Nyxynyx
Reputation: 63619
audit-argument-checks and Subscriptions in Meteor.js
When doing checks with the audit-argument-checks package, how should you do the matching when checking a Meteor.userId()? Does the userId needs to be really checked?
Meteor.publish('scores', function(userId) {
check(userId, Match.any)
return Scores.find({userId: userId})
})
Upvotes: 1
Views: 533
Answers (2)
user728291
Reputation: 4138
If the user is logged in, the publish function will already have the userId. It is accessible with this.userId so no need for the user to pass it or to check it.
Like this:
Meteor.publish('scores', function() {
return Scores.find({userId: this.userId})
});
Upvotes: 3
sbking
Reputation: 7680
Since ID generation for the built in users collection is always 'STRING' and cannot be altered, you can do:
check(userId, String);
If you are using 'MONGO' ID generation for other collections, you'll want to do:
check(docId, Meteor.Collection.ObjectID);
Upvotes: 4
Related Questions
- Meteor method + check() + audit-argument-checks + async/await causes exception
- How to prevent malicious Meteor subscriptions using check
- Meteor mocha test subscriptions
- Meteor audit-argument-checks
- Understanding Meteor subscription
- Issue with accessing subscriptions in Meteor
- Why does audit-argument-checks raise an exception when all arguments seem checked?
- How to monitor server-side log when using Meteor and Meteor Up
- How to monitor Meteor.com server-side logs
- Meteor and subscriptions