Can a user see all the files in my website?

Question

I'm pretty new to web development. I'm creating a website using Node.js and express. I need to store some very private information in these files (codes dealing with payments, etc.) but also just some stuff in the server side that the client can't alter/see. I have searched the internet and have had no luck, so what files can the users access when they use my website? (This is how I have everything organized)...

How can I make sure that this private information is not exposed. All help would be greatly appreciated!

Thank you!

Answer 1

Runtime Environment

First, you runtime environment is Node.js so your logic is store in server-side, anything else such as javascript, images, css, html consider as static resources you watch them inside your browser by going to Resources/Source tab in Developer Tools (depends which browser you are using).

JavaScript

Browser did solve math then send response to console always!

Client-side runs via browser in a client machine. E.g.

var mathInBrowser = (1 + 1);
    
console.log("mathInBrowser")

NodeJS

Server solves math then send response/value to specific route only when requested. So the browser doesn't know if this equation, it knows only the value. Because Node.js is server-side runtime environment, it runs JavaScript Files and more inside a server and send only what needed to be sent to the browser or API. E.g.

var mathInServer = 1 + 1;

app.get('/math', function(req, res) {

res.send("Result is: " + mathInServer)
})

Database

You can send data from your requests to databases that has no access except via authentication process. In that way you are storing valuable information in place that only authorized personnel can access.

Important

Don't store important information in public folder thinking that no one would recognize! As public resources anyone can see your files and your codes if you upload it as static assets. Sometimes, search engines can explode serious client informations, links, files.