Login to Meteor App via static site post request. isPossible? good/bad/terrible idea?

help
1

Wanted to get a better understanding of logging into Meteor.

(a) Currently, users can log into my application via the app.mySite.com/login route. This works fine. What I would like to do however, is have the user log in from www.mySite.com/login.

(b) www.mySite.com is a static web page with a simple login form. I’d like to use an ajax call to a postHandler endpoint in the app, and have the user get automatically logged in.

Is this (i) possible, (ii) a good idea?

Given both the app.mysite.com and www.mySite.com are on the same domain, and nginx is forcing https, i figure the post request can send the username/pwd combination cleanly and this is protected by the https.

2

You can use Accounts.registerLoginHandler function to create a custom login method, for example:
On the server side, register a login handler

Accounts.registerLoginHandler('MyCustomLoginMethod', (options) => {
    const { ofPassword, ofLogin } = options;
    if (!ofPassword || !ofLogin) {
      return undefined; // don't handle
    }

    // some logic here to validate user
   const userData = someFunctionToGetUserData();

    const serviceName = 'MyServiceName';
    const serviceData = userData;
    const serviceOptions = { // create custom fields
      profile: {
        avatar: userData.avatar,
      },
    };
    serviceData.id = userData.user_id;
    const result = Accounts.updateOrCreateUserFromExternalService(
      serviceName,
      serviceData,
      serviceOptions,
    );
    if (!result || !result.userId) {
      // throw some errors
    }
    
    return result;
  });

on the client side, when user submit the login form call the Accounts.callLoginMethod function to login user.
find more in account password package: https://github.com/meteor/meteor/tree/af26e8b052a5135033e561cf4e4347eee585ab3b/packages/accounts-password

1 Like