I've build rest api with laravel 5.2, integrating it with angularJS and securing it with jwt.
It's my first experience with jwt, not with angularjs, and in my past projects (with spring mvc/security, angularJS and session instead jwt), i could protect resources by intercepting the url with spring security, like this:
<sec:intercept-url pattern="*/app/**" access="isAuthenticated()" />
Is any way to do this with laravel?, i've already did the javascript validation, so if the jwt token is not valid, the users can't access any route but login, the problem is that javascript source is available either user is logged in or not.
You could do this in a route closure:
Route::get('script/{filename}', function($filename){
return response(file_get_contents(public_path('/assets/js/' . $filename)))->header('Content-Type', 'text/javascript')
})->middleware(['auth']);
Although this means that each request to this file requires bootstrapping the entire application which is a substantial performance loss. However when invoked only once, it's not a huge deal.
sidenote Route closures have side effects; one of the biggest being that the file cannot be cached when Closures are used.