我正在开发我的第一个应用程序,并且从前端和angularjs开始。总的来说,我发现它非常直观,但是后端和前端之间的关系对我而言却开始变得模糊。
现在,我要说的是,我想根据用户是否通过身份验证在某些页面上提供稍微不同的功能(在这种情况下,可以在表单中编辑某些表单字段)。
从公共angularjs方面看,编写基本的if语句以为已验证的用户提供不同的功能似乎很容易(请参阅下面的基本尝试),但是由于这是客户端功能,因此如何防止用户欺骗身份验证来编辑我不喜欢的东西不想他们(保存到数据库)。
angular.module('core').controller('myCtrl', ['$scope', 'Authentication', 'Menus',
function($scope, Authentication, Menus) {
$scope.authentication = Authentication;
if(typeof $scope.authentication.user == "object"){
// behaviour for authenticated
}else{
// for unauthenticated
}
}
我的意思是,一般来说,meanjs和node.js都是新手,主要是一个php专家,因此,如果我的问题偏离基础,请保持谦虚。
最佳答案
我建议使用护照npm模块进行用户身份验证。这是一些入门的代码。也看看这个scotch.io tutorial
// load all the things we need
var LocalStrategy = require('passport-local').Strategy;
// load up the user model
var User = require('../app/models/user');
// expose this function to our app using module.exports
module.exports = function(passport) {
passport.serializeUser(function(user, done) {
done(null, user.id);
});
// used to deserialize the user
passport.deserializeUser(function(id, done) {
User.findById(id, function(err, user) {
done(err, user);
});
});
passport.use('local-signup', new LocalStrategy({
usernameField : 'email',
passwordField : 'password',
passReqToCallback : true // allows us to pass back the entire request to the callback
},
function(req, email, password, done) {
// asynchronous
// User.findOne wont fire unless data is sent back
process.nextTick(function() {
// find a user whose email is the same as the forms email
// we are checking to see if the user trying to login already exists
User.findOne({ 'local.email' : email }, function(err, user) {
// if there are any errors, return the error
if (err)
return done(err);
// check to see if theres already a user with that email
if (user) {
return done(null, false, req.flash('signupMessage', 'That email is already taken.'));
} else {
// if there is no user with that email
// create the user
var newUser = new User();
// set the user's local credentials
newUser.local.email = email;
newUser.local.password = newUser.generateHash(password);
// save the user
newUser.save(function(err) {
if (err)
throw err;
return done(null, newUser);
});
}
});
});
}));
passport.use('local-login', new LocalStrategy({
// by default, local strategy uses username and password, we will override with email
usernameField : 'email',
passwordField : 'password',
passReqToCallback : true // allows us to pass back the entire request to the callback
},
function(req, email, password, done) { // callback with email and password from our form
// find a user whose email is the same as the forms email
// we are checking to see if the user trying to login already exists
User.findOne({ 'local.email' : email }, function(err, user) {
// if there are any errors, return the error before anything else
if (err)
return done(err);
// if the user is found but the password is wrong
if (!user || !user.validPassword(password))
return done(null, false, req.flash('loginMessage', 'Oops! Wrong username or password.')); // create the loginMessage and save it to session as flashdata
// all is well, return successful user
return done(null, user);
});
}));
};
关于angularjs - 使用angularjs时如何仅在Meanjs中为经过身份验证的用户保护功能,我们在Stack Overflow上找到一个类似的问题:https://stackoverflow.com/questions/26968072/