I have an app using angular and when deployed to a server, everyone can ofc download the source codes, obfuscated or not.
Yet, I would like to prevent user that are not authenticated to see the source code of the core application. Since right now, the login is made on the real app, they have access to everything.
I was planning on making a static page that serve as a portal, where user authenticate, and separated from the main app.
After login, you would receive an email with an url (would be hosted on the same server) and a token, that would bring you to the main app.
The server would verify the token (is this possible with nginx?) BEFORE serving any file from the main application.
Then, when an user is connected, since he is server the real app, but he is connected, I would not care if he as the source code access.
Is this secured enough? Is this doable using nginx?