I have a file at an external URL (which only the server meteor is running on can access)
http://192.168.9.39/account_5.pdf
I want to serve this up in meteor so that a user can click a link to e.g http://server.meteor.com/temp/account_5.pdf
Is there a way I can do this? Perhaps stream it directly to the user or download the file to the /public/temp folder so that it can be served up? How would I do this?
I'm open to any suggestions even if it uses up a node module or something
Are you running your own Meteor server, or do you actually want to deploy to *.meteor.com? (You said "server.meteor.com", so I was wondering).
From node you could use http.get to retrieve the remote file and then use fs.writeFile to save it to your temp/ directory.
Or you could stream it like you suggested using something like http://www.catonmat.net/http-proxy-in-nodejs/
If you're running your own server, probably the easiest thing would be to package up this code in a small npm module. Node's require is exposed to Meteor code in __meteor_bootstrap__.require, so to trigger fetching the remote file you could do something like __meteor_bootstrap__.require('my-npm-module').fetchFileToTemp(name).
For the streaming option, __meteor_bootstrap__.app is Meteor's connect server, which you can attach your own requests handlers to via
__meteor_bootstrap__.app(function (req, res, next) { ... });
in the usual way for connect middleware.
If you drop the pdf in your /public folder and deploy, users can just click http://server.meteor.com/account_5.pdf to access the pdf.
Is this what you're expecting? Hope that's helpful.
This is a little hackish, but you could make a route (with Meteor Router) that responds to /temp/* and put an iframe in those pages that loads the remote URL. It won't be elegant, but it will work! In case you need this done quick.
Or you could do a cross-origin XHR request and go fetch the file that way, which is probably more Meteor-ish. But I'd have to look that one up. ;-)
Related
i have a question regarding flow router on meteor.
in the new project structure for meteor, all files are suggested to be kept in the "imports folder" and be imported to either the server folder or client folder. in the tutorials i have seen that use flow router, there was no imports folder and the routes folder with the js file in it was kept right under the project folder. that raises a few questions for me.
where does the flow router code run? on the client? on the server? on both?
if it runs on both, should i leave it outside the imports folder?
if it runs on both/only on the client, what does that mean security-wise? say i don't want a certain user to be able to access a certain page, so in the flow-router action() i write a code that prevents people from reaching where i don't want them, can't they just change this code on the client and bypass the wall?
when referring to a user on the flow-router js file, do i use Meteor.userId() or this.userId?.
i have three functions written inside if(Meteor.isClient) which i copied from a tutorial. the functions are Accounts.onLogin, Accounts.onLogout, FlowRouter.tringgers.enter.
can a user hack through them since they are on the client?
thanks in advance!
From the documentation:
Flow Router is a client side router and it does not have Server Side Routing capability. It has no plans to implement such features either.
so Flow Router runs on the client only and you should put the related code in /imports/startup/client
See (1). Generally, all your code should be placed in the imports directory.
Meteor ensures that any file in any directory named server/ will only be available on the server, and likewise for files in any directory named client/
So if you want to have some code accessible to both the client and the server don't place it in any subdirectories named /client or /server.
Although previously, with Iron Router, authentication was done in the router layer, with Flow Router you should write the auth logic in the template/component layer. Writing code in the flow router action() that prevents users from accessing a page is not a good pattern, according to the creator of Flow Router. Read here for examples and more details.
In server-rendered apps(in the PHP era), if there is an unauthorized access, we can redirect the user to a login page or some other page. In Meteor, or in any single-page app, we can simply show a login screen to the user instead of redirecting them to another page. Or else, we can simply say: "You are not allowed to view this page."
Same as in (3). You shouldn't refer to a user in the router layer.
Any code that runs on the client is not safe from a malicious user.
You may find the following useful:
Meteor guide application structure
Routing Guide for Meteor Apps (with Flow Router)
The example app "Todos", written following the Meteor Guide
According to the Meteor Doc, the public fodler is accessible for both server and client. But, if I just need to use the HTML head elements to access it, how can I do it from server ?
I made a lib with very specific functions, and I'm tired of copy pasting them at the top of each of my server .js file.
Could anyone give me the tip ? I couldn't find out on google :/
Thanks you,
David
You are making your life harder than necessary. Any folder that is not called client, server, private, or public is shared by the client and the server. Just put your shared .js files into any folder, say, /common, and they will be available (loaded) on both the client and the server.
The public folder is specifically for assets that are not loaded automatically by the server, but are instead served statically over HTTP, similar to the static functionality of express. It's the place for images and other assets you want on the client.
I've downloaded the .Net Server and ajax library
We need to be able to edit documents directly from the WebDav Server.
I've succeeded doing so with the javascript code using MicrosoftOfficeEditDocument and JavaEditDocument
I'd like to be able to have in my pages a link as follows
\server\DAV\path\file
When I place a similar link like above, it doesn't open the file. When I copy link and place in windows run command, it opens
Is it possible to have direct links to webdav storage files for opening?
Also, Is there a planned solution for the jar file running in Chrome?
I've followed the instruction for https://java.com/en/download/faq/chrome.xml#npapichrome
This allows chrome to load the jar file, but They say they stop supporting.
To open a document from a web page your link must be HTTP or HTTPS, that is start with http://server/. It would not work with a network path.
In your case URL must look like http://server/DAV/path/file.ext
Suppose the URL http://example.com/test.php. If I type this URL on the browser address bar, the PHP code is executed, and its output is returned to me. Fine. But, what if instead of executing it, I wanted to view it's source as plain text. Is there a a way to issue such request?
I believe that there must be some way, and my concern is that some outsider could retrieve sensitive code, such as configurations file, by guessing it's location. For example, Joomla instalations have a configuration.php on it's root folder. If someone retrieves such file as plain text, then these database credentials have been seriously compromised. Obviously, this could be prevented with proper permissions, but it's just too common to just issue 0777 as everything permissions and forgetting about access denials.
For PHP: if properly configured, there is no way to download it. File permissions won't help either way, as the webserver needs to be able to read the files, and that's the one serving contents. However. a webserver can for instance be configured to serve them with x-httpd-php-source, or the PHP/webserver configuration may be broken. Which is why files which don't need direct access (db config, class definitions, etc.) should be outside the document root, so there is no way those files will get served by accident even when the webserver config is incorrect / failing. If your current hoster does not allow you to store files outside the document root, switch hosting a.s.a.p.
There is a way to issue such request that downloads the source code of http://example.com/test.php if the server is configured to provide a URL to do so. Usually it isn't, so usually there is no way to issue such a request.
I want to create a file and then serve it using Meteor, but I don't want the server to restart when I create/update the file in the public directory.
The user will click on a button to create a config file on the server and I want the user to be able to download that config file.
Is there a way to do this without triggering the server to restart?
I have tried creating a link to the file and creating a hidden file but nothing has worked.
Thanks for your time.
Try meteor run --production. That might solve your problem.
Server restarts because you are running it in Development mode,
When it runs in production, it doesn't restart on content changes.
To run in production, only way I know is, after bundling application,
Have a look here: http://docs.meteor.com/#deploying
If you doesn't want to run in production mode, here is a workaround:
In order to prevent reloading, you have to generate your files in a folder that is located outside of your project's repository.
Then you will have your meteor app to serve the content of that folder.
Here is an example that uses the connect npm repository to make your local folder /meteor/generated_files served under the url hostname.com/downloads/:
var connect = Npm.require('connect');
var fs = Npm.require('fs');
function serveFolder(urlPath, diskPath){
if(!fs.existsSync(diskPath))
return false;
RoutePolicy.declare(urlPath, 'network');
WebApp.connectHandlers.use(urlPath, connect.static(diskPath));
return true;
}
serveFolder('/downloads', '/meteor/generated_files/');
I published the very primitive package I have that does just that.