How can I require authentication for my Angular templates?

Question

In my Angular (1.3) app, when the user navigates to a certain route, an XHR request is made for the template specified by templateUrl independently of whether the user is authenticated or not.

I don't want an unauthenticated user to be able to open up the Network tab in the developer toolbar and see the template code.

How do I make it so no XHR request is fired for templateUrl unless my user is authenticated?

I hope it's clear that I'm not asking how to do the authentication. I'm just asking how to put something between visiting the route and firing the template XHR request.

Answer 1

I use $cookie, before to do any request check the cookie and if exists he is logged and if doesn't he doesn't it.

You have to save the cookie in the system when the user have been logged.

https://docs.angularjs.org/api/ngCookies/service/$cookies

Answer 2

Yon can try with Angular Interceptors that can be used to intercept $http calls. It can be registered with $httpProvider

Complete Example

Sample code:

module.factory('myInterceptor', ['$q', 'userAsyncService', function($q, userAsyncService) {  
    var requestInterceptor = {
        request: function(config) {
            // put check on requested url if needed from config
            var deferred = $q.defer();
            // check for user validation here
            userAsyncService.isValidUser().then(function(valid) {   
                if(valid) {
                    deferred.resolve(config);
                } else {
                    // reject the request
                    deferred.reject(config);
                }                   
            });
            return deferred.promise;
        }
    };
    return requestInterceptor;
}]);

module.config(['$httpProvider', function($httpProvider) {  
    $httpProvider.interceptors.push('myInterceptor');
}]);