Sails JS security [DRAFT]

This is a checklist I am creating for myself to secure different areas of a SailsJS application I am developing these days.

For API security:

For user authentication and thirdparty login: PassportJS


This was really important as sails by default allows CRUD operations with both GET and POST so to avoid CSRF I added the following path to the routs.js

I will keep adding more stuff so please feel free to comment if you think I missing something.

Sails JS + AngularJS error: CSRF mismatch

I was trying to build signup functionality with AngularJS frontend and sailsjs backend rest API. I created a simple angular post request but it was giving me following error in the browser:

CSRF mismatch

so I added the following lines to the top of post request:

Now it’s working like a charm. Please feel free to comment if you like this solution or have a better solution.

Guide: How to Deploy Meteor / Telescope on Centos

Deploying meteor or telescope can be tricky sometimes especially when it comes to centos support. Here are the steps I am following to deploy my meteor app.

Development Environment:

  • OSX

Production Environment:

  • Linode 1GB
  • Centos 7
  • Apache

Software Stack on production:

  • Mongo DB
  • Node.js 0.10.35
  • NodeJS “Forever” module to start application in the background

I am not using NGINX as most of the people suggest as I already have a lot of applications running on Apache.

Just make sure that all the development libraries are available:

 Install Node.js

Install MongoDB

Create a /etc/yum.repos.d/mongodb.repo file to hold the following configuration information for the MongoDB repository:

For 64 bit:

For 32 bit:


The server setup is done. Please don’t need that you don’t need to install meteor or telescope in your production environment.

Package your app

On your local (development) machine, go to your meteor / telescope app directory and enter the following command:

It will build a new directory in your app directory named “yourapp_prod” It contains the bundle of your app. Compress yourapp_prod and upload to your servers home directory.

Push app to server

Make sure the port is free. If it is not free, you can use 3000 instead of 8080. Uncompress the file in your server’s /home directory and try start your app in the following series of commands:

It might give the following error that I am not sure about:
Error: /home/yourapp_prod/bundle/programs/server/npm/npm-bcrypt/node_modules/bcrypt/build/Release/bcrypt_lib.node: invalid ELF header
at Module.load (module.js:356:32)
at Function.Module._load (module.js:312:12)
at Module.require (module.js:364:17)
at require (module.js:380:17)
at bindings (/home/yourapp_prod/bundle/programs/server/npm/npm-bcrypt/node_modules/bcrypt/node_modules/bindings/bindings.js:74:15)
at Object.<anonymous> (/home/yourapp_prod/bundle/programs/server/npm/npm-bcrypt/node_modules/bcrypt/bcrypt.js:1:97)
at Module._compile (module.js:456:26)
at Object.Module._extensions..js (module.js:474:10)
at Module.load (module.js:356:32)
at Function.Module._load (module.js:312:12)

But there is a fix for that:

Let’s try to run the app again:

It should work ok now. Try to enter http://yourapp_domain:8080/ in the browser and it should work.

But the problem is if you quit your terminal, your app will stop working. You can install node “forever” module to run your app in the background.

But you don’t want to make it work with http://yourapp_domain:8080/, you want to make it work with http://yourapp_domain/

You can configure a reverse proxy in your apache configuration. In case of Centos 7, you need to create some file like /etc/httpd/conf.d/yourapp_domain.conf. The contents of the file will be something like:

In my case, the app is running at port 8080, you can change the port number accordingly.

Restart apache now and your are DONE.

If you want more support or want to hire me, feel free to write in comments on write me directly at

Load masonry after all the images are loaded

The team decided to make the homepage of like Pinterest or Challenging, but thanks to the Masonry. Masonry was working absolutely fine on localhost but on the server it looks a bit messed up.

The reason was that on slow connections Masonry was being loaded before all images gets loaded in the browser so looked a bit messed up. So I loaded masonry in the following code:

And it worked like a charm. Here is the new homepage:

Screen Shot 2014-12-24 at 1.07.27 pm

Please feel free to share better solutions.

No package php-pecl-memcached available.

I was trying to install memcached on a centos 6.6 machine but when I run yum install php php-pecl-memcached, I was getting the error “No package php-pecl-memcached available.” I resolved it using the following method:

  • Open yum.conf that might be available at /etc/yum.conf
  • Find the line starting with exclude=
  • Remove “php” from that line. As it is preventing any package to install that was starting with “php”
  • Save the file yum.conf.

Now run the following command again:

It was ok.