I have a typical MEAN stack with an Angular front-end and I'm using Express to build out the API. The site has user accounts, and I am using Passport.js for my authentication middleware. All of this is working great.
I would like to secure the API endpoints somehow so that only my application can call them, but without interfering with the user authentication. What is a good mechanism for this?
Hapi.js is now coming to the front for secure routing while separating business logic for node.js builds.
About: Hapi.js was built by an WalMart employee before black friday.
Articles:
More: hapi was created around the idea that configuration is better than code, that business logic must be isolated from the transport layer, and that native node constructs like buffers and stream should be supported as first class objects. But most importantly, it was created to provide a modern, comprehensive environment in which as much of the effort is spent delivering business value.
"We used Express for a few months until we hit a wall.
Some of the features we needed required a cleaner isolation between the node HTTP server, the router (the part matching requests to handlers), and the actual business logic"
