Yeoman Angular Fullstack - how to secure routes?

Question

I have created a new route 'Rooms' with the generator and have modelled my $stateProvider on the admin route

.state('admin', {
    url: '/admin',
    templateUrl: 'app/admin/admin.html',
    controller: 'AdminController',
    controllerAs: 'admin',
    authenticate: 'admin'
  });

Vs

$stateProvider
  .state('rooms', {
    url: '/rooms',
    templateUrl: 'app/rooms/rooms.html',
    controller: 'RoomsCtrl',
    controllerAs: 'rooms',
    authenticate: 'admin'
  });

But my route still appears without authentication!

I guess I am missing a few things to make it secure, though I am unable to understand what!

Can anyone help?

Thanks

check if you have an interceptor service factorie defined and called in your app.js — aitnasser, Dec 11 '15 at 08:08

score 1 · Accepted Answer · answered Dec 11 '15 at 09:36

your controller should be like:

     angular.module('auth8App').controller('RoomsCtrl', function ($scope,Auth,$location) {

               //check if the user is logged-in
                Auth.isLoggedInAsync(function(loggedIn) {
                        if (!loggedIn) {    
                       //if the user is not logged  Redirect to login
                          event.preventDefault();
                          $location.path('/login');
                        }
                      });
                    $scope.message = 'Hello';
                });

score 0 · Answer 2 · answered Dec 11 '15 at 08:09

0

check if you have an interceptor service factorie defined and called in your app.js lik this:

    .config(function ($stateProvider, $urlRouterProvider, $locationProvider, $httpProvider) {
    $urlRouterProvider
      .otherwise('/');

    $locationProvider.html5Mode(true);
    $httpProvider.interceptors.push('authInterceptor');
  })

  .factory('authInterceptor', function ($rootScope, $q, $cookieStore, $location) {
    return {
      // Add authorization token to headers
      request: function (config) {
        config.headers = config.headers || {};
        if ($cookieStore.get('token')) {
          config.headers.Authorization = 'Bearer ' + $cookieStore.get('token');
        }
        return config;
      },

      // Intercept 401s and redirect you to login
      responseError: function(response) {
        if(response.status === 401) {
          $location.path('/login');
          // remove any stale tokens
          $cookieStore.remove('token');
          return $q.reject(response);
        }
        else {
          return $q.reject(response);
        }
      }
    };
  })

  .run(function ($rootScope, $location, Auth) {
    // Redirect to login if route requires auth and you're not logged in
    $rootScope.$on('$stateChangeStart', function (event, next) {
      Auth.isLoggedInAsync(function(loggedIn) {
        if (next.authenticate && !loggedIn) {
          event.preventDefault();
          $location.path('/login');
        }
      });
    });
  });

answered Dec 11 '15 at 08:09

aitnasser

1,216
1
9
23

now check whether the authentication middleware is called in your server endpoint – aitnasser Dec 11 '15 at 08:29
Hey, thanks for your reply. Yes I have an authIntereptor [plunker](http://plnkr.co/nj5huWB1i5it7BIjfymL) ... – stevejvv Dec 11 '15 at 08:32
now check whether the authentication middleware is called in your server endpoint – aitnasser Dec 11 '15 at 08:35
looks like it : `/** import errors from './components/errors'; import path from 'path'; module.exports = function(app) { // Insert routes below app.use('/api/things', require('./api/thing')); app.use('/api/users', require('./api/user')); app.use('/auth', require('./auth')); app.route('/:url(api|auth|components|app|bower_components|assets)/*') .get(errors[404]); app.route('/*') .get(function(req, res) { res.sendFile(path.resolve(app.get('appPath') + '/index.html')); }); };` – stevejvv Dec 11 '15 at 08:36
` 'use strict'; nothing much in here : angular.module('auth8App') .controller('RoomsCtrl', function ($scope) { $scope.message = 'Hello'; }); ` – stevejvv Dec 11 '15 at 08:56
and rooms.js : `angular.module('auth8App') .config(function ($stateProvider) { $stateProvider .state('rooms', { url: '/rooms', templateUrl: 'app/rooms/rooms.html', controller: 'RoomsCtrl', controllerAs: 'rooms', authenticate: 'admin' }); });` – stevejvv Dec 11 '15 at 08:57
I get an error : TypeError: Auth.isLoggedIn(...).then is not a function at router.decorator.js:18? – stevejvv Dec 11 '15 at 09:22

Yeoman Angular Fullstack - how to secure routes?

2 Answers2