When you're building all kinds of applications, there's often a need restrict certain abilities to certain groups of users. A simple example of this is a simple blog: You might want certain users to be able to only add comments and not be allowed to delete or edit anybody else's comments. You could also want another group of users to be able to create posts but not be allowed to publish them. Finally, it makes...

Today we're gonna talk about all the things you'll have to do to take the sails.js application you've been developing live. You need to make sure you have the Heroku CLI installed and set up before continuing. Heroku Preliminaries Navigate to your sails.js app root directory and create a new application on heroku by running heroku create in the terminal. Add-ons We'll be using the mLab MongoDB add-on as a database and session...

We've built authentication (for an API) from scratch in this article. In reality, you'll find that a solution like the one above doesn't quite work. What if you want to authenticate your users with a sails front-end too, with a session and all that? Or if you want to sign users up with Twitter, Facebook, Google and the rest? That's where Passport comes in. Passport On the Passport official website, it is described as: "Passport...

Complete code for this tutorial can be found here Sails.js has a lot of nifty in-built features and tools. There's one however, that I wish it had. The ability to get a paginated response by doing just this: GET localhost:1337/post?page=3&perPage=20 find() To accomplish this we're going to override the find() Blueprint default action. (For more information about Blueprints, check my previous post on blueprints) The find() action...

Today, we're gonna continue building simple authentication for our Sails API from scratch. You can check out all the source code for this tutorial on github here. In the first post in this series we created our User model and our registration endpoint. In this post we're going to do three things: Create an endpoint /login to log in. Create a policy that would check request headers to see if they have a correct Authorization...