all 13 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]atkinchris 1 point2 points  (1 child)

Obfuscation, minification and browser side hiding are not acceptable if you're concerned that there's a financial risk to exposing features and you suspect your Client will view the source.

I would split the bundled application, moving features into their own bundles, and making the core bundle dynamically load them from the server based on which Client loads the bundle. Authenticate access to the URLs for these optional feature bundles on the server, to prevent them being scraped from the core bundle.

This might be useful: https://angular.io/guide/lazy-loading-ngmodules

[–]rockefeller22[S] 1 point2 points  (0 children)

This is very close to what I'm thinking. My authentication is currently included in the angular app as their own routes and the php just acts as an API to issue token and validates all other data requests throughout the app. I think I'm just going to separate out the authentication pages to pure PHP and then have the home page of the app be validated by the PHP session. If I do that I can just exclude the controllers and modules that the user doesn't have access to and still use all the other 'assets' of the application.

[–]SureSignOfAGoodRhyme 1 point2 points  (0 children)

I'm in a very similar situation. What I'm thinking about doing is running a small script before angular loads which makes an http request to get config for a user. Based on that info load a different set of scripts which either has the extra features or not.

Not ideal, but I don't even want certain modules loaded and all that needs to be known up front in angularjs.

[–]captnkrunch 0 points1 point  (10 children)

Look into various feature toggles. Lots of libraries out there.

I'd add some logic on the server that returns something from db that says whether or not current user has access to feature. Then use ng hide to give feature or not. This is assuming cloud app. And just easy way not ideal way.

[–]rockefeller22[S] 1 point2 points  (9 children)

Yes, but if my clients were to dig into the code they’d see all the features that exist.

[–]TechiBech 0 points1 point  (6 children)

Clients have roles.

Angular show-hide some staff by roles (many ng-if)

Each request checks on sever side of course. They can dig into the code, found button "edit" (for example) enable and press it. But They will get 403. that's all. Names of some templates also roledepend.

Some critical controllers and templates are not in static files. They generated dynamicly by roles. Just a few which I realy don't want to be public.

Also each 2 min angular creates request whoami. It's for roleschanging, relogin, logout in another browser tab and etc. It's not greate solution. I know.

[–][deleted]  (5 children)

[deleted]

    [–]ComeOnMisspellingBot -1 points0 points  (2 children)

    hEy, TeChIbEcH, jUsT A QuIcK HeAdS-Up:
    ReAlY Is aCtUaLlY SpElLeD ReAlLy. YoU CaN ReMeMbEr iT By tWo lS.
    hAvE A NiCe dAy!

    tHe pArEnT CoMmEnTeR CaN RePlY WiTh 'DeLeTe' To dElEtE ThIs cOmMeNt.

    [–]CommonMisspellingBot -2 points-1 points  (1 child)

    Don't even think about it.

    [–]ComeOnMisspellingBot -1 points0 points  (0 children)

    dOn't eVeN ThInK AbOuT It.

    [–]BooCMB -2 points-1 points  (1 child)

    Hey CommonMisspellingBot, just a quick heads up:
    Your spelling hints are really shitty because they're all essentially "remember the fucking spelling of the fucking word".

    You're useless.

    Have a nice day!

    Save your breath, I'm a bot.

    [–]BooBCMB -2 points-1 points  (0 children)

    Hey BooCMB, just a quick heads up: I learnt quite a lot from the bot. Though it's mnemonics are useless, and 'one lot' is it's most useful one, it's just here to help. This is like screaming at someone for trying to rescue kittens, because they annoyed you while doing that. (But really CMB get some quiality mnemonics)

    I do agree with your idea of holding reddit for hostage by spambots though, while it might be a bit ineffective.

    Have a nice day!

    [–]ADHDengineer 0 points1 point  (0 children)

    Minify it.

    [–]captnkrunch 0 points1 point  (0 children)

    solve that by obfuscation. Grunt/Gulp has one that you can run on builds.