Study note and activity record

 PostgreSQL is a free, open-source relational database management system(RDBMS). It become more popular. Let's learn how to use it.  Download and postgreSQL from the official website .  If Visual Studio Code is used for development, we can install extension to have a GUI control panel for setting postgreSQL.           After setup, run the code in file database.sql inside folder usePostgreSQL of the source code stored in github to create table and insert test data.             We copy the code from post Node.js check authorization for protected api service/webpage . And modify file repository.js to extract data from postgreSQL database instead of from the array of object. node-postgres             We will use node-postgres module. We can go to this website to see the document. Type below command in terminal to install the module           npm...

           We have learnt authentication before but it is not enough for some applications. Some application also require to check each user's role in order to allow them to use a particular service. Take a company as scenario, engineer only has the right to submit a purchasing order of electronic components for development and department head has the right to approve/reject the order. Other engineer cannot approve/reject the order. We will implement the authorization in this post.          Below picture is the flow chart. First, the client has to login in order to reach the protected path. Then, the server will check the role of the user and the authorized right of that role. The request is served only if the role has the right to access the service. Flowchart of checking Authorization      We will use source code(v3.2) in post  Node.js use passport authentication in middleware  to modify. The final code o...

          Some webpages or api service were only valid to registered users, for example, the your favourite list of songs, your ordered record... etc. The server would check if the client is login before execute the service. In the post  Node.js use passport with LocalStrategy in Authentication Part 3 , we have learnt  req.isAuthenticated() to check the client inside the GET /secrets route. However, it may be tedious to add the same code in every route if we have many webpages, api service. Hence, we can use passport in middle ware.          The workflow is shown in below picture. We first group all the webpage/api service required authentication under the same path /api. All access to those webpage/api service will check the authentication. If the client is authenticated, the server pass the request to the final destined path.          The actual path of webpage/service : /api/pathA, /api/pathB, ...

         I'm going to demonstrate how to use Bearer Strategy and jsonwebtoken in this post. The workflow is shown as below picture. The client need to login first and get the token from the server. Then the client request another API service while embedded the token in the http request header. The server verify the token and respond the result to the client. The jsonwebtoken can encode a little information into the token, like user id and username (those isn't sensitive data). The jsonwebtoken can decode back the information on server side. We do not use Session to store in this example because the token also acts as authentication check.           Starting with the code using passport with LocalStrategy and custom callback(v1.2) , we first install the Bearer Strategy and token generator module.                     npm install passport-http-bearer      ...