Web-shell: Use Meteor shell in the browser!


#1

Access a Meteor shell in the browser by typing Ctrl+'. It supports color, completions, scrollback, and everything else you’d expect from running meteor shell.

Try it out with meteor add qualia:web-shell and then type Ctrl+' in the browser.

Here’s the repo: https://github.com/qualialabs/web-shell


#2

Wow that’s awesome! So to clarify, this spawns a shell on the server and then opens it in your browser? Are there any benefits on top of just being able to stay in one window (which is awesome!)


#3

Yep! It spawns a server side meteor shell and then connects to xterm.js in the browser over websockets.

Right now the main benefit is staying in one window, which is pretty cool for some quick debugging or seeing how server side commands impact the front-end.

Some future extensions might include:

  • Securely running the shell in prod
  • Showing meteor server logs
  • Allowing arbitrary shell commands (vim, top, whatever). This is actually super easy to do, it’s just a UI question.

#4

This awesome thanks for sharing, I’ll give it a try.

For us who didn’t use meteor shell much in the past, I’m wondering how are you using the meteor shell tool?


#5

The normal way to run meteor shell is to go into your app directory and type ‘meteor shell’


#6

Yeah I got that, but I’m wondering about the use cases for the meteor shell itself.


#7

Yeah, what’s it for?


#8

It’s a REPL where you can try out short bits of code on the server, run Meteor methods, and examine/modify the data in your collections using Mongo find and update.


#9

Isomorphism for the win. Database everywhere? How about shell everwhere? :sunglasses:


#10

Similar to what Sid mentioned, it’s basically the Chrome dev console but running in the context of the Meteor server rather than the browser.

In the Meteor shell, you don’t have to worry about whether or not you have permission to update a collection, or whether or not you are subscribed to the data you want to inspect (since you have direct access to the db). You can run functions that only exist on the server. You can run server side CPU profiles and look at interesting stuff like Meteor.server.sessions. You can change global variables (or even overwrite functions like Reval does) to change the behavior of your code without restarting the server.

And, with a little bit of magic, you can run Meteor shell in production and then life is awesome :slight_smile: So you can do lots of stuff!


#11

I think it should declare an explicit dependency on ReactiveVar. I don’t have the package in my project and it breaks the app because it’s trying to use ReactiveVar


#12

Good catch; should be fixed now


#13

well I’m just wondering: you’re saying one could use this secretly in production. As soon as people know about this though, is this read-only all the way? Otherwise I’d be pretty scared about security.


#14

Right now there isn’t a way of running it in prod; it’s marked as a dev only package so it won’t even be included in the code produced by a production build.

However, with sufficient security precautions, I think it’d be really cool to be able to use it in prod. Here are some different ways you could restrict access:

  • Restrict it to certain whitelisted meteor accounts
  • Require 2FA before use (with google authenticator or something)
  • Require an additional password before using shell
  • Restrict to whitelisted IP’s

I think some combination of the above would be sufficient.


#15

One of the things I use meteor shell for is actually to quickly test out functions etc, because it supports ES6, and even import statements, which neither node nor babel-repl support, I believe. Quick example of testing a function, trivial, but actually not so easy to do anywhere else (you can’t play with functions in console without attaching them to the window object or something, which I sometimes do. Or you could write tests against the function and have them re-run while developing. Or have some “console.log” of running the function. I use all of these, but this is very convenient:


#16

I would love this in production. For a long time, I was able to just run a local instance and hook up to the production mongo in order to run console commands. As soon as you start getting into crons and scheduled tasks, though, adding a local instance into the mix becomes troublesome, so I’ve been missing the console.


#17

Nice one. This looks very promising. It’s something I had expected Galaxy to introduce a long time ago. Maybe now they can help you get it production ready and integrate your tool into Galaxy ? Restricting it to certain Meteor accounts & whitelisted IPs would make most sense in that use case.