javascript - Angular Auth against Laravel backend -

-

I am creating an app using Laravel to connect with an Angular Frontend and a small internal API I am creating.

I have a job, but to ensure that this is an acceptable way to enter the user, and to ensure that everything is safe.

Session Controller: Public Function Index () {Return Reaction: Jason (Aith :: Check); } Create a public function () {if (Auth :: check ()) {Return Redirect :: to ('/ admin'); } Return Redirect :: From ('/'); } Public Function Login (if (Aith :: Effort (array ('email' = & gt; Input :: JSON ('email'), 'password' = & gt; Input :: JSN ('password')) ) Return (Response Response :: Jason (Ath :: Username); // Return From Direct :: From ('/ Admin');} else {return Answer: Jason (array ('Flash' => Invalid user name or password '), 500);}} Public function logout () {Auth :: logout (); Return response :: Jason (array (' Flash '=>' Log out! ')); }

Virus root: 

  Root :: find ('auth / statu S ',' session controller @ index ');   
 angular factory:  
  app.factory (' at ', ["$ http", function ($ Http) {var Auth = {}; Auth.getAuthStatus = function () {$ http ({method: "GET", url: "/ auth / status", header: {"Content-type": "application / Json "}}. Success (Tasks) {If (data!) {Console.log ('unable to verify auth session');} and if (data) {console.log ('successful status' ); Console.log (data); // Return $ Scope.categories; Auth.status = Data; Return Auth.status;}});} Return Auth;}]);   
 Then I essentially wrap the whole app in something like "app controller" and declare the 'oth' factory as a dependency. Then I can call auth.getAuthStatus () and the user can hide / show things on the basis of the situation because it will be essentially SPA.  
 I know that seeing me / auth / status URI / killed by someone, and wondering how to do it. Like a general question, but any insights will be greatly appreciated. Thank you.   
 
 
 Great question I have answered before this one question before I say the same thing .  
 Authentication is slightly different in SPA because you almost completely separate your Larjal app and corner. Laravel takes care of recognition, logic, data, etc.  
 I highly recommend that you read the articles written below.  
 You can use Laravel's route filter to unofficially protect your users. However, since your Larez application has now become only a closing point, it will take heavy load in the form of authentication and authorization to the front frame.  
 Once you set up a root filter, which does not prevent authorized users  
 What do I mean by the examples given above:  
 You have The API endpoint is: / api / v1 / user / 15 9 / edit  
 The endpoint is one of the Restrain 7, and a user can be used to edit. Any software engineer or developer knows that this is a secure endpoint, and if authorized by your application, then send a request with data at that end point.  
 You only want user to be able to perform this action on 159, or administrator.  
 The solution is to those roles / groups / permissions that you want to call them. Set user permissions for your app in your anneller app and archive that data in the token issued possibly.  
 How to properly authenticate / authorize using the front-end JavaScript framework, read this great article (in AngularJS).  
 Article:

Comments

Post a Comment

Popular posts from this blog

php - PDO bindParam() fatal error -

-
I am trying to learn PDO, now I have written this small code, but it gives me a serious error: < P> Fatal error: Call a member function at a non-object dot () ... $ con = new mysqli ("127.0.0.1", "root", "", "csvdangercheck"); $ Query = $ con- & gt; ("Id,` var1`, `var2`) values ​​(" id,: var1,: var2) ";); $ query- & gt; bypass pattern (': id', $ id); $ query- & gt; BindParam (': var1', $ VAL1); $ Query- & gt; bindParam (': var2', $ val2); $ Query-> Executed (); I Trying to use print_r ($ con-> errorInfo ()) but Fatal error: Undefined method mysqli :: errorInfo ( ) ... can someone tell me what am I missing? Flaffeh said, you have PDO Missing Mysqy, try it: $ con = new PDO ('mysql: host = 127.0.0.1; dbname = csvdangercheck', 'root', '');
Read more

logging - How can I log both the Request.InputStream and Response.OutputStream traffic in my ASP.NET MVC3 Application for specific Actions? -

-
For a specific set of tasks, I need to log in to the incoming request inputstream as well as outgoing response. is. I am using an ActionFilterAttribute for this and overriding the OnActionExecuted and OnResultExecuted methods. So I'm starting with this idea ... Public category ActionLoggerAttribute: ActionFilterArrbit {Public Override Zero On-Offed Execution (ActionActioned Contact Filter Filter) {base.OnActionAxecuted (FilterContext); HttpRequestBase request = filterContext.HttpContext.Request; // TODO: Log the request. InputStream} Public Override Zero OnResultExecuted (ResultExecutedContext FilterContext) {base.OnResultExecuted (filterContext); HTTPRPSPointBase Response = FilterContacts Hpptex response; // TODO: Log on Response.OutputStream}} Ideally I'll hook it up with enterprise library logging because I'm already using it for error logging. Am I reaching the input and output stream at the right time? Can I easily use the Enterprise Library to log i
Read more

java - Why my included JSP file won't get processed correctly? -

-
I am trying to create Java web framework (and learning), and on the basis of 'Code Generator In the process of making the material view of the database in the process of development, I stumbled into a difficulty, which I do not know how to solve it. First of all, I want the following index.jsp : & lt; Body & gt; Use all pages to be created. & Lt;% @ include file = "header.jsp"% & gt; & Lt; Hours / & gt; & Lt;% @ included file = "body.jsp"%> & Lt; Hours / & gt; & Lt;% @ include file = "footer.jsp"% & gt; & Lt; / Body & gt; And, in body.jsp , I should have it like this: & lt; Jsp: include page = "$ {Application_modul}"%> Where application_modul is an attribute defined in its controller: request.setAttribute ("application_modul", "USER_ACCOUNT \\ ' View_user_account.jsp "); This file can be found properly, but the processed JSP does
Read more