I've a web in Ruby on Rails, which works. Now, I'm developing a mobile app to complement that web. I'm using Cordova and AngularJS (v1.2.13).
The first step to use the app (as a user) is to sign in using the same credentials as in the web. In order to connect the app with the database I'm developing an API in Rails.
Signing in from the app works, but when making the POST call to the API, the parameters are attached to the URL:
http://localhost:3000/api/sign_in?email=user@example.com&password=1234
This is not safe, for obvious reasons. I want those parameters removed from the URL:
http://localhost:3000/api/sign_in
I don't understand why the parameters are not being passed 'hidden' . What am I missing?
In my angular service I have:
app.factory('loginService', ['$resource', 'BASE_URL', function($resource, BASE_URL){
return $resource(BASE_URL + '/api/sign_in', {email:'@email', password:'@password'}, {
'sign_in': {
method: 'POST',
isArray: false,
headers: {'Content-Type': 'application/x-www-form-urlencoded'}
}
});
}]);
And in the controller:
var logged = loginService.sign_in({email: $scope.email, password: $scope.password},
function(data){ /*do whatever with the data*/}
);
EDIT
I forgot to mention that I use Devise for authentication. Routing:
namespace :api do
devise_scope :user do
post "/sign_in", :to => 'sessions#create'
end
end
which gives me:
api_sign_in POST /api/sign_in(.:format)
The controller, in case it's needed:
class Api::SessionsController < Api::ApiController
include Devise::Controllers::InternalHelpers
def create
...
end
end
I am not all too familiar with Ruby (that is Ruby, right?), but if you simply want to hit an API endpoint without changing the URL, here is an example of some code that has been working for me without the issues you have described. I think the big thing here is the /:id/:controller
part.
I hope this helps, but I am using client-side routing so idk how that would affect things.
angular.module('dayakoApp')
.factory('User', function ($resource) {
return $resource('/api/users/:id/:controller', {
id: '@_id'
},
{
changePassword: {
method: 'PUT',
params: {
controller:'password'
}
},
get: {
method: 'GET',
params: {
id:'me'
}
}
});
});
I finally managed to do it thanks to this SO question
It basically sais to remove the params from the service:
maappServices.factory('loginService', ['$resource', '$http', 'BASE_URL', function($resource, $http, BASE_URL){
return $resource(BASE_URL + '/api/sign_in', {/*REMOVE params from this part*/}, {
'sign_in': {
method: 'POST',
isArray: false
}
});
}]);
And now the call to the api is done like this: Started POST "/api/sign_in"
I also removed the header part in order to work.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.