jods4
commented
6 years ago Sure, you just need to split your code.
For the sake of discussion, let's assume you use a login/password auth. with a cookie. Could be another auth. scheme, doesn't really matter.
Easiest way to do the split is to have a simple login page served to everyone, and redirect to the real app after a successful login. The real app being only served to authenticated users by the server.
If you don't like the redirect, you can do the same in JS/AJAX. Serve a basic login page to everyone. Then after a successful login do an AJAX fetch of the rest of the app (which the server sends to auth. users only) and bootstrap that inside the page.
If you want to make it all a single, big Aurelia app including login, you can. It's more complicated and requires proper configuration of everything, but the gist is simple. Using webpack, put all pages (except login of course) into one (or more) lazy chunks (see code splitting in the wiki). This chunk will only be fetched by Aurelia when needed, so the trick is to ensure it won't be loaded before the user successfully authenticates,
One question regarding aurelia SPA and authorization:
as far as I understood, SPA will contain all the code for the app and it will be delivered to client browser event if he is not authorized. Now I know that this is not data, but forms mostly - but is there possibility to deliver to client only login form before he is authenticated and only then to deliver other parts of SPA to client browser?
If we deliver everything prior authorization, all forms and styles etc. is visible in "view source".