Are there any 'private' server methods in Meteor?

Question

Are there any 'private' server methods in Meteor?

Is there a way to stop the client calling the server method from the browser console?

I'm going from the Unofficial Meteor FAQ , which is not. I just wanted to check if this is true - the frequently asked questions are not specific. I mean, are there any 'private' methods?

+7

meteor

Lindsayts Sep 19 '13 at 6:34

source share

2 answers

I made a private method by setting this.connection to null.

Link: http://docs.meteor.com/#/full/method_connection

Ref.

 Meteor.methods({ 'serverCallOnlyFunc': function() { if (this.connection === null) { //do something } else { throw(new Meteor.Error(500, 'Permission denied!')); } } });

+3

tanutapi Sep 09 '15 at 9:49

source share

Akshat · Accepted Answer · 2013-09-19T09:22:48+0000

In a meteor, all methods described by Meteor.methods can be called from the client. In this sense, there are no private methods, since the goal of an RPC call is for the client to make the call.

If you want to use the 'private' method, you can use the regular JavaScript method. If you define a method using var , it will be available only in the file and cannot be called with the client.

 var yourmethod = function() { ... }

which is equivalent to:

 function yourmethod() { ... }

Or you can define it so that any of your script servers can use it:

 yourmethod = function() { .... }

If you want the RPC method call to be accessible only from javascript code, but not from the javascript console in chrome, this is not possible. This is because the idea of meteoric all RPCs from the client is not trusted, and there is no way to distinguish whether it came from the console or not. You can use meteor user authentication or Collection.allow or Collection.deny methods to prevent any unauthorized changes in this way.

Are there any 'private' server methods in Meteor?

More articles: