Study note and activity record

          In previous post, we use default Session storage to test. However, it is not suitable in production stated by the developer. "Warning The default server-side session storage, MemoryStore , is purposely not designed for a production environment. It will leak memory under most conditions, does not scale past a single process, and is meant for debugging and developing.  "            In this post, I will use Redis (famous and widely-used in-memory store) as the storage of Session. We can also the module connect-redis in express-session npm package webpage . We modify the code(v2.3) in post Node.js use passport with LocalStrategy in Authentication Part 4 . It use session to use login user information and failure messages.             If you just follow the steps in connect-redis webpage and run, you will find connect error message in terminal. import { RedisStore } from "connec...

 PostgreSQL is a free, open-source relational database management system(RDBMS). It become more popular. Let's learn how to use it.  Download and postgreSQL from the official website .  If Visual Studio Code is used for development, we can install extension to have a GUI control panel for setting postgreSQL.           After setup, run the code in file database.sql inside folder usePostgreSQL of the source code stored in github to create table and insert test data.             We copy the code from post Node.js check authorization for protected api service/webpage . And modify file repository.js to extract data from postgreSQL database instead of from the array of object. node-postgres             We will use node-postgres module. We can go to this website to see the document. Type below command in terminal to install the module           npm...

           We have learnt authentication before but it is not enough for some applications. Some application also require to check each user's role in order to allow them to use a particular service. Take a company as scenario, engineer only has the right to submit a purchasing order of electronic components for development and department head has the right to approve/reject the order. Other engineer cannot approve/reject the order. We will implement the authorization in this post.          Below picture is the flow chart. First, the client has to login in order to reach the protected path. Then, the server will check the role of the user and the authorized right of that role. The request is served only if the role has the right to access the service. Flowchart of checking Authorization      We will use source code(v3.2) in post  Node.js use passport authentication in middleware  to modify. The final code o...

          Some webpages or api service were only valid to registered users, for example, the your favourite list of songs, your ordered record... etc. The server would check if the client is login before execute the service. In the post  Node.js use passport with LocalStrategy in Authentication Part 3 , we have learnt  req.isAuthenticated() to check the client inside the GET /secrets route. However, it may be tedious to add the same code in every route if we have many webpages, api service. Hence, we can use passport in middle ware.          The workflow is shown in below picture. We first group all the webpage/api service required authentication under the same path /api. All access to those webpage/api service will check the authentication. If the client is authenticated, the server pass the request to the final destined path.          The actual path of webpage/service : /api/pathA, /api/pathB, ...