1

I've build rest api with laravel 5.2, integrating it with angularJS and securing it with jwt.

It's my first experience with jwt, not with angularjs, and in my past projects (with spring mvc/security, angularJS and session instead jwt), i could protect resources by intercepting the url with spring security, like this:

<sec:intercept-url pattern="*/app/**" access="isAuthenticated()" />

Is any way to do this with laravel?, i've already did the javascript validation, so if the jwt token is not valid, the users can't access any route but login, the problem is that javascript source is available either user is logged in or not.

Improve this question

1 Answer 1

Reset to default
5

You could do this in a route closure:

Route::get('script/{filename}', function($filename){
    return response(file_get_contents(public_path('/assets/js/' . $filename)))->header('Content-Type', 'text/javascript')
})->middleware(['auth']);

Although this means that each request to this file requires bootstrapping the entire application which is a substantial performance loss. However when invoked only once, it's not a huge deal.

sidenote Route closures have side effects; one of the biggest being that the file cannot be cached when Closures are used.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

The answer was very clear, was exactly what I was looking for. It alarms me a little that resources cannot be cached with this approach, so I will evaluate whether I should obfuscate and protect the files or just obfucaste it. Thank you very much.
@PadronLeandro Sorry, I should be more clear about the caching. IT's the route file that cannot be cached. The actual javascript file can certainly be cached. To address the former, move the functionality into a controller, and you can then cache the route file as well.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.