Search code examples
javascriptgoogle-chrome-devtoolsfunction-callsie-developer-toolsfirefox-developer-tools

Best way to detect when a function is called from the console

I would like to know the best way to detect when a method or function is directly called through the console. As far as I currently understand, it's not possible to directly detect it on identical function calls, but using the .call() and .apply() methods of a function I can pass additional data through the this object.

Given the following code structure:

(function(){
    var Player = {money: 0};
    window.giveMoney = function(amount){
        if (this.legit !== true)
            throw new Error("Don't try to cheat!");

        Player.money += amount;
    }
})();

I could call the function using

window.giveMoney.call({legit: true}, 300);

in my actual code to tell a direct call from the console and my own code apart, but this is obviously not fool-proof, since the same code can also be executed from the console to achieve the desired effect.

I would want a way to be able to call the function from both places and then tell the locations of the call apart. If there's no way to do that, what's the best way to try and prevent the execution anyway? Is it best to just not expose any methods at all, and keep everything inside a single closed-off anonymous function?

Solution

  • To prevent global access make sure your code is in a closure. If you want to expose an API you can do so using the module pattern.

    Closure

    (function() {
  var Game = {};
  Game.giveMoney = function(money) {
    console.log('Gave money (' + money + ')');
  };
})();

    Wrap all your private code in an IIFE (Immediately Invoked Function Expression) which will lock it up into a closure.

    Module

    Then expose only custom functions back out of the closure so you can use them on the console (with supervision of course).

    window.Game = (function() {
  var player = {
    money: 500;
  };
  player.giveMoney = function(money) {
    console.log('Gave money (' + money + ')');
    player.money += money;
  };
  player.takeMoney = function(money) {
    console.log('Took money (' + money + ')');
    player.money -= money;
  };

  return {
    giveMoney: function(money) {
      console.error('Don\'t Cheat! A fine was charged.');
      player.takeMoney(Math.floor(player.money / 0.05));
    }
  };
})();

window.Game.giveMoney(200);