Bug or feature?

Was messing around trying to get a REST API to be able to call methods as certain users (who I had authenticated through headers, tokens etcetera)

I tried this.setUserId(), but that can only be used inside a Method, so, smart as I am, I created this:

Meteor.methods({
    callWithContext: function(context, theMethod, params){
     
        this.setUserId(context.userId)
        return Meteor.apply(theMethod, params)
    }
})

I was then told, by Meteor, that I was not allowed to do that in a call that comes from inside the server.

Because I was running low of ideas I then tried:

Meteor.methods({
    callWithContext: function(context, theMethod, params){
        try{
           this.setUserId(context.userId)
        }
        catch(e){
            //ignore
        }
        return Meteor.apply(theMethod, params)
    }
})

and whoops - the userId was indeed set and inside ‘theMethod’ was indeed the expected userId and it cleared the user restrictions in there, like Roles etcetera.

What gives? calling this.setUserId() throws an error, but it also does what the thrown error say it doesn’t. Is there a danger here?

What other way can I use to get a API user “legal” within my system? Seems like all REST kits for Meteor was abandoned almost a decade ago…

Thanks

Ok, I am curious now.
You have clients as valid users of a Meteor project. Each client has a username and a valid password.
However, from the client (be it browser, React-Native, or Cordova or some other native thing) you want to REST call into your Meteor and return some results but not via the Meteor client.

I am trying to understand where you are calling from. Or are you trying to impersonate users?!

1 Like

I make REST calls from external servers. I am probably doing it wrong, but I found no existing rest packages (simple-rest, restivus) that works with current versions of Meteor.
I just have server (iron) routes like

Router.route('/api/myendpoint/:myparam?', {where: 'server})
  .get()
  .put()
  .post()

I “log them” in with a bearer token by simply finding a user through that token and get this.userId, but calling a Meteor.method from in there will not “transport” the userId (unless I use the hack above)

Meteor has built-in webapp package, you don’t need anything else to build your REST api: webapp | Meteor API Docs

2 Likes

Oh, didn’t know. Can I do POST/PUT/GET with that? Documentation is really sparse…

Everyone says you can do this with webapp. The documentation is still not clear and lack of examples.
I’m using restivus package, it’s quite good but not maintained. I want to switch to axios after meteor 3 migration. If someone knows resources for webapp, it will be super.

This forum has at least 20 different discussions about webapp, with all possible examples and some fixes, the difference between rawConnectHandlers and connectHandlers, authentication etc

Another full example here: Microservices with Meteor - DEV Community
Alternative solution: simple:rest. You can just find the repo, update it, understand it and start using it and ideally push the updates to the community.

@guncebektas you are the new maintainer of Restivus.

1 Like