认证 – 如何使用AngularJS ngView隐藏模板以供未经授权的用户？

app.factory('routeAuths',[ function() {
  // any path that starts with /template1 will be restricted
  var routeAuths = [{
      path : '/template1.*',access : 'restricted'
  }];
  return {
    get : function(path) {
      //you can expand the matching algorithm for wildcards etc.
      var routeAuth;
      for ( var i = 0; i < routeAuths.length; i += 1) {
        routeAuth = routeAuths[i];
        var routeAuthRegex = new RegExp(routeAuth.path);
        if (routeAuthRegex.test(path)) {
          if (routeAuth.access === 'restricted') {
            return {
              access : 'restricted',path : path
            };
          }
        }
      }
      // you can also make the default 'restricted' and check only for 'allowed'
      return {
        access : 'allowed',path : path
      };
    }
  };
} ]);

并在main / root控制器中收听$locationChangeStart事件：

app.controller('AppController',['$scope','$route','$routeParams','$location','routeAuths',function(scope,route,routeParams,location,routeAuths) {
    scope.route = route;
    scope.routeParams = routeParams;
    scope.location = location;

    scope.routeAuth = {
    };

    scope.$on('$locationChangeStart',function(event,newVal,oldVal) {
      var routeAuth = routeAuths.get(location.path());
      if (routeAuth.access === 'restricted') {
        if (scope.routeAuth.allowed) {
          event.preventDefault();
        }
        else {
          //if the browser navigates with a direct url that is restricted
          //redirect to a default
          location.url('/main');
        }
        scope.routeAuth.restricted = routeAuth;
      }
      else {
        scope.routeAuth.allowed = routeAuth;
        scope.routeAuth.restricted = undefined;
      }
    });

}]);

演示：

> plunker

参考文献：

> angularjs services
> location

更新：

为了完全防止html模板访问,最好在服务器上完成.因为如果您从服务器上的静态文件夹中提供html,用户可以直接访问该文件,例如：root_url / templates / template1.html,从而规避角度检查器.