Skip to main content

How would you implement protected routes that require user authentication?

Implementing protected routes—where access is restricted to authenticated users—is a common requirement in modern web apps to guard sensitive pages or features.

Here’s a general approach and examples for React Router and Angular Router on how to implement protected routes that check if a user is authenticated before allowing access:

How would you implement protected routes that require user authentication?

๐Ÿ›ก️ Conceptual Overview

  1. Authentication Check: Before rendering the protected component, check if the user is logged in (e.g., via a token, session, or auth context).

  2. Conditional Rendering or Redirection:

    • If authenticated, allow access (render the component).

    • If not, redirect to a login page or show an unauthorized message.

  3. Persist Authentication State: Use global state, context, or a service to store auth status.

✅ React Router Example

Step 1: Create a ProtectedRoute component

import { Navigate } from 'react-router-dom';

function ProtectedRoute({ isAuthenticated, children }) {
  if (!isAuthenticated) {
    // Redirect to login if not authenticated
    return <Navigate to="/login" replace />;
  }
  // Render the protected component if authenticated
  return children;
}

Step 2: Use ProtectedRoute in your routing setup

import { Routes, Route } from 'react-router-dom';

function App() {
  const isAuthenticated = /* get from context or state, e.g. */ true;

  return (
    <Routes>
      <Route path="/login" element={<LoginPage />} />
      <Route
        path="/dashboard"
        element={
          <ProtectedRoute isAuthenticated={isAuthenticated}>
            <Dashboard />
          </ProtectedRoute>
        }
      />
    </Routes>
  );
}

✅ Angular Router Example

Step 1: Create an Auth Guard

import { Injectable } from '@angular/core';
import { CanActivate, Router } from '@angular/router';
import { AuthService } from './auth.service'; // your auth logic

@Injectable({
  providedIn: 'root',
})
export class AuthGuard implements CanActivate {
  constructor(private authService: AuthService, private router: Router) {}

  canActivate(): boolean {
    if (this.authService.isLoggedIn()) {
      return true; // Allow access
    } else {
      this.router.navigate(['/login']); // Redirect if not authenticated
      return false;
    }
  }
}

Step 2: Apply the guard to routes

const routes: Routes = [
  { path: 'login', component: LoginComponent },
  {
    path: 'dashboard',
    component: DashboardComponent,
    canActivate: [AuthGuard],
  },
];

๐Ÿง  Key Points

  • Centralize auth state: Use context (React) or services (Angular) to hold auth info.

  • Redirects: Always redirect unauthenticated users to login or an error page.

  • Flexible guards: You can extend auth guards to check roles or permissions.

  • Persist auth: Use cookies, localStorage, or secure tokens to persist sessions.

Popular posts from this blog

Explain the Angular compilation process: View Engine vs. Ivy.

 The Angular compilation process transforms your Angular templates and components into efficient JavaScript code that the browser can execute. Over time, Angular has evolved from the View Engine compiler to a newer, more efficient system called Ivy . Here's a breakdown of the differences between View Engine and Ivy , and how each affects the compilation process: ๐Ÿ”ง 1. What Is Angular Compilation? Angular templates ( HTML inside components) are not regular HTML—they include Angular-specific syntax like *ngIf , {{ }} interpolation, and custom directives. The compiler translates these templates into JavaScript instructions that render and update the DOM. Angular uses Ahead-of-Time (AOT) or Just-in-Time (JIT) compilation modes: JIT : Compiles in the browser at runtime (used in development). AOT : Compiles at build time into efficient JS (used in production). ๐Ÿงฑ 2. View Engine (Legacy Compiler) ➤ Used in Angular versions < 9 ๐Ÿ” How It Works: Compiles templat...
Read more

Explain the concept of ControlValueAccessor in custom form components.

 In Angular, the ControlValueAccessor interface is what allows custom form components to work seamlessly with Angular forms (both reactive and template-driven). ๐Ÿง  What is ControlValueAccessor ? It’s an Angular bridge between your custom component and the Angular Forms API . When you use a custom form component (like a date picker, dropdown, slider, etc.), Angular doesn't automatically know how to read or write its value. That’s where ControlValueAccessor comes in. It tells Angular: How to write a value to the component How to notify Angular when the component’s value changes How to handle disabled state ๐Ÿ“ฆ Common Built-in Examples: <input> and <select> already implement ControlValueAccessor You implement it when creating custom form controls ๐Ÿ”ง Key Methods in the Interface Method Purpose writeValue(obj: any) Called by Angular to set the value in the component registerOnChange(fn: any) Passes a function to call when the component value ch...
Read more

What are the different types of directives in Angular? Give real-world examples.

In Angular, directives are classes that allow you to manipulate the DOM or component behavior . There are three main types of directives: ๐Ÿงฑ 1. Component Directives Technically, components are directives with a template. They control a section of the screen (UI) and encapsulate logi c. ✅ Example: @Component ({ selector : 'app-user-card' , template : `<h2>{{ name }}</h2>` }) export class UserCardComponent { name = 'Alice' ; } ๐Ÿ“Œ Real-World Use: A ProductCardComponent showing product details on an e-commerce site. A ChatMessageComponent displaying individual messages in a chat app. ⚙️ 2. Structural Directives These change the DOM layout by adding or removing elements. ✅ Built-in Examples: *ngIf : Conditionally includes a template. *ngFor : Iterates over a list and renders template for each item. *ngSwitch : Switches views based on a condition. ๐Ÿ“Œ Real-World Use: < div * ngIf = "user.isLoggedIn...
Read more