Overview
When dealing with business data, security is a critical concern. In particular, users requesting access to data need to be autheticated first, prior to sending any data out.
Implementing Authentication
You can implement your own authentication for users by implementing the authenticate function. A default function is provided which does no authentication. You can read the users header information and determine whether the user is autheticated or not. If the user is not authenticated, return an object with authorized set to false, with an http status code and a message.
//always authorized
const authenticate = async function(req, res){
return {
status:200,
message:'accepted',
authorized:true
}
}
Implementing Data Selectivity
One of the purposes of authenticating a user, is to determine what data they are allowed to see. As an example, assume that you have a dataset that has confidential client information within it. You will want to filter and transform the data prior to sending it out, based on the user requesting it.
Users are identified by tokens that are either placed within the HTTP headers, or the HTTP post. (On the davinci platform, these are managed in the users profile as authtentication tokens)
The following code will check the value of the token header before deciding how to transform the data prior to streaming.
app.post('/data/', async (req, res) => {
if(req.headers.token === 'token1'){
//filter and map the data
res.send(JSON.stringify(data));
}
else if(req.headers.token === 'token2'){
//filter and map the data
let data2 = data.filter(...).map(...);
res.send(JSON.stringify(data2));
}
else{
let data2 = data.filter(...).map(...);
res.send(JSON.stringify(data2));
}
});