[SOLVED] Why is data that I'm not supposed to see available for a split second?

ffxsam · July 12, 2016, 7:50pm

I’m noticing an issue with pub/sub in Meteor. Maybe I’m doing something wrong. Here’s what’s happening:

I’m subscribing to notifications, but only ones that are meant for me:

Meteor.publish('notifications', function () {
  return Notifications.find({
    toUserIds: this.userId,
    dismissedBy: { $ne: this.userId },
  });
});

In NotificationCenterContainer.js, I subscribe to the publication:

import { Meteor } from 'meteor/meteor';
import { createContainer } from 'meteor/react-meteor-data';
import { connect } from 'react-redux';

import { Notification } from '../../../collections/notifications';
import NotificationCenter from './NotificationCenter';

export default connect()(createContainer(() => {
  const handle = Meteor.subscribe('notifications');

  return {
    isDataReady: handle.ready(),
    notifications: Notification.find({}, { sort: { createdAt: -1 } }).fetch(),
    userId: Meteor.userId(),
  }
}, NotificationCenter))

So, I generate a notification that’s sent to another user, and I see this in the Chrome console: (logged from the componentWillReceiveProps method)

  componentWillReceiveProps(nextProps) {
    console.log('old props:', this.props.notifications,
      'new props:', nextProps.notifications);
  }

Is this normal, for Meteor data to be available for a split second to the client? I’ve never noticed this until now.

ffxsam · July 12, 2016, 8:04pm

Ahh, of course. Because of optimistic UI. I had to make sure the notification data update (within the Meteor method) only occurred on the server side.

  run({ userIds, message }) {
    if (this.isSimulation) return; // don't run this on the client

    const notification = new Notification({
      message,
      toUserIds: userIds,
    });

    notification.save();
  },

rhywden · July 12, 2016, 8:06pm

ffxsam:

Ahh, of course. Because of optimistic UI. I had to make sure the notification data update (within the Meteor method) only occurred on the server side.
  run({ userIds, message }) {
    if (this.isSimulation) return; // don't run this on the client

    const notification = new Notification({
      message,
      toUserIds: userIds,
    });

    notification.save();
  },

Umm, not sure that this is the proper way to go about it - after all, the client could simply comment out if (this.isSimulation) return;

ffxsam · July 12, 2016, 8:19pm

You mean someone would be able to wade through all the minified, bundled JS code in their browser and find that line and remove it?

vikr00001 · July 12, 2016, 10:02pm

What is the proper way to do it?

jamgold · July 13, 2016, 2:48am

This is an old problem. See the good old subscriptionId topic