仅在身份验证后加载javascript/app的Ember最佳做法 [英] Ember best practices for loading javascript/app only after authentication
问题描述
启动一个新的Ember应用程序,并准备在受限的API路由中遵循令牌身份验证类型结构进行身份验证,但是随后被告知我们无需在身份验证之前显示任何JavaScript(或尽可能少显示).鉴于单页javascript应用,这让我有些困惑.
Starting a new Ember app and was prepared to follow token authentication type structure for authentication in the restricted API routes but was then told we need to not show any of the javascript (or as absolute little as possible) before authentication. This has me a little puzzled given single page javascript apps.
我正在使用非常有用的ember-app-kit,它具有出色的工具,可以将所有内容编译为经过精简和压缩的单个javascript文件,我认为这足以保证安全性,但显然不能满足要求.
I'm using the, very helpful, ember-app-kit which has great tools that compile everything down to a minified and obfuscated single javascript file, which I thought was good enough for security, but apparently its not.
将整个应用程序加载一次,甚至在单个已编译/精简的js文件中加载,最好的做法是隐藏"某些JavaScript并仅在身份验证后加载?
Having the entire app loaded once, and even in a single compiled/minified js file, what is best practice for "hiding" some of the javascript and only loading after authentication?
我想到了自己的想法,发现了另一种潜力:
I had one thought of my own and have found another potential:
A)来自rails,我想我可以构建一个非常薄的rails应用程序,该应用程序在服务器侧视图中处理身份验证,而不会加载任何应用程序js.然后,在成功进行身份验证后,将用户转换为加载该应用程序的所有JS的视图,然后从那里开始.
A ) coming from rails, I thought I could just build a very thin rails app that handles authentication in a server side view that doesnt load any of the app js. Then on successful authentication, transition the user to a view that loads all of the JS for the app and go from there.
B)我发现了ember-data中的一些新功能,这些功能允许您异步加载模型中的javascript文件.这似乎可行,但似乎也很复杂,我不确定它是否完全可行,因为他们不仅希望隐藏模型,而且希望隐藏应用程序路由之类的东西(基本上除了登录以外,其他所有东西)
B ) I found some talk of new functionality in ember-data that allows you to async load javascript files in the models. This seems like it could work but also seems very complex and I'm not sure if It'll totally work cause they want to hide not only models but things like app routes (basically everything but login)
推荐答案
我在rails中完成了选项A:对服务器上的用户进行身份验证,然后将其转发到包含实际客户端Ember应用程序的页面.这比尝试在客户端动态加载应用程序要简单得多.通常最好是简单.
I have done option A in rails: authenticate the user on the server and then forward them to a page containing the actual client Ember application. It will be far simpler than trying to dynamically load the app on the client side. Simple is usually best.
这篇关于仅在身份验证后加载javascript/app的Ember最佳做法的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
