-1

We are implementing role based security with angular.

But is there any way to implement this on server side so user's can't render that page with tweaking js code in browser? We have security on server-side APIs but we want to also prevent page load.

I know angular is client-side framework but maybe it can be done with node.js

Thank you.

Furkan Fındıkoğlu
  • 21
  • 1
  • 4
  • Angular is generally not useful for NodeJS, what makes you think that it is? Do you know what a single page application is? Servers generally have no use for such a thing – Ruben Helsloot Nov 25 '20 at 21:25
  • I don't know if using lazy modules you can check in your server before serve the chunk file – Eliseo Nov 25 '20 at 21:43

1 Answers1

1

You can do this on the server side. My experience is with Asp.Net and Asp.Net Core but this can be done in Node also. You can serve the index.html page from either an endpoint or a controller and just add authentication to that endpoint. Nobody can load the index.html page without first authenticating.

For what it is worth though I have never found this to be necessary if all your apis are protected. The user would have to have quite a bit of knowledge to tweak the javascript since it is mostly minified and even if they did they can't call any api without authenticating. I have gone away from trying to protect the entire app and instead use lazy loading. The app module only contains the authentication code and one route that loads the shell module after authentication. This route is protected by a guard that triggers the authentication. If you are not using server side rendering then an Angular app is just a bunch of static files that really should be served from a CDN and not though a server endpoint.

Andrew Alderson
  • 968
  • 5
  • 16