I have a NodeJS Express application, in which I want to implement a basic table list which may include many entries. I will need pagination, sorting and searching using a single input field. In order to just fill this table, without any other feature I am doing a database query, in MongoJS and I am rendering it like usual (by passing the parameter in the result, and using it with Handlebars templates.
In order to add the additional features, I am examining Dynatables (http://www.dynatable.com). However, one serious issue comes to mind:
Since Dynatables requires a GET request to return JSON, I must expose an API request in order to return the necessary information. However, how can I ensure that this API cannot be used by anyone who is not logged in to the application? Right now, I am determining login using Session variables.
Can anyone point me into the right direction?
How do you check that that initial page is served to authenticated users? Are you using something like passport.is? If yes, it's as simple as adding a middleware route to the JSON endpoint.
Example:
app.get('/app/data', passport.authenticate('local'), function (req, res) {/*get JSON here*/})
Instead of passport, you can roll your own middleware function.