We are creating an integration between https://retreaver.com/integrations and a nestjs server running on a cloud function.
What methodology is best suited for nestjs integrations authentication?
What methodology is best suited for nestjs on cloud functions authentication?
I am assuming to just use a token authentication or something simple. but I am not sure at all! ( I have no idea where to look for this authentication piece, I looked at multiple youtube videos but I have not come across anything good )
I am following the following tutorial for learning nestJs:: https://www.youtube.com/watch?v=Mgr5_r70OJQ
I looked around for similar questions but I didn't see anything close to what I was looking for. the only related question is the one below but there is no answer at the moment::
NestJS authentication: how to globally pass UserId to CRUD endpoints?
example of nestjs on cloud function :: https://www.youtube.com/watch?v=ZmfDlUAokYc
Any advise or guidance is greatly appreciated!
There are several ways an app can authenticate its users and restrict access to only authorized users.To learn more about the various methods to authenticate users, see the Authentication concepts section.
In order to integrate a NestJS app to serverless cloud functions, you may create a wrapper Express function and pass it to functions-framework, check the thread for details on the same.There is also a good example describing the setup for the nest.js and cloud functions.
I would also recommend to check the below for more information:
Developing a secure api with nestjs adding authorization
How to create a nestjs app with authentication
Related
I am developing a chat app application using React native. As a database, I also want to include mysql in my secure messaging project. For this, end-to-end encryption is required. Can you give me an idea of how to do it?
You can use something like: https://www.npmjs.com/package/hybrid-crypto-js for your encryption and decryption. And in order to achieve real time chatting you can use https://socket.io/ You shouldn't store private keys in your database, these should be kept secret on each device, say in AsyncStorage in case of react native. Messages should be stored on the device (like whatsapp) or encrypted in your database.
My advice is try each package on its own then integrate them together, you can start by implementing a basic chat using socket.io then try to encrypt and decrypt the messages. Follow this article for details: https://dev.to/kris/buiding-chat-app-with-react-native-and-socket-io-4p8l
I've recently begun developing with NodeJS and ElectronJS to create some pretty nifty cross platform software. I want to take it a step further and integrate some database functionality.
While I'm aware that there are mysql packages available to install, I cringe at the idea that anybody can just unpack my asar.app file and see all of the connection details, including username, password, database name, table name, and other sensitive content that you really don't want to expose to people clever enough to break into your app's source code.
I've tried searching extensively on solutions to this problem, which I was surprised to find very little about. How do WhatsApp and Slack secure connections to their database if they were also built with ElectronJS?
Any and all resources are greatly appreciated. I basically want to be able to connect to a production server SQL database in an ElectronJS app without leaving some security backdoor to anybody who cracks the ASAR file.
Thank you!!
For this scenario, I suggest you to use a RESTful web service architecture. Basically you need 3 component, RESTful web back end, client application(your electron) and the database service( see the following image ; source:phppot.com) .For this I suggest you to use nodeJS backend and create a webservice using expressJS . You can define Restful (GET, POST,UPDATE, DELETE) API for each services.
For ex: To get some data from your db, you can send a GET request to the following path <yourdomain>:<port>/api/v1/getyoursomthin using your electron app. Your express app process the request and get the relevant data from the data from the database (Tutorial). So your app can get the respond from the server and display to the user. I will add link to some tutorials. You can find and learn more by google :)
Web: Build a simple app using Node JS and MySQL.
Express.js Tutorial: Build RESTful APIs with Node and Express
( source:phppot.com)
I am building a workflow engine using camunda. I have made progress on it. But I want to make its admin panel such that it take authentication from OKTA where my other apps are present. I don't want to have separate username and passwords specific to camunda. I have no idea how to do that. Please give some ideas to achieve it.
Thanks
I do not know OKTA, but the general way of telling camunda do use a different Identity Management than the database default is to exchange the IdentityProvider. Its documented here for LDAP and should work similar for OKTA (though you'd have to write your own OKTA Provider for it).
A more reusable approach would be to use spring security with camunda and integrate OKTA with spring security ...
I have two applications one is a business process management (BPM) & the other is a document management system (DMS) , both systems exposes web services to enable integration with other systems. Both system provide a master login username and password to provide JSON API Authentication. for example to start a process ("process1") inside the BPM ; the DMS can send the following API call
/jw/web/json/workflow/process/start/process1?master_username=BPMadmin&master_password=982716171717&loginAS=currentusername
and same apply for calling DMS web services.
The limitation in this security approach is that i am unable to call any of the DMS or the BPM web services using JavaScript and consume the returned JSON using javaScript, since if i follow the javaScript approach i will be exposing the master_username & master_password to the end users and they can manually modify the LoginAs parameter to other usernames and perform actions they are not authorized to do.
so my questions are:-
Can i make the web service calls secure using JavaScript?
second question what other security approaches i can follow to make the web services calls secure using javaScript? baring in mind that i can modify the webs service security to other approaches rather than using master login username and password, but this might require more time and effort from my side?
Thanks in advance for any help
Best Regards
First of all JS is client side and does not include any special security/magic/irreversible functions, like browser aided crypto engine, high grate SPRNG for key generation and so forth. So long story short anything you do with js is not secure it can be obfuscated but it will be NOT SECURE. That is the point you already made. Another more approach is to use your server as 'proxy'. So lets say You are designing an JS aided gui and show some documents ro so, then you make an AJAX request to your app server (not BPM nor DMS) and it acts as proxy that will do the authentication against DMS and call WS and then return the result back to your JS :) So your setup would look like JS (session)-> App (ws auth)-> DMS -> App (sesion)-> JS (I assume you have authenticated user and we'll use users session as JS <-> server secure channel, if not you will have to incorporate some other js auth mechanism maybe one time pass or something but it will be easy because it is your system). And voila. Only security consideration is to not allow anyone to call your servers proxy site :)
We are working with Shopify to get a web solution implemented. I am looking into how to get data from Shopify using your web service API. We are going to be using SQL Server Integration Services (SSIS) 2K8R2 to do this. Do you happen to have an example that shows how to connect SSIS to the Shopify API for us to use?
Thank you
I'm not aware of anyone using SSIS to connect to Shopify, so I don't know what that entails. However, Shopify's API is a standard RESTful interface, so I recommend researching how to talk to such services from SSIS.
As far as I know there are no specific examples of this. It is a pretty standard rest API so should be straight forward enough. If you can use c# then there is a library you can use. Other wise all you really need to be ably to do is make http requests.
Making webservice calls through an SSIS was never easy. I am not sure if this changed in 2K8R2. Your best bet is probably to create a web/windows/console application and connect to it. I have used the following .NET shopify wrapper with success:
https://github.com/robconery/ShopifyApi