We are quite new to Sails JS.
Using Sails JS (V 0.12.13) inside our company locally, we are now to the point of granting access to our customers. We would like to implement few layers of access (Global admin, global user, customer admin, and customer user (possibly others but not yet)). We would also like to manage customer pages individually (customer1.app.com, customer2.app.com...).
Because we don't need social login, just local users, we've counted out Passport.
Is the best practice to go with Sails policies and access control ? We found this in Sails documentation (https://sailsjs.com/documentation/concepts/policies/access-control-and-permissions) but as it is in the V 1. doc we don't know if we can use in with sails 0.12.13.
Or would something like Sails-Permissions (https://github.com/trailsjs/sails-permissions) be more appropriate to manage users ?
Also, from the Sails.JS in Action book, they use machine-packs to encrypt passwords and manage logins. Those package looks ratter old, so we are wondering if they are still "safe" to use in a 2018 app.
Sails policies are certainly a good practice, and you can use them in v0.12 v0.12 docs, yes I agree that machine-packs are pretty old, but you can use npm modules and wrap them in helpers, for encrypting passwords for example, you can use beforeCreate to encrypt the password before saving to the database.