joe/kami-parse-server
Public Access
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Use middleware instead of custom checks inside SchemasRouter.

Browse Source
This commit is contained in:
Nikita Lutsenko
2016-03-01 15:17:10 -08:00
parent 8ce0bd84fb
commit e58c935f22
2 changed files with 13 additions and 37 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
spec/schemas.spec.js
View File

@@ -98,8 +98,8 @@ describe('schemas', () => {
json: true, json: true,
headers: restKeyHeaders, headers: restKeyHeaders,
}, (error, response, body) => { }, (error, response, body) => {
expect(response.statusCode).toEqual(401); expect(response.statusCode).toEqual(403);
expect(body.error).toEqual('master key not specified'); expect(body.error).toEqual('unauthorized: master key is required');
done(); done();
}); });
}); });
@@ -110,8 +110,8 @@ describe('schemas', () => {
json: true, json: true,
headers: restKeyHeaders, headers: restKeyHeaders,
}, (error, response, body) => { }, (error, response, body) => {
expect(response.statusCode).toEqual(401); expect(response.statusCode).toEqual(403);
expect(body.error).toEqual('master key not specified'); expect(body.error).toEqual('unauthorized: master key is required');
done(); done();
}); });
}); });
@@ -206,8 +206,8 @@ describe('schemas', () => {
className: 'MyClass', className: 'MyClass',
}, },
}, (error, response, body) => { }, (error, response, body) => {
expect(response.statusCode).toEqual(401); expect(response.statusCode).toEqual(403);
expect(body.error).toEqual('master key not specified'); expect(body.error).toEqual('unauthorized: master key is required');
done(); done();
}); });
}); });

38
src/Routers/SchemasRouter.js
View File

@@ -5,14 +5,7 @@ var express = require('express'),
Schema = require('../Schema'); Schema = require('../Schema');
import PromiseRouter from '../PromiseRouter'; import PromiseRouter from '../PromiseRouter';
import * as middleware from "../middlewares";
// TODO: refactor in a SchemaController at one point...
function masterKeyRequiredResponse() {
return Promise.resolve({
status: 401,
response: {error: 'master key not specified'},
})
}
function classNameMismatchResponse(bodyClass, pathClass) { function classNameMismatchResponse(bodyClass, pathClass) {
return Promise.resolve({ return Promise.resolve({
@@ -45,9 +38,6 @@ function mongoSchemaToSchemaAPIResponse(schema) {
} }
function getAllSchemas(req) { function getAllSchemas(req) {
if (!req.auth.isMaster) {
return masterKeyRequiredResponse();
}
return req.config.database.collection('_SCHEMA') return req.config.database.collection('_SCHEMA')
.then(coll => coll.find({}).toArray()) .then(coll => coll.find({}).toArray())
.then(schemas => ({response: { .then(schemas => ({response: {
@@ -56,9 +46,6 @@ function getAllSchemas(req) {
} }
function getOneSchema(req) { function getOneSchema(req) {
if (!req.auth.isMaster) {
return masterKeyRequiredResponse();
}
return req.config.database.collection('_SCHEMA') return req.config.database.collection('_SCHEMA')
.then(coll => coll.findOne({'_id': req.params.className})) .then(coll => coll.findOne({'_id': req.params.className}))
.then(schema => ({response: mongoSchemaToSchemaAPIResponse(schema)})) .then(schema => ({response: mongoSchemaToSchemaAPIResponse(schema)}))
@@ -72,9 +59,6 @@ function getOneSchema(req) {
} }
function createSchema(req) { function createSchema(req) {
if (!req.auth.isMaster) {
return masterKeyRequiredResponse();
}
if (req.params.className && req.body.className) { if (req.params.className && req.body.className) {
if (req.params.className != req.body.className) { if (req.params.className != req.body.className) {
return classNameMismatchResponse(req.body.className, req.params.className); return classNameMismatchResponse(req.body.className, req.params.className);
@@ -100,10 +84,6 @@ function createSchema(req) {
} }
function modifySchema(req) { function modifySchema(req) {
if (!req.auth.isMaster) {
return masterKeyRequiredResponse();
}
if (req.body.className && req.body.className != req.params.className) { if (req.body.className && req.body.className != req.params.className) {
return classNameMismatchResponse(req.body.className, req.params.className); return classNameMismatchResponse(req.body.className, req.params.className);
} }
@@ -168,10 +148,6 @@ var removeJoinTables = (database, mongoSchema) => {
}; };
function deleteSchema(req) { function deleteSchema(req) {
if (!req.auth.isMaster) {
return masterKeyRequiredResponse();
}
if (!Schema.classNameIsValid(req.params.className)) { if (!Schema.classNameIsValid(req.params.className)) {
throw new Parse.Error(Parse.Error.INVALID_CLASS_NAME, Schema.invalidClassNameMessage(req.params.className)); throw new Parse.Error(Parse.Error.INVALID_CLASS_NAME, Schema.invalidClassNameMessage(req.params.className));
} }
@@ -214,11 +190,11 @@ function deleteSchema(req) {
export class SchemasRouter extends PromiseRouter { export class SchemasRouter extends PromiseRouter {
mountRoutes() { mountRoutes() {
this.route('GET', '/schemas', getAllSchemas); this.route('GET', '/schemas', middleware.promiseEnforceMasterKeyAccess, getAllSchemas);
this.route('GET', '/schemas/:className', getOneSchema); this.route('GET', '/schemas/:className', middleware.promiseEnforceMasterKeyAccess, getOneSchema);
this.route('POST', '/schemas', createSchema); this.route('POST', '/schemas', middleware.promiseEnforceMasterKeyAccess, createSchema);
this.route('POST', '/schemas/:className', createSchema); this.route('POST', '/schemas/:className', middleware.promiseEnforceMasterKeyAccess, createSchema);
this.route('PUT', '/schemas/:className', modifySchema); this.route('PUT', '/schemas/:className', middleware.promiseEnforceMasterKeyAccess, modifySchema);
this.route('DELETE', '/schemas/:className', deleteSchema); this.route('DELETE', '/schemas/:className', middleware.promiseEnforceMasterKeyAccess, deleteSchema);
} }
} }