joe/kami-parse-server
Public Access
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add master key override to live query ACL checks (#4133)

Browse Source 
* Add master key override to live query ACL checks

* Fix mockClient so masterKey tests work correctly
This commit is contained in:
Jeremy May
2017-09-09 13:26:18 -04:00
committed by Florent Vilmart
parent 52c4dd3704
commit 121d151af9
3 changed files with 103 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
src/LiveQuery/ParseLiveQueryServer.js
View File

@@ -310,8 +310,8 @@ class ParseLiveQueryServer {
}
_matchesACL(acl: any, client: any, requestId: number): any {
// If ACL is undefined or null, or ACL has public read access, return true directly
if (!acl || acl.getPublicReadAccess()) {
// Return true directly if ACL isn't present, ACL is public read, or client has master key
if (!acl || acl.getPublicReadAccess() || client.hasMasterKey) {
return Parse.Promise.as(true);
}
// Check subscription sessionToken matches ACL first
@@ -403,7 +403,8 @@ class ParseLiveQueryServer {
logger.error('Key in request is not valid');
return;
}
const client = new Client(this.clientId, parseWebsocket);
const hasMasterKey = this._hasMasterKey(request, this.keyPairs);
const client = new Client(this.clientId, parseWebsocket, hasMasterKey);
parseWebsocket.clientId = this.clientId;
this.clientId += 1;
this.clients.set(parseWebsocket.clientId, client);
@@ -411,6 +412,17 @@ class ParseLiveQueryServer {
client.pushConnect();
}
_hasMasterKey(request: any, validKeyPairs: any): boolean {
if(!validKeyPairs || validKeyPairs.size == 0 ||
!validKeyPairs.has("masterKey")) {
return false;
}
if(!request || !request.hasOwnProperty("masterKey")) {
return false;
}
return request.masterKey === validKeyPairs.get("masterKey");
}
_validateKeys(request: any, validKeyPairs: any): boolean {
if (!validKeyPairs || validKeyPairs.size == 0) {
return true;