1. 技术文章
  2. Meteor.js: Get anonymous visitors unique ID/ip/whatever?

Meteor.js: Get anonymous visitors unique ID/ip/whatever?

∥☆過路亽.° 提交于 2019-12-18 11:26:49

问题


Let's say I'm building an app using meteor.js where I just collect some simple form data from users. Maybe an answer to a simple question or something. They don't need to log in to submit data.

How can I protect my app from someone creating a js-loop in their Chrome Console that just inserts crap into my DB?

I can protect removal and updates by doing this:

Formanswers.allow({
  insert: function () {
    return true;
  },
  update: function () {
    return false;
  },
  remove: function () {
    return false;
  },
});

And if the user was logged in (which as you remember is not the case in my app) I could timestamp each insert and check something like:

  insert: function (userId, doc) {
        if (userId && (Formanswers.findOnd({userid: userId, time: SOMETHING TIME SPECIFIC}).count() < 1)) return true;
  },

So my question is: is there any other way of getting a unique userId-thing or IP-address or something for an anonymous (not logged in) user so I can do the above check on him as well?

Thanks!


回答1:


You can use a meteorite package.

accounts-anonymous

https://github.com/tmeasday/meteor-accounts-anonymous

So you use

Meteor.loginAnonymously();

if the user visits your page for the first time, and use .allow to check what you need




回答2:


To get the ip address, the observatory (https://github.com/jhoxray/observatory) project uses this:

in coffee:

Meteor.userIP = (uid)->
  ret = {}
  if uid?
    s = ss for k, ss of Meteor.default_server.sessions when ss.userId is uid
    if s
      ret.forwardedFor = s.socket?.headers?['x-forwarded-for']
      ret.remoteAddress = s.socket?.remoteAddress
  ret

Which returns an object like { forwardedFor: '192.168.5.4', remoteAddress: '192.168.5.4' }




回答3:


Use a session or localStorage key. When the visitor submits the form check if the key has been set, and if it has, reject the insert.




回答4:


You can do something like this:

if (Meteor.isClient) {
    Meteor.startup(function () {
        Session.set('currentuser', 'something randomly generated by another function');
    }
}

and check if the 'currentuser' already has inserted in your database.



来源:https://stackoverflow.com/questions/14755563/meteor-js-get-anonymous-visitors-unique-id-ip-whatever

标签
meteor
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!