From 17235b576bf18afb777c3289b54ebe71363c1fbc Mon Sep 17 00:00:00 2001
From: Nikita Lutsenko <nlutsenko@me.com>
Date: Tue, 1 Mar 2016 20:32:39 -0800
Subject: [PATCH] Use shared middleware to enforce master key on logs API.

---
 spec/LogsRouter.spec.js   | 32 +++++++++++++++-----------------
 src/Routers/LogsRouter.js | 33 ++++++++-------------------------
 2 files changed, 23 insertions(+), 42 deletions(-)

diff --git a/spec/LogsRouter.spec.js b/spec/LogsRouter.spec.js
index a8ef8b25..6a363a7d 100644
--- a/spec/LogsRouter.spec.js
+++ b/spec/LogsRouter.spec.js
@@ -1,3 +1,6 @@
+'use strict';
+
+const request = require('request');
 var LogsRouter = require('../src/Routers/LogsRouter').LogsRouter;
 var LoggerController = require('../src/Controllers/LoggerController').LoggerController;
 var FileLoggerAdapter = require('../src/Adapters/Logger/FileLoggerAdapter').FileLoggerAdapter;
@@ -45,23 +48,18 @@ describe('LogsRouter', () => {
     done();
   });
 
-  it('can check invalid master key of request', (done) => {
-    // Make mock request
-    var request = {
-      auth: {
-        isMaster: false
-      },
-      query: {},
-      config: {
-        loggerController: loggerController
+  it('can check invalid master key of request', done => {
+    request.get({
+      url: 'http://localhost:8378/1/logs',
+      json: true,
+      headers: {
+        'X-Parse-Application-Id': 'test',
+        'X-Parse-REST-API-Key': 'rest'
       }
-    };
-
-   var router = new LogsRouter();
-
-    expect(() => {
-      router.handleGET(request);
-    }).toThrow();
-    done();
+    }, (error, response, body) => {
+      expect(response.statusCode).toEqual(403);
+      expect(body.error).toEqual('unauthorized: master key is required');
+      done();
+    });
   });
 });
diff --git a/src/Routers/LogsRouter.js b/src/Routers/LogsRouter.js
index abd57944..27a9bd48 100644
--- a/src/Routers/LogsRouter.js
+++ b/src/Routers/LogsRouter.js
@@ -1,23 +1,11 @@
 import { Parse } from 'parse/node';
 import PromiseRouter from '../PromiseRouter';
-
-// only allow request with master key
-let enforceSecurity = (auth) => {
-  if (!auth || !auth.isMaster) {
-    throw new Parse.Error(
-      Parse.Error.OPERATION_FORBIDDEN,
-      'Clients aren\'t allowed to perform the ' +
-      'get' + ' operation on logs.'
-    );
-  }
-}
+import * as middleware from "../middlewares";
 
 export class LogsRouter extends PromiseRouter {
   
   mountRoutes() {
-    this.route('GET','/logs', (req) => {
-      return this.handleGET(req);
-    });
+    this.route('GET','/logs', middleware.promiseEnforceMasterKeyAccess, req => { return this.handleGET(req); });
   }
 
   // Returns a promise for a {response} object.
@@ -29,31 +17,26 @@ export class LogsRouter extends PromiseRouter {
   // size (optional) Number of rows returned by search. Defaults to 10
   handleGET(req) {
     if (!req.config || !req.config.loggerController) {
-      throw new Parse.Error(Parse.Error.PUSH_MISCONFIGURED,
-        'Logger adapter is not availabe');
+      throw new Parse.Error(Parse.Error.PUSH_MISCONFIGURED, 'Logger adapter is not available.');
     }
 
-    let promise = new Parse.Promise();
     let from = req.query.from;
     let until = req.query.until;
     let size = req.query.size;
     let order = req.query.order
     let level = req.query.level;
-    enforceSecurity(req.auth);
     
     const options = {
       from,
       until,
       size,
       order,
-      level,
-    }
+      level
+    };
     
-    return req.config.loggerController.getLogs(options).then((result) => {
-      return Promise.resolve({
-        response: result
-      });
-    })
+    return req.config.loggerController
+      .getLogs(options)
+      .then(result => ({ response: result }));
   }
 }