I'm trying to build an app that is a Go backend, Angular front end, hosted on Google App Engine, that forces you to /login if you don't have a session or if your session's loggedIn != 1.
I'm also trying to use the App Engine's app.yaml routing for almost everything.
I'm not sure this is possible?
Directory structure:
/myapp/app.yaml
/myapp/server/main.go
/myapp/client/(ANGULAR)
app.yaml (taken from: here ) application: myapp version: 1 runtime: go111 #api_version: go1 main: ./server
- url: /go/.* #Anything that goes to the golang app
script: _go_app
# Routing for bundles to serve directly
- url: /((?:inline|main|polyfills|styles|vendor)\.[a-z0-9]+\.bundle\.js)
secure: always
redirect_http_response_code: 301
static_files: client/app/dist/\1
upload: client/app/dist/.*
# Routing for a prod styles.bundle.css to serve directly
- url: /(styles\.[a-z0-9]+\.bundle\.css)
secure: always
redirect_http_response_code: 301
static_files: client/app/dist/\1
upload: client/app/dist/.*
# Routing for typedoc, assets and favicon.ico to serve directly
- url: /((?:assets|docs)/.*|favicon\.ico)
secure: always
redirect_http_response_code: 301
static_files: client/app/dist/\1
upload: client/app/dist/.*
# Any other requests are routed to index.html for angular to handle so we don't need hash URLs
- url: /.*
#secure: always
redirect_http_response_code: 301
static_files: client/app/dist/index.html
upload: client/app/dist/index\.html
#http_headers:
# Strict-Transport-Security: max-age=31536000; includeSubDomains
# X-Frame-Options: DENY
So, routes to /go would act as the api... CRUD stuff. Everything else would go to Angular.
So how could i have it check if there's a session? I doubt that's possible in the app.yaml. If a call is made NOT to /go, there's no real server to tell it if there's a session.
So, is it just not possible for me to do it this way? Would I be required to use Go's routing, so that, each call can have a session check?
from How to handle sessions
No comments:
Post a Comment