Angular Setup

Source Code: The sample Angular application can be found at this GitHub repo.

We installed the Angular CLI in the Dependencies section earlier. Now we will use the CLI to generate our Angular app.

Create a New Angular App

In a directory of your choice, run the following commands:

ng new auth0-app --routing --skip-tests --inline-style --inline-template
# (choose CSS when prompted)

The ng new command creates a new Angular application with routing and no app component tests.

Note: We will not cover testing in this workshop. If you'd like to write your own tests, you should not use the --skip-tests flag.

Add Bootstrap CSS

For ease of styling, add Bootstrap CSS to your index.html file's <head> like so:

<!-- src/index.html -->
<link href="https://stackpath.bootstrapcdn.com/bootstrap/4.2.1/css/bootstrap.min.css" 
  rel="stylesheet" integrity="sha384-GJzZqFGwb1QTTN6wy59ffF1BuGJpLSa9DkKMp0DgiMDm4iYMj70gZWKYbI706tWS" 
  crossorigin="anonymous">

Add Dependencies

Add dependencies for Node server:

npm install express path --save

Create /server.js file and add this code:

// Dependencies
const express = require('express');
const path = require('path');
// App
const app = express();

// Security middleware
function resSec(req, res, next) {
  if (app.get('env') !== 'stage') {
    // HTTP Strict Transport Security (HSTS)
    // Enforces HTTPS across the entire app
    // While nginx can do a redirect, HSTS redirects
    // before anything is sent to the server
    // (Only run this in an SSL environment)
    res.setHeader('Strict-Transport-Security', 'max-age=630720');
  }
  // Defend against Cross Site Scripting (XSS)
  // This is when a malicious entity injects scripts
  res.setHeader('X-XSS-Protection', '1; mode=block');
  // Require iFrame sources to come from the same origin
  res.setHeader('X-Frame-Options', 'SAMEORIGIN');
  // Content Security Policy
  // Preventing XSS to ensure scripts only come
  // from approved origins
  res.setHeader("Content-Security-Policy", "script-src 'self'");
  // Send the request on with security headers
  return next();
}
app.use(resSec);

// Set static path to Angular app
app.use('/', express.static(path.join(__dirname, './dist/angular-auth')));
// Pass routing to Angular app
app.get('*', (req, res) => {
  res.sendFile(path.join(__dirname, './dist/angular-auth/index.html'));
});

// Server
const port = '3000';
app.listen(port, () => console.log(`Server running on localhost:${port}`));

Add stage and prod NPM scripts to the /package.json file:

// package.json
{
  ...
  "scripts": {
    ...,
    "stage": "ng build --configuration=stage && NODE_ENV=stage node server",
    "prod": "ng build --prod && node server"
  },
  ...
}

Open /angular.json and add a stage environment to the Angular app like so:

// angular.json
{
  ...,
          "configurations": {...,
            "stage": {
              "fileReplacements": [
                {
                  "replace": "src/environments/environment.ts",
                  "with": "src/environments/environment.stage.ts"
                }
              ],
              "optimization": true,
              "outputHashing": "all",
              "sourceMap": false,
              "extractCss": true,
              "namedChunks": false,
              "aot": true,
              "extractLicenses": true,
              "vendorChunk": false,
              "buildOptimizer": true
            },
            ...
}

Add /src/environments/environment.stage.ts file. Its contents should initially look like this:

// environment.stage.ts
export const environment = {
  production: false,
  envName: 'stage'
};

(When we're all finished with the workshop, contents should look like environment.stage.ts.sample.)

We are now ready to start building our Angular application.