For our RESTful API, we are going to use Sails. Sails is a great MVC framework built on top of express.js. Sails has rich scaffolding, that allows developers to create RESTful api endpoints without writing almost any code. It comes with built-in support for websockets and, seamless integration of various databases and out of the box data validation. The docs are also pretty good, and once you get a hang of it, you are going to start to really like it. Although the framework aims to be the node version of Ruby, Django or Laravel, it is still in it’s infancy, so dont expect to much from it in terms of advanced database manipulation or flawless performance.

There are still many quirks that need to be fixed, many Waterline adapter problems that need to be solved, and if you try to build a fully optimized app with it sooner or later you will find your self in a position where you will have to create some functionalities that you thought were taken care of by the framework. But,iIts 11,000 starts on github are the best indicator that that wont be the case for long. All in all i think it has a bright future. So would i use it on a serious production level? Probably not. But for the purposes of this tutorial, or some smaller projects, for anyone trying to learn node and have some fun, it is an excellent choice, so let’s get started!

First we are going to install sails globaly

Now that we have global access to sails CLI, we are going to create a new project and move into it.

If you list your directory (type ‘ls’ here), you will see that sails has generated our basic app structure:

If you run

command, you will see all the steps sails has taken to bootstrap our app, from loading our models, adapters, controllers, services, and various other middleware, to creating our routes and lifting our server. By default, sails uses grunt as its task runner, and on the end of our console output, you can see all the tasks grunt has completed. In the tasks folder, you can see grunt scripts for transpiling coffeescript, parsing less, concatenating and minfiying your code, as well as building your static assets. But,  as we are building a purely RESTful api, we are not going to need it. We could simply delete the tasks folder and Gruntfile.js in our root, but there is a better approach.

In .sailsrc file in the root folder, add the grunt:false hook, and point your assets folder to be the public folder of your app. Now, the file should look like this:

I guess we could have created our project with ‘sails new api.discovery --no-frontend' to omit the assets folder and front-end-oriented Grunt tasks, but where is the fun in that 🙂

Also, this way we got everything covered in case we want to serve some html later on.
Now, lets create some stuff to allow our users to register to our api.


In case you were wondering, sails does not have us covered here. It suggests using passport.js as documented here. For different types of authentication, passport offers different strategies, covering  almost every service you can think of.  Although passport.js is the very popular authentication middleware for express apps, we will resort to using JWT’s. But feel free to investigate further and include other strategies so we can allow our users to easily login via google, facebook, twitter or some other service.

As authentication is not really the point of this tutorial, i will borrow the code from Sabbir Ahmed as he covered it brilliantly. Beware, i have changed the name of model from “Users” to “User” as i find it more convenient.

First we need to instal jsonwebtoken and bycrypt to get necessary dependencies.

After that,  create a service called “jwToken” that is responsible for issuing and verifying our tokens.

Next, we create the  User.js model containing all the needed functionalities, password encryption and a very insightful toJson function override, to prevent revealing our password.

Next, we override “create” action for user sign-up in the UserController.js

Our main authentication controller for authenticating users. AuthController.js

And finnaly, an isAuthorized policy in our policies.js to check if a user has valid token in the request header.

And that’s it!  We got our basic user routes and auth middleware up and running. As Sabbir has put it: Lift the sails and fire up Postman.
Send a get request to /user:

Ok! Now lets create a user by sending a post request to /user with email, password & confirmPassword:

Now when we have a token, we can use to access privileged routes.
Once again send a get request to /user with a Authorization header with a value of Bearer [paste the token] : and you should see the valid response.

Beware that Sails opens up all your routes by default, so if you ever open your API, be sure that you have edited the blueprints file and opened up and secured only the endpoints you want.

That is all for our first tutorial. Next we will be covering MongoDB installation and creating our pin posting and finding logic.

You can read more about this here ->