Protecting Client Side Routes

[WonderPanda]

Hi! Just wanted to say that so far I am blown away with your generator. I've played around with mean.js and mean.io before but this project structure is really well set up and I will most likely be using it for several projects I'm working on.

I'm attemping to add some new routes to the angular app that require admin rights in order to view. I'm confused as to how the Auth service works in terms of determining which routes require admin. Is it something to do with nested states in $stateProvider? In my app I have multiple pages located at admin/{something} which should all require proper authentication. Where is this applied?

Thanks again!

Jesse

[simonh1000]

This is the issue I have been wrestling with too, and I think the answer is that you need to keep them out of the app and develop them separately on the server side. However, I have run into a problem with req.isAuthenticated not being added as i expect. Code at https://github.com/simonh1000/afeditor/tree/master/server/auth

[WonderPanda]

@simonh1000 The generator contains auth protected routes on the client side as part of the admin view. Looking into app.js on the client side we can see that there is an interceptor for state changes coming from UI router:

.run(function ($rootScope, $location, Auth) {
// Redirect to login if route requires auth and you're not logged in
$rootScope.$on('$stateChangeStart', function (event, next) {
  Auth.isLoggedInAsync(function(loggedIn) {
    if (next.authenticate && !loggedIn) {
      $location.path('/login');
    }
  });
});
});

So there is some work going on at next.authenticate that will automatically forward the user to the login page. I'm just confused as to how next.authenticate is determined? There's got to be somewhere where this can be applied to custom routes that I'm adding to the application.