Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Meteor Iron-router server-side only route how to get the current user?

Tags:

meteor

iron-router

For a server-only route, How can I get the current user.

Please note this is a route that looks like:

    this.route('report_access', {
      path: '/report/:humanId?/:reportKey',
      where: 'server',
      action: ....
   });

This is not in a publish or method call so Meteor.user() / Meteor.userId() fails.

I looked in the route.params and there is no userid set.

like image 330
Pat Avatar asked Apr 23 '14 18:04

Pat

2 Answers

This works for me in 0.8:

if(this.request.cookies.meteor_login_token) u = Meteor.users.findOne({"services.resume.loginTokens.hashedToken": Accounts._hashLoginToken(this.request.cookies.meteor_login_token)});

I'm basically hashing the raw Meteor login token with the Accounts._hashLoginToken() function which allows for matching with the hashed token stored in the DB.

like image 189
Alethes Avatar answered Sep 20 '22 20:09

Alethes

You can't really do this on the server side without setting cookies on the client side when you log in.

Meteor stores the user's authentication token in localStorage which is not available at the HTTP header stage, only later after the page is loaded on client side javascript.

If you want to access the value in the headers in the manner like you are doing you would have to set a cookie when the user logs in with the user's token.

The users token is at localstorage/Meteor.loginToken & user Id at Meteor.userId().

Then check this value with the request header and find the token amongst the user's stored tokens in the users collection in mongodb at services.resume.loginToken.

There is a considerable security caveat to doing this because your loginToken is more exposed and could be used to get access to the account.

How does Meteor work with logins

Meteor establishes a DDP connection over websockets. When the web page has loaded with a previous 'saved' log in state, these loginTokens are read using javascript with the localstorage api. DDP is a communications layer over websockets or sockjs Meteor uses to communicate with the server.

The login occurs via the DDP protocol, after the javascript has loaded. This is the primary reason you can't do this directly with a server side route because you would not have access to DDP this way since Meteor's libraries are not available and no DDP connection is established at this point when the http request is sent.

Meteor's call & subscribe methods use this login to authenticate to publish methods on the server which all occurs on the DDP wire.

This answer should go into the specifics of how a login takes place: Authenticating with Meteor via DDP (and SRP?)

like image 35
Tarang Avatar answered Sep 17 '22 20:09

Tarang
Sign in to Comment

Related questions

MeteorJS async code inside synchronous Meteor.methods function
Simple Timer in Meteor JS
How to properly replace this.stop() with pause() on Iron Router blaze integration
Meteor - Test application using local package over the published one
Meteor / Jasmine / Velocity : how to test a server method requiring logged in user?
How to share private meteor packages between multiple projects?
Meteor.js android version code
Unexpected Token after const
React -- Canvas Won't Draw Image
React Router v4 get current location
Invoke a client js function in Meteor after getting results from the server
Meteor collection update with traditional id
get N latest records
In meteor 0.6.4.1/coffeescript, how does variable visibility work?
How to get an async data in a function with Meteor
How to do a meteor iron router server side redirect?
How do I use a variable as a field name in a Mongo query in Meteor?
Bootstrap modal doesn't appear in Meteor
Accessing Meteor Settings in a Self-Owned Production Environment
How do I access HTTP POST data from meteor?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!