part 6 - security

hiukim · hiukim · commit b5c9a3945d51 · 2016-08-09T16:49:23.000+08:00
diff --git a/.meteor/packages b/.meteor/packages
@@ -17,7 +17,7 @@ standard-minifier-js@1.1.8    # JS minifier run for production mode
 es5-shim@4.6.13                # ECMAScript 5 compatibility for older browsers.
 ecmascript@0.5.7              # Enable ECMAScript2015+ syntax in app code
 
-autopublish@1.0.7             # Publish all data to the clients (for prototyping)
-insecure@1.0.7                # Allow all DB writes from clients (for prototyping)
 react-meteor-data
 accounts-password
+aldeed:simple-schema
+mdg:validated-method
diff --git a/.meteor/versions b/.meteor/versions
@@ -1,7 +1,7 @@
 accounts-base@1.2.9
 accounts-password@1.2.13
+aldeed:simple-schema@1.5.3
 allow-deny@1.0.5
-autopublish@1.0.7
 autoupdate@1.2.11
 babel-compiler@6.9.0
 babel-runtime@0.1.10
@@ -34,12 +34,13 @@ html-tools@1.0.10
 htmljs@1.0.10
 http@1.1.8
 id-map@1.0.8
-insecure@1.0.7
 jquery@1.11.9
 launch-screen@1.0.12
 livedata@1.0.18
 localstorage@1.0.11
 logging@1.1.14
+mdg:validated-method@1.1.0
+mdg:validation-error@0.2.0
 meteor@1.2.16
 meteor-base@1.0.4
 minifier-css@1.2.13
diff --git a/imports/api/methods/games.js b/imports/api/methods/games.js
@@ -0,0 +1,41 @@
+import {GamesController} from "../controllers/gamesController.js";
+
+export const newGame = new ValidatedMethod({
+  name: 'games.newGame',
+  validate: new SimpleSchema({}).validator(),
+  run({}) {
+    GamesController.newGame(Meteor.user());
+  }
+});
+
+export const userJoinGame = new ValidatedMethod({
+  name: 'games.userJoinGame',
+  validate: new SimpleSchema({
+    gameId: {type: String}
+  }).validator(),
+  run({gameId}) {
+    GamesController.userJoinGame(gameId, Meteor.user());
+  }
+});
+
+export const userLeaveGame = new ValidatedMethod({
+  name: 'games.userLeaveGame',
+  validate: new SimpleSchema({
+    gameId: {type: String}
+  }).validator(),
+  run({gameId}) {
+    GamesController.userLeaveGame(gameId, Meteor.user());
+  }
+});
+
+export const userMarkGame = new ValidatedMethod({
+  name: 'games.userMarkGame',
+  validate: new SimpleSchema({
+    gameId: {type: String},
+    row: {type: Number},
+    col: {type: Number}
+  }).validator(),
+  run({gameId, row, col}) {
+    GamesController.userMarkGame(gameId, Meteor.user(), row, col);
+  }
+});
diff --git a/imports/api/server/publications.js b/imports/api/server/publications.js
@@ -0,0 +1,12 @@
+import {GameStatuses} from '../models/game.js';
+import Games from '../collections/games.js';
+
+Meteor.publish('games', function() {
+  // access control: only for loggined-in users
+  if (this.userId) { // this.userId is the id of the currently loggined in user
+    // filtering: only games with WAITING and STARTED statuses
+    return Games.find({status: {$in: [GameStatuses.WAITING, GameStatuses.STARTED]}});
+  } else {
+    return null;
+  }
+});
diff --git a/imports/ui/App.jsx b/imports/ui/App.jsx
@@ -56,6 +56,8 @@ if (this.state.selectedGameId === null) {
 }
 
 export default createContainer(() => {
+  Meteor.subscribe('games');
+
   return {
     user: Meteor.user(),
     games: Games.find().fetch()
diff --git a/imports/ui/GameBoard.jsx b/imports/ui/GameBoard.jsx
@@ -1,12 +1,13 @@
 import React, { Component } from 'react';
 import {GamesController} from '../api/controllers/gamesController.js';
 import {Game, GameStatuses} from '../api/models/game.js';
+import {userMarkGame} from '../api/methods/games.js';
 
 export default class GameBoard extends Component {
   handleCellClick(row, col) {
     let game = this.props.game;
     if (game.currentPlayerIndex() !== game.userIndex(this.props.user)) return;
-    GamesController.userMarkGame(game._id, this.props.user, row, col);
+    userMarkGame.call({gameId: game._id, row: row, col: col});
   }
 
 handleBackToGameList() {
diff --git a/imports/ui/GameList.jsx b/imports/ui/GameList.jsx
@@ -1,18 +1,19 @@
 import React, { Component } from 'react';
 import {GamesController} from '../api/controllers/gamesController.js';
 import {Game, GameStatuses} from '../api/models/game.js';
+import {newGame, userJoinGame, userLeaveGame} from '../api/methods/games.js';
 
 export default class GameList extends Component {
   handleNewGame() {
-    GamesController.newGame(this.props.user);
+    newGame.call({});
   }
 
-handleLeaveGame(gameId) {
-    GamesController.userLeaveGame(gameId, this.props.user);
+  handleLeaveGame(gameId) {
+    userLeaveGame.call({gameId: gameId});
   }
 
 handleJoinGame(gameId) {
-    GamesController.userJoinGame(gameId, this.props.user);
+    userJoinGame.call({gameId: gameId});
   }
 
 handleEnterGame(gameId) {
diff --git a/server/main.js b/server/main.js
@@ -1,5 +1,7 @@
 import {Meteor} from 'meteor/meteor';
 import Games from '../imports/api/collections/games.js'; // import Games collection
+import '../imports/api/methods/games.js';
+import '../imports/api/server/publications.js';
 
 Meteor.startup(() => {
 });

Original file line number	Diff line number	Diff line change
`@@ -56,6 +56,8 @@ if (this.state.selectedGameId === null) {`
`56`	`56`	`}`
`57`	`57`
`58`	`58`	`export default createContainer(() => {`
	`59`	`+ Meteor.subscribe('games');`
	`60`	`+`
`59`	`61`	`return {`
`60`	`62`	`user: Meteor.user(),`
`61`	`63`	`games: Games.find().fetch()`