英文:
How to create a function that is secure and can be used in many places in Sveltekit
问题
我阅读了关于 SvelteKit 中 +page.server.ts 文件的一部分手册,并且我们有允许加载/获取、发送、更新和删除方法的方法/函数,但我想要一个可以在多个地方使用的方法/函数。我已经在我的 utils.ts 文件中创建了一个,但我想知道是否暴露了我的 API 令牌,因为我必须将这个方法导入到我的 +page.svelte 文件中。
英文:
I have read part of the manual about +page.server.ts files for sveltekit and we have methods/functions that allow the load/get, post, patch and delete methods but I would like to have a method/function that can be used in many places. I have created one in my utils.ts file but I wonder if I'm exposing my API tokens since I have to import this method into my +page.svelte
答案1
得分: 1
你在 +page.svelte 或 +page.js 中导入的任何内容都会被暴露给客户端,这包括在那里使用的任何 API 令牌。
你可能想要做的是使用 +server.js 路由创建自己的 API 端点,并使用常规的 fetch 或表单提交到该端点,然后该端点再使用外部 API 和令牌。由于这是完全在服务器端进行的操作,不会将任何内容暴露给客户端。
英文:
Anything you import in +page.svelte or +page.js is exposed to the client, so that would include any API tokens used there.
What you probably want to do is making your own API endpoints using +server.js routes and use regular fetches or forms to that endpoint which in turn uses your external API and the tokens. Since that would be fully server side nothing is exposed to the client.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论