Move field name validation logic out of mongo (#1752)
* Remove transformKey(...) * Move validation logic into Parse Server and out of Mongo Adapter * Fix nits
This commit is contained in:
Drew
@@ -191,17 +191,6 @@ describe('untransformObject', () => {
|
|||||||
});
|
});
|
||||||
});
|
});
|
||||||
|
|
||||||
describe('transformKey', () => {
|
|
||||||
it('throws out _password', (done) => {
|
|
||||||
try {
|
|
||||||
transform.transformKey(dummySchema, '_User', '_password');
|
|
||||||
fail('should have thrown');
|
|
||||||
} catch (e) {
|
|
||||||
done();
|
|
||||||
}
|
|
||||||
});
|
|
||||||
});
|
|
||||||
|
|
||||||
describe('transform schema key changes', () => {
|
describe('transform schema key changes', () => {
|
||||||
|
|
||||||
it('changes new pointer key', (done) => {
|
it('changes new pointer key', (done) => {
|
||||||
|
|||||||
@@ -15,14 +15,11 @@ var Parse = require('parse/node').Parse;
|
|||||||
// in the value are converted to a mongo update form. Otherwise they are
|
// in the value are converted to a mongo update form. Otherwise they are
|
||||||
// converted to static data.
|
// converted to static data.
|
||||||
//
|
//
|
||||||
// validate: true indicates that key names are to be validated.
|
|
||||||
//
|
|
||||||
// Returns an object with {key: key, value: value}.
|
// Returns an object with {key: key, value: value}.
|
||||||
function transformKeyValue(schema, className, restKey, restValue, {
|
function transformKeyValue(schema, className, restKey, restValue, {
|
||||||
inArray,
|
inArray,
|
||||||
inObject,
|
inObject,
|
||||||
update,
|
update,
|
||||||
validate,
|
|
||||||
} = {}) {
|
} = {}) {
|
||||||
// Check if the schema is known since it's a built-in field.
|
// Check if the schema is known since it's a built-in field.
|
||||||
var key = restKey;
|
var key = restKey;
|
||||||
@@ -71,9 +68,6 @@ function transformKeyValue(schema, className, restKey, restValue, {
|
|||||||
if (authDataMatch) {
|
if (authDataMatch) {
|
||||||
throw new Parse.Error(Parse.Error.INVALID_KEY_NAME, 'can only query on ' + key);
|
throw new Parse.Error(Parse.Error.INVALID_KEY_NAME, 'can only query on ' + key);
|
||||||
}
|
}
|
||||||
if (validate && !key.match(/^[a-zA-Z][a-zA-Z0-9_\.]*$/)) {
|
|
||||||
throw new Parse.Error(Parse.Error.INVALID_KEY_NAME, 'invalid key name: ' + key);
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// Handle special schema key changes
|
// Handle special schema key changes
|
||||||
@@ -454,11 +448,6 @@ function untransformACL(mongoObject) {
|
|||||||
return output;
|
return output;
|
||||||
}
|
}
|
||||||
|
|
||||||
// Transforms a key used in the REST API format to its mongo format.
|
|
||||||
function transformKey(schema, className, key) {
|
|
||||||
return transformKeyValue(schema, className, key, null, {validate: true}).key;
|
|
||||||
}
|
|
||||||
|
|
||||||
// A sentinel value that helper transformations return when they
|
// A sentinel value that helper transformations return when they
|
||||||
// cannot perform a transformation
|
// cannot perform a transformation
|
||||||
function CannotTransform() {}
|
function CannotTransform() {}
|
||||||
@@ -1038,7 +1027,7 @@ var FileCoder = {
|
|||||||
};
|
};
|
||||||
|
|
||||||
module.exports = {
|
module.exports = {
|
||||||
transformKey,
|
transformKeyValue,
|
||||||
parseObjectToMongoObjectForCreate,
|
parseObjectToMongoObjectForCreate,
|
||||||
transformUpdate,
|
transformUpdate,
|
||||||
transformWhere,
|
transformWhere,
|
||||||
|
|||||||
@@ -618,9 +618,22 @@ DatabaseController.prototype.find = function(className, query, {
|
|||||||
.then(schemaController => {
|
.then(schemaController => {
|
||||||
if (sort) {
|
if (sort) {
|
||||||
mongoOptions.sort = {};
|
mongoOptions.sort = {};
|
||||||
for (let key in sort) {
|
for (let fieldName in sort) {
|
||||||
let mongoKey = this.transform.transformKey(schemaController, className, key);
|
// Parse.com treats queries on _created_at and _updated_at as if they were queries on createdAt and updatedAt,
|
||||||
mongoOptions.sort[mongoKey] = sort[key];
|
// so duplicate that behaviour here.
|
||||||
|
if (fieldName === '_created_at') {
|
||||||
|
fieldName = 'createdAt';
|
||||||
|
sort['createdAt'] = sort['_created_at'];
|
||||||
|
} else if (fieldName === '_updated_at') {
|
||||||
|
fieldName = 'updatedAt';
|
||||||
|
sort['updatedAt'] = sort['_updated_at'];
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!SchemaController.fieldNameIsValid(fieldName)) {
|
||||||
|
throw new Parse.Error(Parse.Error.INVALID_KEY_NAME, `Invalid field name: ${fieldName}.`);
|
||||||
|
}
|
||||||
|
const mongoKey = this.transform.transformKeyValue(schemaController, className, fieldName, null).key;
|
||||||
|
mongoOptions.sort[mongoKey] = sort[fieldName];
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return (isMaster ? Promise.resolve() : schemaController.validatePermission(className, aclGroup, op))
|
return (isMaster ? Promise.resolve() : schemaController.validatePermission(className, aclGroup, op))
|
||||||
|
|||||||
@@ -253,7 +253,7 @@ class SchemaController {
|
|||||||
this.data[schema.className] = schema.fields;
|
this.data[schema.className] = schema.fields;
|
||||||
this.perms[schema.className] = schema.classLevelPermissions;
|
this.perms[schema.className] = schema.classLevelPermissions;
|
||||||
});
|
});
|
||||||
|
|
||||||
// Inject the in-memory classes
|
// Inject the in-memory classes
|
||||||
volatileClasses.forEach(className => {
|
volatileClasses.forEach(className => {
|
||||||
this.data[className] = injectDefaultSchema({
|
this.data[className] = injectDefaultSchema({
|
||||||
@@ -466,15 +466,16 @@ class SchemaController {
|
|||||||
// If 'freeze' is true, refuse to update the schema for this field.
|
// If 'freeze' is true, refuse to update the schema for this field.
|
||||||
validateField(className, fieldName, type, freeze) {
|
validateField(className, fieldName, type, freeze) {
|
||||||
return this.reloadData().then(() => {
|
return this.reloadData().then(() => {
|
||||||
// Just to check that the fieldName is valid
|
if (fieldName.indexOf(".") > 0) {
|
||||||
this._collection.transform.transformKey(this, className, fieldName);
|
|
||||||
|
|
||||||
if( fieldName.indexOf(".") > 0 ) {
|
|
||||||
// subdocument key (x.y) => ok if x is of type 'object'
|
// subdocument key (x.y) => ok if x is of type 'object'
|
||||||
fieldName = fieldName.split(".")[ 0 ];
|
fieldName = fieldName.split(".")[ 0 ];
|
||||||
type = 'Object';
|
type = 'Object';
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (!fieldNameIsValid(fieldName)) {
|
||||||
|
throw new Parse.Error(Parse.Error.INVALID_KEY_NAME, `Invalid field name: ${fieldName}.`);
|
||||||
|
}
|
||||||
|
|
||||||
let expected = this.data[className][fieldName];
|
let expected = this.data[className][fieldName];
|
||||||
if (expected) {
|
if (expected) {
|
||||||
expected = (expected === 'map' ? 'Object' : expected);
|
expected = (expected === 'map' ? 'Object' : expected);
|
||||||
@@ -847,6 +848,7 @@ function getObjectType(obj) {
|
|||||||
export {
|
export {
|
||||||
load,
|
load,
|
||||||
classNameIsValid,
|
classNameIsValid,
|
||||||
|
fieldNameIsValid,
|
||||||
invalidClassNameMessage,
|
invalidClassNameMessage,
|
||||||
buildMergedSchemaObject,
|
buildMergedSchemaObject,
|
||||||
systemClasses,
|
systemClasses,
|
||||||
|
|||||||
Reference in New Issue
Block a user