Move all source files into 'src' folder.

src/middlewares.js

@@ -0,0 +1,192 @@
+var Parse = require('parse/node').Parse;
+
+var auth = require('./Auth');
+var cache = require('./cache');
+var Config = require('./Config');
+
+// Checks that the request is authorized for this app and checks user
+// auth too.
+// The bodyparser should run before this middleware.
+// Adds info to the request:
+// req.config - the Config for this app
+// req.auth - the Auth for this request
+function handleParseHeaders(req, res, next) {
+  var mountPathLength = req.originalUrl.length - req.url.length;
+  var mountPath = req.originalUrl.slice(0, mountPathLength);
+  var mount = req.protocol + '://' + req.get('host') + mountPath;
+
+  var info = {
+    appId: req.get('X-Parse-Application-Id'),
+    sessionToken: req.get('X-Parse-Session-Token'),
+    masterKey: req.get('X-Parse-Master-Key'),
+    installationId: req.get('X-Parse-Installation-Id'),
+    clientKey: req.get('X-Parse-Client-Key'),
+    javascriptKey: req.get('X-Parse-Javascript-Key'),
+    dotNetKey: req.get('X-Parse-Windows-Key'),
+    restAPIKey: req.get('X-Parse-REST-API-Key')
+  };
+
+  var fileViaJSON = false;
+
+  if (!info.appId || !cache.apps[info.appId]) {
+    // See if we can find the app id on the body.
+    if (req.body instanceof Buffer) {
+      // The only chance to find the app id is if this is a file
+      // upload that actually is a JSON body. So try to parse it.
+      req.body = JSON.parse(req.body);
+      fileViaJSON = true;
+    }
+
+    if (req.body && req.body._ApplicationId
+    && cache.apps[req.body._ApplicationId]
+    && (
+      !info.masterKey
+      ||
+      cache.apps[req.body._ApplicationId]['masterKey'] === info.masterKey)
+    ) {
+      info.appId = req.body._ApplicationId;
+      info.javascriptKey = req.body._JavaScriptKey || '';
+      delete req.body._ApplicationId;
+      delete req.body._JavaScriptKey;
+      // TODO: test that the REST API formats generated by the other
+      // SDKs are handled ok
+      if (req.body._ClientVersion) {
+        info.clientVersion = req.body._ClientVersion;
+        delete req.body._ClientVersion;
+      }
+      if (req.body._InstallationId) {
+        info.installationId = req.body._InstallationId;
+        delete req.body._InstallationId;
+      }
+      if (req.body._SessionToken) {
+        info.sessionToken = req.body._SessionToken;
+        delete req.body._SessionToken;
+      }
+      if (req.body._MasterKey) {
+        info.masterKey = req.body._MasterKey;
+        delete req.body._MasterKey;
+      }
+    } else {
+      return invalidRequest(req, res);
+    }
+  }
+
+  if (fileViaJSON) {
+    // We need to repopulate req.body with a buffer
+    var base64 = req.body.base64;
+    req.body = new Buffer(base64, 'base64');
+  }
+
+  info.app = cache.apps[info.appId];
+  req.config = new Config(info.appId, mount);
+  req.database = req.config.database;
+  req.info = info;
+
+  var isMaster = (info.masterKey === req.config.masterKey);
+
+  if (isMaster) {
+    req.auth = new auth.Auth(req.config, true);
+    next();
+    return;
+  }
+
+  // Client keys are not required in parse-server, but if any have been configured in the server, validate them
+  //  to preserve original behavior.
+  var keyRequired = (req.config.clientKey
+    || req.config.javascriptKey
+    || req.config.dotNetKey
+    || req.config.restAPIKey);
+  var keyHandled = false;
+  if (keyRequired
+    && ((info.clientKey && req.config.clientKey && info.clientKey === req.config.clientKey)
+      || (info.javascriptKey && req.config.javascriptKey && info.javascriptKey === req.config.javascriptKey)
+      || (info.dotNetKey && req.config.dotNetKey && info.dotNetKey === req.config.dotNetKey)
+      || (info.restAPIKey && req.config.restAPIKey && info.restAPIKey === req.config.restAPIKey)
+    )) {
+    keyHandled = true;
+  }
+  if (keyRequired && !keyHandled) {
+    return invalidRequest(req, res);
+  }
+
+  if (!info.sessionToken) {
+    req.auth = new auth.Auth(req.config, false);
+    next();
+    return;
+  }
+
+  return auth.getAuthForSessionToken(
+    req.config, info.sessionToken).then((auth) => {
+      if (auth) {
+        req.auth = auth;
+        next();
+      }
+    }).catch((error) => {
+      // TODO: Determine the correct error scenario.
+      console.log(error);
+      throw new Parse.Error(Parse.Error.UNKNOWN_ERROR, error);
+    });
+
+}
+
+var allowCrossDomain = function(req, res, next) {
+  res.header('Access-Control-Allow-Origin', '*');
+  res.header('Access-Control-Allow-Methods', 'GET,PUT,POST,DELETE,OPTIONS');
+  res.header('Access-Control-Allow-Headers', '*');
+
+  // intercept OPTIONS method
+  if ('OPTIONS' == req.method) {
+    res.send(200);
+  }
+  else {
+    next();
+  }
+};
+
+var allowMethodOverride = function(req, res, next) {
+  if (req.method === 'POST' && req.body._method) {
+    req.originalMethod = req.method;
+    req.method = req.body._method;
+    delete req.body._method;
+  }
+  next();
+};
+
+var handleParseErrors = function(err, req, res, next) {
+  if (err instanceof Parse.Error) {
+    var httpStatus;
+
+    // TODO: fill out this mapping
+    switch (err.code) {
+    case Parse.Error.INTERNAL_SERVER_ERROR:
+      httpStatus = 500;
+      break;
+    case Parse.Error.OBJECT_NOT_FOUND:
+      httpStatus = 404;
+      break;
+    default:
+      httpStatus = 400;
+    }
+
+    res.status(httpStatus);
+    res.json({code: err.code, error: err.message});
+  } else {
+    console.log('Uncaught internal server error.', err, err.stack);
+    res.status(500);
+    res.json({code: Parse.Error.INTERNAL_SERVER_ERROR,
+              message: 'Internal server error.'});
+  }
+};
+
+function invalidRequest(req, res) {
+  res.status(403);
+  res.end('{"error":"unauthorized"}');
+}
+
+
+module.exports = {
+  allowCrossDomain: allowCrossDomain,
+  allowMethodOverride: allowMethodOverride,
+  handleParseErrors: handleParseErrors,
+  handleParseHeaders: handleParseHeaders
+};