New package: mdg:validated-method - Meteor methods with better scoping, argument checking, and good defaults

sashko · January 15, 2016, 11:30pm

One thing I added to this package recently is:

Mixin support

So if you want some new features on your methods, and want to be able to compose different features for different methods, please consider writing a mixin and sharing it! If you ask for a specific feature, I’ll help you build it as a mixin, as long as you maintain it :] for example:

Let me know what other mixins you would want and we can work on improving mixin support, or I can help you build the mixin you’ve always wanted!

My suspicion is that almost every serious app has some sort of wrapper for calling methods, so let’s all collaborate to build the best one!

dfischer · January 16, 2016, 9:36pm

Absolutely Sashko.

I was thinking a bit and what it comes down to is this pattern:

Untrusted code access (client)
Trusted code access (server)

There are times the server has to impersonate a user because a user isn’t available (background job) so the client side code requires and validates Meteor.user() (or other things) and then trusted code doesn’t.

That means that ValidateMethod could serve as tier 1. However whatever is in run can not be the pure mutator as that wouldn’t be accessible through the trusted code back-door.

So if we did use the ValidateMethod pattern we’d still have to define our mutators outside of it.

I.e (psuedo)

// Untrusted code "front-door access"
Messages.methods = {
  postMessage: new ValidateMethod({
    name, // DDP method name
    mixins, // Method extensions
    validate(message) {
      if (message.userId !== Meteor.userId())
        throw new Meteor.Error('NOPE!')
    },
    run() {
      Message.mutators.postMessage();
    }
  })
}

// Trusted code "back-door access"
// Background jobs / server-side code can access
Messages.mutators = {
  postMessage() {
    Message.insert(stuff);
  }
}

Client can only call the ValidateMethod because that’s what is ran on both client and server. Mutator is a db write so client can’t call it without server.

erwilliams · January 8, 2017, 3:04am

Hopefully this is a quick question for the group. I am using mdg:validated-method and it was bound with both atmosphere packages aldeed;simple-schema as well as aldeed:collection2.

Once I was made aware aldeed:collection2 was deprecated, I updated to the following …

npm package simpl-schema version 0.0.4
aldeed:collection2-core@2.0.0

The issue that I am now running into is that it appears that “clean” is not working properly when filtering out extra fields? Below is a slice of source code with the error being thrown. Any help would be appreciated.

ContactSupport.schema = new SimpleSchema({
email: { type: String, regEx: SimpleSchema.RegEx.Email, optional: true },
subject: { type: String, optional: true },
message: { type: String, optional:true },
});

ContactSupport.attachSchema(ContactSupport.schema);

export const insertContactSupport = new ValidatedMethod({
name: ‘insertContactSupport’,
validate: ContactSupport.schema.validator(),

run(document) {
	console.log(document);
	ContactSupport.insert(document, {removeEmptyStrings: false});
},

});

const payload = {
  email: this.state.email,
  subject: this.state.subject,
  message: this.state.message,
  fail:'field that should be passed over'
}
console.log(payload);
Meteor.call('insertContactSupport', payload);

The error is …

Exception while invoking method ‘updateTeamProfile’ TypeError: Array.includes is not a function

faom · August 22, 2017, 6:26pm

Hi @sashko is there a way to call methods using validated-method from helpers or using simple:reactive-method ?