ANGULARJS + LIFT
COMMUNICATION

with ponies

the lift way

Page generation time 
".miniProfile *" #> unboxMiniProfiles.map{
  miniProfile => 
    ".avatar [src]" #> miniProfile.avatarUrl &
      ".displayName" #> miniProfile.displayName &      ...
}

def unboxMiniProfiles = ProfileClient.getMiniProfiles(usernames) match {
  case Full(miniProfiles) => stuff
  case _ => logger.error("Couldn't get mini profiles.")
}

 

The lift way

SHtml.ajaxCall(  ) 
SHtml.ajaxInvoke(() => jsCmd)

Generates Javascript on the fly 
liftAjax.lift_ajaxHandler('F304443309923DBOE=true', null, null, null);

HTTP XHR 
http://www.zensey.com/ajax_request/SD48QP45523DBOEZH/

POST: F304443309923DBOE=true

The angular way

$http -> REST
$http({method: 'GET', url: '/rest/profile/mini/123'})
    .success(function(data, status, headers, config) {
      // do stuff
    });

$resource -> REST
$resource('/rest/profile/mini/:username', {username: '@username'},
  {get: {method: 'GET', isArray: false}}
);

MiniProfile.get({username: $attrs.username}, function (data) {...}
 

But Security...

Public REST endpoint attacks:
  • JSON vulnerability
  • Cross Site Request Forgery (XSRF)
Angular mitigations require server cooperation.
Ain't nobody got time for that.
Give me your HIPAAs!

USE LIFT's immunities


Unpredictable urls are immune to both attacks.


What we want

Lift functions available as angular services...
angular.module('zen.lift.miniProfile'
  .factory('miniProfile', function (liftProxy) {
    return {
      get: function(username) {return liftProxy(...);}
    };
  }

...using random server urls
http://www.zensey.com/ajax_request/F246253955771TQNMAV/
(theirUsername: String) => ProfileClient.getMiniProfile(theirUsername)

dynamically generate modules

Demo: Write a service to generate this Javascript.
<script>
  angular.module('zen.lift.miniProfile')
    .factory('miniProfile', function ($liftproxy) {
      return {
        get: function(username) {...}
      };
    };
</script>

Success!

Generated javascript

The ajax request

 

JSON response

{
   "success":true,
   "data":{
      "username":"51edf173c0261d53a7168c9d",
      "displayName":"doug2doug2",
      "coach":false,
      "presence":"offline",
      "connectedStatus":"pending",
      "sharedConnections":[
         {
            "username":"51f9c00ac02616bfbba0f301"
         }
      ]
   }

clap if you like


Then ask me some questions.

Angular Lift Service Proxy

By Doug Roper

Made with Slides.com

Angular Lift Service Proxy

  • 2,610

More from Doug Roper