ds42774 2016-09-09 02:22
浏览 70
已采纳

使用laravel保护javascript资源

I've build rest api with laravel 5.2, integrating it with angularJS and securing it with jwt.

It's my first experience with jwt, not with angularjs, and in my past projects (with spring mvc/security, angularJS and session instead jwt), i could protect resources by intercepting the url with spring security, like this:

<sec:intercept-url pattern="*/app/**" access="isAuthenticated()" />

Is any way to do this with laravel?, i've already did the javascript validation, so if the jwt token is not valid, the users can't access any route but login, the problem is that javascript source is available either user is logged in or not.

  • 写回答

1条回答 默认 最新

  • drot98385 2016-09-09 03:05
    关注

    You could do this in a route closure:

    Route::get('script/{filename}', function($filename){
    return response(file_get_contents(public_path('/assets/js/' . $filename)))->header('Content-Type', 'text/javascript')
})->middleware(['auth']);

    Although this means that each request to this file requires bootstrapping the entire application which is a substantial performance loss. However when invoked only once, it's not a huge deal.

    sidenote Route closures have side effects; one of the biggest being that the file cannot be cached when Closures are used.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥30 这是哪个作者做的宝宝起名网站
  • ¥60 版本过低apk如何修改可以兼容新的安卓系统
  • ¥25 由IPR导致的DRIVER_POWER_STATE_FAILURE蓝屏
  • ¥50 有数据,怎么建立模型求影响全要素生产率的因素
  • ¥50 有数据,怎么用matlab求全要素生产率
  • ¥15 TI的insta-spin例程
  • ¥15 完成下列问题完成下列问题
  • ¥15 C#算法问题, 不知道怎么处理这个数据的转换
  • ¥15 YoloV5 第三方库的版本对照问题
  • ¥15 请完成下列相关问题!