Blocking routes for non-logged-in users

Asked

Viewed 290 times

0

I’m doing an application and now that it’s almost complete I was testing the attacks. I realized that with ngRoute routes the application is vulnerable to url entries.

For example, the application starts redirecting to the login page, but if I go to the url and type the name of a specific page, it enters without logging in. Thanks to the token, the user cannot make any interaction with the application, but still he has access to content that does not request the back.

My situation, I searched the internet and found something about an attribute in the called Angularjs resolves. I tried to implement it, but without success. The question, is there any way in Angularjs to block all routes for those who are not logged in? If yes, how?

angularjs login laravel-routes

1 answer

0

I usually do like this, maybe I’ll be useful to you:

app.module.js file

angular.module('ModuloDaApp', ['LoginController', 'AdminController', 'UserController', 'ngRoute'])
    .run(preAtivador);

function preAtivador($rootScope, $location) {
    $rootScope.$on('$routeChangeStart', function(event, next, current) {
        if ($location.path() == '/login') {
            localStorage.clear();
        }
        if (next.authorize) {
            if (!localStorage.token) {
                event.preventDefault();
                $location.path('#!/login');
            }
        }
    });
}
preAtivador.$inject = ['$rootScope', '$location'];

app.routes.js file

angular.module('ModuloDaApp')
    .config(config);

function config($routeProvider) {
    $routeProvider
        .when('/login', {
            templateUrl: '../views/login.html',
            controller: 'LoginController',
            controllerAs: 'Login'
        })
        .when('/profile/admin', {
            templateUrl: '../views-admin/profile.html',
            controller: 'AdminController',
            controllerAs: 'Admin',
            authorize: true
        })
        .when('/profile/user', {
            templateUrl: '../views-user/profile.html',
            controller: 'UserController',
            controllerAs: 'User',
            authorize: true
        })
        .otherwise({
            redirectTo: '/login'
        })
    // $locationProvider.html5Mode(true);
}
config.$inject = ['$routeProvider']

  • This Authorize: true , serves to block by hierarchy right? I will test this form, thanks for the answer beast.

  • Vlw ai fera, but it didn’t work. I can still access other pages via url without being logged in.

  • that authorize: true adds a parameter called authorize with true value the route. This value is recovered in the method preAtivador in if (next.authorize), if the attribute is set it enters that if.

  • in my case I have an object in LocalStorage called token, this is an access token that the user receives when logging in. If you use another form of login and access you can do,: localStorage.logado = true hence replace the localStorage.token for localStorage.logado

  • Vlw man, I’m going to test it now. I use token to validate login, hopefully it’s easy to implement and functional this localStorage.token = true ^^

Browser other questions tagged angularjs login laravel-routes

You are not signed in. Login or sign up in order to post.