Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Are there 'private' server methods in Meteor?

Tags:

meteor

Is there a way to stop a Client calling a Server Method from the browser console?

I gather from the Unofficial Meteor FAQ that there isn't. I just wanted to check if that's definitely the case - the FAQ isn't really specific. I mean are there no 'private' methods?

like image 313
Lindsayts Avatar asked Sep 19 '13 06:09

Lindsayts


People also ask

What is Meteor methods?

Meteor methods are functions that are written on the server side, but can be called from the client side. On the server side, we will create two simple methods. The first one will add 5 to our argument, while the second one will add 10.

How do I call Meteor method?

// Asynchronous call Meteor. call('foo', 1, 2, (error, result) => { ... }); If you do not pass a callback on the server, the method invocation will block until the method is complete. It will eventually return the return value of the method, or it will throw an exception if the method threw an exception.


2 Answers

In meteor the 'methods' described by Meteor.methods can all be called from the client. In this sense there aren't private methods because the purpose of the RPC call is for the client to make the call.

If you want a 'private' method you could use an ordinary JavaScript method. If you define the method with var, it would only be accessible within the file, and cannot be called from the client.

var yourmethod = function() {
    ...
}

which is equivalent to:

function yourmethod() { 
    ...
}

Or you can define it so any of your server script can use it:

yourmethod = function() {
    ....
}

If you mean you want a RPC method call that is accessible only from the javascript code, but not from the javascript console in chrome this isn't possible. This is because the idea behind meteor is all RPCs from the client are not trusted & there is no way to distinguish whether it came from the console or not. You can use meteor user authentication or Collection.allow or Collection.deny methods to prevent any unauthorized changes this way.

like image 194
Tarang Avatar answered Oct 26 '22 04:10

Tarang


I made a private method by checking this.connection to be null.

Ref: http://docs.meteor.com/#/full/method_connection

Ex.

Meteor.methods({
  'serverCallOnlyFunc': function() {
    if (this.connection === null) {
      //do something
    } else {
      throw(new Meteor.Error(500, 'Permission denied!'));
    }
  }
});
like image 34
tanutapi Avatar answered Oct 26 '22 05:10

tanutapi