Cloud foundry VCAP_SERVICES in VueJS Appliction - node.js

I am writing VueJS Web Application and deploying into Pivotal Cloud Foundry.
I want to read config from user provided VCAP_SERVICES.
I tried two approach to do that.
using cfenv library : But when i do that i am getting Uncaught TypeError: Arguments to path.join must be strings while var cfenv = require('cfenv')
Then i tried manual approach to do that let vcap_services = JSON.parse(process.env.VCAP_SERVICES), in this one i am getting VCAP_SERVICES undefined.
Can anyone please help or suggest something.

You cannot look at VCAP_SERVICES in a client's browser, which is where your Vue.js app is running. This is because VCAP_SERVICES is an environment variable set on the server-side where your application is being hosted.
If you want it available on the client-side, you'd need to expose it in some way. Either encode it in the files being served up to the client's browser or make an API call and request it from your server.
That said, often the information in VCAP_SERVICES is sensitive (contains passwords and secrets), so you'd want to be extremely careful about what you send down to the client/browser. Anything you send down to the client/browser will be visible to the client/browser and its human user. In short, someone using your app through a browser could also see that info, like through Browser Dev Tools.

Related

Getting environment variables from nodejs app cpanel

So I'm using cPanel with Setup Node.js App plugin for an node/express app. (don't asky why cPanel)
Everything is working as expected in development, except for environment variables in production, I set up them manually from the cPanel interface, I restarted/stopped the app, logging the process.env on the server and I don't see the env variables there (not to say when trying to call them they are undefined).
When doing res.json(JSON.stringify(process.env)); i get a bunch of variables except for the one I manually wrote in cPanel variables interface.
It is important for me to store these variables as a secret key because they are API credentials.
Does anyone know what I might have misconfigured or had this problem?

Getting Users API access in nodejs AppEngine environment with Identity Aware Proxy

I have a nodejs app deployed on AppEngine with IAP enabled, so right now access to its endpoints is protected against users outside of the project's IAM and I get the "x-goog-authenticated-user-id", "x-goog-authenticated-user-email" and another jwt assertion x-goog signed header, just like it should be (as detailed here https://cloud.google.com/iap/docs/identity-howto).
In certain AppEngine environments (so far Python, Java, Go) it seems you are able to use some already provided libraries to get more information about the user with Users API, however the nodejs page is disabled (here https://cloud.google.com/appengine/docs/standard/python/users/), there seems to be no indication of what should be done there. Any ideas?
If there is no straight forward way around it would I be able to have an app engine environment that also exposes for example the Python libraries for Users API so that I can wrap around them and use them in my nodejs app?
The Users API isn't supported for Node.js. Instead, you can get the identity from the x-goog-iap-jwt-assertion header.
We don't currently have a code sample for Node.js, though this looks like one reasonable approach. (Disclaimer: I'm not a Node user, and don't know enough about Node JWT libraries to endorse any of them in particular.)
Update for the current state:
There is currently a
Identity-Aware Proxy Documentation for Node JS.

How to protect credential in Angular

I am using Angular 5 with Firebase, i understand the firebase credential in Angular has the chance to leak to client side when rendering the pages. But Firebase Products can use rules to secure it, i found it doesn't harm any to me.
But i have another question, what if I want to use SQL or any other services that require credential to perform authentication before executing an action, such as read/write from a SQL table.
When I using Node.js, the credential will declare in the server-side JS file, but apparently Angular is client-side framework. So i would like to know to solve this problem.
Thank you!
Code on your server/node app won't be available to the frontend.
Only data that's requested by the client via http requests is available to the Angular app.
So as long you don't return the critical data through your api you're good to go.

Accessing AWS_CREDENTIALS within an application served by express.js

I have a React application which is served by express.js. There is a component/library within the react application which is trying to use the aws-sdk for s3/cloudwatch functions.
My issue is that the aws-sdk fails to find credentials when the application runs. They are stored in an ~/.aws/credentials file, which operates correctly for other applications.
I've found that if instead of calling these methods directly in my application, I call a custom express route which calls them from my server.js, there is no credentials error.
I'd very much prefer not to have these additional routes and call my own application to perform these functions. Is there a fundamental concept I am mi-understanding here? Is there a for the application served by express to be able to read the filesystem correctly and read the credentials file?

Client Only and Tokens?

to access/write to a feed from the browser / Javascript, this answer says that you have to
Generate a token on the server (using API key+secret),
Provide that token to the client (just render it somewhere)
Use the token from in JS when accessing the feed
My problem now is that I basically have no server side. My app uses Polymer, so everything is running on the client and I have no way of creating those tokens (my app is served through Firebase, and I guess all it does is serve the html files).
With the polymer/firebase setup, can I still use getstream.io somehow?
Thanks!
We don't have any interaction with Firebase directly, so you'd still need some piece of middleware to handle API calls and generating these tokens.
It's an interesting idea, though. I'll add a TODO item to look into Firebase interactivity via a plugin in the future.

Resources