DEV Community

menning
menning

Posted on

Where to put business logic

Hello,

this is a bit of a general question that I haven't been able to find an answer to online.

I have just started to dabble in React and Next.JS and would like to create my own project with Next.js to enhance my learning.

I would like to create a point of sale system using next.js and am thinking that calculations of sales tax etc should happen serverside rather than client side (understand that anyone can read you client side code). i do know that the calculation of sales tax is no big secret, but i'm just doing this to learn the principles :)

so my question is

  1. Am I wrong that it is not safe to keep all business logic in the frontend (such as some proritetary calculation)?
  2. If i hence was going to do my calculation in the backend, where would I do them? a function in Express?

hope someone can help.

thanks

Discussion (7)

Collapse
davidmaceachern profile image
David MacEachern • Edited

Hi Menning,

If i hence was going to do my calculation in the backend, where would I do them? a function in Express?

It sounds like you might be looking for vercel.com/docs/serverless-functio....

You can work on your React App and have it make API calls this way, you can even deploy the app continuously as you push it to your remote Git repository.

Am I wrong that it is not safe to keep all business logic in the frontend (such as some proritetary calculation)?

It depends, you might want to abstract sensitive operations to a server and consider how the network calls can be secured. If it's an exercise to learn more about React then maybe you don't want to consider those details just now.

Another reason might be if you want to make the application usable by a wide variety of users with varying degrees of connectivity then compute-heavy operations can be offloaded to the server or database. This might change in the future though once Webassembly becomes more widely adopted.

For example, uploading a CSV of transactions for 10 years and then attempting to perform many operations on them might not make sense in the browser storage.

Collapse
menning profile image
menning Author

Brilliant thanks! and you would suggest using serverless functions or would you rather suggest that I use CRA instead of NextJS, i.e. is NextJS not really suited for the type of application I am thinking?

Collapse
davidmaceachern profile image
David MacEachern

It depends on what your goal is, how long you want to spend working on this project, if it's a quick exercise then I would just use React.

Thread Thread
menning profile image
menning Author

Great thanks!

Thread Thread
davidmaceachern profile image
David MacEachern • Edited

Good luck! You can show us how you get on at showdev

Collapse
kaaiomarxx profile image
Kaio Marx

you could think of your tax function as a service, so write a get(or even post) request from your front-end to your back-end, passing some parameters, all of this using express, for even more learning you could do your back end application only execute get request when this request passes through your authentication system, with that you will learn some of the good practices of web development,

subjects to read about it: jsonwebtoken, HTTP request, express architecture (files organization)

free your creativity when you're building, programming is about that

Collapse
mattother profile image
mattother

Hey Menning,

You are correct any code you have on the front end can copied and used elsewhere. So it can be useful to keep important proprietary algorithms, etc. in backend code.

You can obfuscate code which could help, but at the end of the day, if somebody is willing to put in the effort they'll be able to figure it out eventually.

However, I think in your case you have a more important reason not addressed to run the code in the back end, to enforce business and system invariants.

In the case you presented above it would be tax calculation. If you don't at the very least reevaluate the taxes on the backend then somebody can decide the pay whatever amount they want for taxes (which I'm assuming wouldn't be great).

Same thing for product prices, etc. You should never assume any data you receive from the user is valid and instead should always validate.

Maybe that's already clear, but thought I'd point it out just in case.