Where would I find info about creating a user login system using meteor.js? Is there an existing library that I could use?
Asked
Active
Viewed 1.0k times
5 Answers
8
UPDATE 4: And Meteor now has full support for accounts, users, etc
UPDATE 3: Since v0.5.0, Meteor supports authentication and allow/deny rules on collections. See http://docs.meteor.com/#allow for info. Thanks, @Dan Dascalescu !
Update 2: As Greg points out, you actually can lock down the CRUD methods by overriding them with empty functions (more info here: https://stackoverflow.com/a/10116342/1180471). So while I assume the auth functionality will make things simpler, you can already roll your own with relatively low effort.
Original answer kept for historic purposes: AFAIK meteor doesn't provide a way to do this yet since there is no way to lock down (part of) the database, so for the moment the only way to do it in a secure way is to bypass meteor and either: - drop down to node and use a seperate database or authentication API - use HTTP authentication I imagine this is pretty high up on their todo list, though...
Update 1: They already started implementing, you can see the code in the livedata-auth branch: https://github.com/meteor/meteor/compare/master...livedata-auth
-
2This answer is false, you can lock down the database in current meteor. http://stackoverflow.com/questions/10115042/how-do-you-secure-the-client-side-mongodb-api/ – greggreg Apr 27 '12 at 15:42
-
Indeed, my information was wrong... Nice test to see if I can remove my answer from SO. Apologies to Dan; I probably shouldn't answer Meteor questions based on the documentation I know about. – Dirk Apr 29 '12 at 17:01
-
1@Dirk: I suggested an edit to reflect that now Meteor supports authentication and allow/deny rules on DB writes, but some [luminary moderators rejected it](http://stackoverflow.com/review/suggested-edits/935137). Might you update the answer, since it's the top and accepted one? – Dan Dascalescu Nov 05 '12 at 00:08
7
In the meantime, Meteor has implemented a full authentication and user management system, complete with a UI for easy login using popular OAuth services (Google, Facebook, GitHub, Twitter, Weibo).
avital
- 1,542
- 11
- 15
Dan Dascalescu
- 143,271
- 52
- 317
- 404
1
It actually isn't too hard to do some simple auth in meteor. The blogging system britto has it setup. Essentially you, restrict the database from the client, then use an api key to make requests to server side methods.
restricting client db access: How do you secure the client side MongoDB API?
britto server code: https://github.com/jonathanKingston/britto/blob/master/server/server-britto.js
in the britto source, take a look at the methods create user and login user
-
You also need to restrict the database from client side inserts too: https://github.com/jonathanKingston/britto/blob/master/server/startup.js See line two of that or N1mmy's comment on the first link above. Beyond that as Greg said its pretty easy just make sure you don't blur the line between client and server or trust any info back from the browser. Cheers for the credit Greg :). – jonathanKingston Apr 28 '12 at 01:34
-
You can read more about Britto's security here: http://britto.co/blog/security_with_meteor – dbau May 05 '12 at 10:38
-
These hacks are fortunately [no longer necessary](http://stackoverflow.com/a/13224370/1269037) – Dan Dascalescu Nov 05 '12 at 00:11
1
You can find a working example of a user login system I've created for Meteor over at https://github.com/matb33/meteor-userauth.
You'll need Meteor > 0.3.5, so as of this writing you'll need to run the devel branch of meteor.
matb33
- 2,820
- 1
- 19
- 28
0
And you can also build a custom login system with Meteor very easily. See my notes: http://meteorhacks.com/extending-meteor-accounts.html
Arunoda Susiripala
- 2,516
- 1
- 25
- 30