blazor-starter-kit icon indicating copy to clipboard operation
blazor-starter-kit copied to clipboard
verified publisher icon fullstackhero

[Question] Exposing (potential sensitive) code in the clients browser

Open Rogn opened this issue 4 years ago • 4 comments

This is a great project! Thanks for that

But I have a question about the current architecture in regards to exposing (potential sensitive) code in the client. If you look at the project dependency graph for the Client, it references all the projects, except the Infrastructure ones. And if I understood Blazor WebAssembly correctly, the code for all these project will end up being delivered to the clients browser, where it would be possible to reverse-engineer the code. image

Is this correctly understood?

It seems that the primary reason for referencing the Application project, is to use the Request and Response entities. Would it not make sense to extract them into their own Project, and then have the Application and Client (Client.Infrastructure) project reference that project as the Client would then have no direct dependency on the Application project?

/Hallur

Rogn avatar Jun 08 '21 22:06 Rogn

I agree with you. This is a very big architectural bug. All Request and Response entities, and all responses from queries and commands must be in Shared project. Somebody must fix it. I can do that, I have already fixed it in my project.

grishat avatar Jul 09 '21 05:07 grishat

I found that there was still a lot of copy-and-paste code work, In actual projects, like creating an entity. I copy one IEntityRepository and EntityRepository. that two classes were empty code In the normal,it's ok. now, I have to create CURD features with MediatR patterns, e.g. AddCommand, CommandHandler,Query, and QueryHandler, there requestcommand map to entity, query entity map to query reponse, with config automapper, it's ok.

next client project I have to create IEntityManager,EntityManager, it's ok but I have to duplicate define request and response for IEntityManager, and map to command and queryrequest,request response. so, Developing a simple CRUD feature, will take at least 8 hours. I spent a lot of time copying and pasting and renaming

neozhu avatar Jul 10 '21 05:07 neozhu

There is a simple fix for this. Never use on the blazor project the Application Project. Create POCO to call the API. these can be shared from the blazor and server projects

cmorgado avatar Aug 30 '21 13:08 cmorgado

I agree 100%.

With Blazor WASM there needs to be a boundary layer between the Presentation and Application layers with the DTOs (and related things). The only DLL the client should be downloading is that; It should not see anything other than the Presentation layer and the boundary (call it an interface perhaps?) to the Application layer.

garkpit avatar Aug 31 '21 11:08 garkpit