我正在使用AngularJS创建一个Web应用程序,并正在使用Firebase的GitHub身份验证。尽管我可以从GitHub API获得凭据和正确的身份验证,但我仍在努力确保路由具有适当的安全性,以阻止用户访问它们,除非他们具有正确的身份验证,并且我希望这种身份验证可以持久。
只有每个人都可以使用登录页面,除其他页面以外的所有页面都可以用于所有已登录的用户,并且应为已认证的用户保留一个页面。除了不稳定的安全性外,我还遇到了$ location.path(url)停止工作的问题。
这是我的app.js:
TProps[keyof TProps]这是我的身份验证服务:
app.config(function($routeProvider, $locationProvider) {
$routeProvider
// Public
.when('/login', {
templateUrl: 'app/partials/login.html',
controller: 'LoginController'
})
// Logged In Users
.when('/dashboard', {
templateUrl: 'app/partials/main.html',
controller: 'MainController'
})
.when('/:release_id', {
templateUrl: 'app/partials/details.html',
controller: 'DetailsController'
})
// Authorized Users
.when('/create-release', {
templateUrl: 'app/partials/create-release.html',
controller: 'FormController'
})
.otherwise({
redirectTo: '/dashboard'
});
}).run(function($rootScope, $location, Auth) {
$rootScope.$on("$routeChangeStart", function(event, next, current) {
firebase.auth().onAuthStateChanged(function(user) {
if (user) {
// logged user, redirect to /dashboard
if (next.templateUrl === "app/partials/login.html") {
$location.path('/dashboard');
}
else if (next.templateUrl === "app/partials/create-release.html"){
Auth.isAuthenticated().then((result) => {
if (result) {}
else {
$location.path('/dashboard');
}
});
}
}
else {
// no logged user, redirect to /login
if ( next.templateUrl === "app/partials/login.html") {
} else {
$location.path("/login");
}
}
});
});
});
这是我登录页面的控制器:
app.factory('Auth', ['$http', 'auth_org', 'auth_team',
function($http, auth_org, auth_team) {
var provider = new firebase.auth.GithubAuthProvider();
provider.addScope('repo');
var user;
var token;
var credential;
var service = {
login: login,
logout: logout,
login: login,
isAuthenticated: isAuthenticated
};
return service;
function login(t, u, c) {
token = t;
user = u;
credential = c;
}
function logout() {
user = null;
token = null;
credential = null;
return firebase.auth().signOut().then(function() {
console.log('Sign out successful');
}).catch(function(error) {
console.log(error);
});
}
function isAuthenticated() {
if (token) {
return $http({
method: 'GET',
url: 'https://api.github.com/user/teams',
headers: {'Authorization': 'token ' + token}
}).then(function successCallback(response) {
var teams = response.data;
for (var key in teams) {
if (teams.hasOwnProperty(key)){
var name = teams[key].name;
var org = teams[key].organization.login;
if (name == auth_team && org == auth_org){
console.log('Authenticated');
return true;
}
}
}
return false;
}, function errorCallback(response) {
console.log(response);
});
}
else {
return false;
}
}
}]);
任何建议甚至资源都非常有用