SPA security using Backbone.js, Require.js and Laravel

Question

I'm currently searching the best way for developing my next webapplication. I'm thinking about using Backbone.js and build a single page application. But I really can't imagine how to secure my app since nearly everything is done on client side. Of course I just could prevent the users from accessing my RESTful Api so they would not have access to my data. But all the view/model/collection/template js files are still accessible.

Or is there a known way to serve the js files with php (laravel), which would allow me to only serve the files I need for the respective user.

I just couldn't find a solution by searching the Web. But I just don't think that I am the lonely person who needs a clean and secure authentication method including different user rights.

Thank you in advance!

Answer 1

Your backend application will fetch data from a backend (= API), and probably send back some changes. This code can't have "security holes / leaks" as long as your backend is secured. If you are afraid of people stealing your code, you can always minify the JS (check grunt.js and almond.js for this)

To secure your backend you can make use of Laravel's auth class, and the auth filter as mentioned before.

Besides normal auth, you could implement roles, that you can assign to specific users, giving them more or less access to certain resources in your backend.