search

ef2k / meteor-ddp

A promise-based client for Meteor's Distributed Data Protocol (DDP).
MIT License
101 stars 25 forks source link

How can the server refuse the connection? #9

Closed satyavh closed 8 years ago

satyavh commented 9 years ago

First of all, awesome script! I've made a version that replaces jquery Deferred dependency. If you're interested I can fork the repro.

But, how to deal with following use case:

What if the client can only connect to the server if it passes a specific token in the connect() call. How could I make that setup? Any suggestions?

ef2k commented 9 years ago

As far as I know, the meteor server will only understand the parameters that are expected as part of the 'connect' message (you can see them here: https://github.com/meteor/meteor/blob/master/packages/ddp/DDP.md#messages). If you pass your token along, it will likely not determine whether the client can establish a connection.

If you need to check a token to determine whether the client is allowed to do remote procedure calls on the server, you can use a function decorator on your Meteor.methods that will check the token's validity. Maybe something like this (note: thinking out loud here):

  Meteor.method('doSomething', checkTokenValidity(function doSomething() {
      // doSomething was executed, so client's token was good.
  }));

function checkTokenValidity(fn) {
  return function () { // Invoked with args: token, arg1, arg2, ...
   var token = arguments[0];
    if (checkToken(token)) {
        return fn(Array.prototype.slice.call(arguments, 1));
    } else {
       throw new Meteor.Error("not-authorized",
        "Must have a valid token.");
    }
  }
}

Quick edit: Feel free to share your fork, I'd like to check it out. Thanks!

satyavh commented 9 years ago

Thanks. I think you're right, there's nothing you can pass along to the connect call, but I've implemented something like your suggestion.

I'm working on my fork. I'm also going to include an auto-reconnect function, which is necessary when the Meteor server restarts.

Will keep you updated.

ef2k commented 8 years ago

@satyavh, how's your fork going?

seeekr commented 8 years ago

@eddflrs -- ping for you, in case you're interested: https://github.com/seeekr/ddp-client

Working fork that brings a number of improvements. If you'd like to contribute something like an updated OAuth code, I'd be happy to review and accept a potential PR :)

ef2k commented 8 years ago

Nice! Will check it out, thanks for the update.