heschong/flexible_publications.js

## flexible_publications.js
/*
 * This is a simple pattern for a flexible publication mechanism, for feedback purposes
 */


// ... on client and server
MyCollection = new Mongo.Collection('mycollection');


// ... on the server

/*
 * This function allows us to check to see if a MongoDB query object is
 * relatively safe from NoSQL injection attempts
 *
 * Usage via a check function:
 *
 * check(arg, Match.Where(safeQuery));
 */
safeQuery = function(value) {
    return !EJSON.stringify(value).match(/\"\$(where|inc|mul|rename|setOnInsert|set|unset|currentDate)\"/g);
}

// Publish a document set with the client's dynamic specifiers
Meteor.publish('mycollection', function(where) {
  check(where, Match.Where(safeQuery));
  return MyCollection.find(where);
});


// ... On the client

// Subscribe to all the documents matching { some: 'criteria' }
Meteor.subscribe('mycollection', { some: 'criteria' });
var stuff = MyCollection.find({ someMore: 'criteria' });
	/*
	* This is a simple pattern for a flexible publication mechanism, for feedback purposes
	*/




	// ... on client and server
	MyCollection = new Mongo.Collection('mycollection');




	// ... on the server

	/*
	* This function allows us to check to see if a MongoDB query object is
	* relatively safe from NoSQL injection attempts
	*
	* Usage via a check function:
	*
	* check(arg, Match.Where(safeQuery));
	*/
	safeQuery = function(value) {
	return !EJSON.stringify(value).match(/\"\$(where\|inc\|mul\|rename\|setOnInsert\|set\|unset\|currentDate)\"/g);
	}

	// Publish a document set with the client's dynamic specifiers
	Meteor.publish('mycollection', function(where) {
	check(where, Match.Where(safeQuery));
	return MyCollection.find(where);
	});




	// ... On the client

	// Subscribe to all the documents matching { some: 'criteria' }
	Meteor.subscribe('mycollection', { some: 'criteria' });
	var stuff = MyCollection.find({ someMore: 'criteria' });