Skip to content

Commit

Permalink
mantrajs#108 Meteor.uuid is deprecated and untrusted on the client side
Browse files Browse the repository at this point in the history
markshust committed Jul 13, 2016
1 parent fc555ec commit 0ae9cc6
Showing 7 changed files with 23 additions and 9 deletions.
2 changes: 2 additions & 0 deletions client/configs/context.js
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
import * as Collections from '/lib/collections';
import {Meteor} from 'meteor/meteor';
import {FlowRouter} from 'meteor/kadira:flow-router';
import {Random} from 'meteor/random';
import {ReactiveDict} from 'meteor/reactive-dict';
import {Tracker} from 'meteor/tracker';

@@ -10,6 +11,7 @@ export default function () {
FlowRouter,
Collections,
LocalState: new ReactiveDict(),
Random,
Tracker
};
}
4 changes: 2 additions & 2 deletions client/modules/comments/actions/comments.js
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
export default {
create({Meteor, LocalState}, postId, text) {
create({Meteor, LocalState, Random}, postId, text) {
if (!text) {
return LocalState.set('CREATE_COMMENT_ERROR', 'Comment text is required.');
}
@@ -10,7 +10,7 @@ export default {

LocalState.set('CREATE_COMMENT_ERROR', null);

const id = Meteor.uuid();
const id = Random.id();
Meteor.call('posts.createComment', id, postId, text, (err) => {
if (err) {
return LocalState.set('CREATE_COMMENT_ERROR', err.message);
4 changes: 2 additions & 2 deletions client/modules/core/actions/posts.js
Original file line number Diff line number Diff line change
@@ -1,12 +1,12 @@
export default {
create({Meteor, LocalState, FlowRouter}, title, content) {
create({Meteor, LocalState, FlowRouter, Random}, title, content) {
if (!title || !content) {
return LocalState.set('SAVING_ERROR', 'Title & Content are required!');
}

LocalState.set('SAVING_ERROR', null);

const id = Meteor.uuid();
const id = Random.id();
// There is a method stub for this in the config/method_stubs
// That's how we are doing latency compensation
Meteor.call('posts.create', id, title, content, (err) => {
3 changes: 2 additions & 1 deletion client/modules/core/configs/method_stubs/posts.js
Original file line number Diff line number Diff line change
@@ -1,9 +1,10 @@
import {check} from 'meteor/check';
import {uuid} from '/lib/match';

export default function ({Meteor, Collections}) {
Meteor.methods({
'posts.create'(_id, title, content) {
check(_id, String);
check(_id, uuid);
check(title, String);
check(content, String);

9 changes: 9 additions & 0 deletions lib/match.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
import { check, Match } from 'meteor/check';

const uuid = Match.Where((x) => { // eslint-disable-line new-cap
check(x, String);

return x.length === 17;
});

export default uuid;
5 changes: 3 additions & 2 deletions server/methods/posts.js
Original file line number Diff line number Diff line change
@@ -1,11 +1,12 @@
import {Posts, Comments} from '/lib/collections';
import {Meteor} from 'meteor/meteor';
import {check} from 'meteor/check';
import {uuid} from '/lib/match';

export default function () {
Meteor.methods({
'posts.create'(_id, title, content) {
check(_id, String);
check(_id, uuid);
check(title, String);
check(content, String);

@@ -21,7 +22,7 @@ export default function () {

Meteor.methods({
'posts.createComment'(_id, postId, text) {
check(_id, String);
check(_id, uuid);
check(postId, String);
check(text, String);

5 changes: 3 additions & 2 deletions server/publications/posts.js
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
import {Posts, Comments} from '/lib/collections';
import {Meteor} from 'meteor/meteor';
import {check} from 'meteor/check';
import {uuid} from '/lib/match';

export default function () {
Meteor.publish('posts.list', function () {
@@ -15,13 +16,13 @@ export default function () {
});

Meteor.publish('posts.single', function (postId) {
check(postId, String);
check(postId, uuid);
const selector = {_id: postId};
return Posts.find(selector);
});

Meteor.publish('posts.comments', function (postId) {
check(postId, String);
check(postId, uuid);
const selector = {postId};
return Comments.find(selector);
});

0 comments on commit 0ae9cc6

Please sign in to comment.