I am working on a profile pages and one is public, I am trying to make sure that it is secure just in case a malitious visitor visits the site, I have been using dynamic set to get the current page profile owner and then using this to call backend functions that populate the client side.
function getSelfie() { const dynamicItem = $w(“#dynamicDataset”).getCurrentItem();
console.log(dynamicItem) // this is where it logs everything but if removed can it be called? const ownerID = dynamicItem._owner;
getProfileImage(ownerID).then( function (data) {
$w(“#profileImage”).src = data;
})
}
All seemingly works but when it comes down to individuals accessing the page it will not be the owner of the data but a visitor to their profile, I have secured the data collection with appropriate permissions and however when I call the dynamicItem piece it console logs the item and all data fields and their respective content, I need to know if this is just in the IDE or will also be the same when on the live site?
Obviously I will remove the console.log piece for the item but is there anyway that a malitious visitor will be able to read the returned value for the dynamicItem when getting the page owners ID?
I would ideally like to be able to do the dynamicItem in Backend and export the data to the front end via something like the:
export let data = {
prefix: item.prefix,
firstName: item.firstName
}
If your concern is security, definitely go with the backend. Having the id is not enough to get the data, and the permissions should help greatly, but you can create your own dynamic page using a router instead, so that you can feed the page a minimized version of the data from backend using the map() method.
Hi David, Many thanks for your swift response much of the code is in the backend now, but it seems that on a dynamic page I have to call the owner ID to be able to access the data and bring it to client side. By calling dynamicItem it console logs everything, all data in collection is encrypted so it’s just the field names and then a load of letters numbers and symbols in console log, but I only want to limit what data is called to the console when using dynamicItem, an example of the map() would be amazing. Si
@simonadams Yes, maybe I should clarify…what I mean by your own dynamic page is that you build it from scratch using a router page instead. That way you don’t have the dynamic dataset to deal with, and you can choose exactly which items to feed to it.
If you wanted to, you could even have a second id field for it with a different uuid so that you only use one id field for the backend, and a separate one for any frontend specific functions you might need.
With map, the router function to feed data might look something like this:
@skmedia ok now I am a bit confused, I was unaware you can create a router dynamic page? Reason why I’ve been using dynamic pages is to give the user the ability to show and/or hide information that they do or don’t want on the page. So for example if they wanted to hide their email they just click one of the switches on their private profile and it hides or shows on their public profile. what you’re suggesting makes sense for not needing to use the dynamic dataset on the page as it’s through the router but can the router page react the same as a dynamic page with the dataset? I’m guessing it can? I’ll have to look to see how create a router dynamic page. Si
@simonadams Datasets in themselves are already basically routers that sitemap for you, hence why they’re not technically on the page and require their own onReady.
The example in the Wix Support article on that page actually shows you how to do 70% or so of the work so you would just have to tweak the function I posted here and put it on your routers.js to replace the static object mentioned there.
@skmedia Hi David thanks for this, I am now expanding my understanding of routers and how beneficial these can be to what I am trying to achieve, I have looked at and understand how it seems to work in backend but when I try to get the data in client side and work with that I am seemingly at a loss, I have imported the responses from router such as import {ok} from ‘wix-router’; but this does not seem to allow me to utilise a dataObj with the details from the data collection? it says wix router is not visible in public.js? any help with understanding the client side would be great. Si