Master Fastify Authorization: Protect Your API Routes

Подписаться 321

Просмотров 8 тыс.

50% 1

Discover how to add a layer of protection to your Fastify API routes in this tutorial. I delve into the creation of an authorization middleware and demonstrate how to apply it at both a global level and on individual routes.
I'll show you how Fastify's preHandler hook can help secure your API, and why it's an ideal choice for this purpose. We'll also cover how to allow safe HTTP methods to bypass the authorization check when required.
Don't miss out on this chance to make your API more secure. Master the art of Fastify authorization and ensure your private data stays private.
🔗 Grab the code from the repo: github.com/doi...
💡 Keep up to date with all my content and get insights into JavaScript, TypeScript, and a whole lot more by subscribing to my newsletter: www.kevincunni...
Happy Coding!

Опубликовано:

28 сен 2024

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 20

@myriamluce1287 9 месяцев назад

This was exactly what I needed, thank you! Well done video.

@MelroyvandenBerg 6 месяцев назад

Maybe also try to create a typescript example of your api? Since that makes a lot of sense I think. Creating at least some kind of type safety .. or?

@jjrise Год назад

awesome... this is exactly what I needed to find today. Thank you very much!

@timashoff Месяц назад

clear explanation! please, keep making content

@MyCodingDiary 10 месяцев назад

Love it! ❤Thanks... New subscriber ❣️

@enryunto8087 Год назад

keep it up, good content!

@doingandlearning Год назад

Thanks for the encouragement :)

@vijaysinhparmar 8 месяцев назад

If you pass it in header , it will be visible in the browser and anyone can pick that secure key right?

@doingandlearning 7 месяцев назад

Yeah. This approach is helpful for server-server communication but not safe for client-server. The example here was more to show a naive approach while dealing with headers.

@vijaysinhparmar 7 месяцев назад

@@doingandlearning Could you please share for webapplication as well

@doingandlearning 7 месяцев назад

@@vijaysinhparmar I'm creating a JWT vid which would be a better approach there :)

@cdexzswzaqME 4 месяца назад

but isnt the x-api-key exposed to client side i mean anyone can see it

@doingandlearning 15 дней назад

Yes. Absolutely. So this isn't a full security solution. I talk about others in followup videos but as part of a security solution or even as a first step, the xapikey approach is a possible element.

@HimanshuPatel-wn6en 5 месяцев назад

Why no new videos ?

@ahmaddanesh1163 Год назад

Awesome💯

@doingandlearning Год назад

Thanks 🔥

@santig1399 10 месяцев назад

Clear, concise, and really good explanation. Nice video!

@nathanalberg 11 месяцев назад

One things missing.... can't you apply middleware at the register level? ... eg... lock down all of `/api/v1/users` and not `/api/v1/projects`... something like: fastify.register(projectRoutes, { prefix: '/api/v1/users', prehandler: auth }); ???