In the section of secret server code in the meteor docs (https://guide.meteor.com/security.html#secret-code) they seem to use a global variable defined only on the server, thus, the code can only be seen and reached on the server. Seems simple enough.
But when I do
upload = { test: "my secret code" }
Inside the folder server/upload.js I get the error
W20170726-10:04:59.843(2)? (STDERR)
C:\Users\myuser\AppData\Local\.meteor\packages\meteor-tool\1.5.0\mt-os.windows.x86_32\dev_bundle\server-lib\node_modules\fibers\future.js:280
W20170726-10:04:59.844(2)? (STDERR) throw(ex);
W20170726-10:04:59.846(2)? (STDERR) ^
W20170726-10:04:59.847(2)? (STDERR)
W20170726-10:04:59.847(2)? (STDERR) ReferenceError: upload is not defined
W20170726-10:04:59.848(2)? (STDERR) at meteorInstall.server.upload.upload.js (server/upload/upload.js:1:1)
W20170726-10:04:59.849(2)? (STDERR) at fileEvaluate (packages\modules-runtime.js:333:9)
W20170726-10:04:59.850(2)? (STDERR) at require (packages\modules-runtime.js:228:16)
W20170726-10:04:59.851(2)? (STDERR) at C:\Users\myuser\Documents\projects\myproject\.meteor\local\build\programs\server\app\app.js:10417:1
W20170726-10:04:59.852(2)? (STDERR) at C:\Users\myuser\Documents\projects\myproject\.meteor\local\build\programs\server\boot.js:338:34
W20170726-10:04:59.853(2)? (STDERR) at Array.forEach (native)
W20170726-10:04:59.854(2)? (STDERR) at Function._.each._.forEach (C:\Users\myuser\AppData\Local\.meteor\packages\meteor-tool\1.5.0\mt-os.windows.x86_32\dev_bundle\server-lib\node_modules\underscore\underscore.js:79:11)
W20170726-10:04:59.855(2)? (STDERR) at C:\Users\myuser\Documents\projects\myproject\.meteor\local\build\programs\server\boot.js:158:5
W20170726-10:04:59.856(2)? (STDERR) at C:\Users\myuser\Documents\projects\myproject\.meteor\local\build\programs\server\boot.js:387:5
W20170726-10:04:59.858(2)? (STDERR) at Function.run (C:\Users\myuser\Documents\projects\myproject\.meteor\local\build\programs\server\profile.js:510:12)
Are the docs wrong or am I just doing something weird? I'm using meteor version 1.5.0, happens on both windows and linux.
The documentation states, that
Secret business logic in your app should be located in code that is
only loaded on the server
It (unfortunately just) implies, that code by meteor methods or validated methods is also virtually executed on the client (see this.isSimulation) as part of the optimistic UI and thus may expose secrets, such as keys.
Using global.myvariable = { ... } is not a good solution here.
To make it more clear to you, I extend the example from the docs a little bit:
/server/mmr.js (only loaded by your server)
export const MMR = {
updateWithSecretAlgorithm(userId) {
// your secret code here
}
}
/both/updatemmr.js (loaded by both server and client)
if (Meteor.isServer) {
//eslint will nag but it does not cause any error
import {MMR} from '../server/mmr.js';
}
// In a file loaded on client and server
const Meteor.users.methods.updateMMR = new ValidatedMethod({
name: 'Meteor.users.methods.updateMMR',
validate: null,
run() {
if (this.isSimulation) {
// Simulation code for the client (optional)
} else {
MMR.updateWithSecretAlgorithm(this.userId);
}
}
});
The Meteor.isServer only assures, that there will be no attempt of the client to import MMR, which would cause an error on startup. As long as you load the mmr.js file only on the server there will be no MMR object exposed to the client.
I hope this makes the example a bit more clear.
Okay, for some reason just typing myvariable = { ... } added it to the global object, so I added i explicitly with global.myvariable = { ... }. It seems to work well so far!
Edit
As Jankapunkt's correctly pointed out, global variables are indeed discouraged. But instead of using import inside of a if-statement as Jankapunkt suggested you should use the CommonJS syntax of require instead, as recommended in the meteor docs (https://guide.meteor.com/structure.html#using-require), e.g.
let MMR;
if (Meteor.isServer) {
MMR = require('../server/mmr.js').MMR;
}
Related
Below is the hook code that I want to use to manipulate the submitted values from QuickForm.
var hooksObject = {
before: {
insert: function(doc) {
console.log(doc);
return doc;
}
}
};
AutoForm.addHooks('insertBankDetailForm', hooksObject, true);
I have read the docs and it says "These calls should be anywhere in top-level client code and do not need to be within Meteor.startup. You should not put them in an autorun, template rendered function, or anywhere else where they will be called multiple times since that will cause the hooks to run multiple times for a single submission."
I tried placing the code most of the places, but I am unable to understand the location where it need to be kept. I get below error when I use above code in index.js at location D:\PROJECT\imports\startup\client\index.js
Error: Oops! Did you forget to return the modified document from your docToForm hook for the insertBankDetailForm form?
at autoFormEachDocToForm (aldeed_autoform.js?hash=62240ad…:6595)
at Array.forEach (<anonymous>)
at Function._.each._.forEach (underscore.js?hash=cde485f…:149)
at Blaze.View.<anonymous> (aldeed_autoform.js?hash=62240ad…:6592)
at blaze.js?hash=f33d3df…:1934
at Function.Template._withTemplateInstanceFunc (blaze.js?hash=f33d3df…:3744)
at blaze.js?hash=f33d3df…:1932
at Object.Blaze._withCurrentView (blaze.js?hash=f33d3df…:2271)
at viewAutorun (blaze.js?hash=f33d3df…:1931)
at Tracker.Computation._compute (tracker.js?hash=997515f…:339)
meteor.js?hash=27829e9…:930 Exception from Tracker recompute function:
meteor.js?hash=27829e9…:930 TypeError: Cannot read property 'setMembers' of undefined
at doMaterialize (blaze.js?hash=f33d3df…:2093)
at Object.Tracker.nonreactive (tracker.js?hash=997515f…:640)
at Blaze.View.doRender (blaze.js?hash=f33d3df…:2090)
at blaze.js?hash=f33d3df…:1934
at Function.Template._withTemplateInstanceFunc (blaze.js?hash=f33d3df…:3744)
at blaze.js?hash=f33d3df…:1932
at Object.Blaze._withCurrentView (blaze.js?hash=f33d3df…:2271)
at viewAutorun (blaze.js?hash=f33d3df…:1931)
at Tracker.Computation._compute (tracker.js?hash=997515f…:339)
at Tracker.Computation._recompute (tracker.js?hash=997515f…:358)
aldeed_autoform.js?hash=62240ad…:2037 Uncaught TypeError: Cannot read property 'removeEmptyStrings' of undefined
at Object.autoFormGetFormValues [as getFormValues] (aldeed_autoform.js?hash=62240ad…:2037)
at autoFormRegFormCallback (aldeed_autoform.js?hash=62240ad…:6575)
at aldeed_autoform.js?hash=62240ad…:670
at Function._.each._.forEach (underscore.js?hash=cde485f…:157)
at formPreserveConstructor.FormPreserve._retrieveRegisteredDocuments (aldeed_autoform.js?hash=62240ad…:669)
at Object.callback (aldeed_autoform.js?hash=62240ad…:628)
at pollProviders (reload.js?hash=02487cd…:180)
at Object.Reload._migrate (reload.js?hash=02487cd…:198)
at reload.js?hash=02487cd…:252
at underscore.js?hash=cde485f…:717
NOTE: Any help would be deeply appreciated and rewarded.
I have my meteor project
which when i run i get the following warnings:
First warning:
Mismatched anonymous define() module: function () { return BigNumber; }
intakeDefines # aramk_requirejs.js?hash=a2cd915…:1278
(anonymous) # aramk_requirejs.js?hash=a2cd915…:1469
Second warning:{...}
Mismatched anonymous define() module: function () { return utf8; }
and when i run my project i get the following error
Uncaught TypeError: Right-hand side of 'instanceof' is not callable
at isBigNumber (http://localhost:3000/packages/modules.js?hash=6e90e44e0c2b18ef12cb22415a388acb1e06ad7f:5598:19)
at toBigNumber (http://localhost:3000/packages/modules.js?hash=6e90e44e0c2b18ef12cb22415a388acb1e06ad7f:5465:9)
at Object.fromDecimal (http://localhost:3000/packages/modules.js?hash=6e90e44e0c2b18ef12cb22415a388acb1e06ad7f:5343:18)
at http://localhost:3000/packages/modules.js?hash=6e90e44e0c2b18ef12cb22415a388acb1e06ad7f:2613:30
at Array.forEach (native)
at inputTransactionFormatter (http://localhost:3000/packages/modules.js?hash=6e90e44e0c2b18ef12cb22415a388acb1e06ad7f:2612:8)
at http://localhost:3000/packages/modules.js?hash=6e90e44e0c2b18ef12cb22415a388acb1e06ad7f:2910:28
at Array.map (native)
at Method.formatInput (http://localhost:3000/packages/modules.js?hash=6e90e44e0c2b18ef12cb22415a388acb1e06ad7f:2909:32)
at Method.toPayload (http://localhost:3000/packages/modules.js?hash=6e90e44e0c2b18ef12cb22415a388acb1e06ad7f:2935:23)
The line of code where the problem occurs is this: web3.eth.contract(abi).new({data: code,gas:10000}, function (err, contract) {..irrelevant code..} After searching on the internet I think that it is require.js's fault and how the scripts are called but still don't know how to fix it. I already looked over the documentation but still need some help.
My app has been working until I've updated it to Meteor 1.3. Now I get this error:
Exception in callback of async function: Error: Handler with name 'onBeforeAction' already exists.
at MiddlewareStack._create (http://localhost:3000/packages/iron_middleware-stack.js?hash=8a2aa73e86a32698fb9f60cea452e0ecb2e72b7f:190:13)
at MiddlewareStack.push (http://localhost:3000/packages/iron_middleware-stack.js?hash=8a2aa73e86a32698fb9f60cea452e0ecb2e72b7f:206:22)
at http://localhost:3000/packages/iron_middleware-stack.js?hash=8a2aa73e86a32698fb9f60cea452e0ecb2e72b7f:224:12
at Array.forEach (native)
at Function._.each._.forEach (http://localhost:3000/packages/underscore.js?hash=8de51f9d86e95ae2ffee15a8db324a1decccba3e:139:11)
at MiddlewareStack.append (http://localhost:3000/packages/iron_middleware-stack.js?hash=8a2aa73e86a32698fb9f60cea452e0ecb2e72b7f:220:5)
at http://localhost:3000/packages/iron_middleware-stack.js?hash=8a2aa73e86a32698fb9f60cea452e0ecb2e72b7f:226:19
at Array.forEach (native)
at Function._.each._.forEach (http://localhost:3000/packages/underscore.js?hash=8de51f9d86e95ae2ffee15a8db324a1decccba3e:139:11)
at MiddlewareStack.append (http://localhost:3000/packages/iron_middleware-stack.js?hash=8a2aa73e86a32698fb9f60cea452e0ecb2e72b7f:220:5)
The only places where I use onBeforeAction is in my iron-router route controllers. They're all in the same router.js file.
I define several route controllers, first an ApplicationController that extends RouteController and then various controllers that extend ApplicationController.
ApplicationController = RouteController.extend({
onBeforeAction: function() {
//some code
this.next();
}
});
SomeController = ApplicationController.extend({
onBeforeAction: function() {
//some code
this.next();
}
});
From the error message I'm unable to work out what is wrong or where to look for the problem.
Versions of packages mentioned in error message are:
iron:router#1.0.12
iron:middleware-stack#1.0.11
underscore#1.0.6
I'd really appreciate some pointers in the right direction.
First of i would highly recommend you if it is possible to change your router and switch to FlowRouter. This is the official Meteor router by now, as stated here : Meteor Guide
Try this : meteor update iron:middleware-stack.
It seems that your problem is related to this issue and it has been fixed in 1.1.0 version.
I want to populate an in-memory list of restricted words form a list stored into the database, because is desired to be dynamic. Sound simple huh? Well no, it is not! Why ?
Here is a short code of it :
if (Meteor.isServer) {
Meteor.startup(function() {
var configCollection = new Mongo.Collection('config');
// An wrapper object for easy referencing
var words = {
faulty: ['f_word_here']
}; // Some default faulty words
var updateFaultyWords = function() {
var config = configCollection.findOne();
if (config) {
words.faulty = config.faultyWords;
}
};
// ------- Problematic Code ------
Tracker.autorun(function() {
updateFaultyWords();
});
// -------------------------------
// later somewhere in the code
var allowWord = function(word) {
return words.faulty.indexOf(word) === -1;
};
});
}
I am using Tracker here because like it says in the docs I want to update my list in a reactive mode.
Tracker.autorun allows you to run a function that depends on reactive
data sources. Whenever those data sources are updated with new data,
the function will be rerun.
However this method crashes big time with a stack trace that I cannot understand:
W20151209-17:36:55.802(1)? (STDERR)
W20151209-17:36:55.802(1)? (STDERR) /Users/tiberiu/.meteor/packages/meteor-tool/.1.1.10.1b51q9m++os.osx.x86_64+web.browser+web.cordova/mt-os.osx.x86_64/dev_bundle/server-lib/node_modules/fibers/future.js:245
W20151209-17:36:55.802(1)? (STDERR) throw(ex);
W20151209-17:36:55.803(1)? (STDERR) ^
W20151209-17:36:55.865(1)? (STDERR) Error: Can't call yield in a noYieldsAllowed block!
W20151209-17:36:55.865(1)? (STDERR) at Function.Fiber.yield (packages/meteor/fiber_helpers.js:8:1)
W20151209-17:36:55.865(1)? (STDERR) at Function.wait (/Users/tiberiu/.meteor/packages/meteor-tool/.1.1.10.1b51q9m++os.osx.x86_64+web.browser+web.cordova/mt-os.osx.x86_64/dev_bundle/server-lib/node_modules/fibers/future.js:183:14)
W20151209-17:36:55.865(1)? (STDERR) at Object.Future.wait (/Users/tiberiu/.meteor/packages/meteor-tool/.1.1.10.1b51q9m++os.osx.x86_64+web.browser+web.cordova/mt-os.osx.x86_64/dev_bundle/server-lib/node_modules/fibers/future.js:397:10)
W20151209-17:36:55.865(1)? (STDERR) at [object Object]._.extend._nextObject (packages/mongo/mongo_driver.js:986:1)
W20151209-17:36:55.865(1)? (STDERR) at [object Object]._.extend.forEach (packages/mongo/mongo_driver.js:1020:1)
W20151209-17:36:55.866(1)? (STDERR) at [object Object]._.extend.map (packages/mongo/mongo_driver.js:1030:1)
W20151209-17:36:55.866(1)? (STDERR) at [object Object]._.extend.fetch (packages/mongo/mongo_driver.js:1054:1)
W20151209-17:36:55.866(1)? (STDERR) at [object Object].Cursor.(anonymous function) [as fetch] (packages/mongo/mongo_driver.js:869:1)
W20151209-17:36:55.866(1)? (STDERR) at [object Object].MongoConnection.findOne (packages/mongo/mongo_driver.js:776:1)
W20151209-17:36:55.867(1)? (STDERR) at [object Object]._.extend.findOne (packages/mongo/collection.js:305:1)
What am I doing wrong ? Should I report this as a bug ?
You cannot use autorun on the server; it is client-side only functionality.
Use cursor.observe or cursor.observeChanges on the cursor that is returned by "find":
http://docs.meteor.com/#/full/observe
http://docs.meteor.com/#/full/observe_changes
I would also avoid using findOne if you have more than item in your collection (not sure if you're just omitting the arguments here or are just using it as a test case).
I just added Meteor collection2 to my app. And in a file in the server folder I added the code:
Schema = {}
Schema.User = new SimpleSchema(
_id:
type: String
regEx: SimpleSchema.RegEx.Id
username:
type: String
regEx: /^[a-z0-9A-Z_]{3,15}$/
emails:
type: [Object]
optional: true
"emails.$.address":
type: String
regEx: SimpleSchema.RegEx.Email
"emails.$.verified":
type: Boolean
createdAt:
type: Date
)
Meteor.users.attachSchema Schema.User
and it is crashing my app with the error:
W20140907-02:06:32.777(-4)? (STDERR) /Users/Nearpoint/.meteor/packages/meteor-tool/.1.0.25.2ltu8i++os.osx.x86_64+web.browser+web.cordova/meteor-tool-os.osx.x86_64/dev_bundle/lib/node_modules/fibers/future.js:173
W20140907-02:06:32.777(-4)? (STDERR) throw(ex);
W20140907-02:06:32.777(-4)? (STDERR) ^
W20140907-02:06:32.792(-4)? (STDERR) Error: undefined is not allowed by the schema
W20140907-02:06:32.792(-4)? (STDERR) at getErrorObject (packages/aldeed:collection2/collection2.js:489)
W20140907-02:06:32.792(-4)? (STDERR) at doValidate (packages/aldeed:collection2/collection2.js:472)
W20140907-02:06:32.792(-4)? (STDERR) at Meteor.Collection.(anonymous function) [as update] (packages/aldeed:collection2/collection2.js:282)
W20140907-02:06:32.792(-4)? (STDERR) at UserConnections.upsert.$set.ipAddr (packages/mizzao:user-status/status.coffee:94:15)
I am running Meteor 0.9.0. And I am attaching the schema code on the server. I do not know what I am doing wrong. I even tried removing all schema fields except _id and it still did not work.
NB - to resolve this if you're using mizzao:user-status, you just need to allow that package to add a status field to your user doc:
Schema.User = new SimpleSchema(
...
status: {
type: Object,
optional: true,
blackbox: true
}
});
I had the exact same problem. By any chance, are you using the mizzao:user-status package? It inserts an additional field for keeping track of user connections. https://github.com/mizzao/meteor-user-status
Any additional package that adds fields to Meteor.users docs before you even set up accounts may cause this problem. Specifically, when you sign on, it will create a blank user object with only the connection fields, which is clearly not allowed by your schema.
Since Users is a default Meteor collection there's probably a property it wants to save that you're not allowing.
I would look at the database using RoboMongo or another tool and make sure you include all the properties.