Authorization in Node.js, all you need to know

Adeyemi Ibrahim — Tue, 21 Mar 2023 13:39:08 +0000

What is authentication & authorization

Authentication and authorization are used in security, particularly when it comes to getting access to a system. Yet, there is a significant distinction between gaining entry into a house (authentication) and what you can do while inside (authorization).

In simple words, Authentication is the process of verifying who a user is (who you are), and  Authorization is the process of verifying what they have access to (what you are allowed to do).

Authorization is the process of allowing authenticated users access to resources by determining whether they have system access permissions. By giving or denying specific licenses to an authenticated user, authorization enables you to control access privileges.
So, authorization occurs after the system authenticates your identity, granting you complete access to resources such as information, files, databases, funds, places, and anything else. That said, authorization affects your capacity to access the system and the extent to which you can do so

Authorization is a critical component of any web application, as it controls access to various resources based on user roles and permissions. Node.js is a popular platform for building web applications, and there are various approaches to implement authorization in Node.js applications. Here is all you need to know about authorization in Node.js.

Types of Authorization

There are generally two types of authorization:

Role-based Authorization: In this type of authorization, access is granted or denied based on the user's role or job function.
Permission-based Authorization: In this type of authorization, access is granted or denied based on the specific permissions granted to the user.

Implementing Authorization in Node.js

const authorize = (req, res, next) => {
  if (!req.user || !req.user.permissions.includes('view_data')) {
    return res.status(401).json({ error: 'Unauthorized' });
  }
  next();
};

const getData = (req, res) => {
  const data = { /* data */ };
  res.json(data);
};

// /data route that requires authorization
app.get('/data', authorize, getData);

This code defines a middleware function called authorize that checks if the user is authenticated and has the required permissions to access the resource. If not, the middleware returns a 401 Unauthorized error. It then defines a route handler function called getData that retrieves data from a data source and returns it to the client.

Finally, it uses the authorize middleware function to restrict access to the getData route handler function. This means that only authenticated users with the required permissions can access the /data route and retrieve data. In conclusion, this example demonstrates how to implement authorization using middleware functions in Node.js to ensure that users have the appropriate access to specific resources or functionalities based on their identity and permissions.

How to create Nodejs server without an external package

Adeyemi Ibrahim — Mon, 13 Feb 2023 16:09:42 +0000

In this post we will just move into Nodejs fundamental by creating a Nodejs server without the use of any external packages like Express, Mongoose or other third party libraries to implement our functionality.

We start by building a raw HTTP Nodejs with no framework , no npm and no package.json but with the use of a terminal(Gitbash or any terminal of your choice) and an editor(VScode or any editor of your choice) by using Javascript and nodejs as our runtime.

HTTP :

http in Nodejs is an inbuilt module that provide an interface to create HTTP(clients or server) that communicate with other HTTP(clients or server) via HTTP protocols.

Therfore we will build a server that will

import module
create a server instance
listen to the server

Creating a HTTP server

First, we need set up an accessible coding enviroment. in the terminal create a folder called 01-Server.

 $ mkdir 01-server

Then, open/enter the folder

$ cd 01-server

Now, create a js file that you will type the code.

$ touch httpserver.js

Then, open the file

$ nano httpserver.js

Import Module

There are many inbuit module in Nodejs apart from 'http' like 'os', 'fs', 'path', and many more but our main focus is on 'http'.
So in other for we to use 'http' we must require the 'http' module.

      const http = require("http");

Creating a Server Instance

Creating a server from the imported module then callback/invoke the function.

       const server = http.createServer();

createServer has another argument it takes in a call back function which has to run everytime a request comes in to our server. Inside the callback function, we have access to two different type of object: Requestreq and Responseres object. The request object is full of information about the url requested. Other information on the request type are GET, PUT, POST, DELETE. While the responseres object is the object we use to send a object to the user

      const server = http.createServer((req,res)=>{
             console.log("request made to the server");
});

Listen to Server Request

For the server to listen to the request, we have to define two constants, the host and the port which will be pass in as an arguement into our server.

     const host = "localhost";
     const port = 5757;

The value of the local host is 127.0.0.1 and its only available to all local computer while the port numbers are like a door into our computer. Therefore, when we bind our server to this host and port, we'll be able to reach our server on https://localhost:5757

    server.listen(port, host,()=> {
       console.log("server ✌✌✌ is running on a port 5757");
    });

How to run Nodejs on our terminal

Press Ctrl J if you are using VScode to open the terminal

USER@DESKTOP-IK7TQLK MINGW64 ~/Desktop/01-Server
$

Then, collecting all our codes together we have

   const http = require("http");

   const server = http.createServer((req,res)=>{
         console.log("request made to the server");
   });

   const host = "localhost";
   const port = 5757;

   server.listen(port, host,()=> {
          console.log("server ✌✌✌ is running on a port 5757")
   });

Now, we run our code on the terminal using node httpserver.js or node httpserver where httpserver.js is the name of our js file created

USER@DESKTOP-IK7TQLK MINGW64 ~/Desktop/01-Server
$ node httpserver.js

USER@DESKTOP-IK7TQLK MINGW64 ~/Desktop/01-Server
$ node httpserver.js
server ✌✌✌ is running on a port 5757

Now, we see server ✌✌✌ is running on a port 5757 which is in our console.log("server ✌✌✌ is running on a port 5757"). This shows that this server is actively running and listening to request on localhost:5757.

Then, we go to the browser to send a request using localhost:5757 or 127.0.0.1:5757. Our browser keep loading without any response but checking our terminal which shows request made to the server

USER@DESKTOP-IK7TQLK MINGW64 ~/Desktop/01-Server
$ node httpserver.js
server ✌✌✌ is running on a port 5757
request made to the server

From our server instance, whenever a request is being made to the server print request made to the server

      const server = http.createServer((req,res)=>{
             console.log("request made to the server");
});

Now, we've have successfully create a server with Nodejs

REQUEST AND RESPONSE

Now, lets create a server using that will log a request and send back a response

const http = require("http");
  const server = http.createServer((req,res)=>{
     console.log("Request made");

   if (req.url=="/") {
    res.writeHead(200, "Content-Type", "text/html");
    res.write("<h1>Welcome</h1>");
    res.end();
} else if (req.url == "/login") {
    res.writeHead(201, "Content-Type", "text/html");
    res.write("<h1>LOGIN SUCCESSFULLY</h1>");
    res.end();
} else {
    res.writeHead(404, "Content-Type","text/plain");
    res.write("PAGE NOT FOUND");
    res.end();
}
});
 const host = "localhost";
 const port = 5757;

 server.listen(port, host,(req, res) =>{
  console.log("server is up and running 🏃‍♂️🏃‍♂️🏃‍♂️");
});

DEV Community: Adeyemi Ibrahim