joe/kami-parse-server
Public Access
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Move field name validation logic out of mongo (#1752)

Browse Source 
* Remove transformKey(...)

* Move validation logic into Parse Server and out of Mongo Adapter

* Fix nits
This commit is contained in:
Drew
2016-05-13 15:28:14 -07:00
parent 4bfe2c5014
commit e4998c256a
4 changed files with 24 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
spec/MongoTransform.spec.js
View File

@@ -191,17 +191,6 @@ describe('untransformObject', () => {
}); });
}); });
describe('transformKey', () => {
it('throws out _password', (done) => {
try {
transform.transformKey(dummySchema, '_User', '_password');
fail('should have thrown');
} catch (e) {
done();
}
});
});
describe('transform schema key changes', () => { describe('transform schema key changes', () => {
it('changes new pointer key', (done) => { it('changes new pointer key', (done) => {

13
src/Adapters/Storage/Mongo/MongoTransform.js
View File

@@ -15,14 +15,11 @@ var Parse = require('parse/node').Parse;
// in the value are converted to a mongo update form. Otherwise they are // in the value are converted to a mongo update form. Otherwise they are
// converted to static data. // converted to static data.
// //
// validate: true indicates that key names are to be validated.
//
// Returns an object with {key: key, value: value}. // Returns an object with {key: key, value: value}.
function transformKeyValue(schema, className, restKey, restValue, { function transformKeyValue(schema, className, restKey, restValue, {
inArray, inArray,
inObject, inObject,
update, update,
validate,
} = {}) { } = {}) {
// Check if the schema is known since it's a built-in field. // Check if the schema is known since it's a built-in field.
var key = restKey; var key = restKey;
@@ -71,9 +68,6 @@ function transformKeyValue(schema, className, restKey, restValue, {
if (authDataMatch) { if (authDataMatch) {
throw new Parse.Error(Parse.Error.INVALID_KEY_NAME, 'can only query on ' + key); throw new Parse.Error(Parse.Error.INVALID_KEY_NAME, 'can only query on ' + key);
} }
if (validate && !key.match(/^[a-zA-Z][a-zA-Z0-9_\.]*$/)) {
throw new Parse.Error(Parse.Error.INVALID_KEY_NAME, 'invalid key name: ' + key);
}
} }
// Handle special schema key changes // Handle special schema key changes
@@ -454,11 +448,6 @@ function untransformACL(mongoObject) {
return output; return output;
} }
// Transforms a key used in the REST API format to its mongo format.
function transformKey(schema, className, key) {
return transformKeyValue(schema, className, key, null, {validate: true}).key;
}
// A sentinel value that helper transformations return when they // A sentinel value that helper transformations return when they
// cannot perform a transformation // cannot perform a transformation
function CannotTransform() {} function CannotTransform() {}
@@ -1038,7 +1027,7 @@ var FileCoder = {
}; };
module.exports = { module.exports = {
transformKey, transformKeyValue,
parseObjectToMongoObjectForCreate, parseObjectToMongoObjectForCreate,
transformUpdate, transformUpdate,
transformWhere, transformWhere,

19
src/Controllers/DatabaseController.js
View File

@@ -618,9 +618,22 @@ DatabaseController.prototype.find = function(className, query, {
.then(schemaController => { .then(schemaController => {
if (sort) { if (sort) {
mongoOptions.sort = {}; mongoOptions.sort = {};
for (let key in sort) { for (let fieldName in sort) {
let mongoKey = this.transform.transformKey(schemaController, className, key); // Parse.com treats queries on _created_at and _updated_at as if they were queries on createdAt and updatedAt,
mongoOptions.sort[mongoKey] = sort[key]; // so duplicate that behaviour here.
if (fieldName === '_created_at') {
fieldName = 'createdAt';
sort['createdAt'] = sort['_created_at'];
} else if (fieldName === '_updated_at') {
fieldName = 'updatedAt';
sort['updatedAt'] = sort['_updated_at'];
}
if (!SchemaController.fieldNameIsValid(fieldName)) {
throw new Parse.Error(Parse.Error.INVALID_KEY_NAME, `Invalid field name: ${fieldName}.`);
}
const mongoKey = this.transform.transformKeyValue(schemaController, className, fieldName, null).key;
mongoOptions.sort[mongoKey] = sort[fieldName];
} }
} }
return (isMaster ? Promise.resolve() : schemaController.validatePermission(className, aclGroup, op)) return (isMaster ? Promise.resolve() : schemaController.validatePermission(className, aclGroup, op))

8
src/Controllers/SchemaController.js
View File

@@ -466,15 +466,16 @@ class SchemaController {
// If 'freeze' is true, refuse to update the schema for this field. // If 'freeze' is true, refuse to update the schema for this field.
validateField(className, fieldName, type, freeze) { validateField(className, fieldName, type, freeze) {
return this.reloadData().then(() => { return this.reloadData().then(() => {
// Just to check that the fieldName is valid
this._collection.transform.transformKey(this, className, fieldName);
if (fieldName.indexOf(".") > 0) { if (fieldName.indexOf(".") > 0) {
// subdocument key (x.y) => ok if x is of type 'object' // subdocument key (x.y) => ok if x is of type 'object'
fieldName = fieldName.split(".")[ 0 ]; fieldName = fieldName.split(".")[ 0 ];
type = 'Object'; type = 'Object';
} }
if (!fieldNameIsValid(fieldName)) {
throw new Parse.Error(Parse.Error.INVALID_KEY_NAME, `Invalid field name: ${fieldName}.`);
}
let expected = this.data[className][fieldName]; let expected = this.data[className][fieldName];
if (expected) { if (expected) {
expected = (expected === 'map' ? 'Object' : expected); expected = (expected === 'map' ? 'Object' : expected);
@@ -847,6 +848,7 @@ function getObjectType(obj) {
export { export {
load, load,
classNameIsValid, classNameIsValid,
fieldNameIsValid,
invalidClassNameMessage, invalidClassNameMessage,
buildMergedSchemaObject, buildMergedSchemaObject,
systemClasses, systemClasses,