joe/kami-parse-server
Public Access
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #410 from Marco129/query-constraints

Browse Source 
Throw when query is encoded incorrectly
This commit is contained in:
Fosco Marotto
2016-02-19 11:56:01 -08:00
parent 5ed037f8a5 06b8157eea
commit 39f8143326
2 changed files with 59 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

48
spec/RestQuery.spec.js
View File

@@ -4,6 +4,9 @@ var cache = require('../src/cache');
var Config = require('../src/Config'); var Config = require('../src/Config');
var rest = require('../src/rest'); var rest = require('../src/rest');
var querystring = require('querystring');
var request = require('request');
var config = new Config('test'); var config = new Config('test');
var nobody = auth.nobody(config); var nobody = auth.nobody(config);
@@ -92,4 +95,49 @@ describe('rest query', () => {
}).catch((error) => { console.log(error); }); }).catch((error) => { console.log(error); });
}); });
it('query with wrongly encoded parameter', (done) => {
rest.create(config, nobody, 'TestParameterEncode', {foo: 'bar'}
).then(() => {
return rest.create(config, nobody,
'TestParameterEncode', {foo: 'baz'});
}).then(() => {
var headers = {
'X-Parse-Application-Id': 'test',
'X-Parse-REST-API-Key': 'rest'
};
request.get({
headers: headers,
url: 'http://localhost:8378/1/classes/TestParameterEncode?'
+ querystring.stringify({
where: '{"foo":{"$ne": "baz"}}',
limit: 1
}).replace('=', '%3D'),
}, (error, response, body) => {
expect(error).toBe(null);
var b = JSON.parse(body);
expect(b.code).toEqual(Parse.Error.INVALID_QUERY);
expect(b.error).toEqual('Improper encode of parameter');
done();
});
}).then(() => {
var headers = {
'X-Parse-Application-Id': 'test',
'X-Parse-REST-API-Key': 'rest'
};
request.get({
headers: headers,
url: 'http://localhost:8378/1/classes/TestParameterEncode?'
+ querystring.stringify({
limit: 1
}).replace('=', '%3D'),
}, (error, response, body) => {
expect(error).toBe(null);
var b = JSON.parse(body);
expect(b.code).toEqual(Parse.Error.INVALID_QUERY);
expect(b.error).toEqual('Improper encode of parameter');
done();
});
});
});
}); });

11
src/Routers/ClassesRouter.js
View File

@@ -2,11 +2,22 @@
import PromiseRouter from '../PromiseRouter'; import PromiseRouter from '../PromiseRouter';
import rest from '../rest'; import rest from '../rest';
import url from 'url';
export class ClassesRouter { export class ClassesRouter {
// Returns a promise that resolves to a {response} object. // Returns a promise that resolves to a {response} object.
handleFind(req) { handleFind(req) {
let body = Object.assign(req.body, req.query); let body = Object.assign(req.body, req.query);
let options = {}; let options = {};
let allowConstraints = ['skip', 'limit', 'order', 'count', 'keys',
'include', 'redirectClassNameForKey', 'where'];
for (var key in body) {
if (allowConstraints.indexOf(key) === -1) {
throw new Parse.Error(Parse.Error.INVALID_QUERY, 'Improper encode of parameter');
}
}
if (body.skip) { if (body.skip) {
options.skip = Number(body.skip); options.skip = Number(body.skip);
} }