Navigation

    APPDRAG Community
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Popular

    REMINDER

    Please be respectful of all AppDragers! Keep it really civil so that we can make the AppDrag community of builders as embracing, positive and inspiring as possible.

    [TM] Private code

    Cloud Backend (Cloud DB, API Builder)
    3
    5
    351
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Pierre SULPICE
      Pierre SULPICE last edited by

      Hello,

      I feel like I asked that by tawkto a long time ago, so, sorry by advance ^^"

      Is there any way to share private code between my API funcs ?
      I put some not sensitive at all code in the code editor, as a shared (public) file, but I would like to have the same but not browsable online, only accessible from the code editor or by the API funcs.

      Any way to do so ?
      I'll use it to store sensible configuration file that will be a little more complicated than the Environment Variables.

      Thanks a lot 🙂

      1 Reply Last reply Reply Quote 0
      • Daniel Mulroy
        Daniel Mulroy last edited by Daniel Mulroy

        Hi Pierre,

        Yes, you can host a .js file somewhere in the filesystem (using CodeEditor). Then, use npm 'require-remote' to access the URL of that file and import it into your script.

        Something like:

        // Defining common container vars
const MY_FILE_URL = "https://www.mysite.com/js/private_code.js";
var MY_CODE = null;

// Start of invocation for each call
exports.handler = async (event, context, callback) => {

// If the container is warm, re-use the previously imported module. If not, import it.
  if (MY_CODE == null) {
    MY_CODE = await require("require-remote")(MY_FILE_URL);
  }

}

        Now, I'm not sure if you can import strings, objects this way. If anyone knows, that would be great, I can't do a proof of concept right now.

        However, if needed, you can create a function that simply returns the string or object you need.

        In your function:

        const someVar = MY_CODE.getSomeVar();

        And in your file:

        module.exports.getSomeVar = () => {
return "some-secret-var";
}
        1 Reply Last reply Reply Quote 0
        • Pierre SULPICE
          Pierre SULPICE last edited by

          Hi Daniel,

          Thanks for your reply,

          I think I'm missing something or you'll have the same issue than me ^^
          The require-remote part works well, no problem with that thanks !

          The problem is that either I put that file in the Cloudbackend folder using the code editor, but it will be viewable by anybody having the link.
          Or I put it in the a internal folder, but I have a "Forbiden Access" when I try to require it 😕
          If your sample is working, you can go to the code editor, clic on the link icon, and you'll see you can read it freely anywhere.... or I missed something !

          I would need the file to not be viewable by others having the link, but still requirable by my API funcs ^^"

          Thanks,
          Best regards,

          1 Reply Last reply Reply Quote 0
          • Joseph Benguira
            Joseph Benguira last edited by

            Hey Pierre,

            Your code should not contain any credentials or API Keys, those should be stored in environnement variables (encrypted)
            So it should not be a big issue to require-remote a public file.
            Other option is to store your shared code in another cloud function with APIKey protection, this way the shared code is really private.

            but really ... you should NOT have shared code (or as less as possible) because an error in your shared code means all your functions using the shared code are down or will be affected by that global change in an unexpected way ... this is not recommended with microservices.

            1 Reply Last reply Reply Quote 0
            • Pierre SULPICE
              Pierre SULPICE last edited by

              Well it's not THAT sensitive indeed, it was more like macros for table names and preprod names and stuff like that to avoid to repeat it and be able to change it easily.
              I know the Database and stuff like that are protected but I'm thinking that it's still the bed idea to spread all the accurate name of everything that easily ^^"

              Problem with the Env Variables is that they are contained only in the func where I write them, so it's not helping that much for this specific usage.
              I don't really like the idea of having an API call "just for that", especially when I'll use it a lot for my tracking system, the goal is more to reduce them 😉

              So it's not an ABSOLUTE NEED but it might be very handy to add some genericity in my code.

              For now I'll not do it, I'll let you know if I come up with a cool system to do it painlessly 🙂

              See you soon,

              1 Reply Last reply Reply Quote 1
              • First post
                Last post