meteorpublish-subscribemeteor-methods

What is the best practice for server-side code in Meteor?


I'm new to the world of coding and Web dev and for my first real project, I've started building a quiz web app using Meteor.

Long story short, the app basically displays a random question to the user, then takes in their answer and gets feedback (it's a bit more complicated than that, but for the purposes of this question, that's the main functionality).

I've managed to get it working, but pretty much everything (apart from account creation and that kind of stuff) is done on the client-side (such as getting the random qn) - which I'd imagine is not very secure..

I'd like to move most of the calculations and operations on the server, but I don't want to publish any of the Questions collection to the client, since that means the client can essentially change it and/or view the correct answer.

So, my question is, would it be considered 'bad practice' if I don't publish anything to the client (except their user document) and basically do everything through Meteor methods (called on the client, and executed server-side)?

I've already tried implementing it and so far everything's working fine, but was just wondering whether it's good practice. Would it hurt performance in any way?

I've searched online for a while, but couldn't really find a definitive answer, hence my post here... TIA


Solution

  • The below example pulled right from the documentation showing how to omit fields.

    // Server: Publish the `Rooms` collection, minus secret info...
    Meteor.publish('rooms', function () {
      return Rooms.find({}, {
        fields: { secretInfo: 0 }
      });
    });