security on a node level ?

[darude sandstorm]

Hi there,

lets say you have a foxx-service called /update-review and you can send a json document( updated review) to it.

I want the service to return an error in case the user is not allowed to update the review.

So there must be some kind of security token send with the json document

This token then must be resolved to the userId  and the "review" document needs a field called "owner": $userId

If they match the foxx-service updates the review, if they dont it sends an error right?

At least thats how i imagine it to be. Is there any built in solution to handle this?

If i implement it myself im scared of messing it up.

Also the tokens would be send over http and not https which is kind of bad practice isnt it?