Hello,
this is a bit of a general question that I haven't been able to find an answer to online.
I have just started to dabble in React and Next.JS and would like to create my own project with Next.js to enhance my learning.
I would like to create a point of sale system using next.js and am thinking that calculations of sales tax etc should happen serverside rather than client side (understand that anyone can read you client side code). i do know that the calculation of sales tax is no big secret, but i'm just doing this to learn the principles :)
so my question is
- Am I wrong that it is not safe to keep all business logic in the frontend (such as some proritetary calculation)?
- If i hence was going to do my calculation in the backend, where would I do them? a function in Express?
hope someone can help.
thanks
Top comments (7)
Hi Menning,
It sounds like you might be looking for vercel.com/docs/serverless-functio....
You can work on your React App and have it make API calls this way, you can even deploy the app continuously as you push it to your remote Git repository.
It depends, you might want to abstract sensitive operations to a server and consider how the network calls can be secured. If it's an exercise to learn more about React then maybe you don't want to consider those details just now.
Another reason might be if you want to make the application usable by a wide variety of users with varying degrees of connectivity then compute-heavy operations can be offloaded to the server or database. This might change in the future though once Webassembly becomes more widely adopted.
For example, uploading a CSV of transactions for 10 years and then attempting to perform many operations on them might not make sense in the browser storage.
Brilliant thanks! and you would suggest using serverless functions or would you rather suggest that I use CRA instead of NextJS, i.e. is NextJS not really suited for the type of application I am thinking?
It depends on what your goal is, how long you want to spend working on this project, if it's a quick exercise then I would just use React.
Great thanks!
Good luck! You can show us how you get on at showdev
you could think of your tax function as a service, so write a get(or even post) request from your front-end to your back-end, passing some parameters, all of this using express, for even more learning you could do your back end application only execute get request when this request passes through your authentication system, with that you will learn some of the good practices of web development,
subjects to read about it: jsonwebtoken, HTTP request, express architecture (files organization)
free your creativity when you're building, programming is about that
Hey Menning,
You are correct any code you have on the front end can copied and used elsewhere. So it can be useful to keep important proprietary algorithms, etc. in backend code.
You can obfuscate code which could help, but at the end of the day, if somebody is willing to put in the effort they'll be able to figure it out eventually.
However, I think in your case you have a more important reason not addressed to run the code in the back end, to enforce business and system invariants.
In the case you presented above it would be tax calculation. If you don't at the very least reevaluate the taxes on the backend then somebody can decide the pay whatever amount they want for taxes (which I'm assuming wouldn't be great).
Same thing for product prices, etc. You should never assume any data you receive from the user is valid and instead should always validate.
Maybe that's already clear, but thought I'd point it out just in case.