Using server-side php to authenticate javascript calls - security

I'm using a Symfony2 backend and AngularJS frontend in one project. Symfony is used to show the initial view and provide a RESTful API with AngularJS embedded into the view.
Basically AngularJS will be used for the frontend (view) and calling Symfony API to interface with the database (model).
I have a bunch of Angular http gets and posts which exposes the URL to my API . What would be the best way to secure the API in my scenerio?
I do have access to server-side with Angular but how do I pass that authentication from Symfony to Angular?
Thanks for the help.

This is a common need, and there are several approaches - but they usually settle on using sessions.
You might find this article to be a good overview of an AngularJS-specific implementation...
http://www.espeo.pl/2012/02/26/authentication-in-angularjs-application

Related

How does frontend apps hide backend API call URL's?

I'm fairly new to the webdev. I have a React frontend built with Vite, and a Node.js backend that uses MongoDB. I finished my little project and when It came to deploy it to my Linux server, I got confused about how to handle API calls.
Is there any way to hide API URL's on frontend apps? Because everything is done in client side, and frontend is basically an interface between user and backend, that should be impossible. But how does for example, big companies like Facebook handle this? If I go to Facebook and inspect the code, can I find the exact IP and API address that facebook backend serves me the posts? Or are there any tricks to make this more secure? What are the industry standards are on this topic?
The interface between your web application in the browser and your backend service is HTTP(s). There are HTTP verbs such as GET, POST, DELETE, etc. You can pass argument or information to your backend services via query parameters which are visible in the URL, or you can send it in the body of a request. An HTTP POST, for example would have a body that is not seen or viewable unless the end user made specific effort to view it.

Do I need Express to create web services using Nextjs?

I am trying to create a general web service using Nextjs.
In my research, I often see cases where Express is used as the backend for Nextjs.
However, Nextjs has an api function.
In what cases do we need to use Express for the backend?
Well, you don't really need Express as the backend server. You should be able to use any framework from any programming language. I guess the reason that you often see it used is because it is the best documented.
Regarding api routes, you will always have to use some kind of backend server as it does not work with next export (aka creating a static folder containing html, css and JavaScript).

Use VueJS with sailsjs

How do i use vuejs with sails js. I want to list and create dynamic content using Vue. How do I create route for CRUD operations for objects like posts and comments ? How do i check authorization on every route that the user must be logged in for this route to work. One more thing , how can I test the crud operations using Postman
Thanks
You have two ways of using VueJs in Sails.
The view layer of sails js is built on Vue.js, so you can use the native implementation of Vue.js as described in sails js doc.
Or, you can setup a Vue.js standalone app, and make it dial with you sails.js backend by the way of http requests that can you send with http, axios, ... packages .
In both cases, you're gonna use the entry points that you will define in your routes.js file of sails > config folder which would corresponds to controllers that contains your CRUD requests. That is also the way you have to test your "CRUD" operations with postman, by requesting your entry points.
For authorization, a good practice would be to use the policies of Sails.js :)

mean - MongoDB, Express.js, Angular2, node.js (backend setup and boundaries)

I have the basic question how the frameworks and platforms Angular 2 and Express.js in the 'mean' approach works together and where are the boundaries between client-side and server-side.
After reading much stuff to this topic I understand, that by calling the basic URL of the website (SPA) the Angular2-application will be send completely as package to the client (browser) where the (angular logic) will dynamically change the views by javascript in the client-browser as defined.
I also have create an angular2 SPA with some components, routing and services.
Now I have the general question to the backend.
I want to create a backend on the basis of node.js with the express.js framework.
-How I have to setup the entire Angular2 (frontend) application in the express.js backend application because express.js based on MVC too?
-Where are the boundaries between the model and view of angular (MVVC) and express.js (MVC) and where they play together?
It would be great if somebody can name me references, tutorials or relevant stuff to this specific topic.
Thanks in advance.
In reference to the MEAN stack, Express.js is not used as the MVC, but Angular is. Express.js serves as middleware / a framework to help build your API quickly than if you just wrote in Node.js (Express.js is a framework for Node.js).
What you said here:
calling the basic URL of the website (SPA) the Angular2-application will be send completely as package to the client (browser) where the (angular logic) will dynamically change the views by javascript in the client-browser as defined
Is exactly right, Angular 2 will act as the MVC, in browser, where the client will dynamically change views. Express.js will help you define the "basic URL" i.e. localhost:8000/ and what "package" as you have described, is sent to the client. This "package" is your entire Angular application.
One of my favorite tutorials is from Scotch.io, though it is Angular 1.x, it's still helpful for building any MEAN stack application.
https://scotch.io/tutorials/creating-a-single-page-todo-app-with-node-and-angular
The line
app.use(express.static(__dirname + '/public'));
Tells the application where to find all your JS / CSS / HTML files, or in your case, your Angular application. (Make sure your Angular application is in the directory that you list above relative to your Express/Node.js application)
Hope this helps!

Separating frontend and backend (as REST API)

I am doing a side project, with purpose of learning to separate front-end and backend, and I decided to use express with node, to design a REST Api as my backend.
My question is, how do I authenticate my restful api. I saw some tutorials, but they always connect frontend and backend by using serverside rendering with jade or ejs, and I'm not interested with that.
How do I authenticate each user and give them access only to certain data and also how do I design endpoints that are only accessible by my front-end application?
I would really appreciate help. Also you can send links to articles that describe this king of authentication and project architecture, because I feel that i'm looking in the wrong places, and need some help.

Resources