javascript - Best practice for ensure user is logged in or out using cookieStore and AngularJS -
right building angularjs based application on top of ruby on rails , using devise authentication. have server responding when user authenticates , when authentication fails. guess question is, using $cookiestore, what's best practice knowing if user logged in or not? there cookie gets set rails called "myapp_session", session doesn't mean user logged in. looking ideas on how use angularjs keep user online/offline management. i'll still ensuring requests require authorization authorized backend regardless of solution.
you can create directive set logged user when application loads, example, requesting current user session on server.
angular.module('auth', [ 'ngcookies' ]) .factory('auth', ['$cookiestore', function ($cookiestore) { var _user = {}; return { user : _user, set: function (_user) { // can retrive user setted page, login sucessful page. existing_cookie_user = $cookiestore.get('current.user'); _user = _user || existing_cookie_user; $cookiestore.put('current.user', _user); }, remove: function () { $cookiestore.remove('current.user', _user); } }; }]) ; and set in run method in appcontroller:
.run(['auth', 'userrestservice', function run(auth, userrestservice) { var _user = userrestservice.requestcurrentuser(); auth.set(_user); }]) of course if request server return http status 401 - unauthorized, need call auth.remove() service remove user cookie , redirect user login page.
i use approach , works well. can use localstorage, user data persisted long time. unless set expiration date authentication, don't see best practice.
keep in mind verify user credentials on server site =)
[edit]
to listen 401 - unauthorized server response, can put interceptor on $http request, this:
.config(['$urlrouterprovider', '$routeprovider', '$locationprovider', '$httpprovider', function ($urlrouterprovider, $routeprovider, $locationprovider, $httpprovider) { $urlrouterprovider.otherwise('/home'); var interceptor = ['$location', '$q', function ($location, $q) { function success(response) { return response; } function error(response) { if (response.status === 401) { $location.path('/login'); return $q.reject(response); } else { return $q.reject(response); } } return function (promise) { return promise.then(success, error); }; }]; $httpprovider.responseinterceptors.push(interceptor); }]) every call 401 response, user redirected login page @ /login path.
you find example here
Comments
Post a Comment