问题描述
我已经下载了node.js,并在网站目录(firebase.json,functions文件夹等)中创建了firebase-function文件.如果我要在project/functions/index.js文件中编写javascript云函数,则当我将其上传到我的静态网站的Github存储库时,它不会是私有的. (something.github.io)
I have downloaded node.js, and have created the firebase-function files at the website directory (firebase.json, the functions folder and others).If I was to write javascript cloud functions inside the project/functions/index.js file, it won't be private when I upload it to my Github repository for my static website. (something.github.io)
那么我该如何在不上传index.js的情况下将index.js中的firebase云功能调用到我的静态网站上呢?
So how would I go about calling the firebase cloud functions in my index.js to my static website without uploading the index.js (to keep certain functions private)?
我现在了解环境变量,但是如何将其与具有Firebase Admin SDK和云功能的Github Pages网站结合起来?
I understand now that there are environmental variables, but how can I incorporate that with Github Pages website with firebase Admin SDK and cloud functions?
我如何上传GitHub页面项目,同时仍将客户端链接到环境变量?我需要上传包含云功能的index.js吗?但是也不会上传index.js达到客户端看不到功能/数据的目的吗?
How do I upload my GitHub pages project and still link my client-side to the environmental variables? Would I need to upload my index.js containing my cloud functions? But also doesn't upload the index.js defeat the purpose of the client not being able to see the functions/data?
下面的评论提到了一个名为"Heroku"的软件,当我已经有GitHub和firebase与我的网站和数据库进行交互时,它的用途到底是什么?
The comment below mentioned a software calledHeroku, what exactly is the purpose of it when I already have GitHub and firebase interacting with my website and database?
我还看到了一种使用dotenv的方法,该方法创建一个.env文件来放置秘密数据(例如API密钥),并使用gitignore阻止该文件上传?那可以在Github Pages上工作吗,如果可以,客户端可以看到.env吗?如果不能,即使没有将其推送到Github,客户端-服务器网站也可以将其链接到.env
Also I saw a method of using dotenv, to create a .env file to put secret data (such as API keys) and use gitignore to prevent the file being uploaded? Would that be able to work on Github Pages, and if so, would the client be able to see the .env? And if they can't, can the client-server website link it to the .env even if it isn't pushed to Github
推荐答案
这是环境变量.本质上,假设您的API密钥为12345
.而且您具有这样的功能:
This is a good use of environment variables. Essentially, say you had an API key of 12345
. And you had a function as such:
async function fetchResults() {
await fetch("myapi.com/lookup?key=12345")
}
您可以改为:
async function fetchResults() {
await fetch("myapi.com/lookup?key=${process.env.API_KEY}")
}
环境变量保留在您的计算机上,因此它永远不会进入GitHub,因此允许您在保持敏感密钥的机密性的同时将代码公开为开源.
The environment variable is kept on your machine so it never goes to GitHub, hence allowing you to expose the code as open source while maintaining confidentiality of your sensitive keys.
编辑:所以我重新阅读了您的问题,看到您正在谈论发布到GitHub页面.需要注意的关键是,托管在客户端上的所有内容都可以看到. GitHub Pages仅托管应用程序的客户端"部分.因此,如果您的客户(浏览器)网站对myapi.com/lookup?key=12345
进行API调用,则无论如何他们都将能够看到它,因为这是他们的浏览器发出的请求,并且他们可以看到他们的浏览器执行的任何操作.
So I reread your question and I see you're talking about publishing to GitHub pages. The key thing to note is that anything that is hosted client-side the user will be able to see. GitHub Pages only hosts the "client" portion of your application. So if your client (browser) website makes an API call to myapi.com/lookup?key=12345
, they will be able to see it no matter what, since it's their browser making a request and they can see anything their browser does.
但是,这里的最佳实践是编写服务器端代码以运行您的应用程序.为此,您可以使用我上面建议的方法,在其中将环境变量添加到用于托管的任何服务器上(例如,可以使用[Zeit Now][2]
或 Heroku ).这样,您可以共享代码,但环境变量在运行服务器端代码的计算机上保持秘密.
However, the best practice here is to write server-side code to run your application as well. For this, you can use what I suggested above, where you add environment variables to whichever server you use to host (for example, you can do this easily with [Zeit Now][2]
or Heroku). That way, you can share your code but your environment variables stay secret on the machine that runs your server-side code.
这篇关于上传到github后隐藏的Cloud Functions吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!