Laravel +角：保护角页 [英] Laravel + Angular: Securing Angular Pages

问题描述

我如何prevent用户未登录到Laravel会议从下载页面AngularJS？

How do I prevent users not-logged into Laravel session from downloading AngularJS pages?

我对后端与Laravel一个网站。也有被放置在文件夹的公共/对myApp / index.html中在AngularJS应用。的.htaccess返回引用所以 http://www.example.com/myApp/index.html <任何文件/ A>返回角申请和js和css所有请求都无需验证下载。

I have a website with Laravel on the back-end. There is also an AngularJS application which is placed in the folder public/myApp/index.html. .htaccess returns any files referenced so http://www.example.com/myApp/index.html returns the Angular application and all requests for js and css are downloaded without authentication.

什么是针对所有用户的不的身份验证进入到prevent的最佳方式与我的角度应用程序下载所有的JS，HTML和CSS文件（即在/对myApp子目录） Larvel会议？

What is the best way to prevent the download of all js, html, and css files related to my Angular app (i.e. in the /myApp subdirectories) for all users not authenticated into Larvel session?

推荐答案

这些选项确实解决了我一直在寻找无。我落得这样做以下。我使用的是第三方的角度前端模板（Angulr从ThemeForest）与code线和数百个不同的文件数十万。这些文件中有很大一部分是样式表和通用的JavaScript库（角，JQuery的，等等）我不介意把这些内容纳入公共文件夹和文件提供给非认证用户。

None of these options really resolved what I was looking for. What I ended up doing was the following. I am using a 3rd party Angular front-end template (Angulr from ThemeForest) with hundreds of thousands of lines of code and hundreds of different files. A large portion of those files are stylesheets and generic JavaScript libraries (Angular, JQuery, etc.) I don't mind putting that content into the public folder and serving the files to non-authenticated users.

不过，我的文件的另一部分是修改过的文件。例如，一个文件有导航元素pretty多布局我的自营业务系统的整个格式，并说了很多关于企业的内部运作。因此，作为导航HTML，CSS和JS简单的东西是敏感的，只投放到身份验证的用户。

But, the other portion of my files are the modified files. For example, one file has navigation elements that pretty much layout the entire format of my proprietary business system and say a lot about the internal operations of the business. So, something as simple as the navigation html, css, and js is sensitive and should only be served to authenticated users.

我所做的是一个位于/公/ *和其他位于/存储/程序/ *分割公共和受保护内容到相同（或至少是相似的）目录。我的所有非敏感内容（主要是模板样式表和一般的JS库）变为公树而敏感的内容去在我的存储/应用程序树。因此，例如：

What I did was split the public and protected content into identical (or at least similar) directory trees with one located at /public/* and the other located at /storage/app/*. All my non-sensitive content (mostly the template stylesheets and generic JS libraries) goes in the "public" tree while the sensitive content goes in my "storage/app" tree. So for example:

- 大众
--- JS
----- someThirdPartyJavaScript.js
----- loginController.js（无保护）
----- ...
---库
----- angular.js
-----的jquery.js
----- ...
--- CSS
----- unprotectedStyleSheet.css
----- ...
---第三方物流
----- loginTemplate.html
- 存储（所有受保护的内容进去这个树）
---应用
----- JS
------- myApp.js
-------指令
--------- myCustomDirective.js
--------- businessNavigationDirective.js（敏感和专有）
----- CSS（受保护的CSS文件）
-----库（为保护库）
----- TPL（为保护.html文件）
------- clientInformationSheet.html（敏感内容表明我们的客户数据的结构）


在.htaccess，我用下面的规则基本上返回存在于公共树中的任何文件：

In .htaccess, I used the following rule to basically return any file that exists in the public tree:

    # If the file exists in laravel/public and the URI does not specify ".php" then go get it.
RewriteCond %{DOCUMENT_ROOT}/laravel/public/%{REQUEST_URI} -f
RewriteCond %{REQUEST_URI} !^.*\.php$
RewriteRule ^(.*)$ laravel/public/$1 [L]

的.htaccess将被Laravel的index.php来处理所有其他请求

.htaccess sends all other requests to be handled by Laravel index.php

然后，我创建了Laravel 5.2路线捕获所有的路由我的角度应用程序内。注意，中间件指定AUTH所以这些文件将不被从存储目录返回给用户，除非用户已经验证：

Then, I created a Laravel 5.2 route to catch all for routes within my Angular app. Notice that the middleware specifies auth so these files will not be return to the user from the storage directory unless the user has authenticated:

use League\Flysystem\Util\MimeType as MimeType;

Route::any('/{any}', ['middleware' => 'auth', function($uri){
    // Auth::logout();
    $uri = storage_path('app/' . $uri);

    if (!File::exists($uri)){
        return "Path not found.";
    } 

    $extension = File::extension($uri);

    if (array_key_exists($extension, MimeType::getExtensionToMimeTypeMap())){
        $mimeType = MimeType::getExtensionToMimeTypeMap()[$extension];  
    } else {
        $mimeType = "text/plain";
    }

    return response(File::get($uri))
        ->header('Content-Type', $mimeType);

}])->where('any', '^MySuperCoolApplicationSubDirectory/.*');

保持目录结构pretty公和存储/应用之间的相似使得它很容易组织哪些文件是敏感的，哪些不是，应用程序继续正常工作，甚至收到了，这个时候所有被阻止敏感内容从未经授权的用户。

Keeping directory structures pretty similar between "public" and "storage/app" made it really easy to organize which files are sensitive and which are not and the application continued to function as it had before, this time with all sensitive content being blocked from unauthenticated users.

这篇关于Laravel +角：保护角页的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！