meteormeteor-accountsmeteor-publications

How to prevent Meteor's accounts-base from auto-publishing the email of the current user?


According to Meteor's documentation on the Accounts package:

By default, the current user’s username, emails and profile are published to the client.

Is it possible to prevent Meteor from auto-publishing these fields? I know it's just for the user that is logged in, but that user could take a walk or be online somewhere public.

This structure of the code seems to be defined in accounts_server.js (search for autopublish and email - lines 37 and 696).


Solution

  • The most straightforward way to do this is going to be to modify the value of Accounts._defaultPublishFields.projection and remove the emails key. An easy way to do this while keeping the other values is to use a combination of rest and spread like so:

    import { Accounts } from 'meteor/accounts-base';
    
    const { emails, ...fields } = Accounts._defaultPublishFields.projection;
    Accounts._defaultPublishFields.projection = { ...fields };
    

    Just make sure this runs on the server and you should be good to go.