As an amateur, non-livelihood driven programmer, it's always hard to resist the temptation of popular technology. I mainly use Java on the server side, because Java has a lot of mature solutions in this field. For Nodejs, when I want to write a complete application, I always feel that there is a lack of some key solutions, such as user authentication authorization (I did not delve into it), and if I start from scratch, I can not afford to be interested. So you want to use the new architecture and introduce the technology that interests you.
The architecture diagram is as follows:
1. There is a session between UA and Nodejs, and between Nodejs and backend is sessionless.
2, login through Nodejs transfer, return principle including user's account information and encrypted password, saved in Nodejs session.
3. Use the information in the session to complete the subsequent restful request.
Discussion section:
1, why different oauth?
Since the use of the scene is only for its own service architecture, there is no need to introduce additional third-party libraries, and oath usage scenarios are not very consistent.
2. What basic services do the backend need to do?
Each request from Nodejs has a Basic Authentication header, and the server side must complete the user's login in the perimeter of the filter (each request requires a login) to control access to the resource.
3, why do you have to use Nodejs?
I'm only interested in one feature, which is to seamlessly run the same code in both the browser and the server. The resulting results can be described like this:
Imagine that you have a website, such as Oschina, when you open the homepage (or other pages), the page is generated by the server, but when you start interacting, it is a single page app.
More precise description: For any URL, when you directly access the time, it is generated on the server side, and then due to the interaction generated by the URL changes are JS-driven.
The architecture of my Next Web program