Reference: original review notes by @SOSANA: #2

salt & hashing - using bcrypt-nodejs vs bcrypt

It has issues with windows and linux os. Mind you it depends on the linux distributions (redhat/ubuntu/debian). Some of the problems for both are os env variables utilizing node-gyp python >=2.5 and <3.0 version

my suggest is to mention that it exists and this is an alternative work around to avoid messing around with compilers, additional c++ packages, and pointing your os env variable to python >=2.5 and <3.0 version as most are preinstalled with python >3.0

@lirantal hope all is well my brotha from anotha motha :)

Few topics felt I needed to address that were missing.

• salt & hashing - using bcrypt-nodejs vs bcrypt
• securing api end-points - using passport-local strategy
• JWT - using passport-jwt strategy
• CORS - various express plugins

RE: usage with bcrypt

• It has issues with windows and linux os. Mind you it depends on the linux distributions (redhat/ubuntu/debian). Some of the problems for both are os env variables utilizing node-gyp python >=2.5 and <3.0 version

my suggest is to mention that it exists and this is an alternative work around to avoid messing around with compilers, additional c++ packages, and pointing your os env variable to python >=2.5 and <3.0 version as most are preinstalled with python >3.0

RE: usage with passport-local strategy

• probably one of the most straight fwd implementation that quickly wires up securing api-end points with auth module of your choice (JWT or Cookie/Sessions)

my suggestion is to elaborate more on why you would want to consider using this and why its one of the most used local auth stradegy. In a world where everything seems to be going microservices (ex: api servers and seperatation of the front-end) vs monolith architecture.

Re: JWT

• gotta talk a about use of JSON Web Tokens. Very easy to wire up, ex: using passport-jwt strategy

my suggestion is to elaborate more on this subject and provide example

RE: CORS

• there should be some mention of this regarding the usage, Several express CORS libraries on the subject. There are various express plugins libraries.

my suggestion is to elaborate more on this subject and provide example

So far enjoy the straight forwardness of the book with clear explanations, and straight to the point recommendations for each topic.

Currently reviewing and re-reviewing...

Reference: original review notes by @SOSANA: #2

usage with passport-local strategy

probably one of the most straight fwd implementation that quickly wires up securing api-end points with auth module of your choice (JWT or Cookie/Sessions)

my suggestion is to elaborate more on why you would want to consider using this and why its one of the most used local auth stradegy. In a world where everything seems to be going microservices (ex: api servers and seperatation of the front-end) vs monolith architecture.

talk a about use of JSON Web Tokens.

Very easy to wire up, ex: using passport-jwt strategy
my suggestion is to elaborate more on this subject and provide example

Overall, very solid. I love the details you've provided in the clear and concise matter.

Some thing I would like to see discussed:

• CORS (is there anything wrong with it?)
• JWT (at least from an overview stand point)

Do you want PRs made for minor grammatical mistakes?