[Question] Exposing (potential sensitive) code in the clients browser

[Rogn]

This is a great project! Thanks for that

But I have a question about the current architecture in regards to exposing (potential sensitive) code in the client. If you look at the project dependency graph for the Client, it references all the projects, except the Infrastructure ones. And if I understood Blazor WebAssembly correctly, the code for all these project will end up being delivered to the clients browser, where it would be possible to reverse-engineer the code.

Is this correctly understood?

It seems that the primary reason for referencing the Application project, is to use the Request and Response entities. Would it not make sense to extract them into their own Project, and then have the Application and Client (Client.Infrastructure) project reference that project as the Client would then have no direct dependency on the Application project?

/Hallur

[grishat]

I agree with you. This is a very big architectural bug. All Request and Response entities, and all responses from queries and commands must be in Shared project. Somebody must fix it. I can do that, I have already fixed it in my project.

[neozhu]

I found that there was still a lot of copy-and-paste code work, In actual projects, like creating an entity. I copy one IEntityRepository and EntityRepository. that two classes were empty code In the normal,it's ok. now, I have to create CURD features with MediatR patterns, e.g. AddCommand, CommandHandler,Query, and QueryHandler, there requestcommand map to entity, query entity map to query reponse, with config automapper, it's ok.

next client project I have to create IEntityManager,EntityManager, it's ok but I have to duplicate define request and response for IEntityManager, and map to command and queryrequest,request response. so, Developing a simple CRUD feature, will take at least 8 hours. I spent a lot of time copying and pasting and renaming

[cmorgado]

There is a simple fix for this. Never use on the blazor project the Application Project. Create POCO to call the API. these can be shared from the blazor and server projects

[garkpit]

I agree 100%.

With Blazor WASM there needs to be a boundary layer between the Presentation and Application layers with the DTOs (and related things). The only DLL the client should be downloading is that; It should not see anything other than the Presentation layer and the boundary (call it an interface perhaps?) to the Application layer.