问题
I am stuck in a issue that happens when user manually changes the route in browser tab and presses enter. This forces my ui-router/angular2-router to navigate to the state entered by user. I want to prevent this and allow routing only through the flow I have implemented by button clicks in my website.
回答1:
Its 2018! Angular 5 is here and so is the solution to this issue. BAMM its CanActivate Interface that a class can implement to be a guard deciding if a route can be activated.
We can add this functionality and prevent the access to some of our routes based on the conditions we define. A service for eg AuthGuard that implements the CanActivate interface and defines the canActivate method can be added to route configuration.
class Permissions {
canGoToRoute(user: UserToken, id: string): boolean {
return true;
}
}
@Injectable()
class AuthGuard implements CanActivate {
constructor(private permissions: Permissions, private currentUser: UserToken) {}
canActivate(
route: ActivatedRouteSnapshot,
state: RouterStateSnapshot
): Observable<boolean>|Promise<boolean>|boolean {
return this.permissions.canGoToRoute(this.currentUser, route.params.id);
}
}
If we have a route that we want to protect access to against some condition, we add the guard as follows:
const appRoutes: Routes = [
{ path: 'crisis-center', component: CrisisListComponent },
{
path: 'heroes',
canActivate: [AuthGuard],
component: HeroListComponent,
data: { title: 'Heroes List' }
},
{ path: '',
redirectTo: '/heroes',
pathMatch: 'full'
},
{ path: '**', component: PageNotFoundComponent }
];
Here the route heroes and all its children have a layer of guard over it. Hence based on the boolean value returned by the AuthGuard service the user will be allowed or denied access to this route.
回答2:
You can import router in the constructor of a guard. This router instance will have the current URL. ActivatedRouteSnapshot and RouterStateSnapshot in canActivate will contain the URL that the user is attempting to access.
The below example prevents users from directly accessing a route from an outside page.
import { Injectable } from '@angular/core';
import { CanActivate, ActivatedRouteSnapshot, RouterStateSnapshot, Router } from '@angular/router';
import { Observable } from 'rxjs/Observable';
@Injectable()
export class DirectAccessGuard implements CanActivate {
constructor(private router: Router) {}
canActivate(
next: ActivatedRouteSnapshot,
state: RouterStateSnapshot): Observable<boolean> | Promise<boolean> | boolean {
// If the previous URL was blank, then the user is directly accessing this page
if (this.router.url === '/') {
this.router.navigate(['']); // Navigate away to some other page
return false;
}
return true;
}
}
Add this guard to your routing module
{ path: 'signup/:type/:step', component: SignupComponent, canActivate: [DirectAccessGuard] }
回答3:
Seems to be an old issue but i was also stuck here until i got just a thing working for my application.
What you can do to discourage direct browser url manipulation is :
1) Have a static boolean field in your application exported throughout. Let's say it's Helper.isNextStep (save the file as helper.ts).
export class Helper {
static isNextStep: boolean; }
2) Set this static field to false on a page view (easily done in app.component.ts constructor) as :
import {Helper} from '../path/to/helper.ts'
export class AppComponent {
constructor() {
location.onPopState(() => {
Helper.isNextStep = false;
})
}}
3) Have the canActivate gaurd set up like :
import { Helper } from '../path/to/helper.ts'
import { CanActivate } from '@angular/router/router';
import { Router, ActivatedRouteSnapshot, RouterStateSnapshot } from '@angular/router';
@Injectable()
export class AuthGuard implements CanActivate {
constructor(public zone: NgZone, public router: Router) {
}
canActivate(): boolean {
if (!Helper.isNextStep) {
this.zone.run(() => {
this.router.navigate(['']) //you can redirect user to any page here ( Optional )
})
return false; //block navigation
}
else {
return Helper.isNextStep || true; // allow navigation
}
}
4) Have this canActivate gaurd provided in app.module.ts
providers: [ AuthGaurd ]
and app.route.ts :
{
path: 'step2',
component: ProductOverviewComponent,
canActivate: [AuthGuard]
},
After all this... you simply need to set the Helper.isNextStep equal to true wherever you will use navigation in your app. (For example a button click that calls a function, so before navigating simply set the static field to true )
someButtonClickFunction() {
Helper.isNextStep = true;
this.zone.run(() => {
this.router.navigate(['/step1']);
});
}
When the next page is loaded it will automatically be set back to false, not allowing url to change.
回答4:
The $stateChangeStart event is the proper place to handle this. This event will fire when you try to navigate to a URL. At that point you can check if the user is authenticated, and if not, bounce them back to login.
You would hook up the event like this :
angular
.module('myApp')
.run(function ($rootScope, $state, authFactory) {
$rootScope.$on('$stateChangeStart', function () {
//if user is not logged in
if(!authFactory.isAuthed()){
$state.go('login')
}
})
});
Hope it helps.
回答5:
canActivate(next: ActivatedRouteSnapshot, state: RouterStateSnapshot): boolean {
if (this.auth.fnGetToken()) { //check token
const role = this.auth.fnGetLoginUser(); //get login user data
if (role.selRole !== 'admin' && (state.url === '/users' || state.url === '/users/')) {
this.router.navigate(['contacts']);
return false;
} else {
return true;
}
} else {
this.router.navigate(['Login']);
return false;
}
}
来源:https://stackoverflow.com/questions/36277506/prevent-routing-in-angular-when-user-manually-changes-url-in-browser-tab