joe/kami-parse-server
Public Access
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Use shared middleware to enforce master key on hooks API.

Browse Source
This commit is contained in:
Nikita Lutsenko
2016-03-01 20:29:55 -08:00
parent 92e51ab4d3
commit dacc22de42
1 changed files with 9 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
src/Routers/HooksRouter.js
View File

@@ -1,15 +1,9 @@
import { Parse } from 'parse/node'; import { Parse } from 'parse/node';
import PromiseRouter from '../PromiseRouter'; import PromiseRouter from '../PromiseRouter';
import { HooksController } from '../Controllers/HooksController'; import { HooksController } from '../Controllers/HooksController';
import * as middleware from "../middlewares";
function enforceMasterKeyAccess(req) {
if (!req.auth.isMaster) {
throw new Parse.Error(403, "unauthorized: master key is required");
}
}
export class HooksRouter extends PromiseRouter { export class HooksRouter extends PromiseRouter {
createHook(aHook, config) { createHook(aHook, config) {
return config.hooksController.createHook(aHook).then( (hook) => ({response: hook})); return config.hooksController.createHook(aHook).then( (hook) => ({response: hook}));
}; };
@@ -93,14 +87,14 @@ export class HooksRouter extends PromiseRouter {
} }
mountRoutes() { mountRoutes() {
this.route('GET', '/hooks/functions', enforceMasterKeyAccess, this.handleGetFunctions.bind(this)); this.route('GET', '/hooks/functions', middleware.promiseEnforceMasterKeyAccess, this.handleGetFunctions.bind(this));
this.route('GET', '/hooks/triggers', enforceMasterKeyAccess, this.handleGetTriggers.bind(this)); this.route('GET', '/hooks/triggers', middleware.promiseEnforceMasterKeyAccess, this.handleGetTriggers.bind(this));
this.route('GET', '/hooks/functions/:functionName', enforceMasterKeyAccess, this.handleGetFunctions.bind(this)); this.route('GET', '/hooks/functions/:functionName', middleware.promiseEnforceMasterKeyAccess, this.handleGetFunctions.bind(this));
this.route('GET', '/hooks/triggers/:className/:triggerName', enforceMasterKeyAccess, this.handleGetTriggers.bind(this)); this.route('GET', '/hooks/triggers/:className/:triggerName', middleware.promiseEnforceMasterKeyAccess, this.handleGetTriggers.bind(this));
this.route('POST', '/hooks/functions', enforceMasterKeyAccess, this.handlePost.bind(this)); this.route('POST', '/hooks/functions', middleware.promiseEnforceMasterKeyAccess, this.handlePost.bind(this));
this.route('POST', '/hooks/triggers', enforceMasterKeyAccess, this.handlePost.bind(this)); this.route('POST', '/hooks/triggers', middleware.promiseEnforceMasterKeyAccess, this.handlePost.bind(this));
this.route('PUT', '/hooks/functions/:functionName', enforceMasterKeyAccess, this.handlePut.bind(this)); this.route('PUT', '/hooks/functions/:functionName', middleware.promiseEnforceMasterKeyAccess, this.handlePut.bind(this));
this.route('PUT', '/hooks/triggers/:className/:triggerName', enforceMasterKeyAccess, this.handlePut.bind(this)); this.route('PUT', '/hooks/triggers/:className/:triggerName', middleware.promiseEnforceMasterKeyAccess, this.handlePut.bind(this));
} }
} }