Blocking routes for logged in users

Question

Blocking routes for logged in users

Navigation

#1 by (0 votes)

0

I am making an application and now that it is almost complete I was testing the attacks. I noticed that with the ngRoute routes the application is vulnerable to url entries.

Example, the application starts redirecting to the login page, but if I go to the url and type the name of a specific page, it enters without logging in. Thanks to the token, the user can not do any interaction with the application, but he still has access to content that does not request the back.

My situation, I searched the internet and found a few things about an attribute in angularjs called resolves. I tried to implement it, but to no avail. The question, is there any way in angularjs to block all routes for anyone who is not logged in? If so, how?

angularjs login rotas

asked by anonymous 21.06.2018 / 19:48

1 answer

NFS Integration and São Paulo City Hall returns Bad Request Adding multiple records to many-to-many relationship - SpringBoot

score 0 · Answer 1

I usually do this, maybe it will be useful for you:

File app.module.js

angular.module('ModuloDaApp', ['LoginController', 'AdminController', 'UserController', 'ngRoute'])
    .run(preAtivador);

function preAtivador($rootScope, $location) {
    $rootScope.$on('$routeChangeStart', function(event, next, current) {
        if ($location.path() == '/login') {
            localStorage.clear();
        }
        if (next.authorize) {
            if (!localStorage.token) {
                event.preventDefault();
                $location.path('#!/login');
            }
        }
    });
}
preAtivador.$inject = ['$rootScope', '$location'];

File app.routes.js

angular.module('ModuloDaApp')
    .config(config);

function config($routeProvider) {
    $routeProvider
        .when('/login', {
            templateUrl: '../views/login.html',
            controller: 'LoginController',
            controllerAs: 'Login'
        })
        .when('/profile/admin', {
            templateUrl: '../views-admin/profile.html',
            controller: 'AdminController',
            controllerAs: 'Admin',
            authorize: true
        })
        .when('/profile/user', {
            templateUrl: '../views-user/profile.html',
            controller: 'UserController',
            controllerAs: 'User',
            authorize: true
        })
        .otherwise({
            redirectTo: '/login'
        })
    // $locationProvider.html5Mode(true);
}
config.$inject = ['$routeProvider']