exists in the current session
    if (SESSION[token]) {
        // Extends expiration time
        SESSION[token].ticks = F.datetime;
        return callback(true, SESSION[token]);
    }

    // Try to find the token in NoSQL database
    NOSQL('tokens').find().make(function(builder) {
        builder.where('token', token);
        builder.first();
        builder.callback(function(err, response) {
            if (response) {
                response.ticks = F.datetime;
                SESSION[token] = response; // We create a session
                callback(true, response);
            } else
                callback(false);
        });
    });
};

// Removes older sessions
F.on('service', function(counter) {
    if (counter % 5 !== 0)
        return;
    var ticks = F.datetime.add('-10 minutes');
    Object.keys(SESSION).forEach(function(token) {
        if (SESSION[token].ticks < ticks)
            delete SESSION[token];
    });
});

Usage

Now we can use our token mechanism in a controller, for example:

exports.install = function() {
    // `F.onAuthorize` will be called for each of the following routes
    F.route('/api/users/',    json_query, ['*User', 'authorize']);
    F.route('/api/products/', json_query, ['*Products', 'authorize']);    
    F.route('/api/orders/',   json_query, ['*Orders', 'authorize']);    
};

function json_query() {
    this.$query(this.query, this.callback());
}

Tags

Follow us

Latest blogs
Flow v6 is here!
Thu Mar 07 2019 11:53:54 GMT+0100 (Central European Standard Time)
A critical security fix
Wed Feb 13 2019 22:15:39 GMT+0100 (Central European Standard Time)
New release: Total.js v3.2
Wed Feb 13 2019 22:14:39 GMT+0100 (Central European Standard Time)
Total.js Wiki v2
Fri Jan 04 2019 22:15:01 GMT+0100 (Central European Standard Time)
Total Year 2018
Thu Jan 03 2019 21:14:00 GMT+0100 (Central European Standard Time)

Latest comments
Nice tip
Mauro Junior
Thu Sep 20 2018 21:41:02 GMT+0200 (Central European Summer Time)
Not only for Total.js. You can communicate with different websocket servers.
Peter Širka
Mon Apr 23 2018 20:08:20 GMT+0200 (Central European Summer Time)
Marko: you need to create a buffer with this codepage and write byte-to-byte string. I recommend ...
Peter Širka
Mon Apr 23 2018 20:06:21 GMT+0200 (Central European Summer Time)
Is WEBSOCKETCLIENT only for internal ws connections between totaljs apps?
Stelios Stephanua
Fri Mar 16 2018 06:04:22 GMT+0100 (Central European Standard Time)
Total.js is amazing! ;)
Leonardo Hessel
Tue Dec 19 2017 19:51:15 GMT+0100 (Central European Standard Time)

Pixabay


Read more

Flow v6 is here!

News: We have released a new version of Flow. This version brings great new features and UI improvements.

Thu Mar 07 2019 11:53:54 GMT+0100 (Central European Standard Time)
A critical security fix

News: We were notified about the critical security bug in Total.js framework. Read a prevention.

Wed Feb 13 2019 22:15:39 GMT+0100 (Central European Standard Time)
New release: Total.js v3.2

News: This new release brings a critical security fix and small new improvements. Update Total.js now.

Wed Feb 13 2019 22:14:39 GMT+0100 (Central European Standard Time)
Total.js Wiki v2

Products: I have released a new version of Total.js Wiki. New version brings new improvements.

Fri Jan 04 2019 22:15:01 GMT+0100 (Central European Standard Time)
Total Year 2018

Business: Last year was perfect for Total.js platform. Total.js platform grows up and it has great results.

Thu Jan 03 2019 21:14:00 GMT+0100 (Central European Standard Time)
Total.js Code Editor v1

Products: Try our real-time collaboration tool for Total Developers. Code Editor offers great features for development.

Fri Dec 07 2018 22:55:13 GMT+0100 (Central European Standard Time)