I use the mongolab wrapper to access the data, but how can this be setup without exposing the api-key.
Is this wrapper only ever usefull for development?
thanks
You cannot protect a key inside an AngularJS application. Everything inside this application is sent to the client so easily accessible.
To protect your database, you need a custom API. You can use a service like Parse to create one easily or develop it yourself with frameworks like Express for Node.js or Flask for Python.
Related
I'm experimenting with these 2 technologies to make a secure web app [Currently learning React (60%) and Django (<50%). This is intended to be like a medical database, so doctors and nurses enters their patients' information. They need to login obviously. I wanted to implement React-based UI (And not using the classic method to create views from django), so I've found many tutorials just like this one:
https://www.digitalocean.com/community/tutorials/build-a-to-do-application-using-django-and-react
It basically turns Django into a restAPI, and then the React frontend uses axios to retrieve data from the endpoint. Sounds not bad at all (comparing to the native method of rendering data in a webpage from Django), but the problem is that I have no idea on how to make this secure, you know, Django provides an auth system, which is pretty good and secure, I have to say, but in a project with this structure, the auth needs to be done in React, so there many questions appear:
To start with, is it a good idea to make a project of this structure? (If no, then what could be a good one)
If it's a yes, how can I protect the API so only logged in users can interact with it? (What mechanisms to ensure protection)
Yes, this is absolutely a good idea to separate the client application and the backend server application.
You can access the backend through the rest api basically with any frontend framework/app/script.
Customers are able to extend their own applications with the abilities of your backend service.
You can create multiple different frontends that use the same backend or different parts of the same backend via the rest api (multi-branding, reselling). Or you can just swap the frontend framework every second year to a new one.
It's also easier to create different automations by using the rest api.
And the list goes on.
For django rest api auth I would recommend Token Authentication which is already included in the Django REST Framework and for React use this tutorial for implementing the login and the token handling.
And don't forget to use TLS on your servers, and create API documentation. (Example)
I'm building a React client and a REST server with Django REST framework, neither of which are something I'm particularly good at.
Anyway, on the client side, I find myself writing various calls to fetch, and managing the endpoints and content types, which seems dumb.
I noticed that I can use CoreAPI to build a schema of my API and somehow automagically make an API client.
Can I, and would it be sensible and straitforward, to somehow autobuild that client and inject it into my app, and then call it.
This sounds nice and feasible, but not sure how to go about it, thoughts?
Thanks.
The best library I have found for writing js client for DRF is https://github.com/tulios/mappersmith
I want to know how to work with angularjs without using a backend. I know the option of using $httpBackend and mock, but I want a real life example.
In my team we are considering the possibility of using an express server that simply works with JSON files (no database) If there is no alternative.
Any recommendations? Thanks in advance.
For tests or to begin work when the backend is not ready yet, I often use services to mock REST or SOAP API, such as: www.mockable.io.
Otherwise you can have a simple server to serve static JSON files.
I want to deploy my AngularJS app which access RESTful web-services onto an aws and I am wondering if I really need a server to serve my AngularJS files.
I can server them as static files or use something like NodeJS but do I really need one?
What are the advantages/dis-advantages of using a server in this scenario?
If your app is small, it's really not a problem if you only access to an API.
But if you want to login via other services where you have for example a public and secret token it's better to work with a server who use cache this datas from your users (maybe it's what your aws is doing).
If you want to access RESTFull Web Services from AWS, you need to put your angularjs files in a server.
The server will give access to resources, if the request is from http protocol. It will deny the request to serve if the protocol is file.
I've been looking for the best way to build a search web/ios/android application with user login and a REST Webservice. I have landed on CakePHP for the Website creation and REST api handling.
I would also use the RestKit API for iOS, and not sure for what RestAPI I'd use for Android.
I also want to be able to use OAuth-2.0 for communicating with Twitter/Facebook/Pinterest.
My Question:
Is there a way to use CakePHP and Parse.com together to handle all the user authentication, and would I need to separate data tables (one on parse.com and the other on another hosting service with CakePHP)?
I would like to keep everything at Parse.com if I could. Any help would be awesome!
I'm not familiar with CakePHP, but if you can completely ignore whatever DB/ORM comes with it by default, you can use Parse on your server and in client apps. There's an un-official PHP library you can use for the server, and they offer iOS and Android SDKs.