joe/kami-parse-server
Public Access
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'master' into session-token

Browse Source 
# Conflicts:
#	src/users.js
This commit is contained in:
Francis Lessard
2016-02-12 15:53:38 -05:00
parent 56552537a1 5efb759bd2
commit 175d16afdc
20 changed files with 879 additions and 160 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
README.md
View File

@@ -38,8 +38,9 @@ The client keys used with Parse are no longer necessary with parse-server. If y
#### Advanced options: #### Advanced options:
* filesAdapter - The default behavior (GridStore) can be changed by creating an adapter class (see `FilesAdapter.js`) * filesAdapter - The default behavior (GridStore) can be changed by creating an adapter class (see [`FilesAdapter.js`](https://github.com/ParsePlatform/parse-server/blob/master/src/Adapters/Files/FilesAdapter.js))
* databaseAdapter (unfinished) - The backing store can be changed by creating an adapter class (see `DatabaseAdapter.js`) * databaseAdapter (unfinished) - The backing store can be changed by creating an adapter class (see `DatabaseAdapter.js`)
* loggerAdapter - The default behavior/transport (File) can be changed by creating an adapter class (see [`LoggerAdapter.js`](https://github.com/ParsePlatform/parse-server/blob/master/src/Adapters/Logger/LoggerAdapter.js))
--- ---

3
package.json
View File

@@ -23,7 +23,8 @@
"node-gcm": "^0.14.0", "node-gcm": "^0.14.0",
"parse": "^1.7.0", "parse": "^1.7.0",
"randomstring": "^1.1.3", "randomstring": "^1.1.3",
"request": "^2.65.0" "request": "^2.65.0",
"winston": "^2.1.1"
}, },
"devDependencies": { "devDependencies": {
"babel-cli": "^6.5.1", "babel-cli": "^6.5.1",

64
spec/FileLoggerAdapter.spec.js Normal file
View File

@@ -0,0 +1,64 @@
var FileLoggerAdapter = require('../src/Adapters/Logger/FileLoggerAdapter').FileLoggerAdapter;
var Parse = require('parse/node').Parse;
var request = require('request');
var fs = require('fs');
var LOGS_FOLDER = './test_logs/';
var deleteFolderRecursive = function(path) {
if( fs.existsSync(path) ) {
fs.readdirSync(path).forEach(function(file,index){
var curPath = path + "/" + file;
if(fs.lstatSync(curPath).isDirectory()) { // recurse
deleteFolderRecursive(curPath);
} else { // delete file
fs.unlinkSync(curPath);
}
});
fs.rmdirSync(path);
}
};
describe('info logs', () => {
afterEach((done) => {
deleteFolderRecursive(LOGS_FOLDER);
done();
});
it("Verify INFO logs", (done) => {
var fileLoggerAdapter = new FileLoggerAdapter({
logsFolder: LOGS_FOLDER
});
fileLoggerAdapter.info('testing info logs', () => {
fileLoggerAdapter.query({
size: 1,
level: 'info'
}, (results) => {
expect(results[0].message).toEqual('testing info logs');
done();
});
});
});
});
describe('error logs', () => {
afterEach((done) => {
deleteFolderRecursive(LOGS_FOLDER);
done();
});
it("Verify ERROR logs", (done) => {
var fileLoggerAdapter = new FileLoggerAdapter();
fileLoggerAdapter.error('testing error logs', () => {
fileLoggerAdapter.query({
size: 1,
level: 'error'
}, (results) => {
expect(results[0].message).toEqual('testing error logs');
done();
});
});
});
});

55
spec/LoggerController.spec.js Normal file
View File

@@ -0,0 +1,55 @@
var LoggerController = require('../src/Controllers/LoggerController').LoggerController;
var FileLoggerAdapter = require('../src/Adapters/Logger/FileLoggerAdapter').FileLoggerAdapter;
describe('LoggerController', () => {
it('can check valid master key of request', (done) => {
// Make mock request
var request = {
auth: {
isMaster: true
},
query: {}
};
var loggerController = new LoggerController(new FileLoggerAdapter());
expect(() => {
loggerController.handleGET(request);
}).not.toThrow();
done();
});
it('can check invalid construction of controller', (done) => {
// Make mock request
var request = {
auth: {
isMaster: true
},
query: {}
};
var loggerController = new LoggerController();
expect(() => {
loggerController.handleGET(request);
}).toThrow();
done();
});
it('can check invalid master key of request', (done) => {
// Make mock request
var request = {
auth: {
isMaster: false
},
query: {}
};
var loggerController = new LoggerController(new FileLoggerAdapter());
expect(() => {
loggerController.handleGET(request);
}).toThrow();
done();
});
});

89
spec/ParseFile.spec.js
View File

@@ -33,6 +33,95 @@ describe('Parse.File testing', () => {
}); });
}); });
it('supports REST end-to-end file create, read, delete, read', done => {
var headers = {
'Content-Type': 'image/jpeg',
'X-Parse-Application-Id': 'test',
'X-Parse-REST-API-Key': 'rest'
};
request.post({
headers: headers,
url: 'http://localhost:8378/1/files/testfile.txt',
body: 'check one two',
}, (error, response, body) => {
expect(error).toBe(null);
var b = JSON.parse(body);
expect(b.name).toMatch(/_testfile.txt$/);
expect(b.url).toMatch(/^http:\/\/localhost:8378\/1\/files\/test\/.*testfile.txt$/);
request.get(b.url, (error, response, body) => {
expect(error).toBe(null);
expect(body).toEqual('check one two');
request.del({
headers: {
'X-Parse-Application-Id': 'test',
'X-Parse-REST-API-Key': 'rest',
'X-Parse-Master-Key': 'test'
},
url: 'http://localhost:8378/1/files/' + b.name
}, (error, response, body) => {
expect(error).toBe(null);
expect(response.statusCode).toEqual(200);
request.get({
headers: {
'X-Parse-Application-Id': 'test',
'X-Parse-REST-API-Key': 'rest'
},
url: b.url
}, (error, response, body) => {
expect(error).toBe(null);
expect(response.statusCode).toEqual(404);
done();
});
});
});
});
});
it('blocks file deletions with missing or incorrect master-key header', done => {
var headers = {
'Content-Type': 'image/jpeg',
'X-Parse-Application-Id': 'test',
'X-Parse-REST-API-Key': 'rest'
};
request.post({
headers: headers,
url: 'http://localhost:8378/1/files/thefile.jpg',
body: 'the file body'
}, (error, response, body) => {
expect(error).toBe(null);
var b = JSON.parse(body);
expect(b.url).toMatch(/^http:\/\/localhost:8378\/1\/files\/test\/.*thefile.jpg$/);
// missing X-Parse-Master-Key header
request.del({
headers: {
'X-Parse-Application-Id': 'test',
'X-Parse-REST-API-Key': 'rest'
},
url: 'http://localhost:8378/1/files/' + b.name
}, (error, response, body) => {
expect(error).toBe(null);
var del_b = JSON.parse(body);
expect(response.statusCode).toEqual(403);
expect(del_b.error).toMatch(/unauthorized/);
// incorrect X-Parse-Master-Key header
request.del({
headers: {
'X-Parse-Application-Id': 'test',
'X-Parse-REST-API-Key': 'rest',
'X-Parse-Master-Key': 'tryagain'
},
url: 'http://localhost:8378/1/files/' + b.name
}, (error, response, body) => {
expect(error).toBe(null);
var del_b2 = JSON.parse(body);
expect(response.statusCode).toEqual(403);
expect(del_b2.error).toMatch(/unauthorized/);
done();
});
});
});
});
it('handles other filetypes', done => { it('handles other filetypes', done => {
var headers = { var headers = {
'Content-Type': 'image/jpeg', 'Content-Type': 'image/jpeg',

2
src/Adapters/Files/FilesAdapter.js
View File

@@ -14,6 +14,8 @@
export class FilesAdapter { export class FilesAdapter {
createFile(config, filename, data) { } createFile(config, filename, data) { }
deleteFile(config, filename) { }
getFileData(config, filename) { } getFileData(config, filename) { }
getFileLocation(config, filename) { } getFileLocation(config, filename) { }

11
src/Adapters/Files/GridStoreAdapter.js
View File

@@ -20,6 +20,17 @@ export class GridStoreAdapter extends FilesAdapter {
}); });
} }
deleteFile(config, filename) {
return config.database.connect().then(() => {
let gridStore = new GridStore(config.database.db, filename, 'w');
return gridStore.open();
}).then((gridStore) => {
return gridStore.unlink();
}).then((gridStore) => {
return gridStore.close();
});
}
getFileData(config, filename) { getFileData(config, filename) {
return config.database.connect().then(() => { return config.database.connect().then(() => {
return GridStore.exist(config.database.db, filename); return GridStore.exist(config.database.db, filename);

14
src/Adapters/Files/S3Adapter.js
View File

@@ -56,6 +56,20 @@ export class S3Adapter extends FilesAdapter {
}); });
} }
deleteFile(config, filename) {
return new Promise((resolve, reject) => {
let params = {
Key: this._bucketPrefix + filename
};
this._s3Client.deleteObject(params, (err, data) =>{
if(err !== null) {
return reject(err);
}
resolve(data);
});
});
}
// Search for and return a file if found by filename // Search for and return a file if found by filename
// Returns a promise that succeeds with the buffer result from S3 // Returns a promise that succeeds with the buffer result from S3
getFileData(config, filename) { getFileData(config, filename) {

225
src/Adapters/Logger/FileLoggerAdapter.js Normal file
View File

@@ -0,0 +1,225 @@
// Logger
//
// Wrapper around Winston logging library with custom query
//
// expected log entry to be in the shape of:
// {"level":"info","message":"{ '0': 'Your Message' }","timestamp":"2016-02-04T05:59:27.412Z"}
//
import { LoggerAdapter } from './LoggerAdapter';
import winston from 'winston';
import fs from 'fs';
import { Parse } from 'parse/node';
const MILLISECONDS_IN_A_DAY = 24 * 60 * 60 * 1000;
const CACHE_TIME = 1000 * 60;
let LOGS_FOLDER = './logs/';
if (typeof process !== 'undefined' && process.env.NODE_ENV === 'test') {
LOGS_FOLDER = './test_logs/'
}
let currentDate = new Date();
let simpleCache = {
timestamp: null,
from: null,
until: null,
order: null,
data: [],
level: 'info',
};
// returns Date object rounded to nearest day
let _getNearestDay = (date) => {
return new Date(date.getFullYear(), date.getMonth(), date.getDate());
}
// returns Date object of previous day
let _getPrevDay = (date) => {
return new Date(date - MILLISECONDS_IN_A_DAY);
}
// returns the iso formatted file name
let _getFileName = () => {
return _getNearestDay(currentDate).toISOString()
}
// check for valid cache when both from and util match.
// cache valid for up to 1 minute
let _hasValidCache = (from, until, level) => {
if (String(from) === String(simpleCache.from) &&
String(until) === String(simpleCache.until) &&
new Date() - simpleCache.timestamp < CACHE_TIME &&
level === simpleCache.level) {
return true;
}
return false;
}
// renews transports to current date
let _renewTransports = ({infoLogger, errorLogger, logsFolder}) => {
if (infoLogger) {
infoLogger.add(winston.transports.File, {
filename: logsFolder + _getFileName() + '.info',
name: 'info-file',
level: 'info'
});
}
if (errorLogger) {
errorLogger.add(winston.transports.File, {
filename: logsFolder + _getFileName() + '.error',
name: 'error-file',
level: 'error'
});
}
};
// check that log entry has valid time stamp based on query
let _isValidLogEntry = (from, until, entry) => {
var _entry = JSON.parse(entry),
timestamp = new Date(_entry.timestamp);
return timestamp >= from && timestamp <= until
? true
: false
};
// ensure that file name is up to date
let _verifyTransports = ({infoLogger, errorLogger, logsFolder}) => {
if (_getNearestDay(currentDate) !== _getNearestDay(new Date())) {
currentDate = new Date();
if (infoLogger) {
infoLogger.remove('info-file');
}
if (errorLogger) {
errorLogger.remove('error-file');
}
_renewTransports({infoLogger, errorLogger, logsFolder});
}
}
export class FileLoggerAdapter extends LoggerAdapter {
constructor(options = {}) {
super();
this._logsFolder = options.logsFolder || LOGS_FOLDER;
// check logs folder exists
if (!fs.existsSync(this._logsFolder)) {
fs.mkdirSync(this._logsFolder);
}
this._errorLogger = new (winston.Logger)({
exitOnError: false,
transports: [
new (winston.transports.File)({
filename: this._logsFolder + _getFileName() + '.error',
name: 'error-file',
level: 'error'
})
]
});
this._infoLogger = new (winston.Logger)({
exitOnError: false,
transports: [
new (winston.transports.File)({
filename: this._logsFolder + _getFileName() + '.info',
name: 'info-file',
level: 'info'
})
]
});
}
info() {
_verifyTransports({infoLogger: this._infoLogger, logsFolder: this._logsFolder});
return this._infoLogger.info.apply(undefined, arguments);
}
error() {
_verifyTransports({errorLogger: this._errorLogger, logsFolder: this._logsFolder});
return this._errorLogger.error.apply(undefined, arguments);
}
// custom query as winston is currently limited
query(options, callback) {
if (!options) {
options = {};
}
// defaults to 7 days prior
let from = options.from || new Date(Date.now() - (7 * MILLISECONDS_IN_A_DAY));
let until = options.until || new Date();
let size = options.size || 10;
let order = options.order || 'desc';
let level = options.level || 'info';
let roundedUntil = _getNearestDay(until);
let roundedFrom = _getNearestDay(from);
if (_hasValidCache(roundedFrom, roundedUntil, level)) {
let logs = [];
if (order !== simpleCache.order) {
// reverse order of data
simpleCache.data.forEach((entry) => {
logs.unshift(entry);
});
} else {
logs = simpleCache.data;
}
callback(logs.slice(0, size));
return;
}
let curDate = roundedUntil;
let curSize = 0;
let method = order === 'desc' ? 'push' : 'unshift';
let files = [];
let promises = [];
// current a batch call, all files with valid dates are read
while (curDate >= from) {
files[method](this._logsFolder + curDate.toISOString() + '.' + level);
curDate = _getPrevDay(curDate);
}
// read each file and split based on newline char.
// limitation is message cannot contain newline
// TODO: strip out delimiter from logged message
files.forEach(function(file, i) {
let promise = new Parse.Promise();
fs.readFile(file, 'utf8', function(err, data) {
if (err) {
promise.resolve([]);
} else {
let results = data.split('\n').filter((value) => {
return value.trim() !== '';
});
promise.resolve(results);
}
});
promises[method](promise);
});
Parse.Promise.when(promises).then((results) => {
let logs = [];
results.forEach(function(logEntries, i) {
logEntries.forEach(function(entry) {
if (_isValidLogEntry(from, until, entry)) {
logs[method](JSON.parse(entry));
}
});
});
simpleCache = {
timestamp: new Date(),
from: roundedFrom,
until: roundedUntil,
data: logs,
order,
level,
};
callback(logs.slice(0, size));
});
}
}
export default FileLoggerAdapter;

17
src/Adapters/Logger/LoggerAdapter.js Normal file
View File

@@ -0,0 +1,17 @@
// Logger Adapter
//
// Allows you to change the logger mechanism
//
// Adapter classes must implement the following functions:
// * info(obj1 [, obj2, .., objN])
// * error(obj1 [, obj2, .., objN])
// * query(options, callback)
// Default is FileLoggerAdapter.js
export class LoggerAdapter {
info() {}
error() {}
query(options, callback) {}
}
export default LoggerAdapter;

20
src/Controllers/FilesController.js
View File

@@ -74,6 +74,19 @@ export class FilesController {
}; };
} }
deleteHandler() {
return (req, res, next) => {
this._filesAdapter.deleteFile(req.config, req.params.filename).then(() => {
res.status(200);
// TODO: return useful JSON here?
res.end();
}).catch((error) => {
next(new Parse.Error(Parse.Error.FILE_DELETE_ERROR,
'Could not delete file.'));
});
};
}
/** /**
* Find file references in REST-format object and adds the url key * Find file references in REST-format object and adds the url key
* with the current mount point and app id. * with the current mount point and app id.
@@ -119,6 +132,13 @@ export class FilesController {
this.createHandler() this.createHandler()
); );
router.delete('/files/:filename',
Middlewares.allowCrossDomain,
Middlewares.handleParseHeaders,
Middlewares.enforceMasterKeyAccess,
this.deleteHandler()
);
return router; return router;
} }
} }

78
src/Controllers/LoggerController.js Normal file
View File

@@ -0,0 +1,78 @@
import { Parse } from 'parse/node';
import PromiseRouter from '../PromiseRouter';
import rest from '../rest';
const Promise = Parse.Promise;
const INFO = 'info';
const ERROR = 'error';
const MILLISECONDS_IN_A_DAY = 24 * 60 * 60 * 1000;
// only allow request with master key
let enforceSecurity = (auth) => {
if (!auth || !auth.isMaster) {
throw new Parse.Error(
Parse.Error.OPERATION_FORBIDDEN,
'Clients aren\'t allowed to perform the ' +
'get' + ' operation on logs.'
);
}
}
// check that date input is valid
let isValidDateTime = (date) => {
if (!date || isNaN(Number(date))) {
return false;
}
}
export class LoggerController {
constructor(loggerAdapter) {
this._loggerAdapter = loggerAdapter;
}
// Returns a promise for a {response} object.
// query params:
// level (optional) Level of logging you want to query for (info || error)
// from (optional) Start time for the search. Defaults to 1 week ago.
// until (optional) End time for the search. Defaults to current time.
// order (optional) Direction of results returned, either “asc” or “desc”. Defaults to “desc”.
// size (optional) Number of rows returned by search. Defaults to 10
handleGET(req) {
if (!this._loggerAdapter) {
throw new Parse.Error(Parse.Error.PUSH_MISCONFIGURED,
'Logger adapter is not availabe');
}
let promise = new Parse.Promise();
let from = (isValidDateTime(req.query.from) && new Date(req.query.from)) ||
new Date(Date.now() - 7 * MILLISECONDS_IN_A_DAY);
let until = (isValidDateTime(req.query.until) && new Date(req.query.until)) || new Date();
let size = Number(req.query.size) || 10;
let order = req.query.order || 'desc';
let level = req.query.level || INFO;
enforceSecurity(req.auth);
this._loggerAdapter.query({
from,
until,
size,
order,
level,
}, (result) => {
promise.resolve({
response: result
});
});
return promise;
}
getExpressRouter() {
let router = new PromiseRouter();
router.route('GET','/logs', (req) => {
return this.handleGET(req);
});
return router;
}
}
export default LoggerController;

12
src/Routers/InstallationsRouter.js
View File

@@ -51,12 +51,12 @@ export class InstallationsRouter extends ClassesRouter {
} }
getExpressRouter() { getExpressRouter() {
var router = new PromiseRouter(); let router = new PromiseRouter();
router.route('GET','/installations', (req) => { return this.handleFind(req); }); router.route('GET','/installations', req => { return this.handleFind(req); });
router.route('GET','/installations/:objectId', (req) => { return this.handleGet(req); }); router.route('GET','/installations/:objectId', req => { return this.handleGet(req); });
router.route('POST','/installations', (req) => { return this.handleCreate(req); }); router.route('POST','/installations', req => { return this.handleCreate(req); });
router.route('PUT','/installations/:objectId', (req) => { return this.handleUpdate(req); }); router.route('PUT','/installations/:objectId', req => { return this.handleUpdate(req); });
router.route('DELETE','/installations/:objectId', (req) => { return this.handleDelete(req); }); router.route('DELETE','/installations/:objectId', req => { return this.handleDelete(req); });
return router; return router;
} }
} }

43
src/Routers/RolesRouter.js Normal file
View File

@@ -0,0 +1,43 @@
import ClassesRouter from './ClassesRouter';
import PromiseRouter from '../PromiseRouter';
import rest from '../rest';
export class RolesRouter extends ClassesRouter {
handleFind(req) {
req.params.className = '_Role';
return super.handleFind(req);
}
handleGet(req) {
req.params.className = '_Role';
return super.handleGet(req);
}
handleCreate(req) {
req.params.className = '_Role';
return super.handleCreate(req);
}
handleUpdate(req) {
req.params.className = '_Role';
return super.handleUpdate(req);
}
handleDelete(req) {
req.params.className = '_Role';
return super.handleDelete(req);
}
getExpressRouter() {
let router = new PromiseRouter();
router.route('GET','/roles', req => { return this.handleFind(req); });
router.route('GET','/roles/:objectId', req => { return this.handleGet(req); });
router.route('POST','/roles', req => { return this.handleCreate(req); });
router.route('PUT','/roles/:objectId', req => { return this.handleUpdate(req); });
router.route('DELETE','/roles/:objectId', req => { return this.handleDelete(req); });
return router;
}
}
export default RolesRouter;

63
src/Routers/SessionsRouter.js Normal file
View File

@@ -0,0 +1,63 @@
import ClassesRouter from './ClassesRouter';
import PromiseRouter from '../PromiseRouter';
import rest from '../rest';
import Auth from '../Auth';
export class SessionsRouter extends ClassesRouter {
handleFind(req) {
req.params.className = '_Session';
return super.handleFind(req);
}
handleGet(req) {
req.params.className = '_Session';
return super.handleGet(req);
}
handleCreate(req) {
req.params.className = '_Session';
return super.handleCreate(req);
}
handleUpdate(req) {
req.params.className = '_Session';
return super.handleUpdate(req);
}
handleDelete(req) {
req.params.className = '_Session';
return super.handleDelete(req);
}
handleMe(req) {
// TODO: Verify correct behavior
if (!req.info || !req.info.sessionToken) {
throw new Parse.Error(Parse.Error.INVALID_SESSION_TOKEN,
'Session token required.');
}
return rest.find(req.config, Auth.master(req.config), '_Session', { _session_token: req.info.sessionToken })
.then((response) => {
if (!response.results || response.results.length == 0) {
throw new Parse.Error(Parse.Error.INVALID_SESSION_TOKEN,
'Session token not found.');
}
return {
response: response.results[0]
};
});
}
getExpressRouter() {
let router = new PromiseRouter();
router.route('GET','/sessions/me', req => { return this.handleMe(req); });
router.route('GET', '/sessions', req => { return this.handleFind(req); });
router.route('GET', '/sessions/:objectId', req => { return this.handleGet(req); });
router.route('POST', '/sessions', req => { return this.handleCreate(req); });
router.route('PUT', '/sessions/:objectId', req => { return this.handleUpdate(req); });
router.route('DELETE', '/sessions/:objectId', req => { return this.handleDelete(req); });
return router;
}
}
export default SessionsRouter;

163
src/Routers/UsersRouter.js Normal file
View File

@@ -0,0 +1,163 @@
// These methods handle the User-related routes.
import hat from 'hat';
import deepcopy from 'deepcopy';
import ClassesRouter from './ClassesRouter';
import PromiseRouter from '../PromiseRouter';
import rest from '../rest';
import Auth from '../Auth';
import passwordCrypto from '../password';
import RestWrite from '../RestWrite';
const rack = hat.rack();
export class UsersRouter extends ClassesRouter {
handleFind(req) {
req.params.className = '_User';
return super.handleFind(req);
}
handleGet(req) {
req.params.className = '_User';
return super.handleGet(req);
}
handleCreate(req) {
let data = deepcopy(req.body);
data.installationId = req.info.installationId;
req.body = data;
req.params.className = '_User';
return super.handleCreate(req);
}
handleUpdate(req) {
req.params.className = '_User';
return super.handleUpdate(req);
}
handleDelete(req) {
req.params.className = '_User';
return super.handleDelete(req);
}
handleMe(req) {
if (!req.info || !req.info.sessionToken) {
throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND,
'Object not found.');
}
return rest.find(req.config, Auth.master(req.config), '_Session',
{ _session_token: req.info.sessionToken },
{ include: 'user' })
.then((response) => {
if (!response.results ||
response.results.length == 0 ||
!response.results[0].user) {
throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND,
'Object not found.');
} else {
let user = response.results[0].user;
return { response: user };
}
});
}
handleLogIn(req) {
// Use query parameters instead if provided in url
if (!req.body.username && req.query.username) {
req.body = req.query;
}
// TODO: use the right error codes / descriptions.
if (!req.body.username) {
throw new Parse.Error(Parse.Error.USERNAME_MISSING, 'username is required.');
}
if (!req.body.password) {
throw new Parse.Error(Parse.Error.PASSWORD_MISSING, 'password is required.');
}
let user;
return req.database.find('_User', { username: req.body.username })
.then((results) => {
if (!results.length) {
throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Invalid username/password.');
}
user = results[0];
return passwordCrypto.compare(req.body.password, user.password);
}).then((correct) => {
if (!correct) {
throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Invalid username/password.');
}
let token = 'r:' + rack();
user.sessionToken = token;
delete user.password;
req.config.filesController.expandFilesInObject(req.config, user);
let expiresAt = new Date();
expiresAt.setFullYear(expiresAt.getFullYear() + 1);
let sessionData = {
sessionToken: token,
user: {
__type: 'Pointer',
className: '_User',
objectId: user.objectId
},
createdWith: {
'action': 'login',
'authProvider': 'password'
},
restricted: false,
expiresAt: Parse._encode(expiresAt)
};
if (req.info.installationId) {
sessionData.installationId = req.info.installationId
}
let create = new RestWrite(req.config, Auth.master(req.config), '_Session', null, sessionData);
return create.execute();
}).then(() => {
return { response: user };
});
}
handleLogOut(req) {
let success = {response: {}};
if (req.info && req.info.sessionToken) {
return rest.find(req.config, Auth.master(req.config), '_Session',
{ _session_token: req.info.sessionToken }
).then((records) => {
if (records.results && records.results.length) {
return rest.del(req.config, Auth.master(req.config), '_Session',
records.results[0].objectId
).then(() => {
return Promise.resolve(success);
});
}
return Promise.resolve(success);
});
}
return Promise.resolve(success);
}
getExpressRouter() {
let router = new PromiseRouter();
router.route('GET', '/users', req => { return this.handleFind(req); });
router.route('POST', '/users', req => { return this.handleCreate(req); });
router.route('GET', '/users/:objectId', req => { return this.handleGet(req); });
router.route('PUT', '/users/:objectId', req => { return this.handleUpdate(req); });
router.route('DELETE', '/users/:objectId', req => { return this.handleDelete(req); });
router.route('GET', '/users/me', req => { return this.handleMe(req); });
router.route('GET', '/login', req => { return this.handleLogIn(req); });
router.route('POST', '/logout', req => { return this.handleLogOut(req); });
router.route('POST', '/requestPasswordReset', () => {
throw new Parse.Error(Parse.Error.COMMAND_UNAVAILABLE, 'This path is not implemented yet.');
});
return router;
}
}
export default UsersRouter;

18
src/index.js
View File

@@ -20,6 +20,12 @@ import { PushController } from './Controllers/PushController';
import { ClassesRouter } from './Routers/ClassesRouter'; import { ClassesRouter } from './Routers/ClassesRouter';
import { InstallationsRouter } from './Routers/InstallationsRouter'; import { InstallationsRouter } from './Routers/InstallationsRouter';
import { UsersRouter } from './Routers/UsersRouter';
import { SessionsRouter } from './Routers/SessionsRouter';
import { RolesRouter } from './Routers/RolesRouter';
import { FileLoggerAdapter } from './Adapters/Logger/FileLoggerAdapter';
import { LoggerController } from './Controllers/LoggerController';
// Mutate the Parse object to add the Cloud Code handlers // Mutate the Parse object to add the Cloud Code handlers
addParseCloud(); addParseCloud();
@@ -69,6 +75,9 @@ function ParseServer(args) {
pushAdapter = new ParsePushAdapter(pushConfig) pushAdapter = new ParsePushAdapter(pushConfig)
} }
// Make logger adapter
let loggerAdapter = args.loggerAdapter || new FileLoggerAdapter();
if (args.databaseURI) { if (args.databaseURI) {
DatabaseAdapter.setAppDatabaseURI(args.appId, args.databaseURI); DatabaseAdapter.setAppDatabaseURI(args.appId, args.databaseURI);
} }
@@ -129,14 +138,15 @@ function ParseServer(args) {
let routers = [ let routers = [
new ClassesRouter().getExpressRouter(), new ClassesRouter().getExpressRouter(),
require('./users'), new UsersRouter().getExpressRouter(),
require('./sessions'), new SessionsRouter().getExpressRouter(),
require('./roles'), new RolesRouter().getExpressRouter(),
require('./analytics'), require('./analytics'),
new InstallationsRouter().getExpressRouter(), new InstallationsRouter().getExpressRouter(),
require('./functions'), require('./functions'),
require('./schemas'), require('./schemas'),
new PushController(pushAdapter).getExpressRouter() new PushController(pushAdapter).getExpressRouter(),
new LoggerController(loggerAdapter).getExpressRouter()
]; ];
if (process.env.PARSE_EXPERIMENTAL_CONFIG_ENABLED || process.env.TESTING) { if (process.env.PARSE_EXPERIMENTAL_CONFIG_ENABLED || process.env.TESTING) {
routers.push(require('./global_config')); routers.push(require('./global_config'));

13
src/middlewares.js
View File

@@ -178,15 +178,24 @@ var handleParseErrors = function(err, req, res, next) {
} }
}; };
function enforceMasterKeyAccess(req, res, next) {
if (!req.auth.isMaster) {
res.status(403);
res.end('{"error":"unauthorized: master key is required"}');
return;
}
next();
}
function invalidRequest(req, res) { function invalidRequest(req, res) {
res.status(403); res.status(403);
res.end('{"error":"unauthorized"}'); res.end('{"error":"unauthorized"}');
} }
module.exports = { module.exports = {
allowCrossDomain: allowCrossDomain, allowCrossDomain: allowCrossDomain,
allowMethodOverride: allowMethodOverride, allowMethodOverride: allowMethodOverride,
handleParseErrors: handleParseErrors, handleParseErrors: handleParseErrors,
handleParseHeaders: handleParseHeaders handleParseHeaders: handleParseHeaders,
enforceMasterKeyAccess: enforceMasterKeyAccess
}; };

48
src/roles.js
View File

@@ -1,48 +0,0 @@
// roles.js
var Parse = require('parse/node').Parse,
PromiseRouter = require('./PromiseRouter'),
rest = require('./rest');
var router = new PromiseRouter();
function handleCreate(req) {
return rest.create(req.config, req.auth,
'_Role', req.body);
}
function handleUpdate(req) {
return rest.update(req.config, req.auth, '_Role',
req.params.objectId, req.body)
.then((response) => {
return {response: response};
});
}
function handleDelete(req) {
return rest.del(req.config, req.auth,
'_Role', req.params.objectId)
.then(() => {
return {response: {}};
});
}
function handleGet(req) {
return rest.find(req.config, req.auth, '_Role',
{objectId: req.params.objectId})
.then((response) => {
if (!response.results || response.results.length == 0) {
throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND,
'Object not found.');
} else {
return {response: response.results[0]};
}
});
}
router.route('POST','/roles', handleCreate);
router.route('GET','/roles/:objectId', handleGet);
router.route('PUT','/roles/:objectId', handleUpdate);
router.route('DELETE','/roles/:objectId', handleDelete);
module.exports = router;

98
src/sessions.js
View File

@@ -1,98 +0,0 @@
// sessions.js
var Auth = require('./Auth'),
Parse = require('parse/node').Parse,
PromiseRouter = require('./PromiseRouter'),
rest = require('./rest');
var router = new PromiseRouter();
function handleCreate(req) {
return rest.create(req.config, req.auth,
'_Session', req.body);
}
function handleUpdate(req) {
return rest.update(req.config, req.auth, '_Session',
req.params.objectId, req.body)
.then((response) => {
return {response: response};
});
}
function handleDelete(req) {
return rest.del(req.config, req.auth,
'_Session', req.params.objectId)
.then(() => {
return {response: {}};
});
}
function handleGet(req) {
return rest.find(req.config, req.auth, '_Session',
{objectId: req.params.objectId})
.then((response) => {
if (!response.results || response.results.length == 0) {
throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND,
'Object not found.');
} else {
return {response: response.results[0]};
}
});
}
function handleFind(req) {
var options = {};
if (req.body.skip) {
options.skip = Number(req.body.skip);
}
if (req.body.limit) {
options.limit = Number(req.body.limit);
}
if (req.body.order) {
options.order = String(req.body.order);
}
if (req.body.count) {
options.count = true;
}
if (typeof req.body.keys == 'string') {
options.keys = req.body.keys;
}
if (req.body.include) {
options.include = String(req.body.include);
}
return rest.find(req.config, req.auth,
'_Session', req.body.where, options)
.then((response) => {
return {response: response};
});
}
function handleMe(req) {
// TODO: Verify correct behavior
if (!req.info || !req.info.sessionToken) {
throw new Parse.Error(Parse.Error.INVALID_SESSION_TOKEN,
'Session token required.');
}
return rest.find(req.config, Auth.master(req.config), '_Session',
{ _session_token: req.info.sessionToken})
.then((response) => {
if (!response.results || response.results.length == 0) {
throw new Parse.Error(Parse.Error.INVALID_SESSION_TOKEN,
'Session token not found.');
}
return {
response: response.results[0]
};
});
}
router.route('POST','/sessions', handleCreate);
router.route('GET','/sessions/me', handleMe);
router.route('GET','/sessions/:objectId', handleGet);
router.route('PUT','/sessions/:objectId', handleUpdate);
router.route('GET','/sessions', handleFind);
router.route('DELETE','/sessions/:objectId', handleDelete);
module.exports = router;