如何在 Wordpress PHP 文件中隐藏外部 API 密钥?
[英]How can I hide an external API key in a Wordpress PHP file?
问题描述
I've spent hours trying to research and solve this but am still struggling unfortunately.
我花了几个小时试图研究和解决这个问题,但不幸的是仍在苦苦挣扎。
I have created a custom 'courses' post type in Wordpress that involves using embedded Calendly event registrations.我在 Wordpress 中创建了一个自定义“课程”帖子类型,其中涉及使用嵌入式 Calendly 事件注册。 I am using the Calendly embed API to notify the parent window when an event registration takes place.我正在使用 Calendly embed API 在发生事件注册时通知父 window 。 The notification payload provides the URI of the event, which I then want to look up using the Calendly API and return the name of the event.通知负载提供事件的URI ,然后我想使用 Calendly API 查找并返回事件的名称。 I am struggling with hiding the API key in the header:我正在努力隐藏 header 中的 API 密钥:
"Content-Type": "application/json",
"Authorization": "Bearer MY_API_KEY"
}
I've tried to add a line in wpconfig to define the key:我试图在 wpconfig 中添加一行来定义密钥:
define( 'CALENDLY_KEY', '**key**' );
But I don't know how to then use this in my function without exposing it via 'echo'.但我不知道如何在我的 function 中使用它而不通过“回声”暴露它。
Any advice would be much appreciated.任何建议将不胜感激。
Extended code below:下面的扩展代码:
<!-- Calendly widget script -->
<script type="text/javascript" src="https://assets.calendly.com/assets/external/widget.js" async></script>
<script>function isCalendlyEvent(e) {
return e.data.event &&
e.data.event.indexOf('calendly') === 0;
};
window.addEventListener(
'message',
function(e) {
if (isCalendlyEvent(e)) {
if (e.data.event == "calendly.event_scheduled") {
console.log("event scheduled!");
let event_uri = e.data.payload.event.uri;
console.log(event_uri);
fetch(event_uri, {
"method": "GET",
"headers": {
"Content-Type": "application/json",
"Authorization": "Bearer MY_API_KEY"
}
})
.then(response => response.json())
.then((json) => {
console.log(json);
let ordered_course = json.resource.name;
console.log(ordered_course);
})
}
console.log(e.data);
}
}
);</script>
1 个解决方案
解决方案1
0 2022-01-21 22:32:20
You should use dotenv (.env) file for your API key.您应该为您的 API 密钥使用 dotenv (.env) 文件。
You can install support for dotenv (.env) via the vlucas/phpdotenv package with Composer package manager for PHP on your server.您可以通过vlucas/phpdotenv package 和 Composer package 管理器在您的服务器上安装对 dotenv (.env) 的支持。
Easier option - if you don't have experience as you say, is to use a WordPress plugin dontenv , this you will create.env file and inside you will write MY_API_KEY=123456, then in your code, you can retrieve this.env key by using getenv('MY_API_KEY');更简单的选择 - 如果您没有您所说的经验,则使用 WordPress 插件dontenv ,您将创建.env 文件并在其中写入 MY_API_KEY=123456,然后在您的代码中,您可以检索 this.env 密钥通过使用 getenv('MY_API_KEY');
This is for PHP but your code is JS, so you should install npm package manager then run npm i dontenv then in your code Bearer ${process.env.MY_API_KEY} . This is for PHP but your code is JS, so you should install npm package manager then run npm i dontenv then in your code Bearer ${process.env.MY_API_KEY} .
Also, .env files should not be uploaded on GitHub.此外,不应将 .env 文件上传到 GitHub。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.