#62 secure package methods.

yasaricli · Mar 7, 2016 · eca5069 · eca5069
1 parent 2463d7b
commit eca5069
Show file tree

Hide file tree

Showing 5 changed files with 37 additions and 37 deletions.
diff --git a/.meteor/packages b/.meteor/packages
@@ -65,3 +65,4 @@ bshamblen:morrisjs
 random
 pmteor:dev
 kevohagan:sweetalert
+hitchcott:method-hooks
diff --git a/.meteor/versions b/.meteor/versions
@@ -63,6 +63,7 @@ fileer:size@0.0.2
 flot:flot@0.8.3
 fortawesome:fontawesome@4.5.0
 geojson-utils@1.0.4
+hitchcott:method-hooks@1.1.0
 hot-code-push@1.0.0
 html-tools@1.0.5
 htmljs@1.0.5

diff --git a/server/lib/utils.js b/server/lib/utils.js
@@ -0,0 +1,5 @@
+// COLLECTION SECURTY ARGUMENTS
+PERMIT_LIST_ALL = [ 'insert', 'update', 'remove' ];
+
+// SECUR METHODS FUNCTION NAMES
+METHODS = ['start', 'stop', 'delete'];
diff --git a/server/methods.js b/server/methods.js
@@ -1,12 +1,7 @@
 Meteor.methods({
   start(_id) {
-    check(_id, String);
     const application = Applications.findOne({ _id, createdBy: this.userId  });
 
-    if (_.isUndefined(application)) {
-      throw new Meteor.Error("not-application");
-    }
-
     // RUNNING UPDATE
     application.setStatus(1);
 
@@ -30,13 +25,20 @@ Meteor.methods({
     });
   },
 
-  delete(_id) {
-    check(_id, String);
+  stop(_id) {
     const application = Applications.findOne({ _id, createdBy: this.userId  });
 
-    if (_.isUndefined(application)) {
-      throw new Meteor.Error("not-application");
-    }
+    pm2.connect((connect_err) => {
+      pm2.stop(application.bundleId, (delete_err) => {
+
+        // DISCONNECT
+        pm2.disconnect();
+      });
+    });
+  },
+
+  delete(_id) {
+    const application = Applications.findOne({ _id, createdBy: this.userId  });
 
     Applications.remove(application._id, () => {
       pm2.connect((connect_err) => {
@@ -60,22 +62,5 @@ Meteor.methods({
         });
       });
     });
-  },
-
-  stop(_id) {
-    check(_id, String);
-    const application = Applications.findOne({ _id, createdBy: this.userId  });
-
-    if (_.isUndefined(application)) {
-      throw new Meteor.Error("not-application");
-    }
-
-    pm2.connect((connect_err) => {
-      pm2.stop(application.bundleId, (delete_err) => {
-
-        // DISCONNECT
-        pm2.disconnect();
-      });
-    });
   }
 });
diff --git a/server/security.js b/server/security.js
@@ -1,14 +1,22 @@
-const PERMIT_LIST_ALL = [
-  'insert',
-  'update',
-  'remove'
-];
-
 // APPLICATIONS PERMIT
 Applications.permit(PERMIT_LIST_ALL).ifHasRole('admin').apply();
-
-// LOGS PERMIT
+Bundles.files.permit(PERMIT_LIST_ALL).ifHasRole('admin').apply();
 Logs.permit(PERMIT_LIST_ALL).ifHasRole('admin').apply();
 
-// BUNDLES PERMIT
-Bundles.files.permit(PERMIT_LIST_ALL).ifHasRole('admin').apply();
+// METHODS BEFORE HOOKS
+Meteor.beforeMethods(METHODS, function(_id) {
+
+  // CHECKS
+  check(_id, String);
+
+  // GET APPLICATION
+  const application = Applications.findOne({
+    _id,
+    createdBy: this.userId
+  });
+
+  // if application undefined then throw error 404.
+  if (_.isUndefined(application)) {
+    throw new Meteor.Error(404, `${_id} Application isn't found`);
+  }
+});