seovzn Using Cloud Code, Mobile Application Security, Nodes and Bluemix| Raymond Camden's Blog Raymond Camden's Blog Home About Me Web Standards, avaScrit, and Kittens DEVELOPER FRIENDLY COLDFUSION VPS fry RELIABLE | MANAGED | SUPPORTED 24/7 Using Cloud Code, Mobile Application Security, Node.js and Bluemix sted one 9,205 by ay So, fs of frgve te somewhat lan, ramble, fm wortng on # new project that involves gute 2 few ming bans ~ many of which ae new ome. Ira ino some trouble along th way (wel 2a of trouble, an this ‘morning fn aoke trough and gt tings working. want to give huge thanks tomy coworker David Cero forheping me out ane not losing patience wth me [My application ea hyd mabe application that makes use af Nodes #9 running on Sluemx My Nodejs app i going to make use of Cloudant for cata storage and nee Is where the wrinkle came in. wanted to make use of speci featur of Nodes runing on Bluemx, Mode Application Secu (MAS). \MAS provides basic framework fer locking dow resources in your server apahcation, The dacs seem imply i ‘only wots withthe Mobile Ota and Pus services nether ef which fm using. Tums out though you can also ‘secure 34 hoe outs in your Nodes application, Wha’ cools that tt an al or nating Slution, You can hove some routes open ad some close, depending on whatever your apg needs ae. So how do you se this? e's stron the chen se, Yu can find al the documentation for working with Bluemix serices ove, bens by a8king you 0 28 a coe ibray using Dower bower install https: //hub.Jjaz7.net/git/bluenixnobilesdk/ibmbluenix- Javascript/.git You then have to a6 ne liars youl se | aleagy sad I wast using Moble Applcation Date ane Push. There's anothe entre though that tl se, Cloud Code, You en thnk of Cloud Cove a 9 quick way of speaking” to yout Node{s appcaton So white normaly you may do something ke so: $.get("the location of my server/ny route", etc ete loud Code simples tis down to als rat look ake this: cc.get("/ay route”) ‘So na a Digsavings, but you then get to add secu to your cls automaticaly an toggle between development and production as wel A al W's nice Hoary. You woud ait with Dower as welt bower install netps: Javascript/.git nab. jazz net/git/bluenixnobi lesdk/ ibmcloudcode- ‘nd once youve got both ivates Installed, imply acsress them In your coc: bpakwww raymondeamden.com/201SI080@1sing-clouc-code-mobile-applicaon-sscurty-node-s-anc-bluemix Speaking Contact SS ‘Sponsors & reactor Your web aop performance sucks? Find out why in.5 minutes! Follow me on: yQo The Author 1m Raymond Camcen, 2 developer sevocat for 1M. My pwiacy focus i on Mobileist, Infra motile evelopment, and cllent-sde teennoogis you would ike me to speak to your soup, ust rop me alin, search Search 18seovzn Using Cloud Code, Mobile Application Security, Nodes and Bluemix| Raymond Camden's Blog javascript "1ib/Abmeloudcode/js/TEMCLoudcode. js*> Slatwall = ‘0, so now comes the question of using C. yu aren using security, a have an uneecured route you want to run, te coc looks Ike this Javascript var contig applicationid:"ApplicationtD”, applicationRoute:"ApplicationRoute”, applicationsecret:"ApplicattonSecret” TaMBluenix.initialize(config) get(*/all free”) .then(function(data){ console. log(data); },function(err) console. og(*err’ err) NCLoudCode.Anitializeservice(); ‘The inal block conigues your use of ue Al see values canbe found by licking the Mie Optons nk ‘on yur Bluemix app dashoard @ SauceDB Pee} Subscribe Blog by Ena ‘You cam keep the istance variable around obviously Aso, you get methods for each HTTP type a wel so cpt, ‘cet, ee, Dung testing when you Nodes app ring locally, you can ste 0 hitig your loca instance: Javascript Support this Site ToMBLuerix. initialize(contig) var cc = T8NCloudCode. initializeservice(); Found this content usefuP Want setbaseUel (*http://localhost 3808"); te som your thanks? Pate vist cc.get("/al free”) .then(functior console. log(data) },funetion| onsole.log( “err” err); ‘my Amazon Wishlist and let me know (Amazon Goes a bad jo of crecting ats), ‘Tha’ calling unsecured routes, but what about routes you want locked down? Mobile Application Security supports two types of authentication ~ Google and Work. Google wil be esse to use in my mobile application Recent Posts 0 |selectes that To use Google, yu neato use OALth to log clients in, Ne Raboy nas 2 vey skmple Crsove ug for this, ng-cordove-oaut. Hs brary support but load of ferent Ofuth provers, including Googe. To Going rom state o dynamic with 2 Google authentication to my pp, | 26604 his pli, and thea used this simple code, Note ha donot store onic Creator ‘he result rom authentication inthis code tock, That's something be adding ate, Paying wit Songloop— Bulg 2 Blog Part Two Javascript Scordovadauth .google("619574182936-8¢sqdjp25429n13163g9851nqop9DNr. apps. Zoot Seca date or Svongionn console. Log(“good result") vp onsole.dir(result) My fst "Ry Book Cent-Sde e.token = result.access_token: Data Storge Iisore stuff here Paying with Swongtoop~ bpakwww raymondeamden.com/201SI080@1sing-clouc-code-mobile-applicaon-sscurty-node-s-anc-bluemix 268seovzn Using Cloud Code, Mobile Application Security, Nodes and Bluemix| Raymond Camden's Blog 3, function(errer) 11 error from console. log(‘err ‘+error) ‘That ig value up font there ie my Google project lent 1D, Glave it or not ~that'sthe entity ofthe code The plugin haneles popping open 2 window and runing te entre Oth flow Cartier = 0PM — Google Sign in with your Google Account Need help? Create an account ‘One Google Account for everything Google BMéQan>a8 nce ORuth i one, we can use the access token retuned by that process t0 “sign” our els to Cloud Code IpMBluerix. setsecur J/stuff here fToken(Sscope. token, 1BMBIUe console. log( ‘something was bad w/ the token') — , Now whenever se Cloud Coe cals, they wll pass along the token vale othe Noceis sop hat’ I forthe lent-side code. Obviously there's 2 lot mae Inthe deta and wren ge: the application rm realy buicing eacy to share, tbe shating complete code base ten, Now ls tara eu attention tothe severe. Nodes wil eaqure two dferent package frst a genau itary and then te secu one, You can epihwu raymandeamden.com 201S!0808Nsing-couc:-code-mobile-spplicaton-securty-nodes-and-bluemix Buling a Blog Part One Categories Adoaton ook: Design Development Games His avery Wise Monit Moves Muse Uncategorized eo Games Tags Bluemix Cordova Front-End interview Questions eos LONIC. MobileFirst nocejs Phonecap StrongLOop suit 36seovzn Using Cloud Code, Mobile Application Security, Nodes and Bluemix| Raymond Camden's Blog ‘instal both to yout packagejson by doing ‘opm install ibmbluemix --save ‘apm instal ibmsecurity --save ‘You then configure your application at startup. Her san example rm the blleplate: . Javascript var express = require( express"), an express() Ababluenix © require(*ibbluemix"), config = { // change to real application route assigned for your application applicationgoute : "saucedb.nybluemix.net* // change to real application 19 generated by Sluemix for your applis apoLicationEd : '38a09550-b618-4a10-b879-aec6#868C249" Now -Ias discus the reutes | metioned ear using Cloud Code. nthe fst exams, you saw me un a route calles al free. n order for Cloud Code to acces hs ruts, you Must med te oute path once an 1M ‘luemox context rot. This fit simple though: Javascript var ibaconfig = ibsbluenix.getconfig() pp. get (Ibmconig.getContextRoot()+"/allfree', function(req, res) you forget this then youl get ears runing Clove Code cal trom your mobile application. Tobe clear, 2 ‘egula TP cal fice would work, but oot he “wrapped” call wing Cloud Cote. ‘So te next question shaw co yeu enable securty for routes? Todo this, you fest physically separate your ‘routes that nee secuty fom thase that do net, Your core apps (or whatever le you use trun your Nadeys 299) should put the unsecure routs fst and then use this Block to beg veauirng Secured cal: Javascript var mas = require(*ibasecurity')(); ‘app. use(mas); Simpl, ight? Ay routes after this call wil hen require a secuty token to execute. There's ane mare pt to this ‘hat forgot to mention. when selecting what types of authentication you want alow, you will watt Select the Modle Assication Secu serie In your éashboard an eck the checkbox to enable it 85 fv done here bpakwww raymondeamden.com/201SI080@1sing-clouc-code-mobile-applicaon-sscurty-node-s-anc-bluemixseo1zn16 Using Cloud Code, Mobile Application Security, Nodes and Bluemix| Raymond Camden's Blog opin nce ‘hope hs makes sense - if sot just add 2 comment below. Share tis £ Facebook» |[ yw Twior || 6 Google This entry was posted in evlosmen, ava Mobi and aed em Corde, MobieFst Bookmark he pemalir. ‘= Speaking a onic Daas next month (Quick example oft Goole Anais epihwu raymandeamden.com 201S!0808Nsing-couc:-code-mobile-spplicaton-securty-nodes-and-bluemix 56seovzn 1. Comment Raymond Camden's Blog Recommend 1 Ee Share @ | inte ascussion = Raymond Camden os ‘As just an FYI, | was speaking with David via email and he pointed out you can s Using Cloud Code, Mobile Application Security, Nodes and Bluemix| Raymond Camden's Blog @ Login Sortty Oldest ~ ‘context root {or all outes so you don't have to include it in the routes like I di above: var contextRoat = ibmeantig.getContextRoot) appContext=express Router): _app.use(contextRoot, anpContext); ‘Of course, | assume you would only do this if you wanted 100% of your routes only availabe via ‘your mobile app. + erly « Shae: ‘ALSO ONRAYHOND CAMDEWS BLOG In defense of the Reset button... Scammerts+ 2merths 200 [avail Raymoew Carden — Joe - thanks for sharing this. Ie boon buléing forthe web since 1995 butt did't occur to me ta think in that Cordova, 10S, and Orientation - wondering why it is locked? Bcommerte+ 2merths 200 fava Raymond Camden — Bug report: hitps:issues apache.orgfra wears THs? Is your lonic View title not updating? ‘ccrment+ 24 days200 Java} Justin James — Guess Ihave been lucky to ‘not have gotton bit by this. Good info to know ‘though. Going to acd this to my Ist of Using the Meetup API in Client-Side Applications 2monte ace Java} Raymond Camden — Well, yes, but thats kinda wellknown, right? Most folks wil proxy {8 server sol didnt even menton tas Prout powered by WordPress | Theme: Suprmero by Wordress.com.