I ask myself a question: when developing an API on Laravel that is being accessed by the SPA web, what is the best way to separate the view for authorization and the personal account?

Collecting all-in-one JS would not like to shine endpoints in my personal account for an unauthorized user.

Therefore, I want, depending on the authorization of the user, to display this or that view: easy with authorization or a full-fledged SPA.

I believe that storing it in public/ as private.php & public.php not a good idea.

Another option: slightly complicate the frontend assembly and scatter these two files into resources/views/ .

What other options do I miss?

    1 answer 1

    Since you have a SPA and API, then everything should be separate. On the client side, you can check in the run in the $routeChangeStart event whether the user is registered and redirect to your personal account.

    In ocLazyLoad for unregistered users to have access to the client ocLazyLoad code, use ocLazyLoad - this is lazy loading of modules.

    Log in with JWT

    • However, using ocLazyLoad, you can still pull the code for the account manually by looking at the URL. Right? - Deliaz
    • It is possible, but the server still does not authorize the user, and it will not give him any rights, if this is a client, then this is clear. I do this at myself, anyway, checking on the server. Well, if you are talking about SPA, then this is a separate application that communicates with the server through the API. This is the essence of the client’s client’s code - jashka
    • Theme advanced user will register, will see requests to API - jashka