Protecting Server Side Code With Validated-Methods

So for my validated method, I’m using something like this (obviously simplified):

updateDoc: new ValidatedMethod({

    name: 'DocMethods.updateDoc',
    action: 'Update this Document',

    mixins: [CallPromiseMixin],

    validate: new SimpleSchema({
      // mySchema
    }).validator({ clean: true }),

    applyOptions: {
      noRetry: true,
    },

    run({  }) {

      if (!this.isSimulation) {
        import DocFunctions from '/server/functions/docs';

        return DocFunctions.updateDoc();
      }

    },

  }),

I’ve been using server-side globals and referencing them in my validated methods, but I’d like to move to export/import. Just wanted to confirm that imports wrapped in the if (this.isSimulation) block wouldn’t be pulled into the client bundle.

Thanks in advance!

Just curious if you wouldn’t mind weighing in @sashko, as validated-methods seemed to be something you spent a lot of time on?

I was wondering the same so I experimented and concluded:

Imports wrapped in if (!this.isSimulation) or if (Meteor.isServer) will not be pulled into the client bundle if they are imported or required from a file that is only loaded on the server.

From the Meteor Guide, “loaded on the server” means it is in a server/ directory of your app, in a package that is only included on the server, or in a file inside a package that was loaded only on the server.

In the example in the original post, DocFunctions would not be pulled into the client bundle.