I am trying to authenticate user when he request some page that has static route.
app.use(express.static(__dirname + '/public/app');
Assume that the folder "templates" is under the path above ('/public/app/templates') :
app.get('/templates/permissionPage.html',function(req,res){
// if user is authorized.. reutrn the page,
else return 401..
});
my routing even don't enter the get request of the page. how can I handle that request?
I want that only specific users can access this page, although he got static route.
I am using angularJS on my front-end
Thank you
You have two options:
Easy one: auth users on your web-server (proxy-server). Docs for Nginx, and for Apache
Hard one: Build accounts and auth module for your app. This will require work with storage (database), logic, and UI/UX. Or use ready solutions, like PassportJS
Related
Here is the problem,
Concrete example is "confirmation email" for registration.
I did a register component in my angular2 application. Which works pretty fine, it sends a confirmation email with a url like this :
https://www.host.com/application/rootFolder/confirmEmail?token=1238344139041
GET Token value is supposed to identify the user/email, and confirm validity in the "confirmEmail" component of the application.
But, and somehow logical, it fails when browser tries to call this URL directly since it does NOT really exist on server!
On server, for this app, only
https://www.host.com/application/rootFolder
exists! subfolders do not exist, the "sub-routes" are managed by angular2 router...
The server I use is
nginx 1.10.1
There is no specific "location" config in default.conf file, only the "fastcgi_pass" for php files.
So question is :
How to get the server redirect the request to the app_root directory, but keeping the childroute parameters... ?
How, once redirected on root dir, to manage the url parameters (/confirmEmail?token=1238344139041) to make angular2 router get to the right component with GET parameters?
Thanks for reading/help
I want to make an angular app with routes and jwt auth, but I don't want normal users to see the HTML partials of admin views. What's the best way to do this with laravel and angular? People can just put "/partials/adminPage1.html" on the url and see the partial when they are not logged in. My API is secure but I don't want the html to be public.
I want it so this is public:
index.php, publicPartial1.html, publicPartial2.html, etc
and only logged in users can use these files:
admin.php, adminPartial1.html, adminPartial2.html
You can/need to approach this in a few ways:
when "someone" puts "/partials/adminPage1.html" you need to check in the sever side (by the service you are checking it's permissions/role) then display/redirect to the appropriate route with ReturnUrl in the query for after login redirect.
You can be more secured by downloading the routes from the server by requesting them first (per user/role/permission) from a dedicated service, but then you'll need to bootstrap your AngularJS, since routing needs to be loaded with AngularJS life cycle, so in that case you are getting the routes, building them in a provider while bootstrapping AngularJS after getting the routes from the designated service as I mentioned.
* I would suggest to simply implement option (1) which is straight forward and most commonly used. *
I realize that this may be a fairly simple question but bear with me. I am really new to node/express.
My directory structure looks like:
auth
index.html
pub
index.html
login.html
the idea here is that the resources in pub are publicly available but the resources in auth are only available after a user is authenticated.
However, at this point, I am just trying to get these pages to come back properly from the server. Ideally, my routing engine would be able to serve these pages up based on some parameter. So:
site.com -> pub/index.html
site.com/login/ -> pub/login.html
site.com/dashboard/ -> auth/index.html
I tried something like this:
router.get('/dashboard/', function(req, res, next) {
res.sendFile(__dirname + "/src/auth/index.html");
});
router.get('/login/', function(req, res, next) {
res.sendFile(__dirname + "/src/pub/login.html");
});
router.get('*', function(req, res, next) {
res.sendFile(__dirname + "/src/pub/index.html");
});
However, the problem I quickly found was that these pages are requesting resources relative to their own position in the directory structure and all requests were being returned the default index.html. So, for example if I type site.com in the browser index.html loads. Here is part of index.html:
<script src="js/jquery.min.js"></script>
naturally then, the browser makes another request for /js/jquery.min.js which the router can't find so it responds with index.html again.
How do I design a routing engine that is smart enough to find the correct view based on the url and then understand that it needs to serve all requests from that page relative to that pages position in the directory structure? Or is there another standard way of handling this kind of problem?
To complicate matters, the auth/index.html is an angular page. So, once it loads it will be requesting all kinds of html pages relative to its position in the directory structure (depending on routes and included templates etc.)
Thanks in advance.
Those are a lot of questions but I think I can at least get you pointed in the right direction :)
However, at this point, I am just trying to get these pages to come back properly from the server.
To do this with express, you can use express.static to designate a public directory whose assets get made available to web requests. For example, if you had a directory sturcture like this:
public/
templates/
index.html
stylesheets/
js/
jquery.min.js
In express, you would do this:
app.use(express.static(__dirname + '/public'));
in order to expose those files as static assets, relative to the public dir, eg http://yourserver.com/templates/index.html
To complicate matters, the auth/index.html is an angular page. So, once it loads it will be requesting all kinds of html pages relative to its position in the directory structure
I think part of your confusion here is knowing the difference between client side routing and server side routing in an AngularJS/node.js app.
AngularJS is a framework for building single page apps (SPA). What this means is your browser requests one HTML file at the start (eg an index.html served from the route '/' on your server) to get things started, which loads some bootstraping javascript. From then on, client side javascript and AJAX calls will handle all of the rest to facilitate rendering additional HTML, user interaction, and navigation to other parts of your app. The URL in the browser will change, but you'll notice that no further page reloads will take place as you navigate. This is the client side routing that you can use AngularJS to build. If you've looked at the AngularJS tutorial, step 7 goes over how this works.
Your server side routes are typically not involved in this page navigation. Instead, your server should provide an API for the AngularJS client side will mae AJAX calls to for creating, reading, updating, deleting (CRUD) application data. For login for example, you could have a server side /api/login route that doesn't return an HTML page, but rather accepts a username and password via a POST request, establishes some session state, and then returns the result to be dealt with on the client side.
In addition to the AngularJS tutorials, I would invite you to take a look at mean.js for an end to end example of what a node.js + angularJS app looks like.
I've set up a meteor app using iron-router and I want the app to listen to a webhook from another service (basically I'm building an API for other services to use)
So for example, when an external website calls myapp.meteor.com/webhook I want to catch that specific link and parameters and do stuff with the data.
Update: Thanks to a comment I found this: https://github.com/iron-meteor/iron-router/blob/devel/Guide.md#server-routing
Router.route('/webhooks', { where: 'server' })
.post(function () {
console.log(this);
this.response.end('Caught you\n');
//this.response.status(200).json({text:"Todo added"});
});
I added the above in the /server folder as there is no need to for the front-end server to worry about this like mentioned in the comment. But when I load this using postman POST request, it just returns my HTML for not found. Any ideas?
Thanks in advance for your help.
UPDATE
I tried what #David said and still I get the template loaded and nothing in the console. Any idea what I'm doing wrong?
Your server route will only run if no client routes also match. I suspect you have a catch-all route which is executing on the client and preventing the server route from running. One solution is to define all of the routes in a common folder like /lib so that you can properly order them. Your routes file could look something like:
client route 1
client route 2
server route 1
server route 2
catch-all (not found) route
Maybe you can help me with a dillema.
I use node JS, express, passport - server side and Backbone - client side.
I am developing a book manager app.
Lets say I wanted to add a new book.
On the client side:
The Backbone router sends me to addBookView.
Here, I instantiate the following model:
define([
'underscore',
'backbone'
], function(_, Backbobe){
var BookModel = Backbone.Model.extend({
url: function(){
if (this.isNew()){
return 'http://localhost:3000/books';
} else {
return 'http://localhost:3000/books/' + this.id;
}
}
});
return BookModel;
});
The model hits the following url: http://localhost:3000/books with a POST request.
On the server side:
I check to see if the user is autentificated.
If the user isn't logged in, the server will send a 401 response (unauthorized) and nothing will be posted to my database.
Which is pretty secure, but has a flaw... and I'm not sure if I can do anything about it:
The user, even if he isn't logged in, he will still see the view's content.
He won't be able to post anything, but he will see the actual form.
Here is what I have tried:
I tried to use an express server redirect, if the user isn't logged in:
res.redirect('/');
But, that won't work because Backbone is a single page app and I am already on the index page.
I could do a check on the Backbone router - if the user isn't logged in, I would not allow him to reach the post page.
But, this could be easily be hacked, since (i'm not a hacker) but I believe that the routers javascript could be modified to bypass that check.
What can I do?
Any ideas?
Dany,
I recommend you to convert all server side dynamic code into strict REST responses and put them under /api:
localhost:3000/api/
localhost:3000/api/login
localhost:3000/api/books
Make sure you stop using res.redirect or sending html/web content from /api. You may want to place your backbone application under public folder and serve it as web root /:
localhost:3000/ <- public
So on frontend books the collection must be loaded from corresponding REST resource /api/books
localhost:3000/books - loads content from - localhost:3000/api/books
localhost:3000/books/567 - loads content from - localhost:3000/api/books/567
Every form rendered on frontend should post data to corresponding REST API.
localhost:3000/books (new form) - POSTs data to - localhost:3000/api/books
There may be several other patterns of resolving the issue/s, the above is what I implement in my own apps.