2

我正在开发我的第一个应用程序,并从前端和 angularjs 开始。总的来说,我发现它非常直观,但是后端和前端之间的关系对我来说是开始模糊的地方。

我现在已经到了想要在某些页面上提供稍微不同的功能的地步,具体取决于用户是否经过身份验证(在这种情况下,可以编辑表单中的某些表单字段)。

从公共 angularjs 方面来看,编写一个基本的 if 语句来为经过身份验证的用户提供不同的功能(参见下面的基本尝试)似乎很容易,但由于这是一个客户端功能,我如何防止用户欺骗身份验证来编辑我不做的事情'不希望他们(保存到数据库)。

angular.module('core').controller('myCtrl', ['$scope', 'Authentication', 'Menus',
    function($scope, Authentication, Menus) {
        $scope.authentication = Authentication;

        if(typeof $scope.authentication.user == "object"){
           // behaviour for authenticated
        }else{
          // for unauthenticated
        }
    }

我是新手,一般来说,meanjs 和 node.js,主要是一个 php 人,所以如果我的问题离题太远了,请保持温和。

4

1 回答 1

1

我建议使用护照一个 npm 模块进行用户身份验证。这里有一些代码可以帮助您入门。也看看这个scotch.io 教程

// load all the things we need
var LocalStrategy   = require('passport-local').Strategy;

// load up the user model
var User            = require('../app/models/user');

// expose this function to our app using module.exports
module.exports = function(passport) {

passport.serializeUser(function(user, done) {
done(null, user.id);
});

// used to deserialize the user
passport.deserializeUser(function(id, done) {
User.findById(id, function(err, user) {
  done(err, user);
  });
});


passport.use('local-signup', new LocalStrategy({
usernameField : 'email',
passwordField : 'password',
passReqToCallback : true // allows us to pass back the entire request         to the callback
 },
   function(req, email, password, done) {

// asynchronous
// User.findOne wont fire unless data is sent back
process.nextTick(function() {

  // find a user whose email is the same as the forms email
  // we are checking to see if the user trying to login already exists
  User.findOne({ 'local.email' :  email }, function(err, user) {
    // if there are any errors, return the error
    if (err)
      return done(err);

    // check to see if theres already a user with that email
    if (user) {
      return done(null, false, req.flash('signupMessage', 'That email  is already taken.'));
    } else {

      // if there is no user with that email
      // create the user
      var newUser            = new User();

      // set the user's local credentials
      newUser.local.email    = email;
      newUser.local.password = newUser.generateHash(password);

      // save the user
      newUser.save(function(err) {
        if (err)
          throw err;
        return done(null, newUser);
      });
    }

  });

});

 }));

  passport.use('local-login', new LocalStrategy({
// by default, local strategy uses username and password, we will override with email
usernameField : 'email',
passwordField : 'password',
passReqToCallback : true // allows us to pass back the entire request to the callback
  },
   function(req, email, password, done) { // callback with email and password from our form

// find a user whose email is the same as the forms email
// we are checking to see if the user trying to login already exists
User.findOne({ 'local.email' :  email }, function(err, user) {
  // if there are any errors, return the error before anything else
  if (err)
    return done(err);

  // if the user is found but the password is wrong
  if (!user || !user.validPassword(password))
    return done(null, false, req.flash('loginMessage', 'Oops! Wrong username or password.')); // create the loginMessage and save it to session as flashdata

  // all is well, return successful user
  return done(null, user);
});

 }));

};
于 2015-02-05T23:35:28.670 回答