Analysis of Vue element background authentication process

Analysis of Vue element background authentication process

Preface:

Recently, I encountered a management system in my project. I found the permission configuration quite interesting. I recorded the process of implementing the process to facilitate my own learning and organizing my thoughts. Some of the thoughts are integrated in the comments of the code:

Two common methods of routing interception authentication

1: Route interception: simply add field identifiers to the route and implement it through route interception
2: Dynamic routing: The second type is dynamic routing configuration that is implemented through routing splitting and requires the cooperation of the backend.

Compare:

The implementation of route interception is relatively simple. You only need to filter the page in router.beforeEach according to the route configuration information to see if it has the permission to go to the component. If the corresponding permission is insufficient, it will not go to the corresponding component.

Dynamic routing is relatively complex to implement and requires the cooperation of the backend. In essence, the routing configuration table is divided into two parts. When different users log in, the routing configuration table is filtered out according to the user's permission information, and the part that the user does not have permission to add is not rendered. It is more suitable for relatively large backend systems.

Note: This article mainly introduces the implementation of dynamic routing authentication

The following files are usually related to dynamic routing:

  • router.js
  • permission.js (global routing interception file)
  • store.js

router.js

The routing configuration table of router.js can be divided into two parts, public routing and dynamic permission routing. Dynamic permission routing can be placed on the front end. When authenticating, the front end can filter the array by itself, or it can be placed on the back end for filtering. The idea is the same. The following describes the configuration tables placed on the front end.

export default new Router({ 
routes:
   {
		path:'/login',
		name:'login',
		component:aa
	},
	{
		path: '/home',
		name:'home',
		component:cc
	},
	]
})

The above is the routing configuration of a general project. Now we need to do authentication, so we need to split the routing configuration table slightly into the following two arrays:

import Vue from 'vue'
import Router from 'vue-router'

Vue.use(Router)

export const defaultRoute = [ //Array of fixed partial permissions, routes accessible to all users {
		path:'/login',
		component:aa
	},
]

export const asyncRoute = [ //Dynamically configured routing table, needs to be filtered before working {
		path:'/order',
		name:'order',
		component:aa,
		meta:{
			system:'order'
		}
	}
	{
		path:'/roles',
		name:'roles',
		component:aa,
		meta:{
			system:'roles'
		}
	}
]

//Register routing table const createRouter = () => new Router({
	  // mode: 'history', // require service support
	  scrollBehavior: () => ({ y: 0 }),
	  routes: constantRoutes
})
const router = createRouter()

//Reset the routing worksheet. This method needs to be called when logging out. export function resetRouter() {
  const newRouter = createRouter()
  router.matcher = newRouter.matcher 
}

export default router

The permission.js permission file is mainly used for global routing interception and dynamic filtering of routing according to user permissions. This part mainly involves two issues: when to process dynamic routing and what conditions to process routing.

import router from './router'
import store from './store'
import { getToken } from '@/utils/auth' // Custom encapsulation method for accessing tokens Route.beforeEach((to,from,next) =>{
	//Get the token to determine whether the user is logged in const hasToken = getToken() 
	if (hasToken ) {
	//Judge whether the user has logged in if (to.path === "/login") {
			/**
			*The user has logged in, but is still routed to the login page, which means that the user has performed the logout operation, so this place can clear the token or write some custom logic */
			next()
		}else{
		/**
		*Here is the case where the user has logged in or clicked the login button, the token has been stored in localstorage, but it is not routed to login. If there is no route to /login, then just let it go. Here I handle some things, that is, since the user has logged in and can be directly released, before we release it, we need to do some logic here, that is, to judge the user's permissions, and then filter out the routes in our dynamically configured routing table that meet his permissions based on the user's permissions, and then insert them into the routing configuration table for use. *
		* Then there are two issues involved:
		*1: When to process dynamic routing (after logging in, before entering the home page, that is, before *next)
		*2: What conditions handle dynamic routing */
		
		/**
		*Here you can first check whether the length of the user permission list in the store is 0. If the length is 0, it means that the user * has just clicked the login button but has not entered the page. At this time, you need to do some permission filtering.	
		*If the length is not 0, it means that the authentication process is fine, just go to the corresponding component directly *This step is mainly to prevent repeated filtering of the array and save performance */
			if (store.getters.roles.length > 0) {
				next()
			}else{
				//If the code reaches this point, it means the user is logged in. And the authentication process has not yet started.
				//Then you need to go through the authentication process here store.dispatch('getRoles').then(res=>{
					//The res here is the resolve in the peomise in the third step //which is the array of permission information store.dispatch('createRouters',res.data)
					.then(res=>{
						//This is the function that calls the store to create dynamic routes. You can pass the //permission array to this function, or you can pass it here. //This function directly gets the value of roles in your state in the same way. let addRouters = store.getters('addRouters')
						let allRouters = store.getters('allRouters')

						//Add the dynamic routing part to the working route router.addRoutes(accessRoutes)
						//Go to the intercepted page next({ ...to, replace: true })
					})	
				})
			}
		}
	} else {
		/**Here is to handle the situation where there is no token, that is, the user has not logged in at this time. If there is no user logged in, then determine whether the user goes to the login page. If it is the login * page, let it go directly. If the user wants to visit the homepage without logging in, let * him redirect to the login page */
		if (to.path == '/login') {
			//This place can be judged more carefully. It is not necessary to let him go directly when logging in, but //When going to all public components, let him go directly next()
		}else{
			next('/login')
		}
	}
})

 

store.js

//Define an interface for obtaining the user's permissions in the api folder and call it in this actionsimport { getUserRole } from "../api/getRoles" //Interface for obtaining permissionsimport { logout } from '../api/user' //Interface for user logoutimport { resetRouter } from './router'
import { removeToken } from '@/utils/auth' // Custom encapsulation method to clear token //This is a method to filter arrays. If the routing table is nested in multiple layers, you can recursively call this method to filter the array //function hasPermission(roles, route) {
// if (route.meta && route.meta.roles) {
// return roles.some(role => route.meta.roles.includes(role))
// } else {
// return true
// }
//}

//export function filterAsyncRoutes(routes, roles) {
// const res = []

// routes.forEach(route => {
// const tmp = { ...route }
// if (hasPermission(roles, tmp)) {
// if (tmp.children) {
// tmp.children = filterAsyncRoutes(tmp.children, roles)
// }
// res.push(tmp)
// }
// })
//
// return res
//}

//Introduce default routing and dynamic routing import { defaultRoute , asyncRouter } from '@/router'
const state = {
	roles: [] //The permission list obtained by the interface, assuming the data format is: ["order", "roles"],
	allRouters: [], //This is the final working route after all integration addRouters: [], //This is the route that is filtered out according to the dynamic matching of permissions}
	  
const getters = {
	/**Store the roles in the state in this getters, then other places that get the roles in this getters, as long as the original roles change, the roles in other places will also change, which is equivalent to computed properties */
	roles:state => state.roles
	allRouters:state => state.allRouters
	addRouters:state => state.addRouters
}
const mutations: {
	/**In the following actions, submit the array of permission information to this place through commit, and then *this place submits the array to the roles of state
	*/
	SetRoute(state,router)
		//The router here is the routing table filtered according to user permissions state.allRouters = defaultRoute.concat(router)
		state.addRouters = router
	}
	//Store the routing permission array in state
	setRoles(state,value){
		state.roles = value
	}
}
const actions: {
	//Write a request to get the permissions of the currently logged in role, such as ["/order","roles"]. If the request //comes back like this, it means that the permissions of this role are to access the order route and //roles route	
	// There are two possible situations for obtaining permission information: except for the following permission information, which is a separate interface.
	//Permission information may also be returned along with the user login interface //Get the current user's permission information and store it in the state. This permission information may be communicated with the back //end. It will not be written as a separate interface for you to request. Instead, when you log in, the user information and the user's permission information will be returned to you at once. Then, when the user logs in, the permission information will be stored in the state. //The purpose is to store the array of permission information in the state. //Get roles permission method getRoles({commit},data){
		return new Promise(resolve,reject){
			//Call to get user rights interface getUserRole().then(res =>{
				//The data returned here should be an array of permission information, such as: ["order", "roles"]
				//Store the permission information into the state through mutations
				commit('setRoles',res.data)
				resolve(res.data)
			})
		}
	})
	//Method to filter array configuration table based on permissions createRouters({ commit } , data ){
		return new Promise((resolve,reject) => {
			let addRouters = [ ] 
			if (data.includes("admin") {
				addRouters = asyncRouter
			}else{
				// In project development, the routing array may be nested in multiple layers, so this place needs to use the custom method above	
				//Method to filter recursively, this demo only processes one layer of array //(filterAsyncRoutes) method addRouters = asyncRouter.filter(item=>{
					if (data.includes(item.meta.system) ) {
					   	return item
					}
				})
			}
			
			
			//Pass the matched permission route to mutations, and let mutations
			//Save the matched route into state
			commit.("SetRoute",addRouters)
			resolve() //This is where you need to call resolve so that outsiders can get the callback of successful array filtering through //.then })
	},
	logout({ commit }) {
	    return new Promise((resolve, reject) => {
	      logout().then(() => {
	        removeToken() // must remove token first
	        resetRouter()
	        commit('setRoles', [])
	        commit('SetRoute', [])
	        resolve()
	      }).catch(error => {
	        reject(error)
	      })
	    })
  },
}
export default {
	state,
	getters,
	mutations,
	actions
}

Logout:

async function logout(){
	try{
		const res = await store.dispatch.logout()
		if(res.code == 200){
			//Logout successful }
	}catch{
		//Logout failed (error)
	}
}

Ending:

There is a lot of code, but the idea is very simple, it is just to get the routing configuration table, filter the array, and add it dynamically

Project reference github: vue-element-admin

This is the end of this article about the analysis of the background authentication process of vue element. For more relevant vue element authentication content, please search for previous articles on 123WORDPRESS.COM or continue to browse the following related articles. I hope everyone will support 123WORDPRESS.COM in the future!

You may also be interested in:
  • Vue+elementUI component recursively implements foldable dynamic rendering multi-level sidebar navigation
  • Example code of vue + element ui to realize player function
  • Vue based on Element button permission implementation solution
  • Vue+element+oss realizes front-end fragment upload and breakpoint resume
  • Solve the problem that the element DateTimePicker+vue pop-up box only displays hours
  • Vue imitates ElementUI's form example code
  • An example of implementing a tree component using Vue
  • Specific use of Vue+iview using tree controls
  • Implementation code of editable tree table in Vue
  • Vue Element front-end application development tree list component

<<:  Two ways to reset the root password of MySQL database using lnmp

>>:  In-depth analysis of the Linux kernel macro container_of

Blog    

Recommend

JavaScript array deduplication solution

Table of contents Method 1: set: It is not a data...

How to implement image mapping with CSS

1. Introduction Image maps allow you to designate...

HTML code to add quantity badge to message button

HTML code: <a onclick="goMessage();"...

Detailed explanation of CocosCreator Huarongdao digital puzzle

Table of contents Preface text 1. Panel 2. Huaron...

Two practical ways to enable proxy in React

Two ways to enable proxy React does not have enca...

MySQL 5.7.21 winx64 installation and configuration method graphic tutorial

This article summarizes the notes for installing ...

Differences and usage examples of for, for...in, for...of and forEach in JS

for loop Basic syntax format: for(initialize vari...

How to set and get the number of Mysql connections

Get the number of connections --- Get the maximum...

Two ways to manage volumes in Docker

In the previous article, I introduced the basic k...

How to install mysql6 initialization installation password under centos7

1. Stop the database server first service mysqld ...

Implementation of vue+drf+third-party sliding verification code access

Table of contents 1. Background 2. Verification p...

MySQL randomly extracts a certain number of records

In the past, I used to directly order by rand() t...

Summary of the process and common problems of connecting VS2019 to MySQL database

I started configuring various environments this a...

Methods and steps for Etcd distributed deployment based on Docker

1. Environmental Preparation 1.1 Basic Environmen...

Ideas and practice of multi-language solution for Vue.js front-end project

Table of contents 1. What content usually needs t...