The initGooglePlaces feature initializes the Google Places service.
This is done conditionally (via feature enablement) when we are using
real services (i.e. when WIFI is enabled: featureFlags.useWIFI).
The credentials are defined through the Google Places API Key
resource located in the deployment site: public/gpak. This
resource name is purposely obscure so as not to infer it's sensitive
content.
For your protection you should:
-
gitignore the resource, preventing unauthorized access from github check-in. Note: this resource is still deployed to your server.
-
Encode this resource (via
util/encoder), minimizing it's exposure to your deployment site. -
Secure your API Key through the Google Cloud Console (limiting it's usage to only authorized domains, etc.).
Here is a sample Google Places API Key resource, before it is encoded:
Google Places API Key
tbdHere is the same resource, after it is encoded (in it's gitignored deployment site):
public/gpak
afesadGJk