All geek questions in one place

The correct way to combine route and auth api using loopback.js

I am currently building a web application using node.js and AngularJS.

I use loopback.js to create an API and its associated models. Loopback provides its own model, role system and ACL tools, and makes it almost trivial to configure security for the API itself. However, being the backbone of the API, it does not (as far as I know) offer solutions to provide access control for routes.

I would like to use the loopback security model to also protect routes. For example, if a user is registered through Loopback, I would like to use session data to control which URLs users can get in my application except the API.

What would I do right? For example, is it possible to somehow integrate the auth data provided by Loopback using Passport or a similar auth structure?

+5
source share
1 answer

LoopBack is not supported in the session engine you are using. It simply provides tokens and controls access by checking the token. In your case, I assume that you want to use a combination of both. Take a look at these two examples for more in-depth study:

https://github.com/strongloop/loopback-example-passport

and

https://github.com/strongloop/loopback-example-access-control

and finally the docs:

http://docs.strongloop.com/display/LB/Advanced+topics:+access+control

+2
source

Source: https://habr.com/ru/post/1210040/

More articles:


All Articles