search

scttnlsn / backbone.io

Backbone.js sync via Socket.IO
http://scttnlsn.github.io/backbone.io
541 stars 66 forks source link

Authentication of requests #20

Closed samhatoum closed 12 years ago

samhatoum commented 12 years ago

Hello again. I'm stuck on a little issue and would love some guidance.

I'm trying to authenticate backbone.io reuqests to ensure users have access to the models they're trying to access.

I'm using http://passportjs.org to do authentication and I can see that it uses a cookie store do to it's thing on every request coming back.

I've implemented a new backend called authBackend, which will check incoming requests and allow/disallow. My problem is I'd like to send this auth cookie with every request. I can obviously put this on the model for every request, but I'm wondering if there's a better practise? It would be handy if there was a mechanism to send arbitrary "hints" to the back end on every request, that's outside of model messages. (I've hinted about this before :))

Thanks a million in advance.

Sam

scttnlsn commented 12 years ago

Are you using the session middleware? After a user authenticates you could indicate so in the session (req.session). Then create some kind of authorization middleware that checks the session before handling the request. The cookie is sort of the "hint" you speak of. See examples/auth.js.

Let me know if I'm not understanding your question correctly.

samhatoum commented 12 years ago

Thanks a lot, I think you got the question just fine.

I didn't think to look at those examples and forgot they existed. I shall study them in detail and post back here if I don't progress. I think all the parts I need are now present, I just need to lose a couple of nights sleep and I'll get there. Thanks!