node.js - How to prevent javascript files from showing in view source?

Question

I have a javascript file where my database function to fetch records is stored. This code below fetches the records from a specific Odoo model. Example code: RFQListApi.js:

const Odoo = require('odoo-await');


const rootUrl ='exampleURL'
const odoo = new Odoo({
    baseUrl: rootUrl,
    port: 24,
    db: 'test',
    username: "test123",
    password: "test123"
});


// Exporting to vue file

export default {
        async getList (){
            await odoo.connect();
            // Read data
            const records = await odoo.searchRead(`ship.order`, {}, ['name', 'subject']);
            return records
        }
}

Now I am calling this function by exporting this function to a VueJS file. Something like this:

<template>
  <div>
    <CRow>
      <CCol sm="12">
        <CTableWrapper
          :items="results"
          hover
          striped
          border
          small
          fixed
          caption="Request for Quotations"
        />
      </CCol>
    </CRow>

    
  </div>
</template>

<script>
import regeneratorRuntime from "regenerator-runtime";
import CTableWrapper from './RFQsTable.vue'
import RFQsList from './api/RFQsListApi';    // for API calling

export default {
  name: 'RFQsList',
  components: { CTableWrapper },
  data(){
    return{ 
      results: [],
      values:[]
    }
  },
  created(){
    this.getConnected();
  },
  methods: {
   async getConnected(){
      RFQsList.getList()
      .then((results) =>{
        this.$set(this,"results",results) // storing in event data()
    })
    .catch(e =>console.log(e, "Error from catch"))
    },
  }
}
</script>

As you can see all the details from the RFQsListApi.js file, such as username and password are visible and anyone can access these files by viewing the source. What can I do to protect or hide these username and other sensitive details from others.

question from:https://stackoverflow.com/questions/65931466/how-to-prevent-javascript-files-from-showing-in-view-source

Answer 1

As you can see all the details from the RFQsListApi.js file, such as username and password are visible and anyone can access these files by viewing the source.

Among other methods, such as just watching the files go over the network, or using a debugging console, or a browser extension, etc. etc.

What can I do to protect or hide these username and other sensitive details from others.

You can't. If you send someone some information, they have that information. If someone needs to use that information (such as a password) then they necessarily need to access that information, and there's nothing you can do to prevent it from being out there.

You need to do something differently, where the username/password isn't sent to everyone. Usually, each user's session will be given a temporary token representing that user, and the server will do actions on a database on their behalf, authenticating/verifying as you go.