joe/kami-parse-server
Public Access
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add support for http basic auth (#1706)

Browse Source 
* add support for http basic auth

* update http auth per flovilmart feedback
This commit is contained in:
Hussam Moqhim
2016-05-18 22:06:37 -05:00
committed by Drew
parent 4d4361451c
commit 03108e6347
2 changed files with 71 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
spec/index.spec.js
View File

@@ -13,6 +13,30 @@ describe('server', () => {
done(); done();
}); });
it('support http basic authentication with masterkey', done => {
request.get({
url: 'http://localhost:8378/1/classes/TestObject',
headers: {
'Authorization': 'Basic ' + new Buffer('test:' + 'test').toString('base64')
}
}, (error, response, body) => {
expect(response.statusCode).toEqual(200);
done();
});
});
it('support http basic authentication with javascriptKey', done => {
request.get({
url: 'http://localhost:8378/1/classes/TestObject',
headers: {
'Authorization': 'Basic ' + new Buffer('test:javascript-key=' + 'test').toString('base64')
}
}, (error, response, body) => {
expect(response.statusCode).toEqual(200);
done();
});
});
it('fails if database is unreachable', done => { it('fails if database is unreachable', done => {
setServerConfiguration({ setServerConfiguration({
databaseURI: 'mongodb://fake:fake@ds043605.mongolab.com:43605/drew3', databaseURI: 'mongodb://fake:fake@ds043605.mongolab.com:43605/drew3',

47
src/middlewares.js
View File

@@ -28,6 +28,14 @@ function handleParseHeaders(req, res, next) {
restAPIKey: req.get('X-Parse-REST-API-Key') restAPIKey: req.get('X-Parse-REST-API-Key')
}; };
var basicAuth = httpAuth(req);
if (basicAuth) {
info.appId = basicAuth.appId
info.masterKey = basicAuth.masterKey || info.masterKey;
info.javascriptKey = basicAuth.javascriptKey || info.javascriptKey;
}
if (req.body) { if (req.body) {
// Unity SDK sends a _noBody key which needs to be removed. // Unity SDK sends a _noBody key which needs to be removed.
// Unclear at this point if action needs to be taken. // Unclear at this point if action needs to be taken.
@@ -144,6 +152,45 @@ function handleParseHeaders(req, res, next) {
}); });
} }
function httpAuth(req) {
if (!(req.req || req).headers.authorization)
return ;
var header = (req.req || req).headers.authorization;
var appId, masterKey, javascriptKey;
// parse header
var authPrefix = 'basic ';
var match = header.toLowerCase().indexOf(authPrefix);
if (match == 0) {
var encodedAuth = header.substring(authPrefix.length, header.length);
var credentials = decodeBase64(encodedAuth).split(':');
if (credentials.length == 2) {
appId = credentials[0];
var key = credentials[1];
var jsKeyPrefix = 'javascript-key=';
var matchKey = key.indexOf(jsKeyPrefix)
if (matchKey == 0) {
javascriptKey = key.substring(jsKeyPrefix.length, key.length);
}
else {
masterKey = key;
}
}
}
return {appId: appId, masterKey: masterKey, javascriptKey: javascriptKey};
}
function decodeBase64(str) {
return new Buffer(str, 'base64').toString()
}
var allowCrossDomain = function(req, res, next) { var allowCrossDomain = function(req, res, next) {
res.header('Access-Control-Allow-Origin', '*'); res.header('Access-Control-Allow-Origin', '*');
res.header('Access-Control-Allow-Methods', 'GET,PUT,POST,DELETE,OPTIONS'); res.header('Access-Control-Allow-Methods', 'GET,PUT,POST,DELETE,OPTIONS');