How should avoid userIds leaks?


I would like to prevent any leak of userIds other than the current user id.

I have 2 types of actors: users and groups (along with the related group admins). While groups ids are (mostly) public, a group admin user id should not.

The type of interactions I use in my website are :

  • user to user
  • user to group
  • group admin to user
  • group admin to group admin

My plan was to make a “Requests” collection where I store every information about the 2 ends of an interaction. A complete request document would look like this:

                  'type':1,                  // type of the request
                  'from':Meteor.userId(),    // emitter (could be group Id)
                  'from_name': name          // emitter name
                  'from_picture': picture    // emitter picture
                  'from_placeholder': phr     //emitter picture dataUrl placeholder

                  'to':id,                   //recipient 
                  'to_name':toname           //recipient name  
                  'to_picture': to_pic       //recipient picture
                  'to_placehodler': to_phr   //recipient pic placeholder

                  'created_by':author        //request creator (must be userId)
                   //same than above with name, pic and placeholder

                  'created_at': new Date(),
                  'answered_by':john        //request answerer (must be userId)
                  //same than above with name, pic and placeholder + date

                  'status':0                //request status
        // note that the sole id field published is the request _id

As you ca see, I denormalize a lot to avoid to allow direct queries in the user collection.

Every user subscribe to his request publication, and get every request related to him (from or to).

Ideally, I would like to be able to include the user info matching the request emitter/receiver/answerer without having to store them into the request itself.

However, the issue is that I don’t want to use Cursor.Observe() for its scalability and resource issues (same goes for every package based on this, i.e. publish composite related)

Is there a way to achieve this, or a data architecture meeting my needs? I assume that preventing user Id leaks is not an uncommon concern, but don’t know how others do it.