Created
September 14, 2015 06:26
-
-
Save heschong/b0d22ef472b02a9c0e97 to your computer and use it in GitHub Desktop.
Sample Meteor pattern for flexible publications
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/* | |
* This is a simple pattern for a flexible publication mechanism, for feedback purposes | |
*/ | |
// ... on client and server | |
MyCollection = new Mongo.Collection('mycollection'); | |
// ... on the server | |
/* | |
* This function allows us to check to see if a MongoDB query object is | |
* relatively safe from NoSQL injection attempts | |
* | |
* Usage via a check function: | |
* | |
* check(arg, Match.Where(safeQuery)); | |
*/ | |
safeQuery = function(value) { | |
return !EJSON.stringify(value).match(/\"\$(where|inc|mul|rename|setOnInsert|set|unset|currentDate)\"/g); | |
} | |
// Publish a document set with the client's dynamic specifiers | |
Meteor.publish('mycollection', function(where) { | |
check(where, Match.Where(safeQuery)); | |
return MyCollection.find(where); | |
}); | |
// ... On the client | |
// Subscribe to all the documents matching { some: 'criteria' } | |
Meteor.subscribe('mycollection', { some: 'criteria' }); | |
var stuff = MyCollection.find({ someMore: 'criteria' }); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment