0

I'm making a very simple user authentication system. I'm trying to pass a combination of username and password as params to the back-end nodejs server. So this combination will be used in my db query to fetch user details.

This is what I tried on the front-end:

var user = new UserModel({id:['username', 'password']});
user.fetch();

I have defined a urlRoot property in my model that goes like this: /api/users

The back-end will handle the following url: /api/users/:id

Here since I have passed id as an array, I tried to access the 'username' by doing this req.params.id[0]. Instead it returns the first letter of the 'username'. But I want to take the entire string of username. Of course I could use the split() function to separate them but I believe there is a better way to do this.

Please tell me if my approach is wrong somewhere.

Community
  • 1
  • 1
jaykumarark
  • 2,359
  • 6
  • 35
  • 53

1 Answers1

1

That's because Backbone serializes your array to string and then encodes it as URI component.

So effectively you're sending a String 'username%2Cpassword' instead of an array.

I had the same problem and decided that sign in process doesn't really represent any "physical" resource, and most likely shouldn't be handled by user model. One doesn't CRUD users when signing in.

What i did was to create a separate model for SignIn:

SignInModel = Backbone.Model.extend({
    urlRoot: 'api/sign_in',
    defaults: {
        'username' : '',
        'password': ''
    }
});

which statically maps to api/sign_in (no id's here), and then query the database by username and password passed in the request body to the api/sign_in handler.

UserModel can then be left to handle CRUD of users.

soulcheck
  • 36,297
  • 6
  • 91
  • 90
  • So in my backend, I can get values as req.body.username right? I can use UserModel to hold my 'username'(after signing in). This helps me to query based on some key-value. Is this correct? – jaykumarark Dec 24 '12 at 11:43
  • 1
    @jaykumarark yes, in the backend you do req.body.username, but what you probably want to do then, is to put whatever you need from user into session and not even send it back to the client (except for some session token). Then retrieve the stuff you need from that session-stored user data. Do you need to list/modify/create/delete users? if not, then simply don't use UserModel in this case. – soulcheck Dec 24 '12 at 11:48
  • @jaykumarark one situation where it's not that clear is if you want to show the currently logged in username, but then you'd probably fetch that data from the session anyway (so again no model id). I'd probably reuse SignInModel for that and just return signed in username for GET /api/sign_in (without any id - same url for each user as data is retrieved from session). – soulcheck Dec 24 '12 at 11:59
  • Is it not better to store the username and password in a Authentication Request Header? Just curious to know if it offers any benefits as opposed to passing it in the body? [Link](http://stackoverflow.com/questions/10081728/add-request-header-on-backbone) – TYRONEMICHAEL Dec 24 '12 at 15:47
  • @TyroneMichael one benefit is that you can manage Sign In views/models just like any other view/model with Backbone. I'm not sure if one can put Authorization headers in the request using backbone, but if it's possible, then you get the best of both worlds. – soulcheck Dec 24 '12 at 15:49