Search code examples
javascriptnode.jsmeteorddp

Authenticate DDP Client using Node.js

A node.js DDP client (using node-ddp) calls a method insertMessage on the DDP server, which saves a document to mongodb.

Meteor.methods({
    'insertMessage': function(msg) {
        Messages.insert({'msg':msg, 'userId': userId})
    }
})

How can we only allow authenticated DDP clients to insert document containing their unique identifier userId, and not be able to forge someone else's userId? I looked at ddp-login but it seem like successful authentication gives a token, can this token be used for our purpose?

Meteor.methods({
    'insertMessage': function(msg) {

        // Check that the current user's userId (how can we do this?)
        userId = getUserId()

        Messages.insert({'msg':msg, 'userId': userId})
    }
})
Solution

  • in the server, you have this parameters..

    Meteor.methods

    this.userId

    this.setUserId

    this.isSimulation

    this.unblock

    this.connection

    Meteor.methods({
    'insertMessage': function(msg) {
        userId = this.userId;
        Messages.insert({'msg':msg, 'userId': userId})
    }
})