approov
diff --git a/‎servers/hello/Dockerfile renamed to ‎Dockerfile b/‎servers/hello/Dockerfile renamed to ‎Dockerfile
diff --git a/‎EXAMPLES.md
Lines changed: 113 additions & 0 deletions b/‎EXAMPLES.md
Lines changed: 113 additions & 0 deletions
diff --git a/‎OVERVIEW.md
Lines changed: 55 additions & 0 deletions b/‎OVERVIEW.md
Lines changed: 55 additions & 0 deletions
diff --git a/‎QUICKSTARTS.md
Lines changed: 51 additions & 0 deletions b/‎QUICKSTARTS.md
Lines changed: 51 additions & 0 deletions
@@ -0,0 +1,113 @@
+# Approov Integrations Examples
+
+[Approov](https://approov.io) is an API security solution used to verify that requests received by your backend services originate from trusted versions of your mobile apps, and here you can find the Hello servers examples that are the base for the Approov [quickstarts](/docs) for NodeJS.
+
+For more information about how Approov works and why you should use it you can read the [Approov Overview](/OVERVIEW.md) at the root of this repo.
+
+If you are looking for the Approov quickstarts to integrate Approov in your NodeJS API server then you can find them [here](/QUICKSTARTS.md).
+
+
+## Hello Server Examples
+
+To learn more about each Hello server example you need to read the README for each one at:
+
+* [Unprotected Server](./servers/hello/src/unprotected-server)
+* [Approov Protected Server - Token Check](./servers/hello/src/approov-protected-server/token-check)
+* [Approov Protected Server - Token Binding Check](./servers/hello/src/approov-protected-server/token-binding-check)
+
+
+## Docker Stack
+
+The docker stack provided via the `docker-compose.yml` file in this folder is used for development proposes and if you are familiar with docker then feel free to also use it to follow along the examples on the README of each server.
+
+If you decide to use the docker stack then you need to bear in mind that the Postman collections, used to test the servers examples, will connect to port `8002` therefore you cannot start all docker compose services at once, for example with `docker-compose up`, instead you need to run one at a time as exemplified below.
+
+### Setup Env File
+
+Do not forget to properly setup the `.env` file in the root of each Approov protected server example before you run the server with the docker stack.
+
+```bash
+cp ./servers/hello/src/approov-protected-server/token-check/.env.example ./servers/hello/src/approov-protected-server/token-check/.env
+cp ./servers/hello/src/approov-protected-server/token-binding-check/.env.example ./servers/hello/src/approov-protected-server/token-binding-check/.env
+```
+
+Edit each file and add the [dummy secret](/TESTING.md#the-dummy-secret) to it in order to be able to test the Approov integration with the provided [Postman collection](https://github.com/approov/postman-collections/blob/master/quickstarts/hello-world/hello-world.postman_curl_requests_examples.md).
+
+
+### Build the Docker Stack
+
+The three services in the `docker-compose.yml` use the same Dockerfile, therefore to build the Docker image we just need to used one of them:
+
+```bash
+sudo docker-compose build approov-token-binding-check
+```
+
+Now, you are ready to start using the Docker stack for NodeJS.
+
+
+### Command Examples
+
+To run each of the Hello servers with docker compose you just need to follow the respective example below.
+
+#### For the unprotected server
+
+Run the container attached to your machine bash shell:
+
+```bash
+sudo docker-compose up unprotected-server
+```
+
+or get a bash shell inside the container:
+
+```bash
+sudo docker-compose run --rm --service-ports unprotected-server zsh
+```
+
+#### For the Approov Token Check
+
+Run the container attached to the shell:
+
+```bash
+sudo docker-compose up approov-token-check
+```
+
+or get a bash shell inside the container:
+
+```bash
+sudo docker-compose run --rm --service-ports approov-token-check zsh
+```
+
+#### For the Approov Token Binding Check
+
+Run the container attached to the shell:
+
+```bash
+sudo docker-compose up approov-token-binding-check
+```
+
+or get a bash shell inside the container:
+
+```bash
+sudo docker-compose run --rm --service-ports approov-token-binding-check zsh
+```
+
+
+## Issues
+
+If you find any issue while following the example then just open an issue on this repo with the steps to reproduce it and we will help you to solve them.
+
+
+## Useful Links
+
+If you wish to explore the Approov solution in more depth, then why not try one of the following links as a jumping off point:
+
+* [Approov Free Trial](https://approov.io/signup)(no credit card needed)
+* [Approov Get Started](https://approov.io/product/demo)
+* [Approov QuickStarts](https://approov.io/docs/latest/approov-integration-examples/)
+* [Approov Docs](https://approov.io/docs)
+* [Approov Blog](https://approov.io/blog/)
+* [Approov Resources](https://approov.io/resource/)
+* [Approov Customer Stories](https://approov.io/customer)
+* [Approov Support](https://approov.zendesk.com/hc/en-gb/requests/new)
+* [About Us](https://approov.io/company)
+* [Contact Us](https://approov.io/contact)
@@ -0,0 +1,55 @@
+# Approov Overview
+
+[Approov](https://approov.io) is an API security solution used to verify that requests received by your backend services originate from trusted versions of your mobile apps.
+
+
+## Why?
+
+You can learn more about Approov, the motives for adopting it, and more detail on how it works by following this [link](https://approov.io/product). In brief, Approov:
+
+* Ensures that accesses to your API come from official versions of your apps; it blocks accesses from republished, modified, or tampered versions
+* Protects the sensitive data behind your API; it prevents direct API abuse from bots or scripts scraping data and other malicious activity
+* Secures the communication channel between your app and your API with [Approov Dynamic Certificate Pinning](https://approov.io/docs/latest/approov-usage-documentation/#approov-dynamic-pinning). This has all the benefits of traditional pinning but without the drawbacks
+* Removes the need for an API key in the mobile app
+* Provides DoS protection against targeted attacks that aim to exhaust the API server resources to prevent real users from reaching the service or to at least degrade the user experience.
+
+
+## How it works?
+
+This is a brief overview of how the Approov cloud service and the backend server fit together from a backend perspective. For a complete overview of how the mobile app and backend fit together with the Approov cloud service and the Approov SDK we recommend to read the [Approov overview](https://approov.io/product) page on our website.
+
+### Approov Cloud Service
+
+The Approov cloud service attests that a device is running a legitimate and tamper-free version of your mobile app.
+
+* If the integrity check passes then a valid token is returned to the mobile app
+* If the integrity check fails then a legitimate looking token will be returned
+
+In either case, the app, unaware of the token's validity, adds it to every request it makes to the Approov protected API(s).
+
+### The Backend Server
+
+The backend server ensures that the token supplied in the `Approov-Token` header is present and valid. The validation is done by using a shared secret known only to the Approov cloud service and the backend server.
+
+The request is handled such that:
+
+* If the Approov Token is valid, the request is allowed to be processed by the API endpoint
+* If the Approov Token is invalid, an HTTP 401 Unauthorized response is returned
+
+You can choose to log JWT verification failures, but we left it out on purpose so that you can have the choice of how you prefer to do it and decide the right amount of information you want to log.
+
+
+## Useful Links
+
+If you wish to explore the Approov solution in more depth, then why not try one of the following links as a jumping off point:
+
+* [Approov Free Trial](https://approov.io/signup)(no credit card needed)
+* [Approov Get Started](https://approov.io/product/demo)
+* [Approov QuickStarts](https://approov.io/docs/latest/approov-integration-examples/)
+* [Approov Docs](https://approov.io/docs)
+* [Approov Blog](https://approov.io/blog/)
+* [Approov Resources](https://approov.io/resource/)
+* [Approov Customer Stories](https://approov.io/customer)
+* [Approov Support](https://approov.zendesk.com/hc/en-gb/requests/new)
+* [About Us](https://approov.io/company)
+* [Contact Us](https://approov.io/contact)
@@ -0,0 +1,51 @@
+# Approov Integration Quickstarts
+
+[Approov](https://approov.io) is an API security solution used to verify that requests received by your backend services originate from trusted versions of your mobile apps.
+
+
+## The Quickstarts
+
+The quickstart code for the Approov backend server is split into two implementations. The first gets you up and running with basic token checking. The second uses a more advanced Approov feature, _token binding_. Token binding may be used to link the Approov token with other properties of the request, such as user authentication (more details can be found [here](https://approov.io/docs/latest/approov-usage-documentation/#token-binding)).
+* [Approov token check quickstart](/docs/APPROOV_TOKEN_QUICKSTART.md)
+* [Approov token check with token binding quickstart](/docs/APPROOV_TOKEN_BINDING_QUICKSTART.md)
+
+Both the quickstarts are built from the unprotected example server defined [here](/servers/hello/src/unprotected-server/hello-server-unprotected.js), thus you can use Git to see the code differences between them.
+
+Code difference between the Approov token check quickstart and the original unprotected server:
+
+```
+git diff --no-index servers/hello/src/unprotected-server/hello-server-unprotected.js servers/hello/src/approov-protected-server/token-check/hello-server-protected.js
+```
+
+You can do the same for the Approov token binding quickstart:
+
+```
+git diff --no-index servers/hello/src/unprotected-server/hello-server-unprotected.js servers/hello/src/approov-protected-server/token-binding-check/hello-server-protected.js
+```
+
+Or you can compare the code difference between the two quickstarts:
+
+```
+git diff --no-index servers/hello/src/approov-protected-server/token-check/hello-server-protected.js servers/hello/src/approov-protected-server/token-binding-check/hello-server-protected.js
+```
+
+
+## Issues
+
+If you find any issue while following our instructions then just report it [here](https://github.com/approov/quickstart-nodejs-express-token-check/issues), with the steps to reproduce it, and we will sort it out and/or guide you to the correct path.
+
+
+## Useful Links
+
+If you wish to explore the Approov solution in more depth, then why not try one of the following links as a jumping off point:
+
+* [Approov Free Trial](https://approov.io/signup)(no credit card needed)
+* [Approov Get Started](https://approov.io/product/demo)
+* [Approov QuickStarts](https://approov.io/docs/latest/approov-integration-examples/)
+* [Approov Docs](https://approov.io/docs)
+* [Approov Blog](https://approov.io/blog/)
+* [Approov Resources](https://approov.io/resource/)
+* [Approov Customer Stories](https://approov.io/customer)
+* [Approov Support](https://approov.zendesk.com/hc/en-gb/requests/new)
+* [About Us](https://approov.io/company)
+* [Contact Us](https://approov.io/contact)