joe/kami-parse-server
Public Access
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Adds support for read-only masterKey (#4297)

Browse Source 
* Adds support for read-only masterKey

* Adds tests to make sure all endpoints are properly protected

* Updates readme

* nits
This commit is contained in:
Florent Vilmart
2017-10-26 15:35:07 -04:00
committed by GitHub
parent 87b79cedfa
commit 1dd58b7527
13 changed files with 195 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/Routers/GlobalConfigRouter.js
View File

@@ -1,5 +1,5 @@
// global_config.js
import Parse from 'parse/node';
import PromiseRouter from '../PromiseRouter';
import * as middleware from "../middlewares";
@@ -16,6 +16,9 @@ export class GlobalConfigRouter extends PromiseRouter {
}
updateGlobalConfig(req) {
if (req.auth.isReadOnly) {
throw new Parse.Error(Parse.Error.OPERATION_FORBIDDEN, 'read-only masterKey isn\'t allowed to update the config.');
}
const params = req.body.params;
// Transform in dot notation to make sure it works
const update = Object.keys(params).reduce((acc, key) => {

3
src/Routers/PushRouter.js
View File

@@ -9,6 +9,9 @@ export class PushRouter extends PromiseRouter {
}
static handlePOST(req) {
if (req.auth.isReadOnly) {
throw new Parse.Error(Parse.Error.OPERATION_FORBIDDEN, 'read-only masterKey isn\'t allowed to send push notifications.');
}
const pushController = req.config.pushController;
if (!pushController) {
throw new Parse.Error(Parse.Error.PUSH_MISCONFIGURED, 'Push controller is not set');

9
src/Routers/SchemasRouter.js
View File

@@ -34,6 +34,9 @@ function getOneSchema(req) {
}
function createSchema(req) {
if (req.auth.isReadOnly) {
throw new Parse.Error(Parse.Error.OPERATION_FORBIDDEN, 'read-only masterKey isn\'t allowed to create a schema.');
}
if (req.params.className && req.body.className) {
if (req.params.className != req.body.className) {
return classNameMismatchResponse(req.body.className, req.params.className);
@@ -51,6 +54,9 @@ function createSchema(req) {
}
function modifySchema(req) {
if (req.auth.isReadOnly) {
throw new Parse.Error(Parse.Error.OPERATION_FORBIDDEN, 'read-only masterKey isn\'t allowed to update a schema.');
}
if (req.body.className && req.body.className != req.params.className) {
return classNameMismatchResponse(req.body.className, req.params.className);
}
@@ -64,6 +70,9 @@ function modifySchema(req) {
}
const deleteSchema = req => {
if (req.auth.isReadOnly) {
throw new Parse.Error(Parse.Error.OPERATION_FORBIDDEN, 'read-only masterKey isn\'t allowed to delete a schema.');
}
if (!SchemaController.classNameIsValid(req.params.className)) {
throw new Parse.Error(Parse.Error.INVALID_CLASS_NAME, SchemaController.invalidClassNameMessage(req.params.className));
}