Comments (12)
Could you please post your config set and some code you are using for File.Collection?
from meteor-files.
My code is almost the same than the demo.
Collection config
Collections.files = new Meteor.Files
debug: false
throttle: 256*256*64
chunkSize: 256*256*4
storagePath: '/Volumes/HD/mac/storage'
collectionName: 'uploadedFiles'
allowClientCode: false
protected: ->
if Meteor.isClient
return true
else if @request
fileId = @request.originalUrl.match(/\/([^\/]*)\..*/)[1]
file = Collections.files.findOne(fileId)
console.log @userId #undefined
console.log @user() #undefined
# Place for advanced permission checking
# Need to compare file.meta.userId with http session's user
# As well as other security checking
return false
File insertion
template.uploadInstance.set Collections.files.insert
file: files[0]
meta: {userId: Meteor.userId(), theme: theme, expireAt: new Date(created_at + _app.storeTTL), created_at, downloads: 0}
onUploaded: (error, fileObj) ->
done = true
Meteor.call "convert", fileObj
template.error.set error.reason if error
template.uploadInstance.set false
onAbort: ->
done = true
template.uploadInstance.set false
onBeforeUpload: -> if @size <= 100000 * 10 * 128 then true else "Max. file size is 128MB you've tried to upload #{filesize(@size)}"
streams: 8
false
from meteor-files.
@boloeng thank you for issue, we already fix it, please update.
Now you don't need to find a file in DB, as it's object passed as argument into protected
callback
Please confirm fix on your end
from meteor-files.
Unfortunately this does not work on my side. User variables are still undefined. I also looked at the new API which is nice. I'm probably missing something but I don't understand its behavior, see code below. Thanks.
protected: (fileObj) ->
if Meteor.isClient
return true
else if @request
#fileId = @request.originalUrl.match(/\/([^\/]*)\..*/)[1]
#file = Collections.files.findOne(fileId)
console.log @userId #undefined
console.log @user() #undefined
# Place for advanced permission checking
# I don't understand the behaviour of the next two lines
console.log "File", fileObj # fileObj is null if the next return call is false ??
return true # If true, fileObj is set in the previous line
from meteor-files.
- When you return false any further execution is stopped and server returns 401
- Is
accounts-base
andaccounts-password
installed?
from meteor-files.
- I understand but how the returned value can have an effect on the previous line? Maybe something about under the hood asynchronous wrapping?
- Yes
from meteor-files.
- Nope no async wrap, or anything like this. It just destroys internal objects if you return
false
to avoid any further security leaks. - If you have all set up, more reasonably to think what you actually not logged in. What do you have in
@request.Cookies.cookies
and@request.headers.cookie
and@params
?
from meteor-files.
- Looks to be correctly logged in:
console.log @userId #undefined
console.log @user() #undefined
console.log @request.Cookies.cookies
console.log @request.headers.cookie
gives
I20151110-14:07:29.813(1)? undefined
I20151110-14:07:29.813(1)? undefined
I20151110-14:07:29.813(1)? { meteor_login_token: '7G64y9zbVkDWj7qE1yM1fLP1hq0BzuHladR32rf3IUh' }
I20151110-14:07:29.814(1)? meteor_login_token=7G64y9zbVkDWj7qE1yM1fLP1hq0BzuHladR32rf3IUh
from meteor-files.
Hmmm... Turn on debug
mode and post here full console output (try for example upload, then access file as logged-in user, and then as unauthorised user (for example from incognito window))
from meteor-files.
Cause we used it on production, this feature well-tested and must work
from meteor-files.
Oh, and what about @params
? (this actually shows if file is found and picked up by package)
from meteor-files.
@params
is ok.
I tried to reproduce the problem on a fresh fork of your demo and it works as expected. So I need to investigate what's wrong with my main project. Thanks for your help.
from meteor-files.
Related Issues (20)
- ENOENT: no such file or directory, mkdir HOT 18
- onBeforeUpload and other functions should be able to be asynchronous HOT 1
- Custom Endpoint for MinIO ? HOT 2
- What defines the filename of the saved file? HOT 2
- Async support HOT 23
- [FilesCollection.ServiceFile] Path "/assets/app/uploads/ServiceFileCollection" is not writable! HOT 2
- How to change item metadata before it is inserted into the collection? HOT 9
- How do I update a filesCollection after Server side Write created? HOT 1
- Get user ip on upload HOT 9
- Since Meteor 2.11 - Exception in setTimeout callback: TypeError: fs.remove is not a function HOT 9
- Question: Can you store directly in GridFS? HOT 2
- Question: Save link in database?
- Update aws-sdk to v3 in 'Use AWS:S3 As Storage' Documentation HOT 4
- Files.load -> options.fileName is not in filepath HOT 2
- FilesCollection.find(...).each() not working properly? HOT 1
- HTTP uploads not working, multi-instance/cluster environment NGINX balanced HOT 5
- onAfterUpload not throwing error in uploader.on('end') HOT 5
- Cannot stream a video with filenames longer than 80 characters HOT 1
- wrong custom error message when using HTTP
- Make Meteor-Files compatible with meteor-desktop? HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from meteor-files.