Node.js

How to properly protect business logic in SPA?

SPA on ReactJS, Flux architecture, NodeJS + Express server.
The user from the front presses the button. I need the following to happen: we take a certain value from the database (read-only by the user), pass through a couple of simple js functions and save the resulting value to another database table (read-only by the user).
All this should happen in such a way that the user cannot simply change the same js functions on his client and thus affect the output result.
I just started to get acquainted with this, so the answer may be quite simple for knowledgeable people)
ps. database on baas backendless if this information is important
upd1
I don't want to do it on the client side. I described an example of what is now and ask: how and what to transfer to the server?
I believe that there should be something like the following: a json object is somehow sent to the server containing information about what and how the user clicked from the front. The server in response to this uses the data from this json object, on its side passes it through the very functions and sends it to the desired database table. I think this is all related to the topic of "building a server API". I haven't touched on this topic yet. Any advice on what to read/watch?