UNSOLVED NodeJS setup question

  • Our web guy is currently looking at the example here

    We're having to setup a web interface where a user can log into their account, register some information, and then some data is saved to their account which they can access in an app.

    I am adding his question here.

    I started working on integration with BrainCloud using their official client library for NodeJS
    It looks like it can not work on a server.
    Could you please validate that it is only intended to work from Browser with BrainCloud support?
    If it so - could you please ask them about best practices of securing the app secret? If we implement it the same way it is done in the example it could be easily fished out along with app Id.

    I appreciate any help provided. Thank you.

  • bitHeads

    Hi Chris,

    Can you provide us with more details of your use case regarding your web interface? if you can write some validation handle code on your web interface server, you still can call all of brainCloud Client-API, unless you want the API directly be called from your client app through your web interface server without any validation code for that, if that is the case, you will have to use S2S for that. https://www.npmjs.com/package/brainclouds2s, it's kind of complicated than using https://www.npmjs.com/package/braincloud

  • I'm not a web developer, so forgive me if I don't understand that side of things.

    We currently have an app for a client that has a subscription based service. The subscription can be purchased on an individual bases, however the main use case is that a teacher/leader can purchase a package instead where a single license key can have multiple users. They can distribute their key to any number of users.

    Originally, the client requested a link in the app we developed for them to allow the user to go to a separate web page that we ran using an in app browser. Since they never left the app, we were able to transmit data to use their braincloud ID as a unique ID when they registered their account and once they entered their key on the simple webform, we could close that out and return to the app, easily saving information to their account from there.

    However, as we had warned the client, most likely Apple would put a stop to this as it was bypassing their own subscription service IAP. Recently while trying to do an update to the app, the reviewer noticed the link and rejected the update.

    Our phase 1 solution with the client is to allow the user to create an account in the app as normal.
    They will then need to go to the clients webpage which will have a link to our webform.

    This webform will require the user to log in using the same credentials as they used to create their account in the app. Then they will go to the webform to enter their subscription key. This will be validated with the clients server and once returned, we'll need to save a key/value pair to the users braincloud account.

    Once they receive a successful message, they will be able to return to the app and we'll be able to grab that value and use it for all future validations from within the app and allow them access to their content.

    Note that phase 2 will have a full dashboard created on the clients webpage to allow for account creation and management. We're certainly hoping to use what we learn from phase 1 in phase 2.

    Sorry for the long winded explanation. Hopefully this helps explain what we're trying to achieve.

  • brainCloud

    Hi Chris,

    Javascript security is a tricky thing - but our Javascript libs should run on the server. Is your dev seeing an issue?

    We've tasked the devs to look into it (sometimes an unwanted dependency creeps in there as we stretch to support all the Javascript scenarios).

    Let us know what you're seeing.



  • Hi Chris,

    There is no problem with running the library on a Node.js server. We do the same with our unit tests. One little caveat is that you'll have to include those definitions somewhere at the top of your main file:

    // Set up XMLHttpRequest.
    XMLHttpRequest = require("xmlhttprequest").XMLHttpRequest;
    window = {
        XMLHttpRequest: XMLHttpRequest
    XMLHttpRequest.UNSENT = 0;
    XMLHttpRequest.OPENED = 1;
    XMLHttpRequest.HEADERS_RECEIVED = 2;
    XMLHttpRequest.LOADING = 3;
    XMLHttpRequest.DONE = 4;
    // Set up WebSocket.
    WebSocket = require('ws');
    // Set up LocalStorage.
    LocalStorage = require('node-localstorage/LocalStorage').LocalStorage;
    os = require('os');
    var configDir = os.homedir() + "/.bciot";
    localStorage = new LocalStorage(configDir);
    const BC = require('braincloud');

    And you'll have to install those NPM dependencies:

      "dependencies": {
        "braincloud": "^4.3.6",
        "node-localstorage": "^2.1.5",
        "ws": "^7.2.1",
        "xmlhttprequest": "^1.8.0"

    Hope this helps.

  • Thanks @Paul-Winterhalder and @David-St-Louis-0 . I'm communicating with our web dev and am passing on the information to him. I'll respond here once I get more information from him. Appreciate the quick replies.

Log in to reply