Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Javascript frontend + backend frameworks

  • 20-08-2015 9:24pm
    #1
    Registered Users, Registered Users 2 Posts: 3,078 ✭✭✭


    I have started to look into using javascript frameworks for both frontend and backend development. There is an example code snippet from the Meteor framework below. There is one thing that worries me though; having the server code exposed and visible in the client.

    Is this not a huge flaw in these frameworks?
    if (Meteor.isClient) {
      // counter starts at 0
      Session.setDefault('counter', 0);
    
      Template.hello.helpers({
        counter: function () {
          return Session.get('counter');
        }
      });
    
      Template.hello.events({
        'click button': function () {
          // increment the counter when button is clicked
          Session.set('counter', Session.get('counter') + 1);
        }
      });
    }
    
    if (Meteor.isServer) {
      Meteor.startup(function () {
        // code to run on server at startup
      });
    }
    


Comments

  • Registered Users, Registered Users 2 Posts: 6,262 ✭✭✭Buford T Justice


    Looks like front end client side code to me


  • Moderators, Society & Culture Moderators Posts: 17,643 Mod ✭✭✭✭Graham


    The server code shouldn't be visible in the client, the only thing that should be visible in the client is the client side code.

    Where did you find the sample code? It looks like an extended version of this: http://practical.meteor.com/


  • Registered Users, Registered Users 2 Posts: 6,288 ✭✭✭Talisman


    The client and server code should be in separate folders in your project. You could use a common folder to share code that is used on both the server and client side, for example you might have some common functions and collections.

    Having your server and client code in the same file is lunacy, from both a security and code optimisation perspective.


  • Registered Users, Registered Users 2 Posts: 3,078 ✭✭✭onemorechance


    The code is the hello world example from the cloud 9 ide application.
    if (Meteor.isClient) {
    
    }
    
    if (Meteor.isServer) {
    
    }
    

    isClient code executes if in web browser

    isServer code executes if in the server

    I have just read some more and my concerns have been alleviated!
    ...
    client

    Any directory named client is not loaded on the server. Similar to wrapping your code in if (Meteor.isClient) { ... }. All files loaded on the client are automatically concatenated and minified when in production mode. In development mode, JavaScript and CSS files are not minified, to make debugging easier. (CSS files are still combined into a single file for consistency between production and development, because changing the CSS file's URL affects how URLs in it are processed.)

    HTML files in a Meteor application are treated quite a bit differently from a server-side framework. Meteor scans all the HTML files in your directory for three top-level elements: <head>, <body>, and <template>. The head and body sections are separately concatenated into a single head and body, which are transmitted to the client on initial page load.

    server

    Any directory named server is not loaded on the client. Similar to wrapping your code in if (Meteor.isServer) { ... }, except the client never even receives the code. Any sensitive code that you don't want served to the client, such as code containing passwords or authentication mechanisms, should be kept in the server directory.

    Meteor gathers all your JavaScript files, excluding anything under the client, public, and private subdirectories, and loads them into a Node.js server instance. In Meteor, your server code runs in a single thread per request, not in the asynchronous callback style typical of Node. We find the linear execution model a better fit for the typical server code in a Meteor application.
    ...

    Source: docs.meteor.com > structuringyourapp

    Thanks for replies!


Advertisement