1

I will be building a web application for bookkeeping. It's developed in-house due to some specific requirements, but I'm considering a multi-tenant structure so I can also offer solutions to others in the long run. I have decided to use node for UI logic, while keeping business logic strictly in a Python (django?) application, offering data manipulation through an HTTP API, which offers no view actions at this point but merely responds to manipulation requests with success/error codes.

Below is a tentative architecture:

-----o
     |          o-----------o               o-----------o
     |   Jade   |           |    HTTP API   |           |
HTML | <------- |  Node.js  | ------------> |   Python  |
     |          |           |               |           |
     |          o-----------o               o-----------o
-----o                ^                           |
                      | Read + auth               | Create/Update/Delete
                      v                           v
                o---------------------------------------o
                |       DB Server (PostgreSQL)          |
                o---------------------------------------o

I am thinking of handling authentication like this: node handles the session. At login it saves a token to the database. Further requests through the API are done with that token, which is checked by the Python app.

The question is, other than implementation-time stuff (e.g. SSL, hashing, OAuth etc., I am to read this and this about that), is there a shiny happy hole I'm missing?

Also, since this is my first time building a "serious" application by myself, I would love to hear ideas and insights about this design.

Community
  • 1
  • 1
Dunya Degirmenci
  • 365
  • 4
  • 20
  • 1
    Have you considered using Python (with Django or Flask) for the web app as well? Might make the entire app simpler if you use only one language. The web app can then use the Python objects directly, for instance model objects from the database (using Django's ORM or SQLAlchemy) can be used directly in the web app's views. – codeape Feb 12 '14 at 13:32
  • True, but I'm not sure I want to use the API for object passing (note that I'm not allowing data retrieval through it). In that sense, node objects can also be used in the browser code as they're already JS objects. But putting aside this excuse, this application is for my company where I'm the boss, the employee and the IT guy; so it's also a bit of a playground for me. The only substantial concern I have here is security. – Dunya Degirmenci Feb 12 '14 at 13:47

0 Answers0