Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Properly Securing Node.js APIs
Search
Chathu Vishwajith
September 22, 2018
Programming
0
61
Properly Securing Node.js APIs
Properly securing Node.js APIs at WebWeekend Kathmandu #WWKTM .
Chathu Vishwajith
September 22, 2018
Tweet
Share
More Decks by Chathu Vishwajith
See All by Chathu Vishwajith
Lerna and Monorepo architecture for JavaScript
iamchathu
0
70
Hardening WordPress is kind of Art
iamchathu
0
130
It's Someone Else's Servers
iamchathu
0
48
Hardening WordPress is An Art
iamchathu
0
150
Speed Up Your WordPess
iamchathu
0
120
CMBJS Meetup: Securing NodeJS APIs with JWT
iamchathu
0
110
Other Decks in Programming
See All in Programming
The Past, Present, and Future of Enterprise Java
ivargrimstad
0
310
米国のサイバーセキュリティタイムラインと見る Goの暗号パッケージの進化
tomtwinkle
2
510
AWS×クラウドネイティブソフトウェア設計 / AWS x Cloud-Native Software Design
nrslib
13
2.6k
株式会社 Sun terras カンパニーデック
sunterras
0
2k
new(1.26) ← これすき / kamakura.go #8
utgwkk
0
1.9k
今、アーキテクトとして 品質保証にどう関わるか
nealle
0
210
受け入れテスト駆動開発(ATDD)×AI駆動開発 AI時代のATDDの取り組み方を考える
kztakasaki
2
550
Go Conference mini in Sendai 2026 : Goに新機能を提案し実装されるまでのフロー徹底解説
yamatoya
0
540
CSC307 Lecture 12
javiergs
PRO
0
460
RubyとGoでゼロから作る証券システム: 高信頼性が求められるシステムのコードの外側にある設計と運用のリアル
free_world21
0
230
オブザーバビリティ駆動開発って実際どうなの?
yohfee
3
750
開発ステップを細分化する、破綻しないAI開発体制
kspace
0
110
Featured
See All Featured
sira's awesome portfolio website redesign presentation
elsirapls
0
190
Crafting Experiences
bethany
1
81
Designing for Performance
lara
611
70k
Bash Introduction
62gerente
615
210k
Tell your own story through comics
letsgokoyo
1
830
We Analyzed 250 Million AI Search Results: Here's What I Found
joshbly
1
900
Practical Tips for Bootstrapping Information Extraction Pipelines
honnibal
25
1.8k
Noah Learner - AI + Me: how we built a GSC Bulk Export data pipeline
techseoconnect
PRO
0
130
AI Search: Implications for SEO and How to Move Forward - #ShenzhenSEOConference
aleyda
1
1.1k
Stewardship and Sustainability of Urban and Community Forests
pwiseman
0
130
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
rmw
35
3.4k
New Earth Scene 8
popppiees
1
1.7k
Transcript
WebWeekend Kathmandu
Perfectly Securing Node.js APIs
Who am I Chathu Vishwajith Auth0 Ambassador Co-Founder of a
startup From Sri Lanka !
?
Cookie vs Tokens
Cookie vs Tokens
Cookie Tokens Statefull Stateless Performance Decoupled
Advantages of JWT → Stateless → Scalable → Decoupled
Advantages of JWT (Cont) → Cross-Domain → CORS
Use cases JWT (Cont) → Back-end APIs → Serverless Applications
→ IOT Devices → Mobile Applications
Things to Remember → JWTs are encoded not encrypted! →
This does not mean they can modify it though, even the slightest change will invalidate the token → Do not store sensitive information within a JWT. → Solution: JSON Web Encryption allows you to safely encrypt the claims of a token
JWT Token Structure header.payload.signature
Header Type of token and hashing algorithm → HMAC →
ECDSA → RSA
Payload Your Token Payload
Signature Verification of Token
Libraries Almost all languages has JWT implementation.
How to use JWT
Install JWT Library For Node.js and Express.js
Create JWT
Verify JWT
Organizing code → Module based approach. → Configuration in files.
→ Auto load models and routes. → Keep your secret secret.
Config file Keep all changing config strings in one place.
.env file we use dotenv to load .env file.
Shall we move to code work though?
Summery → Some APIs needs to secure → Cookie vs
Tokens → JWT is Stateless, Scalable, Decoupled → How to use JWT with Node.js
Code repository https://github.com/iamchathu/nodejs-api-starter
More Reading https://chathu.me/2017/08/28/jwt-introduction/
None
Thank you !
iamchathu
ivargrimstad
tomtwinkle
nrslib
sunterras
utgwkk
nealle
kztakasaki
yamatoya
javiergs
free_world21
yohfee
kspace
elsirapls
bethany
lara
62gerente
letsgokoyo
joshbly
honnibal
techseoconnect
aleyda
pwiseman
rmw
popppiees
