英文:
Env variables showing as undefined when using browserify
问题
我刚刚在我的系统上安装了Browserify,并成功地将我的脚本捆绑在一起,但当我调用我的环境变量时,我得到了undefined。
我的文件结构:
MyProject
dist
node_modules
src
index.html
index.js
bundle.js
.env
package-lock.json
package.json
yarn.lock
index.html
<link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/css/bootstrap.min.css" rel="stylesheet"/>
<script src="https://cdn.jsdelivr.net/npm/@popperjs/core@2.11.8/dist/umd/popper.min.js"></script>
<script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/js/bootstrap.min.js"></script>
<div class="d-flex align-items-center justify-content-center" id="record">
<div class="input-group mb-3 input-group-lg w-50">
<input type="text" class="form-control" id="rec-id" placeholder="Enter ID">
<button class="btn btn-success" id="mybtn" type="button">Enter</button>
</div>
</div>
<div class="d-flex align-items-center justify-content-center d-none" id="show-alert">
<div class="alert alert-danger alert-dismissible fade show row">
<button type="button" class="btn-close" data-bs-dismiss="alert"></button>
<strong>Danger!</strong> Button was clicked
</div>
</div>
<script src="bundle.js"></script>
index.js
require("dotenv").config();
console.log(process.env.MY_TOKEN);
成功运行了browserify src/index.js -o src/bundle.js。
.env
MY_TOKEN=qwer123456
当我运行我的代码时,控制台中显示undefined,而不是qwer123456。
英文:
I just installed browserify on my system and am able to bundle my scripts but when I call my env variables I am getting undefined.
My file structure:
MyProject
dist
node_modules
src
index.html
index.js
bundle.js
.env
package-lock.json
package.json
yarn.lock
index.html
<link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/css/bootstrap.min.css" rel="stylesheet"/>
<script src="https://cdn.jsdelivr.net/npm/@popperjs/core@2.11.8/dist/umd/popper.min.js"></script>
<script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/js/bootstrap.min.js"></script>
<div class="d-flex align-items-center justify-content-center" id="record">
<div class="input-group mb-3 input-group-lg w-50">
<input type="text" class="form-control" id="rec-id" placeholder="Enter ID">
<button class="btn btn-success" id="mybtn" type="button">Enter</button>
</div>
</div>
<div class="d-flex align-items-center justify-content-center d-none" id="show-alert">
<div class="alert alert-danger alert-dismissible fade show row">
<button type="button" class="btn-close" data-bs-dismiss="alert"></button>
<strong>Danger!</strong> Button was clicked
</div>
</div>
<script src="bundle.js"></script>
index.js
require("dotenv").config();
console.log(process.env.MY_TOKEN);
Successfully ran browserify src/index.js -o src/bundle.js
.env
MY_TOKEN=qwer123456
When I run my code, I am getting undefined in my console instead of qwer123456.
答案1
得分: 1
Webpack(类似于Browserify的工具)有一个插件,可以将dotenv的数据暴露给捆绑后的代码。然而,你不应该这样做。
你在评论中说过:
>> 你的目标是仅将.env文件的内容保持不在Git存储库中,还是要隐藏它们不让使用你的网站的人看到?
> 我想要两者都实现
.env文件有两个目的:
- 它使你能够在不同的环境中使用不同的值(例如,在生产、qa、开发等不同数据库时,数据库服务器的地址)。
- 它允许你避免将凭据放入版本控制
它不能隐藏需要使用它的环境中的值。
为了让客户端JavaScript访问你的Slack授权令牌,你必须将Slack授权令牌提供给浏览器。浏览器完全由用户控制。如果你这样做,用户可以读取授权令牌,并使用该授权执行任何他们想要的Slack API操作。
要保密令牌,你需要在服务器端代码中使用它们,并通过API(例如可以通过Ajax访问的API)暴露客户端应具备的任何(有限的)功能,你可能应该使用你自己的身份验证和授权机制来保护它。
英文:
You can't do that.
Webpack (which does a similar job to Browserify) has a plugin that can expose dotenv data to bundled code. However, you do not want to do that.
You said, in a comment:
>> Is your goal just to keep the contents of the .env file out of your git repository or are you trying to keep them hidden from people using your website?
> I am trying to do both
A .env file serves two purposes:
- It makes it easy for you to use different values in different environments (e.g. the address of a database server when you have different databases for production, qa, development, and so on).
- It lets you avoid putting credentials into version control
It does not, and cannot, hide a value from the environment that needs to use it.
For your client-side JavaScript to access your Slack auth token, you have to give the Slack auth token to the browser. The browser is completely under the control of the user. If you do that then the user can read the auth token and do anything with the Slack API they like with that authorisation.
To keep the tokens secret you need to use them in server-side code and expose any (limited) functionality the client should have over an API (e.g. one that can be accessed via Ajax) which you should probably secure with your own AuthN/AuthZ.
答案2
得分: 0
尝试使用 dotenv.parse() 解析 .env 文件的内容:
const dotenv = require('dotenv'),
fs = require('fs');
const buf = fs.readFileSync('./.env');
const envVars = dotenv.parse(buf);
console.log(envVars.MY_TOKEN);
英文:
Try to parse content of the .env file by using dotenv.parse():
const dotenv = require('dotenv'),
fs = require('fs');
const buf = fs.readFileSync('./.env');
const envVars = dotenv.parse(buf);
console.log(envVars.MY_TOKEN);
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论