Reputation: 1407
Add user password during runtime
i've some node app which should get the user password to run ,
I dont want to put the user password hard-coded but I want some way to pass it during deployment, something like when I do
npm start with the command line and add also user password which
will be filled in the code, there is some best practice how to do it in node?
After I search in SO i've found this post but it's not helping since you put the code in config file which to me looks the same , the user passowrd is supplied with the code which I want to avoid...any example will be very helpful
Best way to store DB config in Node.Js / Express app
Let's say one on the file need this user password for Runtime...
e.g.
request({
uri: API,
method: 'POST',
json: true,
form: {
'username': 'user123',
'password': 'password123'
},
What I want is something similar to this approach , (or there something better which I want to understand how to use it)
request({
uri: API,
method: 'POST',
json: true,
form: {
'username': ~username,
'password': ~password
},
And run the following command during deployment
npm start username user123 password password123
Upvotes: 3
Views: 536
Answers (3)
Reputation: 2597
You can make use of environment variables.
Let's say you have an environment variable called USERNAME.
You can access it in your Node.js application like this:
console.log( process.env.USERNAME )
You can supply environment variables when starting your application like this:
USERNAME=example npm start
You may also want to check this supper cool project called dotenv which loads environment variables form a .env file.
You can add .env to your .gitignore and the credentials won't be shipped with the code.
Upvotes: 2
Reputation: 3272
I've build a similar app not so long ago. My folder structure was as follows:
root
|- app // App logic (Not accessible in front-end)
|- templates // Template files (Not accessible in front-end)
|- static // Static files (Accessible in front-end)
|- config // Config files (Not accessible in front-end)
|- config.json // Config file (Not accessible in front-end)
|- index.js // Example JS file
if you add config/config.json to the .gitignore file, assuming you use git, it will not be transmitted when you push to production. This means that you have to make a config.json file in the production environment yourself that can hold different data than the development environment config.
Example config.json:
{
"username" : "username1",
"password" : "password123"
}
If you need the password in index.js you do the following:
const fs = require('fs');
fs.readFile('./config/config.json', function(err, data) {
if (!err) {
const data = JSON.parse(data);
const username = data.username;
const password = data.password;
// Use password here or store it in a local variable to use it later
}
});
Upvotes: 1
Reputation: 533
Your best bet would be to have an external config file and read the username and password configuration from that. :) You will need to make sure that your web app doesn't serve the config file to the public either. So I would recommend putting the config into a higher level directory than your server so you would have less chance of accidentally serving your config.
Upvotes: 1
Related Questions
- Storing passwords to login to third party APIs
- Password Hashing in Node.js
- How to hide password in the nodejs console?
- Storing a password in an environment variable using Node.js
- How to Set Password During Command Line Execution
- How to use User Authentication with node.js
- Node.js/Express Password Protected Page
- Password protect just a section of a node app
- nodejs user system authentication
- How should I send the username and a password to the server?