如何在angular.js令牌管理认证？ [英] How to manage authentication with token in angular.js?

问题描述

大家好，我创建一个RESTful API与令牌（Rails的4 +设计），而且我管理的实施CORS与宝石（机架CORS）的认证，但现在我想使用带有angular.js的API

Hi Everyone I created a RESTful API with authentication with token (Rails 4 + Devise), Also I manage the CORS implementation with a gem(rack-cors) but now I would like use the API with angular.js

有关这个我这样做：

var app = angular.module('models');

app.factory('Session',['$resource',function($resource){
    var Session = $resource(
        'http://api.creositios.dev/sessions/:id',
        {},
        {
            create: { method: 'POST'},
            delete: { method: 'DELETE', params: { id: '@id'} }
        }
    );
    return Session;
}]);  

这是我的控制器

app = angular.module('controllers');

app.controller('SessionCtrl',['$scope','Session',function($scope,Session){

  $scope.new_session =  function(){
    $scope.session = Session.create({email: 'developer.jimenez@gmail.com', password: '12345678'});
  };

}]);

到目前为止，我有与执行不问题。我的问题是没有想法如何管理令牌返回我厂。

So far I have not problem with the implementation. My problem is have not idea how to management the Token that return my factory.

什么是同治的良好做法的用户提供angular.js令牌并验证在angular.js该型动物控制器用户？

What is the good practices for managment the token of user with angular.js and validates the user in the differents controllers in angular.js?

这是我与令牌认证的第一个应用。建议是非常AP preciate！

This is my first app with authentication with token. Advice is very appreciate!.

推荐答案

一个常见的​​做法是将安全逻辑，在服务和使用httpInterceptor设置令牌您的要求。

A common practice is to put the security logic in a service and use an httpInterceptor to set the token in your requests.

安全服务。

angular.module('security')
    .factory('Security', ['$http', function ($http) {

        var token;

        function login(email, password) {
            return $http.post('/auth/login', {email: email, password: password})
                .then(function (response) {

                    if (response.data.token) {
                        token=response.data.token;
                    }
                });
        }

        function getToken(){
            return token;
        }

        return {
            login:login,
            token:getToken
        };     
}]);

此特定登录方法可用于通过例如登录控制器：当用户登录返回存储在令牌

this particular login method could be used by a login controller for example: when the user login the token returned is stored.

现在你可以添加拦截令牌到你所有的HTTP请求

Now you can add the token to all your http requests with an interceptor

    .factory('authorizationInterceptor', ['Security', function (Security) {
        return {
            request: function (config) {
                var token=Security.getToken();
                config.headers = config.headers || {};
                if (token) {
                    config.headers.Authorization = 'Bearer ' + token;
                }
                return config;
            }
        };
    }]);

当的Bootstrap的应用，不要忘记添加拦截器

When bootstraping the application, don't forget to add your interceptor

        .config(['$httpProvider',function ($httpProvider) {
            $httpProvider.interceptors.push('authorizationInterceptor');
        }]);

现在令牌将在每个HTTP请求进行设置，你失败的情况下做什么，然后是你的。

Now the token will be set on every http request, what you do with in case of failure then is up to you.

例如，你可以添加其他的响应拦截这要是拿到401或403响应重定向到登录页面，等等

For example you can add another response interceptor which if get 401 or 403 response redirect to the login page, etc

这篇关于如何在angular.js令牌管理认证？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！