Our site uses cookies. Learn more about their purpose and change of settings in a browser If you are using the site, you give you consent to use cookies, according to current browser settings. Got it

ExpressJS - simple security

  • Language JavaScript
Implement module responsible for performing CRUD operations on mongo's database. Secure CRUD Backend API, so that only authenticated users could interact with it

ExpressJS - simple security


Authentication in ExpressJS.

We have a simple app in which the user can do CRUD operations on the phone book. You should secure the app.


Your task is to secure the phone endpoint so that only authenticated users could interact with it. There have been some routes and business objects configured already. All you need to do is to implement authentication process.

Look at user.manager.js and security.js. Security checks are done on business layer. Authentication middleware is declared in routes.js. When the user is authenticated the middleware should set user property on the requested object, which is used later on as the context to create managers. Managers pass the context to security service which decides if the user is authenticated or not.

If the user is NOT authenticated and is still attempting to get to the restricted resources, they should get 401 http status code. The password in database should be encoded with sha1.


Authenticate the user

POST /api/user/auth
{email:'', password:''}

The expected response is:


The token is plain value. It should be Base64 encoded and sent as a header to subsequent requests that require authorization. A sample header for the token is 'abc'.

Authorization: Token YWJj


To install dependencies from package.json:

npm install

To run tests in development mode:

mocha --watch

To run jshint, tests and coverage:

npm test

To run jshint, tests and coverage with human readable output:

grunt --force

Start this test

I agree to subscription in accordance with the terms of service.
Go to the top and begin