Securing server methods

Continuing the discussion from Meteor Guide: Security:

When hiding server side code, I rather than create a fake global variable and have a run that has an isSimulation it may be better to just override the run function on the server side as part of the initialization.

e.g. API side

export const Countries = new ValidatedMethod({
  name: 'countries',
  validate: null,
  run() {
    return []

server side

/* globals Assets */
import { Countries } from '/imports/model'

let countries = angular.fromJson(Assets.getText('countries.json'))
countries = => {
  const ret = {
    code: current.cca3,
    weight: 1.0
  if (current.cca3 === 'CAD') {
    ret.weight = 2.0
  } else if (current.cca3 === 'USA') {
    ret.weight = 2.0

  return ret
}) = () => {
  return countries

Added bonus is the server can be stateful so it does not evaluate the whole state at every single run.

Can someone help me figure out how to remove /* globals Assets */ though? @tmeasday , perhaps you can help point it out since you opened

1 Like

Assets is a global injected by the build tool. Iā€™m not sure you can.

Maybe change the globally injected one with something else like _Assets and expose an export const Assets = _Assets in as part of meteor/meteor?