0

I'm beginner with Nodejs, so, i'm sorry if I did some wrong, and tell me how to solve, please...

In my case, I put all credentials inside .env file and my index.ejs try extract the data, but, I see error "require is not defined" because I try use 'dotenv' here, see my example (.ejs).

In the case, 'dotenv' is a module too extract values inside .env file and this work for give security to the values of the variables.

If it does not have like, I would like to know what I could do to solved the problem, remembering that it is for security of credentials.

My new EJS file:

    <html>
            <head>
              <script src="jquery-3.1.1.js"></script>
              <script src="app.js"></script>
              <base href="/">
              <title>XXXXXXXXXXXXXXXX</title>
              <meta name="viewport" content="width=device-width, initial-scale=1">
              <meta http-equiv="X-UA-Compatible" content="IE=edge">
              <meta property="og:image" content="XXXXXXXXXXXXXXXX.svg" />
              <meta property="og:title" content="XXXXXXXXXXXXXXXXXXSimple" />
              <meta property="og:description" content="My description" />
              <link rel="shortcut icon" href="favicon.ico" type="image/x-icon">
              <link rel="stylesheet" href="css/app.css">
            </head>
            <body>
              <div id="view-change-button" class="button" onclick="Payloadxxxxxxx.togglePanel(event, this)">
                <img class="option full" src="../img/Chat Button.png">
                <img class="option not-full" src="../img/Code Button.png">
              </div>
              <div id="contentParent" class="responsive-columns-wrapper">
                <div id="chat-column-holder" class="responsive-column content-column">
                  <div class="chat-column">
                    <div id="scrollingChat"></div>
                    <label for="textInput" class="inputOutline">
                      <input id="textInput" class="input responsive-column"
                        placeholder="Digite algo" type="text"
                        onkeydown="xxxxxxxxxxxxxxxxPanel.inputKeyDown(event, this)">
                    </label>
                  </div>
                </div>
                <div id="payload-column" class="fixed-column content-column">
                  <div id="payload-initial-message">
                    xxxxxxxxxxxxxxxxxxxxxxxxxxxxxOtherDescription.
                  </div>
                  <div id="payload-request" class="payload"></div>
                  <div id="payload-response" class="payload"></div>
                </div>
              </div>
     <script>
     var lgn = <%- JSON.stringify(lgn) %>; //solution by @Jak
     var pas = <%- JSON.stringify(pas) %>; //but show the values in console
     //   var lgn = process.env.LOGIN;
     //   var pas = process.env.PASS;
        var numberOrigin = 330;

function test(){
  var obj2 = login(lgn, pas, numberOrigin);
  numberOrigin++;
}

    var obj;

    function xxxx(xxxxxxxxxxxxxxxxxxxx){
      numberOrigin +=1;
     //some codes with ajax


    function otherFunction(){
      //otherFunction code    
    }
   </script>
       // I need the .js files for my function to work fine
      <script src="js/xxxxx.js"></script>
      <script src="js/xxxxxxxx.js"></script>
      <script src="js/xxxxxxxxxx.js"></script>
      <script src="js/xxxxxxxxxx.js"></script>
      <script src="js/xxxxxxxxx.js"></script>
    </body>
    </html>

Obs.: My app.js works fine with require( 'dotenv' ).config( {silent: true} );, (.env file with credentials for other API), but the file is .js and not .ejs.

I'm not sure if dotenv works with EJS, but, if not, someone can help me how to ensure that my credentials will not be seen?

EDIT: After try with the possible solution By @Jak Hammond, my code index.ejs:

enter image description here

My code inside Console Chrome (It's possible see the credentials):

enter image description here

Sayuri Mizuguchi
  • 5,250
  • 3
  • 26
  • 53

1 Answers1

1

If I've understood your question correctly you want to pass some data into the EJS view you're rendering? If so, then this question might be of use; Pass variables to JavaScript in ExpressJS

You have to load the data on the server and then pass it down inside an object which you can then reference inside your view.

Jak Hammond
  • 1,460
  • 3
  • 11
  • 24
  • This work, but in the case, in the console (chrome) show my credentials... and I want use dotenv just for security of my credentials. +1 for the help and if you say me how to solved this (security) I'll mark the answer. – Sayuri Mizuguchi Jan 24 '17 at 13:33
  • Okay, I think you need to rethink your approach then, since that content is server-side rendered, but the script is executed by the client, after rendering of the whole page, including your credentials, then it is not possible to hide the creds from someone inspecting the elements and infact credentials even leaving the server in this way is very bad. I'd suggest taking a look at what you're trying to achieve in that function, see if you can move it to the server and then render the result instead rather than running on the client. – Jak Hammond Jan 24 '17 at 14:03
  • Thanks for the help @Jak! I'm sorry i'm beginner with Developer. I'll try it. – Sayuri Mizuguchi Jan 24 '17 at 14:13
  • 1
    We all start somewhere so no need to apologize at all :) without mistakes we'd never learn, I reckon you'll get the answer quickly enough, just see if some of the client-logic can be moved server side and you should be sorted :) – Jak Hammond Jan 24 '17 at 14:14