Javascript 在Angular中初始时间进行用户身份验证的最佳实践/模式?
我正在为Angular SPA构建登录功能。我的所有登录/注销功能都封装在一个名为AuthService的服务中(反过来,它封装了一些$resources)。如果用户的浏览器具有有效的PHP会话cookie,则认为该用户已“登录” 除了一件事,我的一切都正常工作:在初始化时确定用户是否已经登录 目前,我的代码如下所示:Javascript 在Angular中初始时间进行用户身份验证的最佳实践/模式?,javascript,angularjs,authentication,Javascript,Angularjs,Authentication,我正在为Angular SPA构建登录功能。我的所有登录/注销功能都封装在一个名为AuthService的服务中(反过来,它封装了一些$resources)。如果用户的浏览器具有有效的PHP会话cookie,则认为该用户已“登录” 除了一件事,我的一切都正常工作:在初始化时确定用户是否已经登录 目前,我的代码如下所示: angular.module( 'MyModule', [ 'ngResource', 'ngRoute' ] ) .run( [ '$rootScope', '$loc
angular.module( 'MyModule', [ 'ngResource', 'ngRoute' ] )
.run( [ '$rootScope', '$location', 'AuthService', function( $rootScope, $location, AuthService ) {
/**
* Initialize AuthService. This will cause it to make a REST call
* to GET /api/current_user. That endpoint will return either a JSON
* representation of the logged-in user, or a 401 Unauthorized.
* Either way, AuthService will cache the results, which can be
* accessed by calling AuthService.getUser().
*/
AuthService.init();
/**
* Listen for route changes. If the user tries to change to a route
* that requires login, but the user isn't logged in, then redirect
* to the login page.
*/
$rootScope.$on( '$routeChangeStart', function( event, next, current ) {
if ( next.$$route.requiresLogin && AuthService.getUser() === null ) {
$location.path( '/login' );
}
} );
} ] );
<script src="MyModule.min.js"></script>
<script src="AuthService.js.php"></script>
AuthService.init()$routeChangeStart.run()AuthServiceangular.module( 'MyModule', [ 'ngResource', 'ngRoute' ] )
.run( [ '$rootScope', '$location', '$route', 'AuthService', function( $rootScope, $location, $route, AuthService ) {
/**
* Initialize AuthService. This will cause it to make a REST call
* to GET /api/current_user. That endpoint will return either a JSON
* representation of the logged-in user, or a 401 Unauthorized.
* Either way, AuthService will cache the results, which can be
* accessed by calling AuthService.getUser().
*/
AuthService.init(
function() {
// Make sure the user is allowed to view the initial route
enforce_login( $route.current );
// Also check when the user tries to navigate to another route
$rootScope.$on( '$routeChangeStart', function( event, next, current ) {
enforce_login( next );
} );
}
);
function enforce_login( theRoute ) {
if ( theRoute.$$route.requiresLogin && AuthService.getUser() === null ) {
$location.path( '/login' );
}
}
} ] );
GET/api/current_userangular.module( 'MyModule', [ 'ngResource', 'ngRoute' ] )
.run( [ '$rootScope', '$location', 'AuthService', function( $rootScope, $location, AuthService ) {
/**
* Initialize AuthService. This will cause it to make a REST call
* to GET /api/current_user. That endpoint will return either a JSON
* representation of the logged-in user, or a 401 Unauthorized.
* Either way, AuthService will cache the results, which can be
* accessed by calling AuthService.getUser().
*/
AuthService.init();
/**
* Listen for route changes. If the user tries to change to a route
* that requires login, but the user isn't logged in, then redirect
* to the login page.
*/
$rootScope.$on( '$routeChangeStart', function( event, next, current ) {
if ( next.$$route.requiresLogin && AuthService.getUser() === null ) {
$location.path( '/login' );
}
} );
} ] );
<script src="MyModule.min.js"></script>
<script src="AuthService.js.php"></script>
AuthService.js.phpresolve: { AuthService: 'AuthService' }
resolve: { AuthService: 'AuthService' }
请注意重定向到登录路径。这对我来说很有效;谢谢对于未来的读者:这种方法根本不使用.run()。相反,它使用ngRoute的.when()方法的“resolve”选项。在Angular转向该路线之前,必须满足向“resolve”传递的任何承诺。因此,它是进行身份验证检查等操作的完美场所。作为奖励,这使得授权检查天生就是延迟加载:在用户实际尝试切换到受保护的路由之前,它不会进行REST调用。没错,这就是具有全局init依赖项的应用程序使用路由器的主要原因,即使它不太使用路由。控制器中不再有承诺意大利面。这对我很有效;谢谢对于未来的读者:这种方法根本不使用.run()。相反,它使用ngRoute的.when()方法的“resolve”选项。在Angular转向该路线之前,必须满足向“resolve”传递的任何承诺。因此,它是进行身份验证检查等操作的完美场所。作为奖励,这使得授权检查天生就是延迟加载:在用户实际尝试切换到受保护的路由之前,它不会进行REST调用。没错,这就是具有全局init依赖项的应用程序使用路由器的主要原因,即使它不太使用路由。不要再在控制器里放意大利面条了。