Authentication with AngularJS - NodeJS

Question

I cant figure out how to do a simple Authentication in my AngularJS app. What would be the best and easiest way to do a normal server side authentication with my Setup: Yeoman angular generator, running grunt server on :9000. Does anyone have a good tutorial? or any tips?

Another question, what is the simplest way to store data with this setup? using MongoDB?

Thank you :)

Answer 1

The easiest setup I am using is:

• NodeJS / Express / Passport / Socket.io / MongoDB (can be anything else actually)
• AngularJS

Express is handling all the security with Passport (there's a passport method being added to express req automatically that gives you an ability to check whether user is authenticated or not). It's called isAuthenticated and you can use it like below:

function loggedOnly(req, res, next) {
    if (req.isAuthenticated()) {
        next();
    } else {
        res.redirect('/');
    }
} 

Route / & /login are public, but when user is logged in, they redirect to /app. Route /app is Angular app which is private and redirects to /login when user is not authenticated.

app.get('/', anonOnly);

Socket.io has passport.socketio middleware for automatically refusing unauthorised connections that may occur.

Then, I access user object by doing the following:

io.on('connection', function(socket) {
      var user = socket.conn.request.user;
});

To sum up, login logic is handled by static Express views. Moreover, Express prints few constant's to Angular app containing e.g. userData. Quite useful for displaying e.g. userName at some point.

Although it may take some time to set that up, it's definitely worth doing if you want to understand the whole logic of your app. I've given you the names of open-source packages to use, all the details can be found in their readme & guides (lots of them already exists if you google for a while).

Answer 2

Your best bet would be to use the angular-fullstack generator as it comes with basic authentication -- both local and oAuth -- built in. From there, you can either just use the authentication that is setup for you or you can use it as a reference to help you figure out how its all working.

Answer 3

AngularJS is a front-end JavaScript framework, you can use anything of your choice, loving and knowing at the back-end for your application. This question was something like you are asking "I am using HTML5, what should I use at my back-end?" Angluar can be used with many server-side languages, viz. Ruby, Node, PHP.

• There is an awesome tutorial talking about Ruby on Rails + Angular by David Bryant Copeland.
• If you want to use PHP, you could use any framework which comforts you, there are many available. CodeIgniter is one of the popular PHP framework.
• If you want to use Node for your application, Passport.js could be something of interest. MEAN Stack is the new thing which is coming up, MEAN stands for MongoDB + Express.js + Angular.js + Node.js. There is a ready Yoeman generator for MEAN stack available.

Again depending upon the requirement you should choose between SQL or NoSQL database. Also depends upto certain extend on the choice of the server-side language.

• If you need a scalable database which stores hierarchical data, NoSQL should be your choice. MongoDB is a popular NoSQL database; CouchDB, RethinkDB are other alternatives.
• SQL database are used where application needs high transaction. Though we can use NoSQL database for transaction based application, but it is not stable in comparision to SQL databases. MySQL is the most commonly used SQL database.

Answer 4

Angularjs is really not involved in the authentication process. The basic flow of authentication is quite simple: You make a post request from your 'Angularjs app' (your client side application) to your server, passing as parameters a pair of username/password. Then, on your nodejs application (server side) you query your database looking for the username provided and you try to match the password that was sent within the post request with the password you have stored in your database related to that user. If they matches, you set up a cookie on user's client which is related to a session stored in your database. To make this simpler there are some libraries that help you. You could use passport.js (http://passportjs.org/) together with express (http://expressjs.com/). Passport will help you setting up with ease the authentication process in a safe way and express will give you tools like the cookie parser, support for session and other tools you will need to use. Express will help you also setting an endpoint where you will post the request for logging in to. Last thing, for storing data, you can use any database you want. Nodejs has a relevant number of third party libraries that help interfacing with databases. If you want to use mongodb, this library (https://github.com/mongodb/node-mongodb-native) will make your life easy.