I have a config.js file that has all my app settings inside it. Some of these settings need to be shared with front-end scripts as well as back-end.
I have some confidential variables that I don't want to be exposed to the front-end though. Do any NodeJS/ExpressJS wizz kids have any good solutions to this?
Do you keep your common config data in a /public location and confidential server-side data separate above the exposed /public folder?
Thanks guys
Using express-expose to share (or 'expose') data from the server to the client works pretty well. As Raynos said, I would keep confidential variables as environment variables and then you may be able to safely expose all of your settings.
Or you can do something like create a 'shared' object in your settings. Like this:
app.set('shared', {
setting1: mydata
, setting2: new OAuth(...)
, setting3: { ... }
});
Which allows you to access the settings as app.setting.shared.setting1 on the server and then you can app.expose(app.setting.shared) so your client side JS can access the same object.