feat(client:auth): implement router auth via router.decorator

Changes:
* move remaining auth code from app.js to auth module
* the router param `authenticate` now accepts a string as a role requirement
* admin route now uses role based auth

Author: kingcody

app/templates/client/app/admin(auth)/admin(js).js

@@ -5,13 +5,15 @@ angular.module('<%= scriptAppName %>')
     $routeProvider
       .when('/admin', {
         templateUrl: 'app/admin/admin.html',
-        controller: 'AdminCtrl'
+        controller: 'AdminCtrl',
+        authenticate: 'admin'
       });
   });<% } %><% if (filters.uirouter) { %>.config(function($stateProvider) {
     $stateProvider
       .state('admin', {
         url: '/admin',
         templateUrl: 'app/admin/admin.html',
-        controller: 'AdminCtrl'
+        controller: 'AdminCtrl',
+        authenticate: 'admin'
       });
   });<% } %>

app/templates/client/app/app(js).js

@@ -10,18 +10,4 @@ angular.module('<%= scriptAppName %>', [<%- angularModules %>])
       .otherwise('/');<% } %>
 
     $locationProvider.html5Mode(true);
-  })<% if (filters.auth) { %>
-
-  .run(function($rootScope<% if (filters.ngroute) { %>, $location<% } if (filters.uirouter) { %>, $state<% } %>, Auth) {
-    // Redirect to login if route requires auth and the user is not logged in
-    $rootScope.$on(<% if (filters.ngroute) { %>'$routeChangeStart'<% } %><% if (filters.uirouter) { %>'$stateChangeStart'<% } %>, function(event, next) {
-      if (next.authenticate) {
-        Auth.isLoggedIn(function(loggedIn) {
-          if (!loggedIn) {
-            event.preventDefault();
-            <% if (filters.ngroute) { %>$location.path('/login');<% } if (filters.uirouter) { %>$state.go('login');<% } %>
-          }
-        });
-      }
-    });
-  })<% } %>;
+  });

app/templates/client/components/auth(auth)/router.decorator(js).js

@@ -0,0 +1,41 @@
+'use strict';
+
+(function() {
+
+  function routerDecorator(<%= filters.uirouter ? '$stateProvider' : '$provide' %>) {
+    var authDecorator = function(<%= filters.uirouter ? 'state' : 'route' %>) {
+      var auth = <%= filters.uirouter ? 'state' : 'route' %>.authenticate;
+      if (auth) {
+        <%= filters.uirouter ? 'state' : 'route' %>.resolve = <%= filters.uirouter ? 'state' : 'route' %>.resolve || {};
+        <%= filters.uirouter ? 'state' : 'route' %>.resolve.user = function(<%= filters.uirouter ? '$state' : '$location' %>, $q, Auth) {
+          return Auth.getCurrentUser(true)
+            .then(function(user) {
+              if ((typeof auth !== 'string' && user._id) ||
+                (typeof auth === 'string' && Auth.hasRole(auth))) {
+                return user;
+              }<% if (filters.ngroute) { %>
+              $location.path((user._id) ? '/' : '/login');<% } if (filters.uirouter) { %>
+              $state.go((user._id) ? 'main' : 'login');<% } %>
+              return $q.reject('not authorized');
+            });
+        };
+      }
+    };<% if (filters.ngroute) { %>
+
+    $provide.decorator('$route', function($delegate) {
+      for (var r in $delegate.routes) {
+        authDecorator($delegate.routes[r]);
+      }
+      return $delegate;
+    });<% } if (filters.uirouter) { %>
+
+    $stateProvider.decorator('authenticate', function(state) {
+      authDecorator(state);
+      return state.authenticate;
+    });<% } %>
+  }
+
+  angular.module('<%= scriptAppName %>.auth')
+    .config(routerDecorator);
+
+})();

test/test-file-creation.js

@@ -270,6 +270,7 @@ describe('angular-fullstack generator', function () {
         'client/components/auth/auth.module.' + script,
         'client/components/auth/auth.service.' + script,
         'client/components/auth/interceptor.service.' + script,
+        'client/components/auth/router.decorator.' + script,
         'client/components/auth/user.service.' + script,
         'client/components/mongoose-error/mongoose-error.directive.' + script,
         'server/api/user/index.js',