Hi again everyone,
Another best practice question (I have reached the point where I want to be sure I use Meteor the right way) :
After a payment on a payment provider I receive a POSt response. I check the validity of the response and would like this response to call a Method. Quite easy I do : Meteor.call(‘methodAfterPaymentReceived’) in a server folder. Ok, BUT I DO NOT want anyone from client side beeing able to call this method because it should only be called from server after a payment is validated.
But this goes against Meteor pinciple where anyone can reach methods… the snake biting its own tail. I have some ideas I will drop them, but would like to have confirmation if any (all / none) of them are good :
use this.userId : as method is called from server, after a POST method should be ‘undefined’, no ? (any risk a situation could make it defined from server call ?)
use this.connection ? Don’t know much this object, someone could guide me ?
use an environment variable that I send to the method and check again on the method side. As they are only accessible through server it should work ?
use an hash that uses an environment variable and some data about the transaction ?
something much easier that I don’t know may exist in meteor ? that would be the best
Thanks already in advance for those who can help me !