Connect external Node.js server to Meteor server


#1

I’m planning on creating one (or two) external Node.js server(s) that are connected to my Meteor server.

The data only needs to be one way: from Node.js to Meteor:

When the Node.js server’s data updates, I’d like it to be immediately (less than a second) received by my Meteor instance so the client can respond accordingly.
Regarding the connection itself, I don’t mind if the Node.js server is connected directly to the Meteor app itself somehow, or if it inserts/updates data in Meteor’s MongoDB instance.

What’s the best practise approach for achieving this?


#2

Can anyone help please?


#3

We run a server that dumps data into a mongoDB. Can’t reveal the security practices, but this is the basic gist. It’s just a basic node app.

const express = require('express');
const app = express();
const MongoClient = require('mongodb').MongoClient;
const mongoURL = "mongodb://yourmongourl";
const multer = require('multer');
const bodyParser = require('body-parser');
const ObjectId = require('mongodb').ObjectId;

app.use(bodyParser.json());
app.use(bodyParser.urlencoded({ extended: true }));
app.use(multer().any());

let db;

MongoClient.connect(mongoURL, function (err, database) {

  // If we can't connect, don't continue
  if (err) {
    return console.log(err);
  } else {

    db = database;

    app.listen(3000, function () {
      console.log('listening');
    });

  }

});

app.post('/', function (req, res) {

  // We want string _ids
  data._id = (new ObjectId).toHexString();

  db.collection('someCollection').insert(data);

});


#4

Thanks for this Vigor

So would say that updating Meteor’s mongodb instance is the best way to achieve this (rather than interfacing with Meteor directly, via DDP for instance) ?


#5

Honestly, I’m not sure about that. We use this server to handle mailgun data, so we wanted something fast and no frills, since there can be a ton of incoming data at one time.


#6

Ok, I’m going to give this method a go.
I know you can’t reveal your chosen security detail, but where is the area that needs the most attention, in terms of security? The MongoClient connection; or the access restrictions to the mongo database? I’m not sure what (and where) the risks are.


#7

Hi Vigor,

Can you help me understand what/where the security risks are in this approach?
I know you can’t reveal your chosen security detail, but where is the area that needs the most attention, in terms of security? The MongoClient connection; or the access restrictions to the mongo database?


#8

I’d say there are a few – the first is that your mongo credentials are in plain text on the server, so you’ll definitely want to use something like ssh with a key. The second is to make sure you validate any calls/processes made to your node server. In our case, we are listening for webhook data, so we need to validate that data using timestamps, etc. Depending on your mongo setup, I’d probably create a new user for this use case, and limit the permissions if possible.


#10

Regarding that first concern, I was thinking of just storing the MongoDB pw as an environment variable - wouldn’t that suffice? (compared to ssh)


#11

Yeah, I think that would work as well. I was really just trying to emphasize that when you deploy to something like Galaxy, a lot of your security issues are taken care of. When you run your own node app connecting to mongo, you definitely want to take some precautions.