I uploaded my repo and it has a database string named 'dbstring' which I do not want to share with anyone.
I created a repository secret on github and created a value named DBSTRING with its value but the thing is I dont know how to access it.
this is my uploaded code which reveals my dbstring.
const dbstring = mongodb+srv:/***********b.net
mongoose.connect(dbstring, { useUnifiedTopology: true, useNewUrlParser: true });
const db = mongoose.connection;
db.once('open', () => {
console.log('Database connected:', url);
});
How can I replace dbstring with secret value I created on my github repo?
What you need to do is to use Environment variables, where you can have a .env ( if you use dotenv ) for each environment. Then you keep your database credentials safe on your computer and on the server, this will also make it possible to target different environments like database production, dev, test, etc. Make sure you have .env file added in the .gitignore file.
It's also important that when you run this code it's executed on the server-side otherwise anyone with the dev tools open will be able to see the credentials as well. Then on your client side you make a request using axios to the URL related to that database connection.
If the ENV file works for you then what you can do is you can encrypt it before uploading it to the GitHub like creating an env-production file and encrypting it and once you use that repo you can decrypt it and you can also add that step to your CD/CI Line use this
Related
My question is very simple:
I'd like to read a configuration json file relying on the front end side and not on the server.
The file name and path is hard-coded in the JS file.
I am not the getting its name from some file dialog like in many examples on SO.
I also tried some suggestions to use fetch like:
fetch('./data/properties.json')
.then(response => response.json())
.then(data => console.log(data))
.catch(err => console.log(error));
but I always got errors like
exh.js:30 Fetch API cannot load
file:///C:/Users/myusername/WebAppsProjects/BBSimFE/data/properties.json.
URL scheme must be "http" or "https" for CORS request.
I also installed and CORS Chrome extension and turned it on => no help.
I also tried to understand whether I can use FileReader.
For example:
var fr = new FileReader();
fr.readAsText(new File([""], "./data/properties.json"));
fr.onload = function(evt){
alert(fr.result);
}
But this returns nothing.
Also, I am not using node.js so I cannot use require();
Please assist.
Thanks
For security purposes, fetch does not work for file urls, so opening your file in the browser won't work. You should set up a local testing server so XHR requests work properly. Some options include running python -m http.server 8080 in the directory that your files are in then navigating to http://localhost:8080 in the browser, or using a plugin like vscode's live server plugin.
Hey) For security purposes you should not store important configuration info on your frontend side. It should be on server side.
But if you store not important info in your config file, you need to lift a server on localhost, port may be any. Also you need to do your folder with config.json is static on server side. After that you have a static folder with needed for you files, at current case it's config.json. On frontend side you need send
fetch('http://localhost:<your_port>/static/config.json', options);
if you set your static folder is static if no then replace static by your static folder name. You can check if your static file is available just go http://localhost:<your_port>/static route and you should see all files|folders inside static folder.
My mongoDB connects just fine locally, then once I deploy to heroku, the connection URL becomes undefined. I have a .env file in my root directory, and a .gitignore which includes the .env. I need the mongo url to stay private, but I can only assume that this is why it shows as undefined in production...
Heres the error:
"MongooseError: The uri parameter to openUri() must be a string, got "undefined". Make sure the first parameter to mongoose.connect() or mongoose.createConnection() is a string."
Heres my require:
require("dotenv").config()
var url = process.env.MONGODB_URI
Heres my connection:
mongoose.connect(url, {
useNewUrlParser: true,
useUnifiedTopology: true
}).catch(e => {
console.error(e.message)
})
Thanks in advance for the help.
Two things you need to do, Make that .env available for the production code, It can't access your local .env file.
Second is your mongo running on production ? mean availabe and accessible for the app through 27017 port ?
don't say it is running on your local machine.
You need to setup your variables where your app is deployed. It is not accessible from your .env file that you used while developing on your local host. If you deployed to heroku - here is a documentation of what to do. If it's not deployed to heroku, you can get an idea what to do next to make it work.
I currently have an Angular app (MEAN Stack) that I am running locally on my Windows machine. Being new to Node/Express, I would like to be able to access a local directory from http://localhost:3006 that I have setup within my main app directory, called /myfiles which I am unsure how to do.
What I am unsure is, how do I create an endpoint to access and read these files from localhost within the /myfiles directory and display them within an Angular Material dialog?
Just not sure what I need to do as part of Express side (setting up the route) and then the Angular side (using HttpClient) to display.
Further to the above, I will also need to write back to the /myfiles directory, where I will need to perform a copy command based on a file selection within Angular.
You'll want to create an endpoint in Express that your Angular app can call to be served the files.
I'll assume the files you want to read and send are JSON files. Here's a really simple example of an endpoint that you can visit that will return the file to your frontend.
In your Angular code you will make a get call to /myfile
var fs = require("fs");
app.get('/myFile', (req, res) => {
var filepath = __dirname + '/myfiles/thefile.json';
var file = fs.readFileSync(filepath, encoding);
res.json(JSON.parse(file));
});
Then in Angular, you'll have something like
http.get('/myfile').subscribe( (data) => { console.log("The data is: ", data) });
ADDED
The example I provided above was just the basics to answer your question. Ideally, in production for file paths, you should the Node path library which 'knows' how to behave in different environments and file systems.
I have a node server on localhost. In it is the pg module:
//above is express requires
var pg = require('pg');
var client = new pg.Client();
client.connect((err)=>{
if(err) throw err;
client.end((err)=>{
if(err) throw err;
});
})
//below is basic express server stuff
I have, I believe, a postgresql server running on windows. I have pgadmin open, there is a localhost:5432 section, and inside is a "test" database I have created.
My node server currently throws:
error: password authentication fails for user 'myname'
I do not understand how I can, either in postgresql's Windows client, set default username/password that is then added to environment variables, or, in Windows add the proper environment variable key/value pairs that the node pg module expects so it can login, or, tell the node pg module how to login to postgresql, or, whether I am even going down the right path at all.
How can I allow my node pg module to connect to my localhost postgresql server?
EDIT: I tried to follow the instructions in this SO answer, however I would always recieve "access denied" errors no matter where I pointed the db creation to, whether I used cmd or powershell in admin or no, and no matter the permissions I set for files. I'm now primarily interacting with postgresql through the pgadmin III GUI.
EDIT2: I tried modifying the pg initialization by doing:
var connectstring = 'postgres://me:password#localhost/dbname';
var client = new pg.Client(connectstring);
I received the same error, using the same exact login details I was prompted with by pgadmin III.
EDIT3: According to these docs, I should possibly have that list of environment variables? If not, where can I find this information so I can manually set these environment variables? Is this the right path to go down?
Use:
var pg = require('pg');
var config = {
user: 'foo',
database: 'my_db',
password: 'secret',
port: 5432
};
var pool = new pg.Pool(config);
I have a node server running right now, I use npm forever to keep it running when I'm not developing and I use npm nodemon for when I edit (restarts app on edit/upload).
I noticed that whenever I restart my app, session data is lost and my players have to re-login to their accounts. It's not a huuuge deal, but I was wondering if there was a way to edit my server.js page without restarting the app, and logging everybody out?
(Note that this only applies for server.js or module edits. .html and .js pages that are served don't require a restart)
(Second note: I am using mysql, nodejs, angularjs, express.io for all this, just in case anybody asks)
There isn't a way to edit a file (and have the changes loaded) without rebooting the server and reloading the file. Instead, store your session data somewhere other than memory. I know you're using MySQL, so use the connect-mysql package (there are other packages like this for redis, MongoDB, etc).
It's as simple as putting this in your app.js file:
var MySQLStore = require('connect-mysql')(express)
, options = {
config: {
host : 'place.stuff',
user: 'RUJordan',
password: 'hunter2',
database: 'SomeKittensIsGreat'
}
};
app.use(express.session({
secret: 'UpvoteThisAnswer',
store: new MySQLStore(options),
cookie: { maxAge: 2592000000 } // 30 days
}));
This will place a HTTP-only (i.e. the user can't see/use it) cookie on each user's computer. Even after a server reboot, connect-mysql will be able to like a user with their session data in MySQL via this cookie.