0

I'm developing an API with Sails, and now I need to securize some variables from an entity. Those variable will be accesed only from Admin or own user.

I have an structure like this:

Employee (contains your employee records)
fullName
hourlyWage
phoneNumber
accountBank

Location (contains a record for each location you operate)
streetAddress
city
state
zipcode

...

I need to encrypt phonenumber and accountbank, to avoid anyone to see the values of this fields in the DataBase. Only the owner or the admin.

How I can do that? Thanks

Víctor Martín
  • 3,352
  • 7
  • 48
  • 94

1 Answers1

0

You are looking for a way to encrypt data so that people with no required access right could not see it.

The solution for that is not Sails.js specific and Node actually comes with tools to encrypt data :https://nodejs.org/api/crypto.html. The key rule here is to always keep your secret password safe.

As for integration in your Sails.js application, I would use callbacks in Models. The official documentation provides a good example here : http://sailsjs.org/documentation/concepts/models-and-orm/lifecycle-callbacks Basically you just define a function that will be called each time the record is about to be created, fetched or updated. You can then apply your encrypt/decrypt functions there. This will encrypt/decrypt your phone numbers and bank account numbers automatically.

Regarding access control, you can use Sails' policies along with authentication to determine if the client has the right to access the resource. If not you can always remove attributes from the response sent back to the client.

dynamic_cast
  • 1,075
  • 1
  • 9
  • 23