Our site uses cookies. Learn more about their purpose and change of settings in a browser If you are using the site, you give you consent to use cookies, according to current browser settings. Got it

ExpressJS - simple security

  • Language JavaScript
Implement module responsible for performing CRUD operations on mongo's database. Secure CRUD Backend API, so that only authenticated users could interact with it

ExpressJS - simple security


Authentication in ExpressJS.

We have a simple app in which the user can do CRUD operations on the phone book. You should secure the app.


Your task is to secure the phone endpoint so that only authenticated users could interact with it. There have been some routes and business objects configured already. All you need to do is to implement authentication process.

Look at user.manager.js and security.js. Security checks are done on business layer. Authentication middleware is declared in routes.js. When the user is authenticated the middleware should set user property on the requested object, which is used later on as the context to create managers. Managers pass the context to security service which decides if the user is authenticated or not.

If the user is NOT authenticated and is still attempting to get to the restricted resources, they should get 401 http status code. The password in database should be encoded with sha1.


Authenticate the user

POST /api/user/auth
{email:'', password:''}

The expected response is:


The token is plain value. It should be Base64 encoded and sent as a header to subsequent requests that require authorization. A sample header for the token is 'abc'.

Authorization: Token YWJj


To install dependencies from package.json:

npm install

To run tests in development mode:

mocha --watch

To run jshint, tests and coverage:

npm test

To run jshint, tests and coverage with human readable output:

grunt --force

Start this test

Labnoratory Academy Ltd (Realskill) is a Data Controller. Personal data will be processed to facilitate IT skill test. More
... Przewidywane kategorie odbiorców danych: pracownicy Bulldogjob oraz Labnoratory Academy Ltd. Podmiotowi danych przysługuje prawo do żądania dostępu do danych dotyczących swojej osoby, ich sprostowania, usunięcia, ograniczenia przetwarzania, do przenoszenia danych oraz wniesienia skargi do organu nadzorczego.
Go to the top and begin