I am trying to access a secretKey on the client side of Meteor. I know that using Meteor.settings ( http://docs.meteor.com/#/full/meteor_settings ) seems to be the best way to access secrets.
My settings.json looks something like this:
{
"public": {
"secretKey": "topsecret!"
}
}
I need to access secretKey on client-side javascript. However, when I go to the browser and in the console I can simply type in Meteor.settings.public.secretKey
and the key would be right there!
Is there a better way for me to store and access this secret key on the client-side?
If you want to access private stuff from within the client, you must perform some basic permission handling with user accounts.
Meteor.methods({
getSecretKey: function(){
var user = Meteor.users.findOne(this.userId);
if(!user){
throw new Meteor.Error("login-error", "You must be logged in.");
}
if(!Roles.userIsInRole(user, "admin")){
throw new Meteor.Error("admin-error", "You must be an admin.");
}
return Meteor.settings.secretKey;
}
});
This pseudo-code is using a method to retrieve the secret key from the client and alanning:roles
to perform a simple user role check.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.