I am building a NodeJS application and I am not sure where I should compile my Javascript to (i.e. minified and uglified Javascript) and how to structure my app.
All the examples I have found online say to simply make a /public directory and put all the JS in there.
The problem with that is that even if I serve the Javascript file app.min.js from /public/js, it is still really easy for someone to figure out that at public/js/app.js he can find all my original javascript code and steal it.
What is the proper way to structure the app so I can separate development files and distribution files?
You put your public JS files in a directory that your node.js server serves up to the public and you put your private source files somewhere else that your node.js server does NOT give any access to the public.
Simply don't put private files that you don't intend to share anywhere in the same hierarchy as your public files that your node.js has routes configured to serve.
Remember, your node.js server ONLY serves files or directories that you have explicit routes for. So, just make sure the private files are somewhere other than those directories containing publicly served files.
There are lots of different ways to structure it (and none is any more "right" than any other as it depends upon what else you have in your file structure). For a simple system, I create a specific "public" directory below my server and I put all public stuff off of that. I can then use express.static() routes for the public hierarchy and nothing private ever gets shared.
Related
I would like to deploy a Web App on NodeJS with some server side JavaScript code. Will this server side code be accessible by external users/hackers? Can someone copy or download this code somehow? If the JavaScript files reside in a non-public folder on the server, can users access it? Can the app work if JS files are not located in a public folder?
With a properly configured node.js server, server-side JS files are not accessible to the public. The server-side code runs only on the server and thus does not need to be available in any way to the public. It's the exact same as server-side PHP or Python or Java.
As long as you configure your server with appropriate security measures and do not allow your node.js server to "serve" any of your server-side Javascript files to the public, then they will not be available to the public.
This is, of course, different from client-side Javascript which runs in the browser which cannot be protected and will always be available to the public.
If the Javascript files reside in a non-public folder on the server, can users access it.
No.
Can the app work if JS files are not located in a public folder?
Yes. The server-side JS files need only be available to the node.js process, not to the public.
To add to the answer all you need to manage are server configurations for which files and directories are available to the public. You can also (and should know how to) manage file and directory permissions on operating systems. When you go into a server configuration file you explicitly permit which directories you are allowing to be served to web traffic; which files are used for configuration varies according to server type. You should get familiar with server configuration files and understand what they do before serving any web pages to the public. You should also know the different configurations on a server such as production settings versus development settings.
I have a meteor.js project directory (created from meteor create projectName) and I have some regular node.js .js files related to this site that only needs to be run using node fileName.js or using forver.
Is there a way to store these .js files within the Meteor project directory without it being auto-run (like how it will be executed if placed in the /server directory)?
And is it more advisable to place these .js files outside of the Meteor project directory?
Taking a look at the meteor documentation, you could probably use the private folder. This should stop auto-execution as well.
http://docs.meteor.com/#/full/structuringyourapp
private: All files inside a top-level directory called private are only accessible from server code and can be loaded via the Assets API. This can be used for private data files and any files that are in your project directory that you don't want to be accessible from the outside.
In my Rails production environment, I want to have a certain JS file and certain CSS file on my server that are not precompiled and included in the asset pipeline. In other words, I want to be able to reference the files with a URL, like this:
https://mywebsite.com/example/my_javascript_file.js
How do I do this, or where do I place the files on my server so that they can be referenced in this way in production?
I could add these files to the public directory, is that best practice?
I have folder structure like the following
-> Parent folder
---> version_HTML (folder)
-----> index.html (file)
I would like to use an HTML file with javascript at the version_HTML level which will look for the file index.html in the subfolder and open it, as the folder name will keep varying.
The HTML file will be run from the local directory, and will not be hosted on the server or WWW.
I am open to alternative solutions too.
Any help is appreciated.
As I understand you want to create a file on the server from a web page, it's not possible only with Javascript, and the way to do it is non trivial for a non developer.
The parent's name is not so much important since you can ask "create a file on my parent folder" but it has to be done by a server-side language, you can look at PHP, python or nodejs.
Also you'll need to send a AJAX request from Javascript to the server when you want the server to create this file. I insist, is not easy for a non-developer.
Currently my app structure looks like this-
.meteor/
client/
... public files
server/
typings/
tsconfig.json
And when I run meteor with the meteor command it serves my project from this directory. So client files are accessed via client/assets/images/myimg.png. Not only is the client portion redundant but It seems like a security issue as I'm then assuming server/* is also accessible. How can I update meteor so the web root begins at client/ ?
I did try google first. I either couldn't find anything or didn't understand what I was reading.
Thank you!
The convention for storing public assets (e.g. an image) is to put them in the root level folder public. If you put image.png in the public folder, it will be accessible at /image.png. You'll also want to look into using a router to appropriately serve your routes/assets.