Angularjs登录验证:阻止用户导航到除登录页面和注册页面之外的其他页面

时间:2017-04-27 10:03:28

标签: javascript angularjs authentication basic-authentication

我正在使用AngularJS框架为我的前端开发Web应用程序。对于我的登录页面,我必须阻止用户浏览除登录页面和注册之外的其他页面。但是我现在所做的代码,也阻止用户导航到注册页面。以下是我的代码。如何解决此问题,以便用户只有在没有登录的情况下才能浏览登录页面和注册页面。

.run(function ($rootScope, $state, AuthService, AUTH_EVENTS) {
  $rootScope.$on('$stateChangeStart', function (event,next, nextParams, fromState) {

    if ('data' in next && 'authorizedRoles' in next.data) {
      var authorizedRoles = next.data.authorizedRoles;
      if (!AuthService.isAuthorized(authorizedRoles)) {
        event.preventDefault();
        $state.go($state.current, {}, {reload: true});
        $rootScope.$broadcast(AUTH_EVENTS.notAuthorized);
      }
    }

    if (!AuthService.isAuthenticated()) {
      if (next.name !== 'login') {
        event.preventDefault();
        $state.go('login');
      }
    }
  });

1 个答案:

答案 0 :(得分:1)

你可以通过在.state的数据属性中添加一个布尔参数来实现这一点,让我们说requiresAuth并在 .run 块中检查它;

下面的

的伪代码 .config

中的

 $stateProvider
  .state("register", {
        url: '/register',
        templateUrl: 'register.html',
        controller:'UserController',
        controllerAs: 'vm',
        data: {
            requiresAuth: false,
            pageTitle: 'Register'                
        }
 })
 .state("dashboard", {
        url: '/dashboard',
        templateUrl: 'dashboard.html',
        controller:'OtherController',
        controllerAs: 'vm',
        data: {
            requiresAuth: true,
            pageTitle: 'Dashboard',
            authorizedRoles: ['WHATEVER_ROLE']
        }
});

并在 .run 

var stateChangeStart = $rootScope.$on('$stateChangeStart', function(event, toState, toParams) {
    if (AuthService.isAuthenticated()) {
        // if user trying to access register/forgot page after login than redirect to dashboard
        if (!toState.data.requiresAuth) {
            event.preventDefault();
            $rootScope.$broadcast(AUTH_EVENTS.notAuthorized);
        }
        // user is not authenticated and trying to access page which is not permissible than send back to dashboard
        if (angular.isDefined(toState.data.authorizedRoles)) {
            var roles = toState.data.authorizedRoles;
            AuthService.isAuthorized(roles).catch(function() { // NOTE: here we are only handling with .catch block
                event.preventDefault();
                $rootScope.$broadcast(AUTH_EVENTS.notAuthorized);
            });
        }
    }
    // user is not authenticated than redirect to login
    else if (toState.data.requiresAuth) {
        event.preventDefault();
        $rootScope.$broadcast(AUTH_EVENTS.notAuthenticated);
    }
});

 var notAuthenticated = $rootScope.$on(AUTH_EVENTS.notAuthenticated, function() {
        $log.warn('not authenticated');
        $state.go('login', null, {});
        return;
    });

    var notAuthorized = $rootScope.$on(AUTH_EVENTS.notAuthorized, function() {
        $log.warn('not authorized');
        $state.go('dashboard');
        return;
    });

    // DO NOT forget to destroy 
    $rootScope.$on('$destroy', notAuthenticated);
    $rootScope.$on('$destroy', notAuthorized);
    $rootScope.$on('$destroy', stateChangeStart);
相关问题
最新问题