当所有参数似乎都已检查时，为什么审计参数检查会引发异常？

鉴于以下方法定义，

Meteor.methods({
  myMethod : function(foo) {
    //Checking the only argument
    check(foo, String)
    return true
  }
})

方法很简单，但有时会失败：

Meteor.call('myMethod', 'foo', 'bar') //Exception : did not check all arguments

怎么了？

audit-argument-checks does not make sure that you have checked all arguments that you have defined, it makes sure that you have checked all arguments that were passed.¹

考虑以下示例：

Meteor.methods({
  whale : function(foo) {
    return 'Hello ground!'
  }
})

如果我们从客户端调用此方法，则服务器上会发生以下情况：

Meteor.call('whale') //Nothing happens
Meteor.call('whale', 'foo') //Exception

不传递参数意味着没有例外audit-argument-checks如果没有的话就会出现check已被写入。

然而，这也意味着传递太多参数会让你的方法抛出异常。

Meteor.methods({
  ground : function(whale) {
    check(whale, Patterns.cetacea)
    answerTo(whale)
  }
})

Meteor.call('ground', MobyDick) //All is fine
Meteor.call('ground', MobyDick, true) //Exception

如果您遇到此问题，则意味着您做错了事情：客户端正在传递您不知道的参数。如果在开发过程中发生这种情况，则意味着您不知道哪些参数被传递给您的方法，这可能是一个问题。

It can also happen that installed packages use methods with more parameters than expected. Refer to their respective documentations to know exactly what parameters are passed (or just write console.log(arguments)) so that you can make sure to write proper secure code.²

¹ : See https://github.com/meteor/meteor/blob/devel/packages/ddp-server/livedata_server.js#L1686
² : Or just write dirty insecure code - check(arguments, [Match.any]) as per the docs