From eca506989bf5d9bae7bfc321b7a1611c261ba94b Mon Sep 17 00:00:00 2001 From: Yasar icli Date: Mon, 7 Mar 2016 11:06:43 +0200 Subject: [PATCH] #62 secure package methods. --- .meteor/packages | 1 + .meteor/versions | 1 + server/lib/utils.js | 5 +++++ server/methods.js | 39 ++++++++++++--------------------------- server/security.js | 28 ++++++++++++++++++---------- 5 files changed, 37 insertions(+), 37 deletions(-) create mode 100644 server/lib/utils.js diff --git a/.meteor/packages b/.meteor/packages index 26dd786..2295e83 100644 --- a/.meteor/packages +++ b/.meteor/packages @@ -65,3 +65,4 @@ bshamblen:morrisjs random pmteor:dev kevohagan:sweetalert +hitchcott:method-hooks diff --git a/.meteor/versions b/.meteor/versions index 900bbc4..d730494 100644 --- a/.meteor/versions +++ b/.meteor/versions @@ -63,6 +63,7 @@ fileer:size@0.0.2 flot:flot@0.8.3 fortawesome:fontawesome@4.5.0 geojson-utils@1.0.4 +hitchcott:method-hooks@1.1.0 hot-code-push@1.0.0 html-tools@1.0.5 htmljs@1.0.5 diff --git a/server/lib/utils.js b/server/lib/utils.js new file mode 100644 index 0000000..3dfb861 --- /dev/null +++ b/server/lib/utils.js @@ -0,0 +1,5 @@ +// COLLECTION SECURTY ARGUMENTS +PERMIT_LIST_ALL = [ 'insert', 'update', 'remove' ]; + +// SECUR METHODS FUNCTION NAMES +METHODS = ['start', 'stop', 'delete']; diff --git a/server/methods.js b/server/methods.js index ebeec58..a4e5851 100644 --- a/server/methods.js +++ b/server/methods.js @@ -1,12 +1,7 @@ Meteor.methods({ start(_id) { - check(_id, String); const application = Applications.findOne({ _id, createdBy: this.userId }); - if (_.isUndefined(application)) { - throw new Meteor.Error("not-application"); - } - // RUNNING UPDATE application.setStatus(1); @@ -30,13 +25,20 @@ Meteor.methods({ }); }, - delete(_id) { - check(_id, String); + stop(_id) { const application = Applications.findOne({ _id, createdBy: this.userId }); - if (_.isUndefined(application)) { - throw new Meteor.Error("not-application"); - } + pm2.connect((connect_err) => { + pm2.stop(application.bundleId, (delete_err) => { + + // DISCONNECT + pm2.disconnect(); + }); + }); + }, + + delete(_id) { + const application = Applications.findOne({ _id, createdBy: this.userId }); Applications.remove(application._id, () => { pm2.connect((connect_err) => { @@ -60,22 +62,5 @@ Meteor.methods({ }); }); }); - }, - - stop(_id) { - check(_id, String); - const application = Applications.findOne({ _id, createdBy: this.userId }); - - if (_.isUndefined(application)) { - throw new Meteor.Error("not-application"); - } - - pm2.connect((connect_err) => { - pm2.stop(application.bundleId, (delete_err) => { - - // DISCONNECT - pm2.disconnect(); - }); - }); } }); diff --git a/server/security.js b/server/security.js index fda7ce9..d6bbc20 100644 --- a/server/security.js +++ b/server/security.js @@ -1,14 +1,22 @@ -const PERMIT_LIST_ALL = [ - 'insert', - 'update', - 'remove' -]; - // APPLICATIONS PERMIT Applications.permit(PERMIT_LIST_ALL).ifHasRole('admin').apply(); - -// LOGS PERMIT +Bundles.files.permit(PERMIT_LIST_ALL).ifHasRole('admin').apply(); Logs.permit(PERMIT_LIST_ALL).ifHasRole('admin').apply(); -// BUNDLES PERMIT -Bundles.files.permit(PERMIT_LIST_ALL).ifHasRole('admin').apply(); +// METHODS BEFORE HOOKS +Meteor.beforeMethods(METHODS, function(_id) { + + // CHECKS + check(_id, String); + + // GET APPLICATION + const application = Applications.findOne({ + _id, + createdBy: this.userId + }); + + // if application undefined then throw error 404. + if (_.isUndefined(application)) { + throw new Meteor.Error(404, `${_id} Application isn't found`); + } +});