Authenticate DDP Client using Node.js

Question

A node.js DDP client (using node-ddp) calls a method insertMessage on the DDP server, which saves a document to mongodb.

Meteor.methods({
    'insertMessage': function(msg) {
        Messages.insert({'msg':msg, 'userId': userId})
    }
})

How can we only allow authenticated DDP clients to insert document containing their unique identifier userId, and not be able to forge someone else's userId? I looked at ddp-login but it seem like successful authentication gives a token, can this token be used for our purpose?

Meteor.methods({
    'insertMessage': function(msg) {

        // Check that the current user's userId (how can we do this?)
        userId = getUserId()

        Messages.insert({'msg':msg, 'userId': userId})
    }
})

In methods, [`this.userId`](http://docs.meteor.com/#method_userId) will be the logged in user's user id, or `null`, if the user is not logged in. — Peppe L-G, Sep 12 '14 at 20:16

Walter Zalazar · Accepted Answer · 2014-09-13T01:27:37.943

4

in the server, you have this parameters..

Meteor.methods

this.userId

this.setUserId

this.isSimulation

this.unblock

this.connection

Meteor.methods({
    'insertMessage': function(msg) {
        userId = this.userId;
        Messages.insert({'msg':msg, 'userId': userId})
    }
})

edited Sep 13 '14 at 01:27

answered Sep 13 '14 at 00:59

Walter Zalazar

541
4
11

Authenticate DDP Client using Node.js

1 Answers1