From 0c759a2f83b6b8767e79b8ce1f66c792fc278311 Mon Sep 17 00:00:00 2001 From: Tyler Henkel Date: Fri, 14 Feb 2014 19:40:36 -0500 Subject: [PATCH] docs(readme): made a section for passport boilerplate --- readme.md | 38 ++++++++++++++++++++++---------------- 1 file changed, 22 insertions(+), 16 deletions(-) diff --git a/readme.md b/readme.md index 5bec669e9..23114b884 100644 --- a/readme.md +++ b/readme.md @@ -86,22 +86,6 @@ We provide an extremely simplifed deployment process for heroku. That's it! Your app should be live and shareable. Type `heroku open` to view it. -## Route authorization with Passport boilerplate - -For restricting server API routes to authenticated users, you can pass your routes through the `auth` middleware, which will send a 401 unauthorized error if a request is made from someone thats not logged in. - -The client side will automatically send you to the login page if it receives a 401 error. - -However, as this will load part of the page before redirecting, it will cause a flicker. A way to avoid this is to to mark the routes on the client side that you want to require authentication for. - -You can do this from your `app.js` by adding the following to any client routes that you want to restrict to logged in users. - -``` -authenticate: true -``` - -Keep in mind this client routing is only for improving the user interface. Make sure you secure your server API routes and don't give any sensitive information unless the user is authenticated or authorized. - ## Generators All of the **generator-angular** client side generators are available, but aliased with `angular-fullstack` to correctly generate with the fullstack folder structure. @@ -222,6 +206,28 @@ The following additional modules are available as components on bower, and insta All of these can be updated with `bower update` as new versions of AngularJS are released. +## Passport boilerplate + +The passport boilerplate requires the `ng-route`, `ng-resource`, and `ng-cookie` modules to work out of the box. + +It generates a login, signup, and settings page, and creates the backend support for creating accounts using PassportJS. + +### Restricted routes + +For restricting server API routes to logged in users, you can pass your routes through the `auth` middleware, which will send a 401 unauthorized error if a request is made from someone thats not authenticated. + +The client side will automatically send you to the login page if it receives a 401 error. + +However, as this will load part of the page before redirecting, it will cause a flicker. A way to avoid this is to to mark the routes on the client side that you want to require authentication for. + +You can do this from your `app.js` by adding the following to any client routes that you want to restrict to logged in users. + +``` +authenticate: true +``` + +Keep in mind this client routing is only for improving the user interface. Make sure you secure your server API routes and don't give any sensitive information unless the user is authenticated or authorized. + ## Testing Running `grunt test` will run the unit tests with karma.