Advanced JavaScript: Environment Setup, DB integration and Securing Client in MeteorJS

This tutorial is in continuation with previous tutorial. If you are new here, read first chapter of this series Advanced JavaScript: Introduction To Server Side JavaScript Using Meteor before reading this tutorial.

I will be skipping traditional TO DO app tutorial here, as you can find it anywhere on web. Rather, I will try to explain few scenarios that developers come across while developing apps using JavaScript frameworks in real-time.

In this tutorial we will be covering

  • Setting up development environment for Meteor?
  • How to integrate your Meteor application with Mongo DB?
  • How to secure your Meteor application?

Setting up development environment for Meteor
Most popular IDEs like Sublime, Webstorm and on-cloud IDE- Cloud 9 integrates seamlessly with Meteor. I am a fan of Sublime so I will explain how to set up autocomplete engine into Sublime Text 3. You can visit Meteor website and setup your own IDE.
Open Sublime Text-

  1. From menu bar select preferences-> Settings -Users
  2. If you have not made any changes from time you installed Sublime replace contents of file with following code-
  3. {
    	"color_scheme": "Packages/Color Scheme - Default/Sunburst.tmTheme",
    	"font_size": 12,
    	"ignored_packages":
    	[
    	], 
    	"auto_complete_triggers": [ { "characters": "<", "selector": "text.html" }, { "characters": ".", "selector": "source.js" } ]
    }
    
  4. Now press Cmd/Ctrl+Shift+P and type Install. You will see ‘Package Control: Install Package’ in menu. Select it and press Enter. Now search for TernJS and click on it. Package will install automatically. Restart Sublime and you will see your Sublime just got smarter and it can autocomplete Meteor code for you.

loading-library-sublime

How to integrate your Meteor application with Mongo DB?
We already have Meteor code running on local server. Now let’s add DB support. Meteor comes bundled with MongoDB so you don’t need to include it again, still if you wish you can do custom setup but let’s not discuss it in this tutorial as pre bundle itself is self-sufficient to create end-end application.

  1. Lets create Fishes collection.
    Fishes = new Mongo.Collection("fishes");
    

    It creates a MongoDB collection called Fishes and creates a cache connected to server.

  2. Replace if (Meteor.isClient) with this code
    if (Meteor.isClient) {
      // This code only runs on the client
      Template.body.helpers({
        fishes: function () {
          return Fishes.find({});
        }
      });
    }
    }
  3. From terminal type
    meteor mongo
  4. meteor-mongo-terminal

  5. Now write this insert query to add a new fish

    db.fishes.insert({ text: "pygmy angelfish",imageurl:"http://www.seascapestudio.net/reference/fishes/centropyge_argi.jpg", createdAt: new Date() });
  6. check-db-for-fishes
    mongo-insert-singleton

  7. Now go to http://localhost:3000 and check if you are can see live fish coming from live data. If yes, you just added DB connectivity to your meteor application.

Now add some more blue fishes to grow your list-

db.fishes.insert({ text: "pygmy angelfish",imageurl:"http://www.seascapestudio.net/reference/fishes/centropyge_argi.jpg", createdAt: new Date() });
db.fishes.insert({ text: "blue dot grouper",imageurl:"http://www.richard-seaman.com/Underwater/Egypt/Highlights/PeacockGrouper.jpg", createdAt: new Date() });
db.fishes.insert({ text: "blue line grouper",imageurl:"http://www.aquariumdomain.com/images/fish_marine/grouper_blueline2.jpg", createdAt: new Date() });
db.fishes.insert({ text: "teira batfish",imageurl:"http://www.aquariumdomain.com/images/fish_marine/tieraBatfish8.jpg", createdAt: new Date() });
db.fishes.insert({ text: "convict blenny",imageurl:"http://www.roslyndakin.com/wp-content/uploads/2011/01/convictadult.jpg", createdAt: new Date() });

How to secure your application?
One of main concern while using JavaScript for both server and client side code is security. Try running following code from console:

Fishes.insert({ text: "Fighter",imageurl:"http://bongotimes.com/wp-content/uploads/2014/11/beautiful-fish.png", createdAt: new Date() });

From MongoDB console run

db.fishes.find()

and you will see both client and server have a new beautiful red fighter fish. If you noticed, you were able to alter DB using Javascript without authenticating with server which is a security breach. This is beacause Meteor has insecure package selected by default.

  1. To remove insecure package navigate to your project folder in Command Line /Terminal and run-
  2. meteor remove insecure
    

    meteor-remove-unsecure

  3. Now enable the accounts system and UI using following command from root directory of project-
  4. meteor add accounts-ui accounts-password

    accounts-addition
    I find package control really useful. They make your life lot easier by taking care of entire setup for useful technical modules, as in this example entire user management. Few years back implementing secured login module was estimated around 100 hours which came down to 1 minute with recent advancement in web technologies.

  5. Now add login buttons to your app. Paste following blaze template anywhere in code. I will paste it in header.
  6. {{> loginButtons}}
    
  7. Now signup for new account and run this command from console-
  8. if (! Meteor.userId()) {
          throw new Meteor.Error("not-authorized");
        }
    Fishes.insert({ text: "Fighter",imageurl:"http://bongotimes.com/wp-content/uploads/2014/11/beautiful-fish.png", createdAt: new Date() });
    

    meteor-not-authenticated

    You will notice you are not able to insert data any more. Meteor.user() will return user data to you.

We will discuss security, Blaze templates and routing in detail in next chapter of this tutorial. Till then Happy Coding!

Now you can follow this tutorial on GitHub.

References-
https://github.com/Slava/tern-meteor-sublime

Images credits-
http://bongotimes.com/

Advertisements

Advanced Javascript: Introduction To Server Side Javascript Using Meteor

Server Side Javascript has come long way, and after launch of Node.js in July 2011 gained lot of popularity as idea of using same language on client and server bought in code and software architecture uniformity in software applications. Even though Brendan Neich‘s Netscape already had vision to use same programming language on client and server but at that time people were using Pentium I/II processors which were not powerful enough to support Javascript Interpreters. In case you don’t know Brendan Neich he’s creator of Javascript and co-founder of Mozilla. In present generation of more than 2 billion smartphones you can get Phone with 1.2 GHz processor for less than $40. Seeing boom in processing speed of devices software developers started integrating Javascript interpreters like SpiderMonkey & Rhino in their applications. Some started using Jaxter server that embeds entire Mozilla Firefox Browser Engine in web server giving access to Ajax and Javascript within application.

Now when we have brief history of Javascript let me explain how to setup Meteor and create a simple server side Javascript application.

Go to this link and install Meteor.

Once you are done with setup go to command like and create a directory named bluefish if you would like to follow remaining series of tutorial.

Nikhils-MacBook-Pro:bluefish nikhil$ meteor create bluefish
Created a new Meteor app in 'bluefish'.
Nikhils-MacBook-Pro:bluefish nikhil$ cd bluefish/
Nikhils-MacBook-Pro:bluefish nikhil$ meteor
Started proxy.
Started MongoDB.
Started your app.  
App running at: http://localhost:3000/

Screen Shot 2015-10-24 at 4.10.07 pm Screen Shot 2015-10-24 at 4.16.08 pm

Now navigate to http://localhost:3000/ and if everything if fine you will see following webpage-
Screen Shot 2015-10-24 at 5.07.16 pm

Now you can use your favourite code editor to change HTML and CSS and see if changes are getting reflected in your application without refreshing browser. If you can see updated HTML in your browser, congrats you deployed your first Javacsript Server Side Application. It’s called hot code push.

Now lets dig in a little and make our first bluefish list.

Edit your HTML and change it to

<head>
  <title>bluefish!</title>
</head>
 
<body>
  <div class="container">
    <header>
      <h1>bluefish!</h1>
    </header>
 
    <ul>
      {{#each fishes}}
        {{> fish}}
      {{/each}}
    </ul>
  </div>
</body>
 
<template name="fish">
  <li><img src={{imageurl}} height="80" width="100"/>{{text}}</li>

</template>

Change your Javascript to

if (Meteor.isClient) {
  // This code only runs on the client
  Template.body.helpers({
    fishes: [
      { text: "pygmy angelfish",imageurl:"http://www.seascapestudio.net/reference/fishes/centropyge_argi.jpg" },
      { text: "blue dot grouper",imageurl:"http://www.richard-seaman.com/Underwater/Egypt/Highlights/PeacockGrouper.jpg" },
      { text: "blue line grouper",imageurl:"http://www.aquariumdomain.com/images/fish_marine/grouper_blueline2.jpg" },
      {text:  "teira batfish",imageurl:"http://www.aquariumdomain.com/images/fish_marine/tieraBatfish8.jpg"},
      {text:  "convict blenny",imageurl:"http://www.roslyndakin.com/wp-content/uploads/2011/01/convictadult.jpg"}
    ]
  });
}

You can write your custom styling in CSS file.

Screen Shot 2015-10-24 at 5.02.14 pm

For further information, visit https://www.meteor.com/tutorials/ or wait for next chapter of tutorial. Happy coding!

Image credits-

http://www.seascapestudio.net/
http://www.richard-seaman.com/
http://www.aquariumdomain.com/
http://www.aquariumdomain.com/
http://www.roslyndakin.com/

References-
https://developer.mozilla.org/ja/docs/Web/JavaScript/Server-Side_JavaScript
https://www.meteor.com/