I need to serve things on a backend, not sure where to start.
Posted by exogreek@reddit | learnprogramming | View on Reddit | 8 comments
Hello!
I have a neat project I have built that is a fake interactive terminal, built with vanilla js. I now want to publish this application to my small community to play around with, but there are secrets in the code that I do not want users to find.
Ive got godaddy shared hosting that I use to host the regular stie at the moment, but from what I have seen, theres no elegant solution to getting the .js files to sit on the backend, so the client is not able to digest them. I am looking for either a paid or free way to structure the files so that only static content I want (html, css, etc) are served to the client, while the index merely loads the .js files from the backend. Any tips on how to do this? I was so focused on building the app and debugging that this was a bit of an oversight. THANKS! :)
armahillo@reddit
Dont use godaddy
exogreek@reddit (OP)
Thats a nice sentiment, but the hostings already paid for (not by me) so its what ive got to work with lol. I did find some articles stating that you can actually install nodejs onto cpanel shared hosting using certain versions, so I may look a bit more into that.
AfraidOfTheSun@reddit
I'm curious what the purpose of this is, is it like a hacker game or something?
Anyway, you'll need to figure out what your GoDaddy account can do regarding using node.js on the server, eg. do they support that? If so that's how you'll execute your javascript on the server, you need to figure out if that is possible with your current GoDaddy account first, then if so you'll need to modify your code to do what you want in that setup
I would suggest seeing if GoDaddy has nodejs support and if you can get a test script running on that, then you can go to town on your actual peoject
teraflop@reddit
In order to do this, you need to restructure your code as a client/server application.
You can certainly run .js code on the backend, using Node.JS. But then you need to figure out which code should run on the frontend, which code should run on the backend, what data they should have available, and how they should communicate over HTTP. The way to do this is going to depend on what exactly your code is doing, and how it's structured.
For instance, right now you probably have all of the "state" for each user stored in variables belonging to the frontend code, running in that user's browser. All of that data can potentially be viewed and manipulated by the user; there's absolutely no way around that.
So instead, you can move that data to the backend, but that introduces some complexity. Your backend needs to be able to manage data from many users simultaneously. If a user sends your backend an HTTP request, to tell you that the user entered a command and ask for a response, you need to figure out which user the request came from (e.g. using a cookie). You probably need to think about how to persist the user's state to disk, so that if your backend server exits and restarts, you don't lose all the information for every user. And so on.
Depending on how much work you want to do, you might decide to move some of the logic to the backend, but not all. For instance, suppose you have code that asks the user for a password, and if they get it correct they get a point. Instead of checking the password in the frontend, you can have the frontend ask the backend whether the password is correct, and just get back a true/false answer. But then you have to remember that if the frontend code does anything with that response, the user can still see what it's doing and manipulate it.
exogreek@reddit (OP)
My code is essentially structured in this manner: config.js - credential handling main.js - main utilities for the terminal, login sequencing asciisupport.js - ascii support for outputs filesystem.js - lists files and their contents database.js - fake database with output records
This is supposed to be a longterm project where I expand functionality, and the client is not supposed to be able to see most/all of the terminal if I can help it. So would I be able to separate each function with nodejs, making it so the login process is served to the client, checking for the credentials on the backend, and then have the rest served to the front end?
Im new to all of this, so any guides/etc you can share are a big help.
teraflop@reddit
You can do this, but it's a little bit uncommon to have client-side code protected by a login, as opposed to data.
The backend server has complete control over what files are server to clients, so if you want to put some of your code behind a login check, you can do that. You could separate your application into one .js file which does the client-side part of the login process, and then additional .js files which are only accessible when the user has logged in.
The client is responsible for loading those files into the page (e.g. by appending a new
<script>tag into the HTML after the login is complete) and the server is responsible for denying access to any users who aren't logged in (e.g. by checking for a cookie or header containing a password, or a session ID, or a JSON Web Token).But once again, you need to remember that once you send any file (including a .js file) to the client, you have no control over what the client does with it. If the .js code that you send after login contains secrets, any user who can login will be able to see those secrets.
I don't know of any guides specifically for doing this, because it's a bit of an unusual requirement. Your best bet is probably to learn the basics of backend programming (using whatever language you prefer), and build a more traditional client/server app to get a sense of what's possible.
exogreek@reddit (OP)
Yeah, like I said, im still learning here. Not really a traditional programmer, so then things like this happen. Let me give a more broad description of the app, and maybe youll have more pointed advice for me as I understand its all been built clientside at this point.
The terminal is loaded via an index.html which has some styling and an input line, the .js files load an intro and then display the input line, this is the credential/login stage.
Once the user is authenticated, they can browse the file system, enter commands, and run certain fake .exes. The logic is all built into separate .js files for ease of modifying and debugging things.
The intended thing is that a user gets to the site, sees the login terminal and when they inspect the page, can only see the styles.css and index.html and custom font files I have, and that all .js files are strictly handled on the backend. Its not sounding like this is how that works, so any specific information you can provide would be a huge help as there are so many ways to go here. Im on shared hosting for this, so id prevert to keep it that way, but if it needs a vps, it needs a vps...
teraflop@reddit
Yeah, like I said, you can run JavaScript on the server. That's what Node.JS is for.
If you want the logic for each of your "fake .exe" files to be contained on the server, without users being able to see it, then you need to decide what inputs and outputs you do want the users to see. So for instance, you could have the client-side code prompt the user for a line of input, and then when they press enter, you send the line of input to the backend. The backend then runs whatever code you want, and sends the response back to the frontend.
Whether or not you can do this on your current shared hosting provider depends on what kind of backend languages and tools it supports.