All geek questions in one place

Server Routes in Iron Router and Meteor

Forward

It seems that in Meteor we cannot invoke a server route to render a file to a page without any workflow from our normal workflow, from what I read about server-side routes. Hope I'm wrong about that, and there is an easy way to achieve what I'm looking for ...

** Sorry if this is a little longer, but I think in this case providing more background and context is guaranteed **

Software / Versions

I use the latest Iron Router 1. * and Meteor 1. *, and for starters I just use the password for the accounts.

Background / Context

I have an onBeforeAction that simply redirects the user to the welcome page or to the home page if the user has registered or not:

both / routes.js

Router.onBeforeAction(function () { if (!Meteor.user() || Meteor.loggingIn()) this.redirect('welcome.view'); else this.next(); } ,{except: 'welcome.view'} ); Router.onBeforeAction(function () { if (Meteor.user()) this.redirect('home.view'); else this.next(); } ,{only: 'welcome.view'} );

In the same file as /routes.js, I have a simple server route that displays a pdf file on the screen, and if I delete the onBeforeAction code, the route works (pdf is displayed on the page):

 Router.route('/pdf-server', function() { var filePath = process.env.PWD + "/server/.files/users/test.pdf"; console.log(filePath); var fs = Npm.require('fs'); var data = fs.readFileSync(filePath); this.response.write(data); this.response.end(); }, {where: 'server'});

Server route exception thrown

This is not the case, but I get an exception when I add the above server route to the file and take the route / pdf server, keeping the onBeforeAction code in place.

Exception details can be found here: SO Exception Question

Exception decision

The main point of the answer in the SO question above is "You use Meteor.user() in your Route.onBeforeAction but it has no access to this information" , and when "your browser make a GET/POST request" [Server route?], "to the server it doesn't have any information regarding the user authentication state."

The solution, according to the same SO responder, refers to "find an alternative way to authenticate the user," and one way to do this is to use "cookies'" .

So, after that I found another SO answer (the same responder as before), which describes the method of setting and receiving cookies: SO Cookies technology

** So, to summarize, to allow server-side routes, it is suggested to use cookies instead of something like Meteor.userId () or this.userId. **

Cookie Added

So, I added the following code to my project: client /main.js

 Deps.autorun(function() { if(Accounts.loginServicesConfigured() && Meteor.userId()) { setCookie("meteor_userid",Meteor.userId(),30); setCookie("meteor_logintoken",localStorage.getItem("Meteor.loginToken"),30); } });

In my server side route, I changed the route to this:

both / routes.js

 Router.route('/pdf-server', function() { //Parse cookies using get_cookies function from : https://stackoverflow.com/questions/3393854/get-and-set-a-single-cookie-with-node-js-http-server var userId = get_cookies(req)['meteor_usserid']; var loginToken = get_cookies(req)['meteor_logintoken']; var user = Meteor.users.findOne({_id:userId, "services.resume.loginTokens.token":loginToken}); var loggedInUser = (user)?user.username : "Not logged in"; var filePath = process.env.PWD + "/server/.files/users/test.pdf"; console.log(filePath); var fs = Npm.require('fs'); var data = fs.readFileSync(filePath); this.response.write(data); this.response.end(); }, {where: 'server'});

But this does not work properly, the setCookie code is invalid for some reason.

My questions

Question 1: Setting / receiving cookies in the manner depicted on the cookie technology in cookies does not seem to work for me, does this technique still work in '15?

Question 2: Using cookies, how can I tell the server the authentication status based on these cookies? Or, otherwise, How can adding cookie verification on my server a side route to β€œinform” the server about the user? I could check everything along the way really; I could reject any user, but somehow, should the server β€œknow” that the user is correctly registered?

Question 3: Cookies are the best way to do this, or is there an easier way to achieve the same?

Side question: I saw several places where the middle utensils are used for server routes, for example:

 WebApp.connectHandlers.stack.splice(...); WebApp.connectHandlers.use(function(...) ...);

But none of these examples provided security internally, would the average product be used so let me get around my problem?

+6
source share
1 answer

Your server routes run the global onBeforeAction code (defined in the shared folder), which is interrupted because server routes are simple REST endpoints that do not understand user authentication information (i.e. Meteor.user() doesn’t). The solution is to associate client calls onBeforeAction with Meteor.isClient or simply move this code to the client directory. For instance:

 if (Meteor.isClient) { Router.onBeforeAction(function () { if (!Meteor.user() || Meteor.loggingIn()) this.redirect('welcome.view'); else this.next(); } ,{except: 'welcome.view'} ); Router.onBeforeAction(function () { if (Meteor.user()) this.redirect('home.view'); else this.next(); } ,{only: 'welcome.view'} ); } Router.route('/pdf-server', function() { ... }, {where: 'server'});
+8
source

Source: https://habr.com/ru/post/980334/

More articles:


All Articles