Add secure login and API proxy to our client-facing node.js app
Closed - This job posting has been filled.
* We have designed a prototype 'bare-bones' web app in node, HTML, JS and jQuery plugins. It is hosted on heroku. It is just for demonstration use right now. This displays (graphically) any data extracted from our clients websites and results of specific analyses we have done for these clients. The underlying data is available in JSON format.
* We also have a separate, fully working RESTful API (written in Java, hosted on an AWS EC2) that allows users to directly request JSON-format datasets from our data storage on given parts of their web domains, via HTTP requests. The data sets are indexed in the MySQL database, and stored separately. The API uses secure tokens as a form of security and identification.
1.) Add a secure login to the web demo interface, hide all secure information and files.
Currently our web app is open and entirely unsecure. We want our prospective clients to be able to log in and have a play with their data post-demo - without being able to check out data from other customers' domains.
So, the addition of a secure login page to our application is required. Similar to this one: http://www.quietless.com/kitchen/b
We have a MySQL instance (it's an RDS) database where we store login information and tokens, so we'd prefer to use that rather than MongoDB (unless you can argue a strong case otherwise - in which case I'm all ears).
2.) Proxy our existing our REST API to populate tables/charts in JS.
Right now, the client-side takes data from JSON files stored locally on the web server. This is not ideal as, of course, files get out of date. Sometimes they are very large too, which means a delay on loading in front of the customer = bad.
We'd like it to instead use the API we have developed, so that graphs and tables can be updated directly (via the JSON format delivered) from the database source. Knowledge of cross-domain AJAX is required here.
So, for each JSON that is loaded locally, I'll ensure that you have the equivalent API query/response.
The secure token will be obtained from part (1.), whereby the MySQL database will store user login, associated token (generated at the appropriate time) and API credits / access rights.
Qualities required (other than specific skillset):
* Think outside of the box, and don't simply follow orders. If you can foresee serious issues that we'd likely encounter down the line that could be easily mitigated then you should be willing to share your thoughts.
* Flexibility, and multi-language support as we'll be using the LINUX command line, MySQL, JS and node.js. Also working together over git/github.
This is a version of our demonstration app, have a look: http://demo.mathsight.org/statseo_
Also some basic (but probably out of date) info on the API here:
[if you think this is the wrong approach then please provide a *strong* argument for another framework]
NB #2: To be clear, we don't require the design of new API, we'd like to "proxy" the existing one.
Rough ball-park "fixed-price" and hourly estimates appreciated.