I am in the process of converting over a private plugin and was curious about strategy for securing my front-end codebase.
I would like to use a very minimal server-side layer, with most of the API being driven by the Confluence JS API directly from the client. The downside is that all of my JS code is exposed to the clients. To get around this, I can create my own API and call the confluence API from the server. This is both more work for me to write, inefficient for response times, and less scalable that having code execute in the client (though maybe these last two are negligible).
Is there a way to secure at least portions of my front-end code, or is creating a pure client-side plugin going to make all of my code public?