angularjs - Node.js / Angular.js Admin authorized routes -


i'm working on mean application authentication using json web tokens. on every request, checking see if user has valid token. if can go through route, otherwise returned login page.

i want make routes /admin/etc... accessible logged in users admin. have set isadmin flag in mongo. new nodejs , wondering best way check this. do on angular side in routes? or can somehow create permission-based tokens on authentication? reference, following code mean machine book, in particular here -

https://github.com/scotch-io/mean-machine-code/tree/master/17-user-crm

first, authorization decisions must done on server side. doing on client side in angular.js suggested idea, purpose of improving user's experience, example not showing user link don't have access to.

with jwts, can embed claims user inside token, this:

var jwt = require('jsonwebtoken'); var token = jwt.sign({ role: 'admin' }, 'your_secret');

to map permissions express routes, can use connect-roles build clean , readable authorization middleware functions. suppose example jwt sent in http header , have following (naive) authorization middleware:

// naive authentication middleware, demonstration // assumes you're issuing jwts somehow , client including them in headers // this: authorization: jwt {token} app.use(function(req, res, next) {     var token = req.headers.authorization.replace(/^jwt /, '');     jwt.verify(token, 'your_secret', function(err, decoded) {         if(err) {             next(err);         } else {             req.user = decoded;             next();         }     }); })

with that, can enforce authorization policy on routes, this:

var connectroles = require('connect-roles'); var user = new connectroles();  user.use('admin', function(req) {     return req.user && req.user.role === 'admin'; })  app.get('/admin', user.is('admin'), function(req, res, next) {     res.end(); })

note there better options issuing & validating jwts, express-jwt, or using passport in conjunction passort-jwt


Comments

Post a Comment

Popular posts from this blog

c++ - Difference between pre and post decrement in recursive function argument -

i have following sample code used pre-decrement void function(int c) { if(c == 0) { return; } else { cout << "dp" << c << endl; function(--c); cout << c << endl; return; } } this function give output input 4 : dp3 dp2 dp1 dp0 0 1 2 3 but when use post decrement void function(int c) { if(c == 0) { return; } else { cout << "dp" << c << endl; function(c--); cout << c << endl; return; } } output goes in infinite loop dp4 can explain me in detail why happens ? this happens because function(c--) called same value of c , when finishes c decremented. recursively called, hence called same value no chance of return , hit stack overflow error. assume this, int x = 1, y = 0; y = x++ result y == 1 , x == 2. if y = ++x , bot x , y 2.
Read more

php - Nothing but 'run(); ' when browsing to my local project, how do I fix this? -

i added new project. made mistake in projectname.conf file in sites-available apache2, led me reinstalling apache2. after reinstalling , re-enabling projects on every page of every project .. <body> run(); </body> .. i've run composer update, restarted service, restarted pc, checked config files, tried disabling new project. there nothing in error log, , access.log: 127.0.0.1 - - [15/may/2015:01:40:47 +0200] "get / http/1.1" 304 181 "-" "mozilla/5.0 (x11; ubuntu; linux x86_64; rv:38.0) gecko/20100101 firefox/38.0" maybe i'm forgetting apache2 reinstall? don't think did different last time installed it. looks haven't setup php correctly. take @ this great guide , maybe you're forgetting link php config apache2.
Read more

php - How can I echo out this array? -

i don't know how go grabbing data in variable , put foreach loop. class tree{ private $info = array( array('name'=>'jim','state'=>'nu','company'=>'nu','phone'=>array('cell'=>'5615111111','office'=>'5611111111'),'email'=>array('primary'=>'exs@example.com','ex@there.com')), array('name'=>'joe smith','city'=>'phoenix','phone'=>'4805551111','email'=>'jsmith@some_email.com'), array('name'=>'john doe','city'=>'chandler','company'=>'doe co.','email'=>array('jdoe@gmail.com','personal'=>'email@email.com'),'phone'=>'6025550002') ); } if you're inside of class, can access private variable using $this->variablename . example, i
Read more