{"id":21541666,"url":"https://github.com/concretesolutions/ng-security","last_synced_at":"2025-04-10T04:23:43.047Z","repository":{"id":36744429,"uuid":"41051034","full_name":"concretesolutions/ng-security","owner":"concretesolutions","description":"A security module for AngularJS.","archived":false,"fork":false,"pushed_at":"2017-04-18T18:37:20.000Z","size":107,"stargazers_count":31,"open_issues_count":6,"forks_count":4,"subscribers_count":16,"default_branch":"master","last_synced_at":"2025-03-24T05:43:36.384Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/concretesolutions.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2015-08-19T18:01:36.000Z","updated_at":"2020-10-12T07:59:20.000Z","dependencies_parsed_at":"2022-08-31T00:01:05.640Z","dependency_job_id":null,"html_url":"https://github.com/concretesolutions/ng-security","commit_stats":null,"previous_names":[],"tags_count":13,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/concretesolutions%2Fng-security","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/concretesolutions%2Fng-security/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/concretesolutions%2Fng-security/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/concretesolutions%2Fng-security/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/concretesolutions","download_url":"https://codeload.github.com/concretesolutions/ng-security/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247684410,"owners_count":20979060,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-24T05:07:14.062Z","updated_at":"2025-04-10T04:23:43.028Z","avatar_url":"https://github.com/concretesolutions.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# ngSecurity #\n\n[![Build status][build-status-image]][build-status-url] [![Watch dependencies][dependencies-image]][dependencies-url] [![Watch dev dependencies][devDependencies-image]][devDependencies-url] [![NPM version][npm-version-image]][npm-url] [![NPM downloads][npm-downloads-image]][npm-url] [![MIT License][license-image]][license-url]\n\n#### A security module for [AngularJS](http://angularjs.org). ####\n\n## Install ##\nInstalling via [Bower](http://bower.io/):  \n```shell\n$ bower install ngsecurity\n```\n\nInstalling via [NPM](https://www.npmjs.org/):  \n```shell\n$ npm install ngsecurity\n```\n\n## Get Started ##\nYour setup should look similar to the following:\n```javascript\n/* file: app.js */\nangular\n  .module('myApp', ['ngSecurity'])\n  .config(['$httpProvider', function ($httpProvider) {\n    $httpProvider.interceptors.push('$securityInterceptor');\n  }])\n  .run(function ($rootScope) {\n    $rootScope.$on('unauthenticated', function () {\n      alert('redirect to login');\n    });\n    $rootScope.$on('permissionDenied', function () {\n      alert('redirect to permission denied');\n    });\n  });\n```\n\n```html\n\u003c!-- file: index.html --\u003e\n\u003c!DOCTYPE html\u003e\n\u003chtml ng-app=\"myApp\"\u003e\n  \u003cbody\u003e\n    \u003cform ng-submit-login=\"/auth/login\"\u003e\n      \u003cinput type=\"text\" name=\"username\" /\u003e\n      \u003cinput type=\"password\" name=\"password\" /\u003e\n      \u003cbutton type=\"submit\"\u003eLogin\u003c/button\u003e\n    \u003c/form\u003e\n    \u003cdiv ng-if-authenticated\u003e\n      User is authenticated\n    \u003c/div\u003e\n    \u003cdiv ng-if-anonymous\u003e\n      User is Anonymous\n    \u003c/div\u003e\n    \u003cdiv ng-if-permission=\"admin\"\u003e\n      User is Administrator\n    \u003c/div\u003e\n\n    \u003cscript src=\"app.js\"\u003e\u003c/script\u003e\n  \u003c/body\u003e\n\u003c/html\u003e\n```\n\n```javascript\n/* POST /api/auth response */\n{\n  \"token\": \"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9\",  /* required */\n  \"user\": {  /* optional */\n    \"name\": 'Administrator'\n  },\n  \"permissions\": [  /* optional */\n    'admin'\n  ]\n}\n```\n\n\n## API ##\n\n### Service Methods ###\n#### login(token: String, [user: Object, [permissions: Array]])  [Simple strategy] ####\nAuthenticate a user with token. Data and permissions are optional.  \nSimple example:  \n\n```javascript\nangular\n  .module('myApp')\n  .controller(['$scope', '$http', '$security', function ($scope, $http, $security) {\n    $scope.username = 'admin';\n    $scope.password = 'admin';\n    $scope.authenticate = function () {\n      $http.post('/api/auth', {\n        username: $scope.username,\n        password: $scope.password\n      }).success(function (data) {\n        $security.login(data.token, data.user, data.permissions);\n      });\n    }\n  }]);\n```\n\n#### login(token: String, [permissions: Array])  [JWT strategy] ####\nAuthenticate a user with token. Permissions are optional.  \n[JWT](http://jwt.io/) example:  \n\n```javascript\n/* file: app.js */\nangular\n  .module('myApp')\n  .config(['$httpProvider', '$securityConfigProvider', function ($httpProvider, $securityConfigProvider) {\n    $httpProvider.interceptors.push('$securityInterceptor');\n    $securityConfigProvider.configure({\n      strategy: 'jwt',\n    });\n  }])\n  .controller(['$scope', '$http', '$security', function ($scope, $http, $security) {\n    $scope.username = 'admin';\n    $scope.password = 'admin';\n    $scope.authenticate = function () {\n      $http.post('/api/auth', {\n        username: $scope.username,\n        password: $scope.password\n      }).success(function (data) {\n        $security.login(data.token, data.permissions);\n      });\n    }\n  }]);\n```  \n#### loginByUrl(url: String, data: Object) ####\nUse resource for authenticate user. The service should return a response compatible. The return is a promise.  \nSimple example:  \n\n```javascript\nangular\n  .module('myApp')\n  .controller(['$scope', '$security', function ($scope, $security) {\n    $scope.username = 'admin';\n    $scope.password = 'admin';\n    $scope.authenticate = function () {\n      $security.loginByUrl('/api/auth', {\n        username: $scope.username,\n        password: $scope.password\n      }));\n    }\n  }]);\n```\n\nCompatible API response:  \n\n```javascript\n{\n  \"token\": \"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9\",  /* required */\n  \"user\": {  /* optional */\n    \"name\": 'Administrator'\n  },\n  \"permissions\": [  /* optional */\n    'admin'\n  ]\n}\n```\n\n[JWT](http://jwt.io/) example:  \n\n```javascript\n/* file: app.js */\nangular\n  .module('myApp')\n  .config(['$httpProvider', '$securityConfigProvider', function ($httpProvider, $securityConfigProvider) {\n    $httpProvider.interceptors.push('$securityInterceptor');\n    $securityConfigProvider.configure({\n      strategy: 'jwt',\n    });\n  }])\n  .controller(['$scope', '$security', function ($scope, $security) {\n    $scope.username = 'admin';\n    $scope.password = 'admin';\n    $scope.authenticate = function () {\n      $security.loginByUrl('/api/auth', {\n        username: $scope.username,\n        password: $scope.password\n      }));\n    };\n  }]);\n```  \n\nCompatible API response:  \n\n```javascript\n{\n  \"token\": \"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYW1lIjoiQWRtaW5pc3RyYXRvciJ9.cwtcdrm6c5fXBdnhzkFnlXmvvsRY7xB6YsKrLE_phm4\",  /* required */\n}\n```\n\n#### logout() ####\nUser logout and remove session user data.  \n\n#### hasPermission(permission: String) ####\nCheck if user has permission.  \n\n#### hasAllPermission(permissions: Array) ####\nCheck if user has all permission of array.  \n\n#### hasAnyPermission(permissions: Array) ####\nCheck if user has any permission of array.  \n\n#### isAuthenticated() ####\nCheck if user is authenticated.  \n\n#### getUser() ####\nGet session user data.  \n\n#### getPermissions() ####\nGet session user permissions.  \n\n### Directives ###\n\n#### ng-if-authenticated (Attribute only)  ####\nThe directive only shows the HTML element if user is authenticated.\n\n#### ng-if-anonymous (Attribute only)  ####\nThe directive only shows the HTML element if user not is authenticated.\n\n#### ng-if-permission=\"\\\u003cpermission: String\\\u003e\" (Attribute only)  ####\nThe directive only shows the HTML element if user has permission.  \n\n```html\n\u003cdiv ng-if-permission=\"admin,staff\"\u003e\n  \u003cp\u003eAdmin or Staff\u003c/p\u003e\n  \u003cdiv ng-if-permission=\"admin\"\u003e\n    \u003cp\u003eAdmin\u003c/p\u003e\n  \u003c/div\u003e\n\u003c/div\u003e\n```\n\n#### ng-if-permission-model=\"\\\u003cpermission: Any\\\u003e\" (Attribute only)  ####\nThe directive only shows the HTML element if user has permission specified on scope.  \n\n```javascript\nangular\n  .module('myApp')\n  .controller(['$scope', '$security', function ($scope, $security) {\n    $scope.allPermission = [\n      'admin',\n      'staff'\n    ];\n    $scope.adminPermission = 'admin';\n  }]);\n```\n```html\n\u003cdiv ng-if-permission-model=\"allPermission\"\u003e\n  \u003cp\u003eAdmin or Staff\u003c/p\u003e\n  \u003cdiv ng-if-permission-model=\"adminPermission\"\u003e\n    Admin\n  \u003c/div\u003e\n\u003c/div\u003e\n```\n\n#### ng-permission-type=\"ALL|ANY\" (Attribute only)  ####\nThe auxiliary directive for *ng-if-permission*, *ng-if-permission-model* and *ng-enabled-permission*, it determine the validation method.  \nThe value default is *ANY*.\n```html\n\u003cdiv ng-if-permission=\"admin,staff\" ng-permission-type=\"ANY\"\u003e\n  \u003cp\u003eAdmin or Staff\u003c/p\u003e\n\u003c/div\u003e\n\u003cdiv ng-if-permission=\"admin,staff\" ng-permission-type=\"ALL\"\u003e\n  \u003cp\u003eAdmin and Staff\u003c/p\u003e\n\u003c/div\u003e\n```\n\n#### ng-enabled-permission=\"\\\u003cpermission: String\\\u003e\" (Attribute only)  ####\nThe directive sets the disabled attribute on the HTML element if user has permission.  \n\n```html\n\u003cbutton ng-enabled-permission=\"admin,staff\"\u003e\n  Add User\n\u003c/button\u003e\n\u003cbutton ng-enabled-permission=\"admin\"\u003e\n  Remove User\n\u003c/button\u003e\n```\n\n#### ng-click-logout (Attribute only)  ####\nThe directive logout current user.  \n\n```html\n\u003cbutton ng-click-logout\u003e\n  Logout\n\u003c/button\u003e\n```\n\n#### ng-bind-user=\"\\\u003cattribute: String\\\u003e\" (Attribute only)  ####\nThe directive replace the text content of the specified HTML element with the user data.  \n\n```html\n\u003cdiv ng-bind-user=\"name\"\u003e\n  \u003c!-- render user name --\u003e\n\u003c/div\u003e\n```\n\n#### ng-submit-login=\"\\\u003curl: String\\\u003e\" (Attribute only)  ####\nThe directive login user when submit form. It calls back *ng-login-success* when success to login, and calls back *ng-login-error* when fail to login.  \n\n```html\n\u003cform ng-submit-login=\"/api/auth\" ng-login-success=\"success($response)\" ng-login-error=\"error($response)\"\u003e\n  \u003cdiv ng-show-login-success\u003e \u003c!-- show the HTML element when login is successful --\u003e\n    \u003cp\u003eSuccess!\u003c/p\u003e\n  \u003c/div\u003e\n  \u003cdiv ng-show-login-error\u003e \u003c!-- show the HTML element when login failed --\u003e\n    \u003cp\u003eUsername or password invalid!\u003c/p\u003e\n  \u003c/div\u003e\n  \u003cinput type=\"text\" name=\"username\" /\u003e\n  \u003cinput type=\"password\" name=\"password\" /\u003e\n  \u003cbutton type=\"submit\"\u003eLogin\u003c/button\u003e\n\u003c/form\u003e\n```\n\n### Provider Options ###\n```javascript\nangular\n  .module('myApp')\n  .config(['$securityConfigProvider', function ($securityConfigProvider) {\n    $securityConfigProvider.configure({\n      strategy: 'simple',  /* Validation method. Examples: 'jwt' */\n      token: {\n        header: 'Authorization',  /* request header name intercepted */\n        prefix: ''\n      },\n      storageName: {\n        token: 'ng-security-authorization',\n        user: 'ng-security-user',\n        permissions: 'ng-security-permissions'\n      },\n      responseErrorName: {  /* the name for broadcast of request error intercepted */\n        401: 'unauthenticated',\n        403: 'permissionDenied'\n      }\n    });\n  }]);\n```\n\n[build-status-image]: https://travis-ci.org/concretesolutions/ng-security.svg\n[build-status-url]: https://travis-ci.org/concretesolutions/ng-security\n\n[dependencies-image]: https://david-dm.org/concretesolutions/ng-security.svg\n[dependencies-url]: https://david-dm.org/concretesolutions/ng-security\n\n[devDependencies-image]: https://david-dm.org/concretesolutions/ng-security/dev-status.svg\n[devDependencies-url]: https://david-dm.org/concretesolutions/ng-security#info=devDependencies\n\n[license-image]: http://img.shields.io/badge/license-MIT-blue.svg?style=flat\n[license-url]: LICENSE\n\n[npm-url]: https://npmjs.org/package/ngsecurity\n[npm-version-image]: http://img.shields.io/npm/v/ngsecurity.svg?style=flat\n[npm-downloads-image]: http://img.shields.io/npm/dm/ngsecurity.svg?style=flat\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fconcretesolutions%2Fng-security","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fconcretesolutions%2Fng-security","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fconcretesolutions%2Fng-security/lists"}