joe/kami-parse-server
Public Access
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Use shared middleware to enforce master key on logs API.

Browse Source
This commit is contained in:
Nikita Lutsenko
2016-03-01 20:32:39 -08:00
parent 806800c6fb
commit 17235b576b
2 changed files with 23 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
spec/LogsRouter.spec.js
View File

@@ -1,3 +1,6 @@
'use strict';
const request = require('request');
var LogsRouter = require('../src/Routers/LogsRouter').LogsRouter; var LogsRouter = require('../src/Routers/LogsRouter').LogsRouter;
var LoggerController = require('../src/Controllers/LoggerController').LoggerController; var LoggerController = require('../src/Controllers/LoggerController').LoggerController;
var FileLoggerAdapter = require('../src/Adapters/Logger/FileLoggerAdapter').FileLoggerAdapter; var FileLoggerAdapter = require('../src/Adapters/Logger/FileLoggerAdapter').FileLoggerAdapter;
@@ -45,23 +48,18 @@ describe('LogsRouter', () => {
done(); done();
}); });
it('can check invalid master key of request', (done) => { it('can check invalid master key of request', done => {
// Make mock request request.get({
var request = { url: 'http://localhost:8378/1/logs',
auth: { json: true,
isMaster: false headers: {
}, 'X-Parse-Application-Id': 'test',
query: {}, 'X-Parse-REST-API-Key': 'rest'
config: {
loggerController: loggerController
} }
}; }, (error, response, body) => {
expect(response.statusCode).toEqual(403);
var router = new LogsRouter(); expect(body.error).toEqual('unauthorized: master key is required');
expect(() => {
router.handleGET(request);
}).toThrow();
done(); done();
}); });
});
}); });

33
src/Routers/LogsRouter.js
View File

@@ -1,23 +1,11 @@
import { Parse } from 'parse/node'; import { Parse } from 'parse/node';
import PromiseRouter from '../PromiseRouter'; import PromiseRouter from '../PromiseRouter';
import * as middleware from "../middlewares";
// only allow request with master key
let enforceSecurity = (auth) => {
if (!auth || !auth.isMaster) {
throw new Parse.Error(
Parse.Error.OPERATION_FORBIDDEN,
'Clients aren\'t allowed to perform the ' +
'get' + ' operation on logs.'
);
}
}
export class LogsRouter extends PromiseRouter { export class LogsRouter extends PromiseRouter {
mountRoutes() { mountRoutes() {
this.route('GET','/logs', (req) => { this.route('GET','/logs', middleware.promiseEnforceMasterKeyAccess, req => { return this.handleGET(req); });
return this.handleGET(req);
});
} }
// Returns a promise for a {response} object. // Returns a promise for a {response} object.
@@ -29,31 +17,26 @@ export class LogsRouter extends PromiseRouter {
// size (optional) Number of rows returned by search. Defaults to 10 // size (optional) Number of rows returned by search. Defaults to 10
handleGET(req) { handleGET(req) {
if (!req.config || !req.config.loggerController) { if (!req.config || !req.config.loggerController) {
throw new Parse.Error(Parse.Error.PUSH_MISCONFIGURED, throw new Parse.Error(Parse.Error.PUSH_MISCONFIGURED, 'Logger adapter is not available.');
'Logger adapter is not availabe');
} }
let promise = new Parse.Promise();
let from = req.query.from; let from = req.query.from;
let until = req.query.until; let until = req.query.until;
let size = req.query.size; let size = req.query.size;
let order = req.query.order let order = req.query.order
let level = req.query.level; let level = req.query.level;
enforceSecurity(req.auth);
const options = { const options = {
from, from,
until, until,
size, size,
order, order,
level, level
} };
return req.config.loggerController.getLogs(options).then((result) => { return req.config.loggerController
return Promise.resolve({ .getLogs(options)
response: result .then(result => ({ response: result }));
});
})
} }
} }