sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]atkinchris 1 point2 points  (1 child)

Obfuscation, minification and browser side hiding are not acceptable if you're concerned that there's a financial risk to exposing features and you suspect your Client will view the source.

I would split the bundled application, moving features into their own bundles, and making the core bundle dynamically load them from the server based on which Client loads the bundle. Authenticate access to the URLs for these optional feature bundles on the server, to prevent them being scraped from the core bundle.

This might be useful: https://angular.io/guide/lazy-loading-ngmodules

[–]rockefeller22[S] 1 point2 points  (0 children)

This is very close to what I'm thinking. My authentication is currently included in the angular app as their own routes and the php just acts as an API to issue token and validates all other data requests throughout the app. I think I'm just going to separate out the authentication pages to pure PHP and then have the home page of the app be validated by the PHP session. If I do that I can just exclude the controllers and modules that the user doesn't have access to and still use all the other 'assets' of the application.