Blocking routes for logged in users

0

I am making an application and now that it is almost complete I was testing the attacks. I noticed that with the ngRoute routes the application is vulnerable to url entries.

Example, the application starts redirecting to the login page, but if I go to the url and type the name of a specific page, it enters without logging in. Thanks to the token, the user can not do any interaction with the application, but he still has access to content that does not request the back.

My situation, I searched the internet and found a few things about an attribute in angularjs called resolves. I tried to implement it, but to no avail. The question, is there any way in angularjs to block all routes for anyone who is not logged in? If so, how?

    
asked by anonymous 21.06.2018 / 19:48

1 answer

0

I usually do this, maybe it will be useful for you:

File app.module.js

angular.module('ModuloDaApp', ['LoginController', 'AdminController', 'UserController', 'ngRoute'])
    .run(preAtivador);

function preAtivador($rootScope, $location) {
    $rootScope.$on('$routeChangeStart', function(event, next, current) {
        if ($location.path() == '/login') {
            localStorage.clear();
        }
        if (next.authorize) {
            if (!localStorage.token) {
                event.preventDefault();
                $location.path('#!/login');
            }
        }
    });
}
preAtivador.$inject = ['$rootScope', '$location'];

File app.routes.js

angular.module('ModuloDaApp')
    .config(config);

function config($routeProvider) {
    $routeProvider
        .when('/login', {
            templateUrl: '../views/login.html',
            controller: 'LoginController',
            controllerAs: 'Login'
        })
        .when('/profile/admin', {
            templateUrl: '../views-admin/profile.html',
            controller: 'AdminController',
            controllerAs: 'Admin',
            authorize: true
        })
        .when('/profile/user', {
            templateUrl: '../views-user/profile.html',
            controller: 'UserController',
            controllerAs: 'User',
            authorize: true
        })
        .otherwise({
            redirectTo: '/login'
        })
    // $locationProvider.html5Mode(true);
}
config.$inject = ['$routeProvider']
    
21.06.2018 / 21:36