angularjs - Securing Angular Application -


i creating angular application, , having trouble wrapping head around proper way ensure application , users secure.

i've been reading around many stack discussions, believe missing core understanding of happening, please correct errors see written below.

so far have sinatra server many (currently hypothetical) resource routes. user can create account using email address , password stored in database after being hashed bcrypt. when user logs in, record retrieved database email , password checked authentication. point not sure how proceed.

prior have set session variable , had server check variable exists in order correctly route logged in users. application (currently) single html page uses angular , ui-router display different content, of requests returning json content.

it understanding restful applications should not use sessions, or rather server should respond identically identical requests , not have own data shapes response. but if not store in session variable, how server know client making request has correct permissions? , sessions not stored in browser anyway, not part of server?

i believe have read, possible create token large random string, return string client , store in database timestamp. client provides token when making requests , server hits database verify exists , valid. client not have store string in cookie? suppose angular application store token in variable, persist while using ui-router not if users navigates using address bar.

i not understand how basic auth may or may not fit picture. appreciated, pointer resources may find better understanding of these concepts in general.

you want read on jwt. there jwt libraries ruby , angular.

i know aren't using node backend easy way see pieces working run angular-fullstack yeoman generator. uses jwt , code easy follow.


Comments

Post a Comment

Popular posts from this blog

c# - Validate object ID from GET to POST -

i have method allows user access comment have made on site. have post method lets them update comment. my normal solution send entire comment model through, let them update it, update on database when post back. involve sending commentid through in hiddenfor , can manipulated. how can verify commentid sent in get method same i'm getting in post , not able alter comment wish? how can verify commentid sent in method same i'm getting in post? basically have validate following things in post - user logged-in user. authenticated users post comments. commentid in post , should valid commentid , should present in database. userid associated logged-in user should same userid associated comment . comment should contain userid column, can check @ time of update. to make sure update happens comment has been sent in get - hold commentid in session , in post action compare commentid value in session .
Read more

node.js - Custom Model Validator SailsJS -

when using custom model validator checks record within model. return within spread doesn't seem end control flow. //post.js model /** * custom validator **/ types: { isuservalid: function(user_id) { var promise = require('bluebird'); promise.all([ user.findone({id: user_id}) ]) .spread(function(user) { console.log(user); if (user === null || user === undefined) { console.log('failed'); return false; }else{ console.log('passed'); return true; } }); } }, my response standard validation failed response. { "error": "e_validation", "status": 400, "summary": "1 attribute invalid", "model": "post", "invalidattributes": { "owner": [ { "rule": "isuservalid", ...
Read more

php - Find a regex to take part of Email -

i have following emails need extract part from: bestellnummer xxx: 1 von xxx, 1er pack ------------- anfang der nachricht ------------- foo bar baz foo bar baz // <<<<< need text here ------------- ende der nachricht ------------- ------------- anfang der nachricht ------------- foo bar baz foo bar baz ------------- ende der nachricht ------------- there 0 unlimited occurences of ------------- anfang der nachricht ------------- ------------- ende der nachricht ------------- and i'm able extract first part regex: $re = "/------------- .*? -------------.?(.*?).?------------- .*? -------------/s"; but, i'm quite new on learning regex, i'm pretty sure there must better regex extract part (foo bar baz foo bar baz) of text between ------------- anfang der nachricht ------------- ------------- ende der nachricht ------------- as can in different languages, i'm using .? to match between hyphens. i...
Read more