Search code examples
javascriptnode.jsrequire

Call Node 'require' function from within browser JavaScript

On one page of a Squarespace website, I need to call the Node js 'require' function from within the page JavaScript. I'm working locally with a min-test case. Node is installed.

The relevant code is:

require('dotenv').config();
AWS.config.update({
  'region': process.env.AWS_REGION,
  'accessKeyId' : process.env.ACCESS_KEY_ID,
  'secretAccessKey' : process.env.SECRET_ACCESS_KEY,
  'endpoint' : process.env.ENDPOINT
});

The 'secret' ID and Key values will be stored in a hidden environment variable, .env, not on the page.

With this code alone, I get a require-undefined error. I need the necessary code to get the Node function recognized in JavaScript.

I've seen questions on here going the other way, getting a JavaScript function recognized in Node, but none this way. In those answers, I didn't see anything I can use. I searched the net too, but most of the responses were questions on here.

Solution

  • I'll summarize several relevant points from my comments:

    1. First off here, it's very important to understand the distinction between running code in a browser and running code in your own nodejs server and what types of activities are appropriate for each.

    2. You can't run nodejs code in a browser. While both the browser and nodejs can run vanilla Javascript code, the entire nodejs run-time library is only available within the nodejs environment, not in the browser. Similarly, there are many things such as the DOM that are available within the browser environment. So, something like require() and the dotenv module are entirely designed to be run in a nodejs environment (typically a server), not in a browser. There are some third party modules that can be run in either environment (such as Axios for making http requests from other servers).

    3. Nothing that you embed into client-side Javascript in a browser is secure. It is all available to any hacker or developer. So, you would never want to put AWS credentials into a web page.

    4. When using credentials (such as your AWS credentials) or accessing a database (such as your DynamoDB), you will not want to access those directly from the browser. To do so, you will have embed your credentials right into the web page and that will give any hacker full access to your database where they can wreak all sorts of havoc.

    5. Instead, you will need to set up your own server that manages your AWS credentials and controls what is and isn't modified in the database. Doing it this way, you keep your credentials secure on your server (never put them in the client) and your nodejs server has the ability to decide what changes to the database are appropriate and what are not.

    6. Then, if you want to make some changes to the database from the client (add, modify, delete), you send an Ajax call from the browser web page to your nodejs server specifying what you want to change. Your nodejs server validates the request (makes sure it's a reasonable thing to do, checks if the user making the request has the rights to do so) and then your nodejs server can login to the database using your AWS credentials and make the appropriate change to the database.

    7. If the client wants a result back, then your server can send back the appropriate result.