1

I'm trying to find the best way to authenticate users against my server and how to handle the connection pool. Since I'm not sure if it is better to create a connection per new connection so as to authenticate a new user or to have connections already open and serve from them. If it is the second case, I wouldn't know how to handle the authentication process properly. I'd really appreciate an advice this is my first time struggling with user authentication and connection pooling.

My idea is to authenticate users against mongodb users collection (created for the database I want them to use). My architecture for now is a web client that after authenticating users sends messages with a json web token to a rest api (in node obviously w/ restify) that persists its data in Mongo (users included there).

Thanks in advance!

Mark Maruska
  • 1,210
  • 12
  • 13
Damián Barbieri
  • 11
  • 1
  • you have implemented JWT for authentication right? – Nivesh May 19 '16 at 16:21
  • Yes, I intend to create a jwt token once the user is authenticated – Damián Barbieri May 19 '16 at 17:46
  • well you can go with that, as it does not involve db operations authentication once token is generated. Also, one can set the token expire time. Thus, session is also not required. – Nivesh May 19 '16 at 19:10
  • Yes, I already do that as well. But I'd like to perform operations onto the database per user. I don't know if should I keep thos connections, close them and have one already open to handle the other interactions against the database or any other option. I hope have made myself clear. – Damián Barbieri May 19 '16 at 19:22
  • You don't mean that you are authenticating the user all the way into a database connection do you? All you should be doing is authenticating the user from the application and then using an authorization scheme to see if a user is allowed a certain operation on the database. – HeadCode May 22 '16 at 15:43
  • Yes, I'm doing that. However, it doesn't feel quite right at all. But that's what I understood from the Mongo docs. How can I achieve the user authentication using the node driver then? Querying the Users collection? I believe that db.auth() is only available on the mongo shell.. – Damián Barbieri May 23 '16 at 17:13
  • @DamiánBarbieri Take a look at this. http://thejackalofjavascript.com/architecting-a-restful-node-js-app/ The crux of the matter is you need to learn about authentication vs authorization in your app. The user should never be logging directly into the database. – HeadCode May 26 '16 at 05:11

0 Answers0