CODEWITHSUNDEEP
angularjsnode.jsmongodbexpressangular-ui-router
Michael Christopher Martire
Michael Christopher Martire

Reputation: 280

Not sure how to restrict routes using meanjs

I am pretty new to the MEAN stack... The current app I am building, I used meanjs and yeoman to scaffold it out.

I want users and I want admins to manage those users (create/delete users, add other admins). The way meanjs builds this is: 

roles: {
type: [{
    type: String,
    enum: ['user', 'admin']
}],
default: ['user']

I added 'admin' into the array. Is this a good way to handle this or is there something more secure?

The main problem I am facing is I can't figure out how to secure certain routes to only admins. I understand this can be done with angular and with express/node but I have no idea how to implement either.

I have been googling for 3 days and I came across people building from scratch (looks nothing like my current code or folder structure), or not doing any type of route restriction/authorization/auth. I've also looked in the meanjs docs, not helpful at all.

Any advice, help, places to learn would be greatly appreciated.

Upvotes: 2

Views: 539

Answers (2)

pgrodrigues
pgrodrigues

Reputation: 2078

If you take a look at MEAN.JS 0.4.0 version (master branch here) it already has implemented route restriction both in server and in client.

As you mentioned the User schema can have user and admin roles.

Regarding the server side you will have a policies directory which contains a js file specifying which routes are allowed, taking into account the roles the user accessing that route has. Those permissions are managed by a node module called node_acl. You can take a look at an example here.

Regarding the client side, when you define the routes for your angular module (example here, note the data: {roles: ['user', 'admin']} in some of the routes), one way of checking if the user is allowed to access that route is to check his roles when the user goes to a specific route (or in other words when the event $stateChangeStart is triggered) which in MEAN.JS is happening in this file.

You are probably using an older version of MEAN.JS, but maybe if you follow the examples in the latest version you can get it to work in your app.

Upvotes: 1

phil3903
phil3903

Reputation: 21

Check out http://passportjs.org/ for authentication.

Scotch.io has a great tutorial for setting up your models and passport auth. https://scotch.io/tutorials/easy-node-authentication-setup-and-local

After setting up Passport in your node app, you can easily secure your Angular views and API routes with middleware.

Good luck! Hope you find that reading helpful.

Upvotes: 0

Related Questions