How to hide app.js, controller.js files or code?
They are visible in html source. Is there anyway to hide them?
You can hide your javascript code using NGINX server subrequest.
If you have /admin
route in angular, backbone or other js framework and you want to hide it for unauthorized users, you can make subrequest in NGINX to backend, which checks if user is authorized. If not, then you throw 404 or make redirect to homepage.
This is nginx module which contains more details: http://nginx.org/en/docs/http/ngx_http_auth_request_module.html
The code in NGINX looks more or less like this:
location ^~ /admin {
# checking in background if user is privileged
auth_request /auth;
root /var/www/angular-client/;
}
location = /auth {
proxy_pass http://backend.cms/api/v1/users/admin.json;
proxy_set_header X-Original-URI http://backend.cms/api/v1/users/admin.json;/
}
This cannot be done.
But you can use tools for minify the sources. See Google Clousure and ng-min for angular.js
I recommend you to use grunt to build one single js file for you application, with all of your code minified. Take a look at those projects that may be useful: ng-boilerplate and yeoman - angularjs
You cannot hide angualrjs. Its based on Javascript. To minify, doesn't help because anyone can convert it back to human readable view (sure if anyone wants to steal your code). Any sensitive logic try to put on server side.
Hope it will hep,
This is the natural behaviour of a front-end framework; you do not hide the source code. There should be no sensitive data whatsoever in your front-end, especially no passwords. Just like Stack Overflow, all the font-end code is and will always be visible to the user.