stackoom
  简体   繁体   中英

Adding an API call to canActivate in Angular 2 AuthGuard

 原文  2016-12-23 17:38:41       angular/ typescript/ angular2-observables

Question

I am working on setting up AuthGuard for routes in an Angular 2 application. Each route has different user groups that can go to that route. On the front-end I am only storing a bearer token so when canActivate is called I want to call an API, send in my token and route, let the API resolve whether or not that user has access to that route and if they do, return a true, otherwise return a false. On the front-end, I want to use the results from that call to either route them or just send them back to the login screen.

This is how I am trying to accomplish that:

canActivate(route: ActivatedRouteSnapshot, state: RouterStateSnapshot): boolean {
    this.authService.authenticateRouteForUser(state.url).subscribe(active => {
        if (active) {
            return true;
        }

        this.authService.redirectUrl = state.url;
        this.router.navigate(['/login-page'])
        return false;
    })
}

The logic within the subscribe works because I have tested it like this (This is essentially taken right from the Angular documentation by Google):

 canActivate(route: ActivatedRouteSnapshot, state: RouterStateSnapshot): boolean{
     console.log('AuthGuard#canActivate called')
     if(this.authService.isLoggedIn){
        return true;
     }

     this.authService.redirectUrl = state.url;

     this.router.navigate(['/login-page'])
     return false;
 }

I know that the problem with my first statement is that the canActivate has to return a true or a false and I am only returning a true or a false within the subscribe. The problem is I only want to return a true or a false after the route authentication has happened, which requires a call to the API. Am I approaching this all wrong? Should I just return user roles on login and store the roles for each route on the front-end so I can just check that without doing a call? Is there some other way to approach this that I am missing?

2 answers

solution1
 3 ACCPTED  2016-12-23 22:04:09

Assuming your server returns a token which expires and has some roles. You would only need to check these in your guard. So simply store them in your localstorage or sessionstorage. For each server call you should provide the token, so if someone tampers with the localstorage your server should give an error. This way users might "hack" into routes they shouldn't be, but you server simply won't return any data because the token is invalid.

solution2
 0  2019-12-19 13:50:00

Try like this:

canActivate(): Observable<boolean> | Promise<boolean> | boolean {
    return new Promise(res => {
        this.authService.authenticateRouteForUser(state.url).subscribe(
            (active ) => {
                if (active) {
                    res(true);
                } else {
                    this.router.navigate(['/login-page']);
                    res(false);
                }
            },
            (error) => {
                this.router.navigate(['/login-page']);
                res(false);
            }
        );
    });
}

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Angular AuthGuard canActivate Verify token with API in Angular8 canActivate method of AuthGuard “No provider for AuthGuard!” using CanActivate in Angular 2 API call in canactivate method in Angular Angular routing canActivate AuthGuard transmit query params Angular 2 Organize AuthGuard(canActivate) and AuthService code Angular AuthGuard canActivate with observable from promise not working AuthGuard wait for API call Angular AuthGuard CanActivate not called when signing out - Firebase Auth Session timeout in Angular if user is idle in canActivate function of AuthGuard
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM