I have a Go app that uses Angular for the frontend. The Go app is the backend, and is used to handle rest requests. Angular will make service requests to Go to get data, save data, etc.
I have the app deployed as a Go app on GAE, so I thought I would use some Google service to secure the app. I do not know how to secure the application. I want to secure the entire app, and have different areas of the app require different user roles. For instance, I want an 'admin' area, a 'view only' area, etc.
I have the app deployed on GAE and it works fine, I now just need to add the security pieces. I am confused if I need to reference how to secure Go or Angular apps on GAE, since it is sort of both; however, my app.yaml uses "api_version: go1"
In case it matters, my file layout is:
fooProject
|
src (where app.yaml is)
|
frontend (where my angular files are)
| |
| app
| |
| partials
github.com
|
me(where my go files are)
|
gorilla (using gorilla for some Go stuff)
A snippet of app.yaml:
application: fooproject
version: 1
runtime: go
api_version: go1
handlers:
- url: /_ah/remote_api
script: _go_app
login: admin
- url: /rest/.*
script: _go_app
login: required
auth_fail_action: unauthorized
- url: /
static_files: frontend/index.html
upload: frontend/index.html
login: required
mime_type: text/html; charset=utf-8
Snippet of app.js:
app.config(function($routeProvider, RestangularProvider) {
$routeProvider.
when('/', {
controller:EntryCtrl,
templateUrl:'frontend/partials/entry.html'
}).
when('/admin/carList', {
controller:ListCtrl,
templateUrl:'frontend/partials/admin/car-list.html'
}).
What confuses me is, is Go or Angular controlling the URLs? Angular has the URL mapping, but Go has app.yaml defining URLs too. I do not know how to think of these two items together while figuring out how to secure the app. Any push in a direction?