How to load environment variables in Svelte using Vite or Svite - environment-variables

I've been trying to figure out best practices on implementing environment variables for API configurations in Svelte App. As far as I know, We have to use either Vite or Svite to make it work. Can anyone help me find a solution please ??

This is how I did it but I bet there are other good practices
I make use of dotenv and $lib provided by SvelteKit.
Below are my folder structure and related js:
├── sveltekit-project/ // Root
| ├── src/
| | ├── lib/
| | | ├── env.js
| | | ├── other.js
| | | ...
| | |
| | ├── routes/
| | | ├── main.svelte
| | | ...
| | ├── app.html
| | ...
| ├── .env
/** /src/lib/env.js **/
import dotenv from 'dotenv'
dotenv.config()
export const env = process.env
/** /src/lib/other.js **/
import { env } from '$lib/env'
const secret = env.YOUR_SECRET
By the way, I recommend you reading the "How do I use environment variables?" part in SvelteKit FAQ. It seems very relevant to what you concern, but I am afraid it means some workarounds are needed instead of the VITE_* variables..

There seems to be some confusion around the security issues, but it's actually quite simple.
If you want to use insensitive information, proceed like this:
create an .env and/or .env.local, .env.production file, read more here https://vitejs.dev/guide/env-and-mode.html#env-files
name your variable VITE_<some name> for example VITE_API_URL to store where your backend location is. That's not sensitive information so it's ok to expose this through your svelte app to the internet.
you can then access this directly inside of the script tags in svelte like this: import.meta.env.VITE_API_URL
If you have sensitive information:
Then you shouldn't expose it in a svelte client... PLEASE don't do something like suggested in Saad's answer and expose your API key to the public! Instead you'll need a server to securely hold that information, but how to setup a server is then again a different topic.

Warning
The VITE_ prefix would expose sensitive information to client side! More info
Normally, I'd simply delete this answer, but its clear that the whole import.meta.env.VITE_SECRET_PASSWORD is not a clever design. What is the point of using a .env variable that is not secure, per the security note warning at https://vitejs.dev/guide/env-and-mode.html#env-files ??
As a developer, my expectation is that I can use .env variables to store secure information.
Let this answer stand as a warning: Do not do this.
My original response below:
I spent some time struggling here..
Environment Variable file, must be named .env:
VITE_SENDGRID_API_KEY=SG.9999999999....999999999999
I spent way too much time to figure out that sendgrid.env as a filename will not work.
I added a file to the /src/lib directory called env.js. Here are the complete contents of that file:
export const ENV_OBJ = {
SENDGRID_API_KEY: import.meta.env.VITE_SENDGRID_API_KEY,
TEST: "test, test, test"
};
And then when I need it elsewhere...
import { ENV_OBJ } from '$lib/env'
// console.log("API Key.test: ", ENV_OBJ.TEST);
sgMail.setApiKey(ENV_OBJ.SENDGRID_API_KEY);
I'm using SvelteKit, Javascript, etc... No extra dotenv. Keep it simple, make it easy.

Make sure all your environment variables start with the prefix "VITE_".
Example:
VITE_API_KEY=8465313163463435434353535
Include your variable in the Svelte file using the syntax "import.meta.env.VARIABLE_NAME".
Example:
headers: {
"X-RapidAPI-Key": import.meta.env.VITE_API_KEY
}
And that's it. Hope that helps.

Related

Clarify file/dir list to include in duply profile

I have defined /tmp/ as my source directory. I want to backup only in1/ and in2/ subfolders from it. What lines do I need in profile's exclude file?
/tmp/a
├── in1
│   └── in.txt
├── in2
│   └── in.txt
└── out.txt
According to duplicity man page's dir/foo example, I tried:
+ in1/
+ in2/
- **
But that did not work and I got error as:
Reading globbing filelist /path/to/duply_profile/exclude
Fatal Error: The file specification
in1/
cannot match any files in the base directory
/tmp
Useful file specifications begin with the base directory or some
pattern (such as '**') which matches the base directory.
better use up-to-date man page from duplicity's website https://duplicity.us/stable/duplicity.1.html#file-selection
not sure why the example relative paths is in there, but as the error states you will need something along the lines
+ /tmp/in1/
+ /tmp/in2/
- **
feel free to post a bug ticket on https://gitlab.com/duplicity/duplicity/-/issues so maybe someday some kind soul would make it work with relative paths.
I figured that the following specification work:
+ **in1/
+ **in2/
- **

Jenkinsfile how to iterate through subfolder/subfile names?

Suppose my directory is like this:
Project
|
|
| -- Jenkinsfile
|
| -- SubFolder1
|
| -- SubFolder2
I am using a script version of Jenkinsfile. I am wondering, how can I iterate through Project and get all folder names as one string?
If I do something like:
def filenames = [];
def dir = new File("$PWD");
dir.traverse(type: FILES, maxDepth: 0) {
filenames.add(it.getName())
}
It doesn't work since $PWD doesnt seem to be the actual current Project/ directory. Thanks!
${WORKSPACE} will point to the current running job local file system path.
See: http://localhost:8080/env-vars.html/ for environment variables list
Change localhost and port to your Jenkins instance.

massaging packages that install files outside of nix-store

I'm using nix package-manager on macOS (Sierra).
My intention is to write a nix expression that will install the existing fish nix package along with the Bass fish plugin.
There are no existing expressions in nixpkgs for Bass, but the git repo contains a Makefile. This Makefile attempts to copy files to the $HOME dir. This is a problem as installing files outside of the nix-store is clearly not desirable and $HOME is not set when I build my package.
I can recognise why it's not desirable for nix packages to install files outside of the nix-store - in functional programming terms it's akin to a side-effect. But I'm also not clear on how to solve my problem:
By default Fish requires plugins such as Bass to be installed under $HOME/.config/fish/. Fish does provide a means to customise the config path by specifying the environment variable XDG_CONFIG_HOME. So I was thinking of doing something like this:
Create an expression for Bass patching the Makefile to install the files under $out.
Create an expression that installs fish and uses Bass as a build input. Use wrapProgram to set XDG_CONFIG_HOME pointing to the Bass install path in the nix-store.
Does this sound like the right approach? Are there alternative/better ways of solving this?
Thanks
This is the solution that I have gone with:
Expression for bass:
nix_local/pkgs/fish_plugins/bass/default.nix
{stdenv, fetchFromGitHub}:
let
version = "0.0.1";
in
stdenv.mkDerivation rec {
name = "bass-${version}";
src = fetchFromGitHub {
owner = "edc";
repo = "bass";
rev = "1fbf1b66f52026644818016015b8fa9e0f639364";
sha256 = "12bp8zipjbikasx20yz29ci3hikw0ksqlbxbvi2xgi4g6rmj7pxp";
};
patchPhase = ''
substituteInPlace Makefile --replace \
"~/.config/fish" \
$out/.config/fish
'';
}
Expression for fish_with_config:
nix_local/pkgs/fish_with_config/default.nix
{stdenv, fish, bass, makeWrapper}:
let
version = "0.0.1";
in
stdenv.mkDerivation rec {
name = "fish-with-config-${version}";
src = ./.;
buildInputs = [fish bass makeWrapper];
installPhase = ''
mkdir -p $out/.config/fish/functions
cp -r $src/.config/* $out/.config
cp -r ${bass}/.config/fish/functions/* \
$out/.config/fish/functions/
mkdir -p $out/bin
ln -s ${fish}/bin/fish $out/bin/fish
wrapProgram $out/bin/fish --set XDG_CONFIG_HOME "$out/.config"
'';
}
The Fish program is wrapped in order for it's config to be stored in the nix-store. This enables us to symlink the functions from Bass and also copy any additional config files from the local $src dir. Additional plugins could be symlinked in the same way.
The local src dir for the derivation contains the following files:
pkgs/fish_with_config
├── .config
│   └── fish
│   ├── fishd.8c8590486f8c
│   └── functions
└── default.nix
The .config/fish/fishd.8c8590486f8c file is a "universal variable file" which Fish requires in order to operate. In a standard Fish installation this file is stored under ~/config/fish/ and is created the first time you enter interactive mode. The contents of this file would typically change over time as users interact with Fish settings.
The fish_with_config derivation stores the Fish config in the nix-store, which means it can't be modified at a latter date (not writable). This means all the config settings need to be done upfront as any attempts by the user to modify the settings will result in permission errors - this is obviously a little inconvenient, but not a show stopper for me.
It's probably worth noting that the universal variable file may change with different releases of Fish and as such if I was to build fish_with_config with a newer version of Fish I would first determine it's default content by running fish in a nix-shell and inspecting the auto generated file under ~/config/fish/.
In summary the above works nicely, I have access to bass and any additional user defined functions I choose to "bake in" (pkgs/fish_with_config/.config/fish/functions).
If you see anything that could be improved or handled more idiomatically let me know.

FileNotFoundException with absolute path

I have a directory like this:
assigment
|
|__ src
| |
| |__ Main.scala
|
|
|__ testcase
|
|__ Simple.in
In Main.scala, Simple.in is read by Source.fromFile():
val inputFile = "Simple.in"
val lines = Source.fromFile("./testcase/" + inputFile).getLines
But when I run Main.scala in sbt the FileNoutFoundException appear. When I change the path to "../testcase/" + inputFile then it works fine. The original path is from my teacher, so I wonder which path is actually correct? Oh, I'm using Linux btw...
./ means: the current path
../ means: the directory "above" the current directory
Thus: when you run your Scala class from "src", "./testcase" makes it look for a directory testcase within "src"; or using full path names:
"assignment/src/" + "./testcase" turns into "assignment/src/testcase"
Whereas, when you use
"assignment/src/" + "../testcase" turns into "assignment/testcase"
therefore, the version with ".." finds the valid path. That is all the magic here!
. => current dir
.. => one above curren dir
But standard way to access resources is using the resources folder of sbt project structure.
This way helps you to access files independent of where (which class) you are accessing the resource in the code.
Folder to put your files
src/main/resources
val stream : InputStream = getClass.getResourceAsStream("/readme.txt")
val lines = scala.io.Source.fromInputStream( stream ).getLines

How to create xpi file with 7Zip?

I would like to pack my firefox extension as xpi file. I tried by adding it to archive and name it as filename.xpi
But when i try to install it on firefox am getting "package corrupted" message. Is there any way i can create a valid xpi file ?
I have installed cygwin and tried to execute zip command to create xpi file. But got zip is not a command error.
Can somebody guide me to get it done ?
If you are on windows (to install cygwin it looks like you do), you can use the windows built in tool:
Select the contents of the extension (remember, don't select the outside folder).
Right Click
Send to
Compressed (zipped) folder
Then just replace the .zip for .xpi in the filename
Looks like your problem is on completing the point 1. correctly. Select only the contents of the extension. Not the folder that contains it.
So basically your zip file should have following structure:
my_extension.zip
|- install.rdf
|- chrome.manifest
|- <chrome>
and NOT this structure:
my_extension.zip
|- <my_extension>
|- install.rdf
|- chrome.manifest
|- <chrome>
I experienced the same problems today and found the error to be that the add-on was obviously not signed by Mozilla, causing Firefox to refuse the installation. Up until recently, it was possible to by-pass this security check by setting xpinstall.signatures.required to false in about:config. However, as of Firefox 46, signing is mandatory and no by-pass is provided any longer, see https://blog.mozilla.org/addons/2016/01/22/add-on-signing-update/ This means that one has to either downgrade to a previous version or use a non release channel version to test one's addons :(
Also, here's how I pack an extension for Firefox with command line 7z:
cd /the/extension/folder/
7z a ../<extension_name>.xpi * -r
(where 'a' stands for "add/create" and "-r" for recursive)
Or to update the extension with the file(s) we just edited:
cd /the/extension/folder/
7z u ../<extension_name>.xpi * -r
("u" for update the archive's content)
Two methods, using the GUI 7zFM.exe, or a command line or batch file.
1.0) GUI method. Assuming 7-Zip is installed with shell integration so you see 7-Zip show up in the context-menu (right-click of selected files) of Windows Explorer.
1.a) Go into the folder of your add-on.
1.b) Select all the files and folders you want to include in the .xpi. Assuming you don't have any files you want to ignore down in any sub-folders. If you do, you might want to use the command line option.
1.c) Right-click on the list of selected files, find the 7z icon, choose the Add to archive... option.
1.d) A dialog pops up. Edit the location and name of the zip file, change to .zip to .xpi, etc.
1.e) Note if you create the .xpi in the same folder, don't re-archive it in the future, as your add-on will fail horribly. You never want an .xpi ending up inside your .xpi by accident. I usually just create it in the parent folder, by adding ..\ to the beginning of the file name, e.g. ..\addon-1.2.3-fx.xpi
1.f) 7-Zip has a lot of powerful compression options, not all of which Firefox can handle. Choose settings which Firefox is able to process. Refer to image.
2.0) Command Line method. Assuming you're in Windows, and know how to open a command prompt, change drives and directories (a.k.a. folders).
2.a) CD to your add-on directory.
2.b) Use the most basic 7-Zip command line.
"C:\Program Files\7-Zip\7z.exe" a -tzip addon-1.2.3-fx.xpi *
2.c) You can get a smaller file by finding the exact command line options which correspond to the above GUI, namely:
"C:\Program Files\7-Zip\7z.exe" a -tzip -mx=9 -mm=Deflate -mfb=258 -mmt=8 "addon-1.2.3-fx.xpi" *
Note that there is no Dictionary size = 32kb option when using Deflate Compression method. Otherwise, the options are in order and correspond to the GUI.
|-----------------------|---------|--------------|
| Option / Parameter | GUI | Command line |
|-----------------------|---------|--------------|
| Archive format | zip | -tzip |
| Compression level | Ultra | -mx=9 |
| Compression method | Deflate | -mm=Deflate |
| Dictionary size | 32 KB | (none) |
| Word size | 258 | -mfb=258 |
| Number of CPU threads | 8 | -mmt=8 |
|-----------------------|---------|--------------|
| Additional Parameters | | |
|-----------------------|---------|--------------|
| Recurse into Folders | (none) | -r |
| Multiple passes | (none) | -mpass=15 |
| Preserve Timestamps | (none) | -mtc=on |
| Ignore files in list | | -x#{ignore} |
|-----------------------|---------|--------------|
Notes:
i) The multi-thread option (-mmt=8) is specific to my system which has 8 cores. You will need to lower this to 6 or 4 or 2 or 1 (i.e. remove option) if you have fewer cores, etc, or increase if you have more. Won't make much difference either way for a small extension.
ii) The option to recurse into folder may or may not be the default, so specifying this option should ensure proper recursion.
iii) The option to preserve windows timestamps (creation, access, modification) should default to on anyways, so may not be needed.
iv) The ignore files in list option is any file which has a list of files and wildcards of files you wish to exclude.
2.d) Advanced topic #1: ignore file list (examples)
|----------------|------------------------------------|
| What to Ignore | Why to Ignore |
|----------------|------------------------------------|
| TODO.txt | Informal reminders of code to fix. |
| *.xpi | In case you forget warning above! |
| .ignore | Ignore the ignore file list. |
| ignore.txt | Same thing, if you used this name. |
|----------------|------------------------------------|
"C:\Program Files\7-Zip\7z.exe" a -tzip -mx9 -mm=Deflate -mfb=258 -mmt=8 -mpass=15 -mtc=on "addon-1.2.3-fx.xpi" * -x#ignore.txt
2.e) Advanced topic #2: Batch file (Windows CMD.EXE), assuming fairly recent windows, i.e. from the 21st century. This can be as simple and rigid, or complex and flexible as you care to make it. A general balance is to assume you will be in the Command Prompt, in the top level directory of the add-on you are working on, and that you have intelligently named that directory to have the same basename of the .xpi file e.g. D:\dev\addon-1.2.3-fx directory for the addon-1.2.3-fx.xpi add-on xpi. This batch file makes this assumption, and dynamically figures out the correct basename to use for the .xpi.
#ECHO OFF
REM - xpi.bat - batch file to create Mozilla add-on xpi using 7-Zip
REM - This finds the folder name, and discards the rest of the full path, saves in an environment variable.
FOR %%* IN (.) DO SET XPI=%%~nx*
REM - Uncomment the DEL line, or delete .xpi file manually, if it gets corrupted or includes some other junk by accident.
REM DEL "%XPI%.xpi"
REM - Command line which does everything the GUI does, but also lets you run several passes for the smallest .xpi possible.
"C:\Program Files\7-Zip\7z.exe" a -tzip -r -mx=9 -mm=Deflate -mfb=258 -mmt=8 -mpass=15 -mtc=on "%XPI%.xpi" * -x#ignore.txt
REM - Cleanup the environment variable.
SET XPI=
When pack extension using 7z, compress into .zip and then rename to .xpi, dont compress i
Do as per the following while using 7z
Select only the inner contents and not the outer folder.
Enter the filename as filename.xpi and choose archive format as zip in the prompt that appears while zipping.
You will find a valid xpi file created.
Use the created xpi for installing your extension on firefox.
It works!
Just zip all the files and folders inside my_extension folder and change the resulting zipped file's extension to my_extension.xpi
/my_extension
|- defaults/
|- locale/
|- resources/
|- install.rdf
|- ... (other files and folders)
Installation of xpi file created from zipped file of my_extension folder will result error as
"This add-on could not be installed because it appears to be corrupt." error
I try myself to build a zip in several ways because I was convinced I do something wrong 'cause all i got was "package corrupted" stuff .
well.. not anymore and I do not even need to load it from Load temporary add-on (now i drag and drop the xpi file from the desktop over Waterfox and I install it as legit xpi file!
How I do that?
'Cause I try myself the github stuff I load it first in Load temporary add-on (url:about:debugging#addons) the xpi file using the method used by user314159 with the .bat file method that use 7zip.
after you load that you should read somewhere something similar to:
Extension ID
86257e65ca311ee368ffcee50598ce25733a049b#temporary-addon
then all you should do is add inside manifest.json modifying the "applications" :
"applications": {
"gecko": {
"strict_min_version": "54.0a1",
"id": "86257e65ca311ee368ffcee50598ce25733a049b#temporary-addon"
}
},
after this push Remove to uninstall the temporary addon then you should build the xpi again like you did before
now is a normal xpi file SIGNED what you can install normal ! (here is works without modifying anything else)
I use Waterfox x64 i's seems to be problems to Firefox
the answer is you should upload your extension on the hub then to use mozilla signing api
https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/Distribution
Create file config.js
Insert code into config.js
//
try {
Components.utils.import("resource://gre/modules/addons/XPIProvider.jsm", {})
.eval("SIGNED_TYPES.clear()");
}
catch(ex) {}
Move config.js to application work folder, eg: C:\Program Files\Mozilla Firefox\
Create config-prefs.js and write code into:
pref("general.config.obscure_value", 0);
pref("general.config.filename", "config.js");
Place config-pres.js to C:\Program Files\Mozilla Firefox\defaults\pref\
Restart Firefox
Look result

Resources