ds42774 2016-09-09 02:22
浏览 70
已采纳

使用laravel保护javascript资源

I've build rest api with laravel 5.2, integrating it with angularJS and securing it with jwt.

It's my first experience with jwt, not with angularjs, and in my past projects (with spring mvc/security, angularJS and session instead jwt), i could protect resources by intercepting the url with spring security, like this:

<sec:intercept-url pattern="*/app/**" access="isAuthenticated()" />

Is any way to do this with laravel?, i've already did the javascript validation, so if the jwt token is not valid, the users can't access any route but login, the problem is that javascript source is available either user is logged in or not.

  • 写回答

1条回答 默认 最新

  • drot98385 2016-09-09 03:05
    关注

    You could do this in a route closure:

    Route::get('script/{filename}', function($filename){
    return response(file_get_contents(public_path('/assets/js/' . $filename)))->header('Content-Type', 'text/javascript')
})->middleware(['auth']);

    Although this means that each request to this file requires bootstrapping the entire application which is a substantial performance loss. However when invoked only once, it's not a huge deal.

    sidenote Route closures have side effects; one of the biggest being that the file cannot be cached when Closures are used.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 执行 virtuoso 命令后,界面没有,cadence 启动不起来
  • ¥50 comfyui下连接animatediff节点生成视频质量非常差的原因
  • ¥20 有关区间dp的问题求解
  • ¥15 多电路系统共用电源的串扰问题
  • ¥15 slam rangenet++配置
  • ¥15 有没有研究水声通信方面的帮我改俩matlab代码
  • ¥15 ubuntu子系统密码忘记
  • ¥15 保护模式-系统加载-段寄存器
  • ¥15 电脑桌面设定一个区域禁止鼠标操作
  • ¥15 求NPF226060磁芯的详细资料