This is a simple project, we have an API developed with Node.js and we would like to add security to it. The API is now consumed by mobile apps (ios and android). Both projects are being developed and this project would help us to be production ready.
Currently the mobile app logs in using username and password which we have stored in our database for each user in plain text. All the other exposed methods do not have authentication.
We need to secure the API in order to allow access to methods only to authenticated users. Those users would be authenticated during the 'login' method providing us what might be more secure. e.g. username and hashed password.
The others methods we would like to be authenticated using a sort of token generated after the 'login' method and shared with the app. The token could be a hash containing current day of week in order to expire the following day.
Passportjs provides different strategies and we want you to set up a running example for us.
We won't provide our code because this code we could manage to make ir work with our development team.
We need the client side too, a simple jquery mobile that logs in using the API.
In the future the API will be consumed by AngularJS too.