How to ensure requests to my servers functions only by a single origin / UI?

Question

I have a node.js server that has HTTP CRUD functions to my mongoDB.

And an Android application that sends requests though those functions.

I would like to ensure that my server will answer requests from specific origins.

For example: only answer requests from the android app, or my pc postman's requests.

How can I ensure that no one else sending requests using the same urls and ports will get answered?

This is my server.js file:

const express = require('express');
const MongoClient = require('mongodb');
const bodyParser = require('body-parser');
var db = require('./config/db');
var app = express();


const port = 8000;
app.use(bodyParser.json());



MongoClient.connect(db.url, (err, database) => {
    if (err) return console.log(err)


    db = database.db("getremp")
    require('./app/routes')(app, db);



        app.listen(process.env.PORT || port, () => {

            console.log("Express server listening on port %d in %s mode - We Are lIVE!",app.settings.env.port, app.settings.env);
    });

})

and my index.js:

const noteRoutes = require('./note_routes');
module.exports = function (app, db) {
    noteRoutes(app, db);
};

score 0 · Accepted Answer · answered May 27 '19 at 10:54

0

You can control this with :

Send a specific header with your datas containing a secret key, then control the header in your node app How to check headers in nodejs?
Use HMAC in order to authenticate the user and control the integrity of datas : Node Hmac Authentication

But you've to remember that all traffic going out from an mobile app can be intercept (with Fiddler for example). Never use a static (non-dynamic) value to ensure authentication

answered May 27 '19 at 10:54

Daphoque

4,421
1
20
31

Will I need to change every function on my server and every function on my app to check / send the header? – Lael Avraham May 27 '19 at 11:01
with header you will simply need to register a new middleware in your express app, in your app you will need to add a header on each call of your api – Daphoque May 27 '19 at 11:05
I don't really understand where and how exactly I can use this on server-side once.. by the example you sent I can see that it uses req.headers ... this you get inside the api functions.. – Lael Avraham May 27 '19 at 11:56
Sorry.. i'm still learning Node.js.. I've seen that I can just add a middleware using those functions. Like seen here: https://stackoverflow.com/questions/46094417/authenticating-the-request-header-with-express Thank you very much! – Lael Avraham May 27 '19 at 12:16

How to ensure requests to my servers functions only by a single origin / UI?

1 Answers1