Book Image

RESTful Web API Design with Node.js 10 - Third Edition

By : Valentin Bojinov
Book Image

RESTful Web API Design with Node.js 10 - Third Edition

By: Valentin Bojinov

Overview of this book

When building RESTful services, it is really important to choose the right framework. Node.js, with its asynchronous, event-driven architecture, is exactly the right choice for building RESTful APIs. This third edition of RESTful Web API Design with Node.js 10 will teach you to create scalable and rich RESTful applications based on the Node.js platform. You will be introduced to the latest NPM package handler and understand how to use it to customize your RESTful development process. You will begin by understanding the key principle that makes an HTTP application a RESTful-enabled application. After writing a simple HTTP request handler, you will create and test Node.js modules using automated tests and mock objects; explore using the NoSQL database, MongoDB, to store data; and get to grips with using self-descriptive URLs. You’ll learn to set accurate HTTP status codes along with understanding how to keep your applications backward-compatible. Also, while implementing a full-fledged RESTful service, you will use Swagger to document the API and implement automation tests for a REST-enabled endpoint with Mocha. Lastly, you will explore some authentication techniques to secure your application.

Related Content you might be interested in

Current Title:

Small book image
RESTful Web API Design with Node.js 10 - Third Edition
Valentin Bojinov
Apr, 2018 | 178 pages
Small book image
Hands-On RESTful Web Services with TypeScript 3
Biharck Muniz Arajo
Mar, 2019 | 470 pages
Small book image
RESTful Java Web Services
Jobinesh Purushothaman | Balachandar Bogunuva Mohanram
Nov, 2017 | 420 pages
Small book image
Learn Node.js by Building 6 Projects
Eduonix Learning Solutions
Mar, 2018 | 310 pages
Table of Contents (16 chapters)
Title Page
Title Page
Copyright and Credits
Copyright and Credits
Packt Upsell
Packt Upsell
Contributors
Contributors
Preface
Preface
Free Chapter
1
REST – What You Did Not Know
REST – What You Did Not Know
REST fundamentals
The REST goals
Working with WADL
Documenting RESTful APIs with Swagger
Summary
2
Getting Started with Node.js
Getting Started with Node.js
Installing Node.js
Installing the Express framework and other modules
Setting up a development environment
Handling HTTP requests
Modularizing code
Testing Node.js
Deploying an application
Self-test questions
Summary
3
Building a Typical Web API
Building a Typical Web API
Specifying the API
Implementing routes
Querying the API using test data
Content negotiation
API versioning
Self-test questions
Summary
4
Using NoSQL Databases
Using NoSQL Databases
MongoDB – a document store database
Database modeling with Mongoose
Testing a Mongoose model with Mocha
Creating a user-defined model around a Mongoose model
Wiring up a NoSQL database module to Express
Self-test questions
Summary
5
Restful API Design Guidelines
Restful API Design Guidelines
Endpoint URLs and HTTP status codes best practices
Extensibility and versioning
Linked data
Summary
6
Implementing a Full Fledged RESTful Service
Implementing a Full Fledged RESTful Service
Working with arbitrary data
Linking
Implementing paging and filtering
Caching
Discovering and exploring RESTful services
Summary
7
Preparing a RESTful API for Production
Preparing a RESTful API for Production
Documenting RESTful APIs
Testing RESTful APIs with Mocha
The microservices revolution
Summary
8
Consuming a RESTful API
Consuming a RESTful API
Consuming RESTful services with jQuery
Troubleshooting and identifying problems on the wire
Cross Origin Resource Sharing
Content Delivery Networks
Handling HTTP status codes on the client side
Summary
9
Securing the Application
Securing the Application
Authentication
Authorization
Transport layer security
Summary
Other Books You May Enjoy
Other Books You May Enjoy
Leave a review - let other readers know what you think
Index
Index

Authorization

So far, the catalog data service uses basic authentication to protect its routes from unknown users; however, a catalog application should allow only few white-listed users to modify the items inside the catalog. To restrict access to the catalog, we will introduce the concept of authorization, that is, a subset of authenticated users, with appropriate permission allowed.

When Passport's done() function is invoked to authenticate a successful login, it takes as an argument a user instance of the user that has been granted authentication. The done() function adds that user model instance to the request object, and, in this way, provides access to it via the request.user property, after successful authentication. We will make use of that property to implement a function performing the authorization check after successful authentication:

function authorize(user, response) {
  if ((user == null) || (user.role != 'Admin')) {
    response.writeHead(403, { 'Content-Type' : 
    'text...
Previous Section
End of Section 3
Next Section