improve security
Unanswered
Spectacled Caiman posted this in #help-forum
Spectacled CaimanOP
This is one of my server action files
fetchData.ts: https://gist.github.com/fronkdev/11abb26f9a9610edaa21ba2b0804a240/revisions
Client Side implementation:
If this isn't safe or secure, what would be a better way to do this? I will eventually have additional functions which would send data to my other web server to update database models etc
fetchData.ts where I make API calls to my other web server with an API key. I want to ensure whether or not what I am doing here is secure, and whether or not these API keys will be exposed to the client?fetchData.ts: https://gist.github.com/fronkdev/11abb26f9a9610edaa21ba2b0804a240/revisions
Client Side implementation:
import { fetchMutualAndExcludedServers } from "@/components/Actions/fetchData";
export default function MyProfilePage({ user }: { user: GuildsUser }) {
const [mutualGuilds, setMutualGuilds] = useState<RESTAPIPartialCurrentUserGuild[]>();
const [excludedGuilds, setExcludedGuilds] = useState<RESTAPIPartialCurrentUserGuild[]>();
useEffect(() => {
(async () => {
const guilds = await fetchMutualAndExcludedServers({ userId: user.discordId });
setMutualGuilds(guilds.mutual);
setExcludedGuilds(guilds.excluded);
})();
}, [user.discordId])If this isn't safe or secure, what would be a better way to do this? I will eventually have additional functions which would send data to my other web server to update database models etc
13 Replies
is this
MyProfilePage a client component or server component?From the code, it seems like it is a client component. Well, you should not use server actions to fetch data in a client component. IDK if it works, I never tried it.
I would fetch the data in a server component and pass that data to the
I would fetch the data in a server component and pass that data to the
MyProfilePage.@averydelusionalperson From the code, it seems like it is a client component. Well, you should not use *server actions* to fetch data in a client component. IDK if it works, I never tried it.
I would fetch the data in a *server component* and pass that data to the `MyProfilePage`.
Spectacled CaimanOP
// src/app/user/[id]/page.tsx
import MyProfilePage from "../../../layouts/profile/MyProfilePage";
import { auth } from "@/server/auth";
export default async function Page({ params }: { params: { id: string } }) {
const session = await auth();
if (session?.user.discordId === params.id) return <MyProfilePage user={session.user} />;
}// src/layouts/profile/MyProfilePage.tsx
"use client";
import { useEffect, useState } from "react";
import { SubPageLayout } from "@/components//ui/BlurEllipsis";
import { fetchMutualAndExcludedServers } from "@/components/Actions/fetchData";
import type { GuildsUser } from "@/typing";
import { SearchLoadingCard } from "../../components/Search/SearchLoadingCard";
import { UserServerCard } from "../../components/Servers/ServerCard";
import { RouteBases, Routes, type RESTAPIPartialCurrentUserGuild } from "discord-api-types/v10";
import ProfileLayout from "./ProfileLayout";
export default function MyProfilePage({ user }: { user: GuildsUser }) {
const [mutualGuilds, setMutualGuilds] = useState<RESTAPIPartialCurrentUserGuild[]>();
const [excludedGuilds, setExcludedGuilds] = useState<RESTAPIPartialCurrentUserGuild[]>();
useEffect(() => {
(async () => {
const guilds = await fetchMutualAndExcludedServers({ userId: user.discordId });
setMutualGuilds(guilds.mutual);
setExcludedGuilds(guilds.excluded);
})();
}, [user.discordId])
return (
<SubPageLayout>
<ProfileLayout user={user} self={true}>
... omitted for extra characters ...
</ProfileLayout>
</SubPageLayout>
);
}just
fetchMutualAndExcludedServers in the Page and pass it to the MyProfilePage@averydelusionalperson just `fetchMutualAndExcludedServers` in the `Page` and pass it to the `MyProfilePage`
Spectacled CaimanOP
alright, also on this page i will be making requests once someone updates something on their profile, how should i go about securing this?
wdym "secure", it's already secure. it's fetched on server side
Spectacled CaimanOP
well in the client component, once they press a "save" button, i was going to call a server action which would update the database, im just wondering how i could secure this and ensure it can only be ran from the website itself
Server actions are already secure 
. and "it can only be ran from the website itself" wdym this
. and "it can only be ran from the website itself" wdym this@averydelusionalperson Server actions are already secure <:thinq:1158595784938365018> . and "it can only be ran from the website itself" wdym this
Spectacled CaimanOP
for example using postman to make a request to the endpoint the server action uses
I don't think you can really do that? you can?
never tried it
Spectacled CaimanOP
alright. if server actions are secure then what would be the benefit of moving the fetch into the Page server component rather than calling the component from the client side? by calling it from the client side i can implement loaders whereas from the server side i cant
I am not sure ngl. maybe check this out: https://www.youtube.com/watch?v=O8AmIELoxrc&ab_channel=DaveGray