joe/kami-parse-server
Public Access
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add master key override to live query ACL checks (#4133)

Browse Source 
* Add master key override to live query ACL checks

* Fix mockClient so masterKey tests work correctly
This commit is contained in:
Jeremy May
2017-09-09 13:26:18 -04:00
committed by Florent Vilmart
parent 52c4dd3704
commit 121d151af9
3 changed files with 103 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/LiveQuery/Client.js
View File

@@ -8,6 +8,7 @@ const dafaultFields = ['className', 'objectId', 'updatedAt', 'createdAt', 'ACL']
class Client {
id: number;
parseWebSocket: any;
hasMasterKey: boolean;
userId: string;
roles: Array<string>;
subscriptionInfos: Object;
@@ -20,9 +21,10 @@ class Client {
pushDelete: Function;
pushLeave: Function;
constructor(id: number, parseWebSocket: any) {
constructor(id: number, parseWebSocket: any, hasMasterKey: boolean) {
this.id = id;
this.parseWebSocket = parseWebSocket;
this.hasMasterKey = hasMasterKey;
this.roles = [];
this.subscriptionInfos = new Map();
this.pushConnect = this._pushEvent('connected');

18
src/LiveQuery/ParseLiveQueryServer.js
View File

@@ -310,8 +310,8 @@ class ParseLiveQueryServer {
}
_matchesACL(acl: any, client: any, requestId: number): any {
// If ACL is undefined or null, or ACL has public read access, return true directly
if (!acl || acl.getPublicReadAccess()) {
// Return true directly if ACL isn't present, ACL is public read, or client has master key
if (!acl || acl.getPublicReadAccess() || client.hasMasterKey) {
return Parse.Promise.as(true);
}
// Check subscription sessionToken matches ACL first
@@ -403,7 +403,8 @@ class ParseLiveQueryServer {
logger.error('Key in request is not valid');
return;
}
const client = new Client(this.clientId, parseWebsocket);
const hasMasterKey = this._hasMasterKey(request, this.keyPairs);
const client = new Client(this.clientId, parseWebsocket, hasMasterKey);
parseWebsocket.clientId = this.clientId;
this.clientId += 1;
this.clients.set(parseWebsocket.clientId, client);
@@ -411,6 +412,17 @@ class ParseLiveQueryServer {
client.pushConnect();
}
_hasMasterKey(request: any, validKeyPairs: any): boolean {
if(!validKeyPairs || validKeyPairs.size == 0 ||
!validKeyPairs.has("masterKey")) {
return false;
}
if(!request || !request.hasOwnProperty("masterKey")) {
return false;
}
return request.masterKey === validKeyPairs.get("masterKey");
}
_validateKeys(request: any, validKeyPairs: any): boolean {
if (!validKeyPairs || validKeyPairs.size == 0) {
return true;