安全的流星管理功能 [英] Secure meteor admin functionality

问题描述

我想将几个管理功能添加到流星站点，并且一直在想创建、隐藏和保护它们的最佳方法是什么?

I have a couple of admin functions I want to add to a meteor site and was wandering what is the best way to create, hide and protect them ?

谢谢

推荐答案

您可以使用 Meteor.methods.通过将代码放在名为 server/ 的文件夹中，确保只将它们包含在服务器上.

You can use Meteor.methods. Just be sure to only include them on the server, by placing the code in a folder called server/ E.g.

server/admin.js

Meteor.methods({
  foo: function (arg1, arg2) {
    // confirm that the user is an admin
    if ( ! this.user.isAdmin )
      throw new Meteor.Error(401, "You are not authorized to perform this action");
    // perform task
    return "some return value";
  }
});

这篇关于安全的流星管理功能的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！