I'm a client-side guy that just stepped into the world of server-side javascript. I've got this idea about how I think I want to build my first Nodejs application. I want a server-side that pretty much only serves an empty shell and lots of JSON. I want to put the rest of the logic in a Backbone.js-equipped front-end.
So I quick whipped up a small application (code in the bottom) and I've got a few questions.
Are session variables safe? Can I use session variables to store an user identifier that I later read to fetch sensitive date. Is it possible to modify sessions variables so that, in my case, one user could get hold of another user's data?
Does it make sense to serve JSON in the way I'm doing it on my '/profile' route. In my application there will be a lot of routes just like that one. Routes that fetch something from the database and serves them as JSON to the client.
Looking at my code, do you have any tips or tricks? Things I should do differently. Modules I probably should have a look at?
Does my idea of an almost JSON-only backend makes sense?
My application below.
var facebook = {
'appId' : "my app id",
'appSecret' : "my app secret",
'scope' : "email",
'callback' : "http://localhost:2000/"
}
var express = require('express');
var MongoStore = require('connect-mongo');
var auth = require('connect-auth')
var UserProvider = require('./providers/user').UserProvider;
var app = module.exports = express.createServer();
// Configuration
app.configure(function(){
app.set('views', __dirname + '/views');
app.set('view engine', 'jade');
app.use(express.bodyParser());
app.use(express.methodOverride());
app.use(express.cookieParser());
app.use(auth([auth.Facebook(facebook)]));
app.use(express.session({secret: 'my secret',store: new MongoStore({db: 'app'})}));
app.use(express.compiler({ src: __dirname + '/public', enable: ['less'] }));
app.use(app.router);
app.use(express.static(__dirname + '/public'));
});
app.configure('development', function(){
app.use(express.errorHandler({ dumpExceptions: true, showStack: true }));
});
app.configure('production', function(){
app.use(express.errorHandler());
});
// Providers
var UserProvider = new UserProvider('localhost', 27017);
// Routes
app.get('/', function( request, response ) {
if( !request.session.userId ) {
request.authenticate(['facebook'], function(error, authenticated) {
if( authenticated ) {
request.session.userId = request.getAuthDetails().user.id;
}
});
}
response.render( 'index.jade' );
});
app.get('/profile', function( request, response ) {
response.contentType('application/json');
if( request.session.userId ){
UserProvider.findById( request.session.userId, function( error, user ){
var userJSON = JSON.stringify( user );
response.send( userJSON );
});
} else {
response.writeHead(303, { 'Location': "/" });
}
});
app.get('/logout', function( request, response, params ) {
request.session.destroy();
request.logout();
response.writeHead(303, { 'Location': "/" });
response.end('');
});
app.listen(2000);
console.log("Express server listening on port %d in %s mode", app.address().port, app.settings.env);
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 迷人小祖宗 的文章《How to structure a Node, Express, Connect-Auth and》','https://www.manongdao.com/article-530732.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}