问题
I have just started out working with an AngularJS app I'm developing, everything is going well but I need a way of protecting routes so that a user wouldn't be allowed to go to that route if not logged in. I understand the importance of protecting on the service side also and I will be taking care of this.
I have found a number of ways of protecting the client, one seems to use the following
$scope.$watch(
function() {
return $location.path();
},
function(newValue, oldValue) {
if ($scope.loggedIn == false && newValue != '/login') {
$location.path('/login');
}
}
);
where do I need to put this, in the .run in the app.js?
And the other way I have found is using a directive and using an on - routechagestart
the info is here http://blog.brunoscopelliti.com/deal-with-users-authentication-in-an-angularjs-web-app
I would really be interested in anyones help and feedback on the recommended way.
回答1:
Using resolves should help you out here: (code not tested)
angular.module('app' []).config(function($routeProvider){
$routeProvider
.when('/needsauthorisation', {
//config for controller and template
resolve : {
//This function is injected with the AuthService where you'll put your authentication logic
'auth' : function(AuthService){
return AuthService.authenticate();
}
}
});
}).run(function($rootScope, $location){
//If the route change failed due to authentication error, redirect them out
$rootScope.$on('$routeChangeError', function(event, current, previous, rejection){
if(rejection === 'Not Authenticated'){
$location.path('/');
}
})
}).factory('AuthService', function($q){
return {
authenticate : function(){
//Authentication logic here
if(isAuthenticated){
//If authenticated, return anything you want, probably a user object
return true;
} else {
//Else send a rejection
return $q.reject('Not Authenticated');
}
}
}
});
回答2:
Another way of using the resolve attribute of the $routeProvider:
angular.config(["$routeProvider",
function($routeProvider) {
"use strict";
$routeProvider
.when("/forbidden", {
/* ... */
})
.when("/signin", {
/* ... */
resolve: {
access: ["Access", function(Access) { return Access.isAnonymous(); }],
}
})
.when("/home", {
/* ... */
resolve: {
access: ["Access", function(Access) { return Access.isAuthenticated(); }],
}
})
.when("/admin", {
/* ... */
resolve: {
access: ["Access", function(Access) { return Access.hasRole("ADMIN"); }],
}
})
.otherwise({
redirectTo: "/home"
});
}]);
This way, if Access does not resolve the promise, the $routeChangeError event will be fired:
angular.run(["$rootScope", "Access", "$location",
function($rootScope, Access, $location) {
"use strict";
$rootScope.$on("$routeChangeError", function(event, current, previous, rejection) {
if (rejection == Access.UNAUTHORIZED) {
$location.path("/login");
} else if (rejection == Access.FORBIDDEN) {
$location.path("/forbidden");
}
});
}]);
See the full code on this answer.
来源:https://stackoverflow.com/questions/17209203/angularjs-protecting-routes-with-angularjs-depending-if-the-user-is-authorized