Is it possible to restrict access to variable information with AngularJs?

5

Hello,

I'm new to development and would like to know if there is any way to hide variable information in AngularJs, I'm using a MongoLab API and I did not want to leave my apiKey visible to anyone who debug the code in the browser, I'm running the application with NodeJs and ExpressJs, the server code was generated through ExpressJS CLI in this way: npm install express-generator -g and then express meuApp .

Follow the controller code:

app.controller("RBScontroller", function ($scope, $http) {

$scope.enviar = function enviar(){

    var ApiMongo = 'https://api.mongolab.com/api/1/databases/db_test/collections/users?apiKey=Chave_da_APi';  //Gostaria de esconder essa informação
    $scope.users = [];
    $scope.loading = true;

    $http.get(ApiMongo).success(function(data) {
        console.log(data);
        $scope.users = data;
        $scope.loading = false; 

    }).error(function(msg) {      

        angular.element($(function(){alert("Fail")}));
        $scope.loading = false;
    });
 }  
});
    
asked by anonymous 14.10.2015 / 05:44

2 answers

7

The simple answer is no , there is no way to hide from the client side. And even if it existed, the called URL could be intercepted (via debug tools).

However, you can use a different approach. Instead of performing the call via the Angle, use a function via http.request in the NodeJS, and return the result to your application.

    
14.10.2015 / 06:19
3

Friend, there is no way to do this through javascript.

The only thing that can be done - and what I would do if I had to hide this information - is to make a proxying .

Translating, you will send the information to your server, and your server will in turn make the request you need - rather than directly.

Exemplifying with PHP

#requisicao.php

$conteudo = file_get_contents('https://api.mongolab.com/api/1/databases/db_test/collections/users?apiKey=Chave_da_APi');

return Response::json($conteudo);

Javascript:

$scope.enviar = function enviar(){

    var ApiMongo = 'requisicao.php'; // A informação só é vista pelo programador que acessar requisicao.php
    $scope.users = [];
    $scope.loading = true;

    $http.get(ApiMongo).success(function(data) {
        console.log(data);
        $scope.users = data;
        $scope.loading = false; 

    }).error(function(msg) {      

        angular.element($(function(){alert("Fail")}));
        $scope.loading = false;
    });
 }  
});

In case, as you are using node.js server-side, I believe you could do that.

    
14.10.2015 / 15:15