Menu
I am currently building a web app using node.js and AngularJS.
I am using loopback.js in order to construct the API and associated models. Loopback provides its own User model, role system, and ACL tools, and makes it almost trivial to setup security for the API itself. However, being an API framework, it does not offer (to my knowledge) solutions for providing access-control for routes.
I would like to use the security model provided by loopback in order to secure routes as well. For example, if a user is logged in via Loopback, I would like to use that session data in order to control which urls the user can access in my app as well, other than the API.
How would I go about this in the proper way? For example, is there some way I can integrate the auth data provided by Loopback with Passport or similar auth framework?
956
LoopBack is unopinionated on the session mechanism you use. It simply provides tokens and controls access via token verification. For your case, I assume you want to use the combination of both. Take a look at these two examples for a more in depth tutorial:
https://github.com/strongloop/loopback-example-passport
and
https://github.com/strongloop/loopback-example-access-control
and finally the docs:
http://docs.strongloop.com/display/LB/Advanced+topics:+access+control
170
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
