![](/img/trans.png)
[英]Can I change my .ejs file to .html to make it work with Node.js and Express?
[英]How can I make this code work without showing my API keys? I am building as app on Node.js/Angular/Express
这段代码可以很好地与我的应用配合使用,但是process.env在此函数中无法正常工作。 有没有一种方法可以调用process.env而不需要显示我的密钥? 如果我现在保留该代码,则API调用将无法正常工作,但是如果添加我的密钥,它将可以正常工作。 我有什么选择,或者为什么为什么process.env不能像在命令行上那样从此处工作?
function randomString(length, chars) {
var result = '';
for (var i = length; i > 0; --i) result += chars[Math.round(Math.random() * (chars.length - 1))];
return result;
}
var myApp = angular.module('myApp', []);
myApp.controller('MainCtrl', ['$scope', 'MyYelpAPI', '$window', function($scope, MyYelpAPI, $window) {
$scope.total = [];
$scope.businesses = [];
MyYelpAPI.retrieveYelp('', function(data) {
$scope.businesses = data.businesses
console.log($scope.businesses)
var array = $scope.businesses
var random = Math.floor((Math.random() * array.length) + 1);
// console.log(array[random])
var result = array[random]
console.log(result)
if (2 > 1) {
$scope.businesses = [result]
}
});
}]).factory("MyYelpAPI", function($http) {
return {
"retrieveYelp": function(name, callback) {
var method = 'GET';
var url = 'http://api.yelp.com/v2/search?';
var params = {
callback: 'angular.callbacks._0',
location: 'New+York',
oauth_consumer_key: process.env.yelp_consumer_key, //Consumer Key
oauth_token: process.env.yelp_token, //Token
oauth_signature_method: "HMAC-SHA1",
oauth_timestamp: new Date().getTime(),
oauth_nonce: randomString(32, '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'),
term: 'bakery'
// limit: 15
};
var consumerSecret = process.env.yelp_consumer_secret; //Consumer Secret
var tokenSecret = process.env.yelp_token_secret; //Token Secret
var signature = oauthSignature.generate(method, url, params, consumerSecret, tokenSecret, { encodeSignature: false});
params['oauth_signature'] = signature;
$http.jsonp(url, {params: params}).success(callback);
}
}
});
您无权访问客户端上的process.env
,仅允许您访问Node环境。 您应该做的是将api调用功能移至应用程序的服务器(节点)部分,并让服务器工厂代码向该端点提供角度工厂查询。 在那里,在你的服务器,你可以访问process.env
,并安全地存储您的env
密钥对,因此他们从未暴露给公众。
一个非常基本的概述(假设您正在本地进行开发并将api托管在http://localhost:3000/api
可能是:
// client side angular code
.factory("MyYelpAPI", function($http) {
return {
"retrieveYelp": function(name, callback) {
var method = 'GET';
var url = 'localhost:3000/api/search';
var params = {
...
};
...
$http.jsonp(url, {params: params}).success(callback);
}
}
});
// node/express routing
app.get('/api/search', require('./api.js').search)
// server side i.e. node code (api.js)
module.exports = {
search: function(req, res) {
var params = {
oauth_consumer_key: process.env.yelp_consumer_key, //Consumer Key
oauth_token: process.env.yelp_token, //Token
}
...
res.json(something);
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.