joe/kami-parse-server
Public Access
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Use shared middleware to enforce master key on global config update API.

Browse Source
This commit is contained in:
Nikita Lutsenko
2016-03-01 20:30:29 -08:00
parent dacc22de42
commit 806800c6fb
2 changed files with 4 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
spec/ParseGlobalConfig.spec.js
View File

@@ -53,8 +53,8 @@ describe('a GlobalConfig', () => {
'X-Parse-REST-API-Key': 'rest' 'X-Parse-REST-API-Key': 'rest'
}, },
}, (error, response, body) => { }, (error, response, body) => {
expect(response.statusCode).toEqual(401); expect(response.statusCode).toEqual(403);
expect(body.error).toEqual('unauthorized'); expect(body.error).toEqual('unauthorized: master key is required');
done(); done();
}); });
}); });

10
src/Routers/GlobalConfigRouter.js
View File

@@ -3,6 +3,7 @@
var Parse = require('parse/node').Parse; var Parse = require('parse/node').Parse;
import PromiseRouter from '../PromiseRouter'; import PromiseRouter from '../PromiseRouter';
import * as middleware from "../middlewares";
export class GlobalConfigRouter extends PromiseRouter { export class GlobalConfigRouter extends PromiseRouter {
getGlobalConfig(req) { getGlobalConfig(req) {
@@ -18,13 +19,6 @@ export class GlobalConfigRouter extends PromiseRouter {
})); }));
} }
updateGlobalConfig(req) { updateGlobalConfig(req) {
if (!req.auth.isMaster) {
return Promise.resolve({
status: 401,
response: {error: 'unauthorized'},
});
}
return req.config.database.rawCollection('_GlobalConfig') return req.config.database.rawCollection('_GlobalConfig')
.then(coll => coll.findOneAndUpdate({ _id: 1 }, { $set: req.body })) .then(coll => coll.findOneAndUpdate({ _id: 1 }, { $set: req.body }))
.then(response => { .then(response => {
@@ -41,7 +35,7 @@ export class GlobalConfigRouter extends PromiseRouter {
mountRoutes() { mountRoutes() {
this.route('GET', '/config', req => { return this.getGlobalConfig(req) }); this.route('GET', '/config', req => { return this.getGlobalConfig(req) });
this.route('PUT', '/config', req => { return this.updateGlobalConfig(req) }); this.route('PUT', '/config', middleware.promiseEnforceMasterKeyAccess, req => { return this.updateGlobalConfig(req) });
} }
} }