如何在不显示我的 API 键的情况下使此代码工作?我正在 Node 上构建应用程序。js/Angular/Express
How can I make this code work without showing my API keys? I am building as app on Node.js/Angular/Express
此代码适用于我的应用程序,但 process.env 不适用于此函数。有没有一种方法可以让我调用 process.env 而不必显示我的密钥?如果我现在保留代码,API 调用将不起作用,但如果我添加我的密钥,它将起作用。我的选择是什么,或者为什么 process.env 不能像在命令行上那样在此处工作?
function randomString(length, chars) {
var result = '';
for (var i = length; i > 0; --i) result += chars[Math.round(Math.random() * (chars.length - 1))];
return result;
}
var myApp = angular.module('myApp', []);
myApp.controller('MainCtrl', ['$scope', 'MyYelpAPI', '$window', function($scope, MyYelpAPI, $window) {
$scope.total = [];
$scope.businesses = [];
MyYelpAPI.retrieveYelp('', function(data) {
$scope.businesses = data.businesses
console.log($scope.businesses)
var array = $scope.businesses
var random = Math.floor((Math.random() * array.length) + 1);
// console.log(array[random])
var result = array[random]
console.log(result)
if (2 > 1) {
$scope.businesses = [result]
}
});
}]).factory("MyYelpAPI", function($http) {
return {
"retrieveYelp": function(name, callback) {
var method = 'GET';
var url = 'http://api.yelp.com/v2/search?';
var params = {
callback: 'angular.callbacks._0',
location: 'New+York',
oauth_consumer_key: process.env.yelp_consumer_key, //Consumer Key
oauth_token: process.env.yelp_token, //Token
oauth_signature_method: "HMAC-SHA1",
oauth_timestamp: new Date().getTime(),
oauth_nonce: randomString(32, '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'),
term: 'bakery'
// limit: 15
};
var consumerSecret = process.env.yelp_consumer_secret; //Consumer Secret
var tokenSecret = process.env.yelp_token_secret; //Token Secret
var signature = oauthSignature.generate(method, url, params, consumerSecret, tokenSecret, { encodeSignature: false});
params['oauth_signature'] = signature;
$http.jsonp(url, {params: params}).success(callback);
}
}
});
您无权访问客户端的 process.env,这只会让您访问 Node 环境。您应该做的是将 api 调用功能移动到应用程序的服务器(节点)部分,并让您的 angular 工厂查询服务器代码提供的端点。在您的服务器中,您可以访问 process.env,并安全地存储您的 env 密钥对,从而永远不会将它们暴露给 public.
一个非常基本的大纲(假设您正在本地开发并在 http://localhost:3000/api 上托管您的 api 可能是:
// client side angular code
.factory("MyYelpAPI", function($http) {
return {
"retrieveYelp": function(name, callback) {
var method = 'GET';
var url = 'localhost:3000/api/search';
var params = {
...
};
...
$http.jsonp(url, {params: params}).success(callback);
}
}
});
// node/express routing
app.get('/api/search', require('./api.js').search)
// server side i.e. node code (api.js)
module.exports = {
search: function(req, res) {
var params = {
oauth_consumer_key: process.env.yelp_consumer_key, //Consumer Key
oauth_token: process.env.yelp_token, //Token
}
...
res.json(something);
}
}
此代码适用于我的应用程序,但 process.env 不适用于此函数。有没有一种方法可以让我调用 process.env 而不必显示我的密钥?如果我现在保留代码,API 调用将不起作用,但如果我添加我的密钥,它将起作用。我的选择是什么,或者为什么 process.env 不能像在命令行上那样在此处工作?
function randomString(length, chars) {
var result = '';
for (var i = length; i > 0; --i) result += chars[Math.round(Math.random() * (chars.length - 1))];
return result;
}
var myApp = angular.module('myApp', []);
myApp.controller('MainCtrl', ['$scope', 'MyYelpAPI', '$window', function($scope, MyYelpAPI, $window) {
$scope.total = [];
$scope.businesses = [];
MyYelpAPI.retrieveYelp('', function(data) {
$scope.businesses = data.businesses
console.log($scope.businesses)
var array = $scope.businesses
var random = Math.floor((Math.random() * array.length) + 1);
// console.log(array[random])
var result = array[random]
console.log(result)
if (2 > 1) {
$scope.businesses = [result]
}
});
}]).factory("MyYelpAPI", function($http) {
return {
"retrieveYelp": function(name, callback) {
var method = 'GET';
var url = 'http://api.yelp.com/v2/search?';
var params = {
callback: 'angular.callbacks._0',
location: 'New+York',
oauth_consumer_key: process.env.yelp_consumer_key, //Consumer Key
oauth_token: process.env.yelp_token, //Token
oauth_signature_method: "HMAC-SHA1",
oauth_timestamp: new Date().getTime(),
oauth_nonce: randomString(32, '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'),
term: 'bakery'
// limit: 15
};
var consumerSecret = process.env.yelp_consumer_secret; //Consumer Secret
var tokenSecret = process.env.yelp_token_secret; //Token Secret
var signature = oauthSignature.generate(method, url, params, consumerSecret, tokenSecret, { encodeSignature: false});
params['oauth_signature'] = signature;
$http.jsonp(url, {params: params}).success(callback);
}
}
});
您无权访问客户端的 process.env,这只会让您访问 Node 环境。您应该做的是将 api 调用功能移动到应用程序的服务器(节点)部分,并让您的 angular 工厂查询服务器代码提供的端点。在您的服务器中,您可以访问 process.env,并安全地存储您的 env 密钥对,从而永远不会将它们暴露给 public.
一个非常基本的大纲(假设您正在本地开发并在 http://localhost:3000/api 上托管您的 api 可能是:
// client side angular code
.factory("MyYelpAPI", function($http) {
return {
"retrieveYelp": function(name, callback) {
var method = 'GET';
var url = 'localhost:3000/api/search';
var params = {
...
};
...
$http.jsonp(url, {params: params}).success(callback);
}
}
});
// node/express routing
app.get('/api/search', require('./api.js').search)
// server side i.e. node code (api.js)
module.exports = {
search: function(req, res) {
var params = {
oauth_consumer_key: process.env.yelp_consumer_key, //Consumer Key
oauth_token: process.env.yelp_token, //Token
}
...
res.json(something);
}
}