Authorization approaches and design patterns for Node.js applications


I am building a multiple page admin interface for an internal enterprise software platform. Think lots of glue logic tying together various APIs, db queries, and shell scripts.

We will be using node.js, the express framework (including jade templates), and LDAP for authentication.

I am struggling to find information regarding design patterns and best practices for authorization in node applications. Preferably, I would like to use the role-based model since my users are familiar with that approach and its care and feeding.

I am new to node.js so please don't assume I've already seen a module or popular blog post. It's probable that there's a wealth of information and I simply do not know where to look.

Thanks in advance for any information you are able to provide!

Problem courtesy of: Dave Snigier


As per your first question, you want some authorization process implementation in NodeJs. I have explored and used number of APIs of NodeJs. I would prefer following APIs for enterprise applications.

  • For Authentication: Passport

  • For Authorization: ACL . Role based security on Methods and REST APIs.

Second, you want some implementation and development approach in NodeJs.

  • Easy and my favourite design pattern and Framework for NodeJs: MVC framework , SailsJs . For its ready to start and modular architecture. Code management is easy in long run (Most practical requirement for an enterprise application). Easy maintenance. SailsJs is also preconfigured with SocketIO, using which you can create real time modules, widgets, chat widgets with in your project.

  • ORM: Waterline . For its easy querying approach. It is also the inbuilt and default ORM of SailsJs.

  • Database: As per your requirement. Waterline ORM supports PostgreSQL, MySQL, MongoDB and more..

  • My faviourite view engine: EJS. No need to learn new things for developing your presentation layer. It is also the inbuilt and default view engine of SailsJs, that's why I am a fan of SailsJs.

I think, I have covered all important information to create an Enterprise application in NodeJs. I don't say, above packages are best, but collaboratively, they can be best fitted to any enterprise scenario. There are other known packages, which you can use according to your own requirement.

Solution courtesy of: Amreesh Tyagi


I should say Node-Authorization is also a good candidate. The idea is borrowed from SAP(ERP provider), it is an object oriented authorization. And it can also be used as an accompaniment with other frameworks like: Passport and Express.

Discussion courtesy of: Kai Zhang

Here are some information to get started:

Hope that makes it easier to start.

Discussion courtesy of: zemirco

This recipe can be found in it's original form on Stack Over Flow.