Is it bad practice to check Auth in the Components I want to crash?

Asked

Viewed 49 times

0

I have the following authentication logic

 initAuthListener() {
    this.afAuth.authState.subscribe(user => {
        if (user) {
            this.store.dispatch(new Auth.SetAuthenticated());
            this.router.navigate(['/training']);
        } else {
            this.trainingServices.cancelSubscriptions();
                this.store.dispatch(new Auth.SetUnauthenticated());
                this.router.navigate(['/login']);
        }
    });
}

How the.Component app was 

 ngOnInit(): void {
this.authService.initAuthListener();
                 }

Every first call on the page went to /login, so I passed the check to training.Component, which is where you need to get authorization.

Is it a bad practice? What would be my alternative?

I modified it this way, apparently it’s okay:

initAuthListener() {
    this.afAuth.authState.subscribe(user => {
        if (user) {
            this.store.dispatch(new Auth.SetAuthenticated());
            this.router.navigate(['/training']);
        } else {
             if((this.ROTAS_LIBERADAS.includes(this.router.url))){
                    this.trainingServices.cancelSubscriptions();
                    this.store.dispatch(new Auth.SetUnauthenticated());
                }else{
                    this.trainingServices.cancelSubscriptions();
                    this.store.dispatch(new Auth.SetUnauthenticated());
                    this.router.navigate(['/login']);
                }
        }
    });
}
angular authentication

  • better you use a router Guard https://angular.io/guide/router#canload-Guard-Guarding-unauthorized-loading-of-Feature-modules

  • @Eduardovargas thanks for the tip, I’ll give a read on the doc you gave me. I looked over and it looks like that’s what I’m wearing, but I could be wrong.

  • then answering about the bad practice I did it before, I preferred to save a token in the cokkies and then check it in the backend axo Middle that wears less the server, imagine every click you have to make a request

1 answer

0


The practice that use is described in the angular doc using a service with a method called Canactived and placing validation on the routes.

Example:

auth-Guard.service.ts

import { Injectable } from '@angular/core';

@Injectable({
  providedIn: 'root'
})
export class AuthGuardService {

  private isAuthenticated: boolean = true;
  constructor() { }

  canActivate() {
    return this.isAuthenticated;
  }

  login(){
    return this.isAuthenticated = !this.isAuthenticated
  }
}

app.modulets.

@NgModule({
  declarations: [

  ],
  imports: [

    RouterModule.forRoot([
      { path: 'login' , component: LoginComponent },

      { path: 'welcome', canActivate: [AuthGuardService], component: WelcomeComponent }

    ])
  ],
  providers: [AuthGuardService],
  bootstrap: [AppComponent]
})
export class AppModule { }

  • I went back to the standard. In the implementation of canActivate and canLoad in auth-service I did the logic I needed. Verifying that the route is released if not logged in and checking the Role if logged in.

  • Good! It is much better to follow the standards because it is easier to give maintenance

  • I forgot to thank :D Thank you :)

Browser other questions tagged angular authentication

You are not signed in. Login or sign up in order to post.