Sign in
Log inSign up
JTK

148 likes

·

3.4K reads

8 comments

Eleftheria Batsou
Eleftheria Batsou
Feb 2, 2022

Great writing JTK!

P.S. If you are using any social media (twitter, linkedin) I'd suggest you add them to your Hashnode profile so more people can follow your work.

6
·
Colin Bate
Colin Bate
Feb 2, 2022

You mention that you need to keep your Fauna key safe, which I agree with. However, you then embed those keys into your app. Those keys will ship as part of your JS files.

Since the keys you created in this example are admin keys I'm guessing that would give someone full access to your data. You might be ok with some restricted read-only keys. Otherwise, you may want to move your data access to something like a serverless function.

The Vue CLI documentation specifically says not to store private or secret information in the .env files.

4
·
·3 replies
Shadid Haque
Shadid Haque
Feb 2, 2022

yup, I agree, revealing those keys can allow potential bad actors to access your data. A best practice would be to limit it to only read access then put them in an environment variable.

1
·
JTK
JTK
Author
·Feb 2, 2022

Yeah in continuity with the last comment, there's a reason the entire article takes place on localhost ;) the objective of this code is me to look at all three frameworks, this is not something intended to be deployed, nor is it structured as a "real" app beyond Hello World complexity would be

1
·
Colin Bate
Colin Bate
Feb 2, 2022

JTK That is fine, and I'm glad that you didn't deploy this. I had noticed that you didn't provide an online working version. But I wanted to mention it because you do encourage others to follow along (with boilerplate repos included) and if people do deploy what they created, they are putting their Fauna keys at risk.

1
·
Colin Bate
Colin Bate
Feb 2, 2022

Always great to see Svelte getting favorable press. One thing I thought I would mention is that while $$props will work to access properties, it isn't the official way of doing it.

As per the Svelte docs, you want to have something like this in your script block:

export let db;
export let q;
3
·
·1 reply
JTK
JTK
Author
·Feb 2, 2022

Yeah definitely took some liberties with conventions to keep parity/simplicity (same for the React example) would not necessarily make the same choices on anything more robust than a Hello World :)

1
·
Iqboljon Mutalibov
Iqboljon Mutalibov
Feb 3, 2022

All is well Thank you too

1
·