In the framework of front-end and back-end separation, the back-end request is generally sent to the directory corresponding to the back-end through the nginx configuration, and then the front-end request goes to the directory corresponding to the front-end. Now I just happened to come across an authentication strip function. What needs to be implemented is that every request sent, whether it is a front-end request or a back-end request, first determines whether there is a login, and then jumps to the login homepage if there is no login.
1. Generally, authentication judgment is done by the back-end, and page jump is done by the front-end. How can these two steps be combined?
When the front and back ends are not separated, a hook is usually set during the initialization of the framework to determine whether there is login, and jump if there is no login.
I think the solution after separation should be that the backend still performs authentication judgment on each request and only returns without jumping. Then when the front-end framework module is initialized, it first requests the authentication interface. If the authentication fails, it jumps to the login page.
Experienced friends, please give me some advice on how to do this authentication in a separation scenario.
Reply content:
In the framework of front-end and back-end separation, the back-end requests are generally directed to the directory corresponding to the back-end through the configuration of nginx, and then the front-end requests are directed to the directory corresponding to the front-end. Now I just happened to come across an authentication strip function. What needs to be implemented is that every request sent, whether it is a front-end request or a back-end request, first determines whether there is a login, and then jumps to the login homepage if there is no login.
1. Generally, authentication judgment is done by the back-end, and page jump is done by the front-end. How can these two steps be combined?
When the front and back ends are not separated, a hook is usually set during the initialization of the framework to determine whether there is login, and jump if there is no login.
I think the solution after separation should be that the backend still performs authentication judgment on each request and only returns without jumping. Then when the front-end framework module is initialized, it first requests the authentication interface. If the authentication fails, it jumps to the login page.
Experienced friends, please give me some advice on how to do this authentication in a separation scenario.
Front-end separation usually uses json transmission. If it is Json, you can do this.
Returns when verification is successful: {code: "Success", data: "Data to be retrieved", info: null},
Returns when verification fails: {code: "Failure", data: null, info: "No access rights" "}
The front-end determines the code value after receiving it. As for whether to jump or not, that is the front-end's own business.
The way I implemented it is:
After the front-end logs in, save the token generated by the back-end (the back-end can be saved with JWT or redis, mysql, and the front-end can be saved in localstorage or cookie).
Every request from the front end requires authorization (login) interface to determine whether the token is valid (including whether it has expired). If it is invalid, it will return 403 and an error message. The front end uses a Service base class (for example, AdminService catch 403 exception, if caught, route to the login page), or write a global filter to catch 403.
Separating the front-end and back-end is to cache a login status on the front-end, and then bring this status code with each request, and the background determines whether it has expired. That’s pretty much it
It’s very simple. For example, for background projects, we all know that you can only enter the system after logging in successfully. So how do you do the authentication in the whole process?
The backend filters all incoming requests to verify whether the user is logged in. If not, continue to ignore him. If not, let him jump directly to the login page
For the front-end, every route jump must also be verified. For example: before opening a certain page, send an ajax to the back-end for verification. If the login page is not displayed, jump to the login page
How to verify? When the user does not log in successfully, the browser does not write the cookie. After the user logs in successfully, the user's cookie is saved to the browser, and the user's session is saved to the server. The browser's cookie is the session key
Our company has recently completely separated the front and back ends. The specific method is very simple. For example, if there is a page that requires login verification, the front end will directly request the back end. The backend determines whether to log in. If logged in, the return status status is success, plus data and so on. If there is no login, it will directly return to a fixed status, that is, status is fail_401.
If there is no data that can be obtained on the page, we will directly provide a general interface. When entering the page, request the interface. If it passes, it will stay on the current page. If it does not pass, it will jump directly.
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
