Angular, authentication, and REST

[Ephraim Mower]

Hi all.

I put together some authentication stuff and I am certain I didn't do it in the best way possible. I'd love to get some feedback telling me what sucks.

First, a little background:

Server-side, I am using the ServiceStack framework for my REST API, which also handles authentication. Once /auth is successfully called with credentials, ServiceStack sets cookies in the browser so a cached session is used in subsequent calls. ServiceStack can do this out of the box. I also added a /ping service that returns a 401 not authorized if not authenticated. I think I may also add a /userinfo service that returns the logged-in user's information and configuration.

In the client, I am using Witold Szczerba's excellent angular-auth, found here: https://gist.github.com/3111582. I was also inspired by his blog post here: http://www.espeo.pl/2012/02/26/authentication-in-angularjs-application. Without those resources, I am sure my code would be much, much worse...so a big THANK YOU to Witold. Angular-auth provides an interceptor to react to 401 responses and a requests401 service that stores the failed requests for retry later.

In my main template I have a couple hidden divs to support the login scenario - one to darken the screen and one with a login form, and these are shown when when the interceptor broadcasts an event. I have associated my AuthCtrl with the entire document in the <html> opening tag. The controller stuff is here: https://gist.github.com/3351232

Feel free to offer any feedback you may have. One thing I am not comfortable with in particular is the manipulation of the DOM from within the controller. Thanks in advance to anyone who feels like checking it out!

Regards,

Cork 

[Eddie Huang]

Your code looks fine. You could always turn those dom code into directives. Eg my-show-hide-with-fade :) 

[Ephraim Mower]

Thanks for the feedback, Eddie!

--
You received this message because you are subscribed to the Google Groups "AngularJS" group.
To post to this group, send email to ang...@googlegroups.com.
To unsubscribe from this group, send email to angular+u...@googlegroups.com.
Visit this group at http://groups.google.com/group/angular?hl=en.
 
 

[Ricardo Bin]

Hey good job =)

Let me ask: have you consider replace fadeIn/fadeOut with some CSS3 tricks and use ngCookies instead jQuery cookies? 

Or you need jQuery in somewhere else? This way you could eliminate its dependency :D

[Ephraim Mower]

I am always looking for ways to improve, but I am not very skilled in CSS3. I will do some research.

Regarding the use of jQuery cookies plug-in; the $cookies and $cookieStore did not seem to work, I think since I had to specify the root path. I'm not sure if the Angular cookie handling allows for that. Maybe I will look more closely at that, and maybe make a pull request to add that functionality if it isn't there and I can find time.

Thank you for the feedback! I really do appreciate it.

-Cork

--

[ryan...@gmail.com]

Do you have the entire project available for download?

[Ephraim Mower]

Nope. The links should provide just about everything you need, but are mostly missing the "glue". Witold Szczerba's implementation here may help:  https://github.com/witoldsz/angular-http-auth/tree/gh-pages 

--