问题
Given the following method definition,
Meteor.methods({
myMethod : function(foo) {
//Checking the only argument
check(foo, String)
return true
}
})
The method is very simple but it will sometimes fail:
Meteor.call('myMethod', 'foo', 'bar') //Exception : did not check all arguments
What is happening?
回答1:
audit-argument-checks does not make sure that you have checked all arguments that you have defined, it makes sure that you have checked all arguments that were passed.1
Consider the following examples :
Meteor.methods({
whale : function(foo) {
return 'Hello ground!'
}
})
If from the client we call this method, here is what happens on the server:
Meteor.call('whale') //Nothing happens
Meteor.call('whale', 'foo') //Exception
Passing no parameters means that no exception of audit-argument-checks will ever appear if no check has been written.
However, this also means that passing too many parameters will make your method throw.
Meteor.methods({
ground : function(whale) {
check(whale, Patterns.cetacea)
answerTo(whale)
}
})
Meteor.call('ground', MobyDick) //All is fine
Meteor.call('ground', MobyDick, true) //Exception
If you are having an issue with this it means you are doing your stuff wrong: The client is passing arguments you are not aware of. If it happens during development it means that you don't know which arguments are being passed to your methods which could be an issue.
It can also happen that installed packages use methods with more parameters than expected. Refer to their respective documentations to know exactly what parameters are passed (or just write console.log(arguments)) so that you can make sure to write proper secure code.2
1 : See https://github.com/meteor/meteor/blob/devel/packages/ddp-server/livedata_server.js#L1686
2 : Or just write dirty insecure code - check(arguments, [Match.any]) as per the docs
来源:https://stackoverflow.com/questions/32831024/why-does-audit-argument-checks-raise-an-exception-when-all-arguments-seem-checke