javascript - Angular Auth against Laravel backend -

-

I am creating an app using Laravel to connect with an Angular Frontend and a small internal API I am creating.

I have a job, but to ensure that this is an acceptable way to enter the user, and to ensure that everything is safe.

Session Controller: Public Function Index () {Return Reaction: Jason (Aith :: Check); } Create a public function () {if (Auth :: check ()) {Return Redirect :: to ('/ admin'); } Return Redirect :: From ('/'); } Public Function Login (if (Aith :: Effort (array ('email' = & gt; Input :: JSON ('email'), 'password' = & gt; Input :: JSN ('password')) ) Return (Response Response :: Jason (Ath :: Username); // Return From Direct :: From ('/ Admin');} else {return Answer: Jason (array ('Flash' => Invalid user name or password '), 500);}} Public function logout () {Auth :: logout (); Return response :: Jason (array (' Flash '=>' Log out! ')); }

Virus root: 

  Root :: find ('auth / statu S ',' session controller @ index ');   
 angular factory:  
  app.factory (' at ', ["$ http", function ($ Http) {var Auth = {}; Auth.getAuthStatus = function () {$ http ({method: "GET", url: "/ auth / status", header: {"Content-type": "application / Json "}}. Success (Tasks) {If (data!) {Console.log ('unable to verify auth session');} and if (data) {console.log ('successful status' ); Console.log (data); // Return $ Scope.categories; Auth.status = Data; Return Auth.status;}});} Return Auth;}]);   
 Then I essentially wrap the whole app in something like "app controller" and declare the 'oth' factory as a dependency. Then I can call auth.getAuthStatus () and the user can hide / show things on the basis of the situation because it will be essentially SPA.  
 I know that seeing me / auth / status URI / killed by someone, and wondering how to do it. Like a general question, but any insights will be greatly appreciated. Thank you.   
 
 
 Great question I have answered before this one question before I say the same thing .  
 Authentication is slightly different in SPA because you almost completely separate your Larjal app and corner. Laravel takes care of recognition, logic, data, etc.  
 I highly recommend that you read the articles written below.  
 You can use Laravel's route filter to unofficially protect your users. However, since your Larez application has now become only a closing point, it will take heavy load in the form of authentication and authorization to the front frame.  
 Once you set up a root filter, which does not prevent authorized users  
 What do I mean by the examples given above:  
 You have The API endpoint is: / api / v1 / user / 15 9 / edit  
 The endpoint is one of the Restrain 7, and a user can be used to edit. Any software engineer or developer knows that this is a secure endpoint, and if authorized by your application, then send a request with data at that end point.  
 You only want user to be able to perform this action on 159, or administrator.  
 The solution is to those roles / groups / permissions that you want to call them. Set user permissions for your app in your anneller app and archive that data in the token issued possibly.  
 How to properly authenticate / authorize using the front-end JavaScript framework, read this great article (in AngularJS).  
 Article:

Comments

Post a Comment

Popular posts from this blog

php - PDO bindParam() fatal error -

-
I am trying to learn PDO, now I have written this small code, but it gives me a serious error: Fatal error: Call a member function at a non-object dot () ... $ con = new mysqli ("127.0.0.1", "root", "", "csvdangercheck"); $ Query = $ con- & gt; ("Id,` var1`, `var2`) values ​​(" id,: var1,: var2) ";); $ query- & gt; bypass pattern (': id', $ id); $ query- & gt; BindParam (': var1', $ VAL1); $ Query- & gt; bindParam (': var2', $ val2); $ Query-> Executed (); I Trying to use print_r ($ con-> errorInfo ()) but Fatal error: Undefined method mysqli :: errorInfo ( ) ... can someone tell me what am I missing? Flaffeh said, you have PDO Missing Mysqy, try it: $ con = new PDO ('mysql: host = 127.0.0.1; dbname = csvdangercheck', 'root', '');
Read more

php - How can I cram 6+31 numeric characters into 22 alphanumeric characters? -

-
I have a 6 digit number and a 31-digit number (such as "234536" and "201103231043330478311223582826") that I The API needs to be crawled in the same 22-character alphanumeric field that uses PHP. I tried to convert each one to 32 (using custom code could not handle the base_convert () large number) and to connect with a single-character delimiter, but It only gives me 26 characters This is a restore API, so the letters should be URI-protected. I would like to do a database table cross with two references without reference to another reference value, if possible, any suggestions? Instead use a radix of 62. This will give you 22 characters for the top, 3.35 for the pre and 17.3 for the next. & gt; & Gt; & Gt; Math.log (10 ** 6) /math.log (62) 3.3474826039165504 & gt; & Gt; & Gt; Math.log (10 ** 31) /math.log (62) 17.295326786902177
Read more

logging - How can I log both the Request.InputStream and Response.OutputStream traffic in my ASP.NET MVC3 Application for specific Actions? -

-
For a specific set of tasks, I need to log in to the incoming request inputstream as well as outgoing response. is. I am using an ActionFilterAttribute for this and overriding the OnActionExecuted and OnResultExecuted methods. So I'm starting with this idea ... Public category ActionLoggerAttribute: ActionFilterArrbit {Public Override Zero On-Offed Execution (ActionActioned Contact Filter Filter) {base.OnActionAxecuted (FilterContext); HttpRequestBase request = filterContext.HttpContext.Request; // TODO: Log the request. InputStream} Public Override Zero OnResultExecuted (ResultExecutedContext FilterContext) {base.OnResultExecuted (filterContext); HTTPRPSPointBase Response = FilterContacts Hpptex response; // TODO: Log on Response.OutputStream}} Ideally I'll hook it up with enterprise library logging because I'm already using it for error logging. Am I reaching the input and output stream at the right time? Can I easily use the Enterprise Library to log i...
Read more