Best way to detect when a function is called from

I would like to know the best way to detect when a method or function is directly called through the console. As far as I currently understand, it's not possible to directly detect it on identical function calls, but using the .call() and .apply() methods of a function I can pass additional data through the this object.

Given the following code structure:

(function(){
    var Player = {money: 0};
    window.giveMoney = function(amount){
        if (this.legit !== true)
            throw new Error("Don't try to cheat!");

        Player.money += amount;
    }
})();

I could call the function using

window.giveMoney.call({legit: true}, 300);

in my actual code to tell a direct call from the console and my own code apart, but this is obviously not fool-proof, since the same code can also be executed from the console to achieve the desired effect.

I would want a way to be able to call the function from both places and then tell the locations of the call apart. If there's no way to do that, what's the best way to try and prevent the execution anyway? Is it best to just not expose any methods at all, and keep everything inside a single closed-off anonymous function?

标签： javascript google-chrome-devtools function-calls ie-developer-tools firefox-developer-tools

3条回答

闹够了就滚

2楼-- · 2019-04-02 03:40

You can spool all function calls through a central access point with a boolean variable, that can serve as a indicator whether the call is from a console or not....

var maths = {
    add: function(p1,p2)
    {
        console.log(p1,p2);
    }
}

var invoker = {
    invoke: function(fu,isconsole)
    {
        if(isconsole)
        {
            console.log("Called from console");
        }

        //invokes the function with all parameters intact
        fu;
    }
}

//Call without console
invoker.invoke(maths.add(2,3));

//Call with console
invoker.invoke(maths.add(2,3),true);

Hope it helps!!!

0人赞添加讨论(0) 举报

\"骚年 ilove

3楼-- · 2019-04-02 03:41

To prevent global access make sure your code is in a closure. If you want to expose an API you can do so using the module pattern.

Closure

(function() {
  var Game = {};
  Game.giveMoney = function(money) {
    console.log('Gave money (' + money + ')');
  };
})();

Wrap all your private code in an IIFE (Immediately Invoked Function Expression) which will lock it up into a closure.

Module

Then expose only custom functions back out of the closure so you can use them on the console (with supervision of course).

window.Game = (function() {
  var player = {
    money: 500;
  };
  player.giveMoney = function(money) {
    console.log('Gave money (' + money + ')');
    player.money += money;
  };
  player.takeMoney = function(money) {
    console.log('Took money (' + money + ')');
    player.money -= money;
  };

  return {
    giveMoney: function(money) {
      console.error('Don\'t Cheat! A fine was charged.');
      player.takeMoney(Math.floor(player.money / 0.05));
    }
  };
})();

window.Game.giveMoney(200);

0人赞添加讨论(0) 举报

老娘就宠你

4楼-- · 2019-04-02 03:57

You can use the monitor() command in the console to monitor when a function is called. https://developer.chrome.com/devtools/docs/commandline-api#monitorfunction

Just run monitor(functionName); and whenever the function is called it will output a message in the console.

0人赞添加讨论(0) 举报