Is it possible to encode tRPC data somehow?

I've built this webapp with t3 app and its mostly great - however i saw that all trpc data thats being sent from the backend can be found in the networks section of the chrome dev tools. Is there someway one can hide this - and at least make it a bit more tricky to get the data in raw form? There is no private data being sent - but access to the data in raw form is one of the largest moats of my product. Its taken a lot of time to assemble the data, and would be a shame if someone could just fetch it all using my site.
19 Replies
cje
cje•2y ago
not sure what you're looking for here. encryption? is this a problem youve solved successfully in the past with a different backend? generally id suggest to rate limit / protect endpoints to prevent someone from just downloading all your stuff encrypting data isnt really helpful because it can still be scraped but depends a lot on the specific problem
NickServ
NickServ•2y ago
Nope. If you need data on the client, it has to be unencrypted. If you have secret data, only put it on your server and never send it to clients/trpc.
Sebastian
Sebastian•2y ago
Or you can use a key to encrypt the data that you send to the client, and then from the client request the key to decrypt the data
NickServ
NickServ•2y ago
The client will have the key and the unencrypted data, that's totally insecure
Christian Lind
Christian Lind•2y ago
My endpoints are protected - but not ratelimited. How would one go about to solve that @cje ?
cje
cje•2y ago
api rate limiting is a more general problem, just go read up on it
cje
cje•2y ago
that being said theres this https://github.com/OrJDev/trpc-limiter
GitHub
GitHub - OrJDev/trpc-limiter: Open Source Rate Limiter Middleware F...
Open Source Rate Limiter Middleware For tRPC. Supporting Upstash, Memory Store And Much More - GitHub - OrJDev/trpc-limiter: Open Source Rate Limiter Middleware For tRPC. Supporting Upstash, Memory...
cje
cje•2y ago
i havent personally tried it though made by @OrJDev
Christian Lind
Christian Lind•2y ago
Just feels like its a bit to simple to get the data - all someone would need to do is double click this trpc request, and then get the raw data
Christian Lind
Christian Lind•2y ago
just scrambling it somehow would be cools cool*
cje
cje•2y ago
if this is like a quiz dont put the correct answers clientside probably
NickServ
NickServ•2y ago
Are you just rendering this data on the client?
Christian Lind
Christian Lind•2y ago
yep
NickServ
NickServ•2y ago
Server render it
Christian Lind
Christian Lind•2y ago
by using GetStaticProps? makes sense i guess but considering what the app is its fine if they want to cheat 🙂 How would i do this? Would it be by using getStaticProps, including the trpc function therein and then passing the data from trpc as a prop to the "main" function?
NickServ
NickServ•2y ago
You shouldn’t need tRPC for this
Christian Lind
Christian Lind•2y ago
okay, why/why not? How would you do this?
Xaohs
Xaohs•2y ago
Looking through this it looks like you don't want people getting the answer from your api endpoint? If that's the case can't you just send all the questions clientside and validate answers serverside? I don't think scrambling the data will do much, mostly you want to just not send sensitive data through
NickServ
NickServ•2y ago
Again, server render it
Want results from more Discord servers?
Add your server