Meteor 的源代码向客户开放吗? [英] Meteor's source code open to the clients?

问题描述

从总体上看，Meteor 应用程序的源代码似乎由于编写一个 Javascript 文件，同时在客户端和服务器上运行"主题而对客户端开放.

From a general glimpse of it, it seems that source code for Meteor app is open to the clients due to 'Write one Javascript file, run it on client and server at once' theme.

如果特定应用程序的服务器端源代码向客户端开放，那么随便的人复制它们并创建非常相似的应用程序不是很容易吗?

If server side source code of particular app open to client sides, wouldn't it be easy for random person to copy them and create very look alike app?

应用的服务器端代码是公开的，恶意的人会不会很容易在应用中发现安全漏洞?

Wouldn't it be easy for person with evil purpose to find security holes in the app, because its server side code is open to the public?

例如，在 Meteor 0.5.0 的 新示例 中的派对应用、模型.js 文件似乎也被发送到客户端.

For instance, in Meteor 0.5.0 's new example of parties app, model.js file seems to be sent to the client side as well.

我在这里误解了什么吗?

Am I misunderstanding something here?

编辑

这是我不明白的部分.

根据http://docs.meteor.com/#structuringyourapp，

客户端和服务器子目录之外的文件在客户端和服务器上都加载！这是模型定义和其他功能的地方

Files outside the client and server subdirectories are loaded on both the client and the server! That's the place for model definitions and other functions

我真的不明白.如果每个模型实现(包括数据库交互)都发送到客户端，应用程序会不会不那么安全并且很容易被其他开发人员复制?

I really do not understand it. If every model implementation, (including DB interaction) is sent to client, wouldn't app be less secure and easily copied by other developers?

推荐答案

server/ 文件夹中的任何代码都不会发送到客户端(请参阅 http://docs.meteor.com/#structuringyourapp)

Any code in the server/ folder will not get sent to the client (see http://docs.meteor.com/#structuringyourapp)

编辑

关于第二部分:

任何不在 client/ 或 server/ 中的代码都是您想要在客户端和服务器端运行的代码.所以显然它必须发送给客户端.

Any code not in client/ or server/ is code you want to run both client and server side. So obviously it must be sent to the client.

您将模型代码放在那里的原因是延迟补偿.如果您想对数据进行更新，最好立即在客户端进行更新，然后运行相同 代码服务器端以真正提交"它.有很多例子说明这是有意义的.

The reason that you would place model code in there is because of latency compensation. If you want to make updates to your data, it's best to do it immediately client-side and then run the same code server side to 'commit' it for real. There are many examples where this would make sense.

如果有您不想在客户端运行的秘密"模型代码，您当然可以拥有第二个 server/models.js 文件.

If there is 'secret' model code that you don't want to run client side, you can certainly have a second server/models.js file.

这篇关于Meteor 的源代码向客户开放吗?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！