Add secure login and API proxy to our client-facing node.js app

Closed - This job posting has been filled.

Job Description

Introduction
-----------------
* We have designed a prototype 'bare-bones' web app in node, HTML, JS and jQuery plugins. It is hosted on heroku. It is just for demonstration use right now. This displays (graphically) any data extracted from our clients websites and results of specific analyses we have done for these clients. The underlying data is available in JSON format.

* We also have a separate, fully working RESTful API (written in Java, hosted on an AWS EC2) that allows users to directly request JSON-format datasets from our data storage on given parts of their web domains, via HTTP requests. The data sets are indexed in the MySQL database, and stored separately. The API uses secure tokens as a form of security and identification.


The tasks
-------------
1.) Add a secure login to the web demo interface, hide all secure information and files.
Currently our web app is open and entirely unsecure. We want our prospective clients to be able to log in and have a play with their data post-demo - without being able to check out data from other customers' domains.
So, the addition of a secure login page to our application is required. Similar to this one: http://www.quietless.com/kitchen/building-a-login-system-in-node-js-and-mongodb/
We have a MySQL instance (it's an RDS) database where we store login information and tokens, so we'd prefer to use that rather than MongoDB (unless you can argue a strong case otherwise - in which case I'm all ears).


2.) Proxy our existing our REST API to populate tables/charts in JS.
Right now, the client-side takes data from JSON files stored locally on the web server. This is not ideal as, of course, files get out of date. Sometimes they are very large too, which means a delay on loading in front of the customer = bad.
We'd like it to instead use the API we have developed, so that graphs and tables can be updated directly (via the JSON format delivered) from the database source. Knowledge of cross-domain AJAX is required here.
So, for each JSON that is loaded locally, I'll ensure that you have the equivalent API query/response.
The secure token will be obtained from part (1.), whereby the MySQL database will store user login, associated token (generated at the appropriate time) and API credits / access rights.
On the client-side JavaScript side I'll need a bit of help to make sure the front end is robust and that the datatables and charts display the data correctly.


Qualities required (other than specific skillset):
-------------------------
* Ability to work patiently with a non-expert programmer (as a reference I do a lot of Matlab, some SQL and a bit of Javascript + learning python)
* Think outside of the box, and don't simply follow orders. If you can foresee serious issues that we'd likely encounter down the line that could be easily mitigated then you should be willing to share your thoughts.
* Flexibility, and multi-language support as we'll be using the LINUX command line, MySQL, JS and node.js. Also working together over git/github.
* Please don't write in saying you're "number 1 node.js and javaScript developer in whole of India (or any other country / the world)". I'd prefer it if you simply gave me an idea of how you'd go about the job.



Additional
---------------
This is a version of our demonstration app, have a look: http://demo.mathsight.org/statseo_feature.html
Also some basic (but probably out of date) info on the API here:
http://demo.mathsight.org/api.html


NB #1: the above is to be written in node.js (i.e. server-side javascript) for the following reasons: Speed of operation, speed of development, non-blocking nature inherent, huge & growing support and dev community, ability for me (as a non-Java/ C++/python person) to dip in to client side code occasionally and make changes
[if you think this is the wrong approach then please provide a *strong* argument for another framework]

NB #2: To be clear, we don't require the design of new API, we'd like to "proxy" the existing one.

-----------------------
Rough ball-park "fixed-price" and hourly estimates appreciated.

Open Attachment